2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.dbcapi.aaf;
23 import java.io.IOException;
24 import java.security.Principal;
25 import java.util.ArrayList;
26 import java.util.List;
28 import org.apache.log4j.Logger;
29 import org.onap.aaf.cadi.Access;
30 import org.onap.aaf.cadi.CadiException;
31 import org.onap.aaf.cadi.LocatorException;
32 import org.onap.aaf.cadi.Permission;
33 import org.onap.aaf.cadi.aaf.AAFPermission;
34 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
35 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
36 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
37 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
38 import org.onap.aaf.misc.env.APIException;
39 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
40 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
41 import org.onap.dmaap.dbcapi.util.DmaapConfig;
44 * this service uses the AAF Lur object to lookup identities and perms
46 public class AafLurService extends BaseLoggingClass {
49 private static AAFConHttp aafcon;
50 private static AAFLurPerm aafLur;
51 private static AAFAuthn<?> aafAuthn;
55 * singleton pattern suggested by AAF
57 private static AafLurService singleton;
58 private AafLurService() {}
62 private static void init( Access myAccess ) throws APIException, CadiException, LocatorException {
63 appLogger.info( "myAccess=" + myAccess );
65 aafcon = new AAFConHttp( myAccess );
66 } catch ( CadiException | LocatorException e) {
67 appLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
68 errorLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
73 aafLur = aafcon.newLur();
74 } catch ( CadiException e) {
75 appLogger.error( "Failure of newLur(): " + e.getMessage() );
76 errorLogger.error( "Failure of newLur(): " + e.getMessage() );
80 aafAuthn = aafcon.newAuthn( aafLur );
83 public static synchronized AafLurService getInstance( Access myAccess ) throws APIException, CadiException, LocatorException{
84 if ( singleton == null ) {
85 singleton = new AafLurService();
88 } catch (APIException | CadiException | LocatorException e) {
89 // TODO Auto-generated catch block
99 public boolean checkPerm(String ns, String fqi, String pwd, DmaapPerm p) throws IOException, CadiException {
103 if ( aafAuthn == null ) {
104 appLogger.error( "AafLurService: aafAuthn not set as expected.");
108 String ok = aafAuthn.validate( fqi, pwd );
110 appLogger.info( "FAILED validation of fqi=" + fqi + "with response:" + ok );
114 Principal principal = new UnAuthPrincipal( fqi );
115 // if we pass ns as first arg to AAFPermission constructor it gets prpended to the instance...
116 // as in ns|instance|type|action. we don't want that.
117 Permission aafPerm = new AAFPermission( null, p.getPermission(), p.getPtype(), p.getAction());
118 if ( aafLur == null ) {
119 appLogger.error( "AafLurService: aafLur not set as expected.");
122 rc = aafLur.fish( principal, aafPerm );
123 if (rc == true ) return rc;
125 List<Permission> perms = new ArrayList<Permission>();
126 aafLur.fishAll( principal, perms);
127 String key = aafPerm.getKey();
128 for ( Permission prm: perms ) {
129 if ( prm.getKey().equals( key )) {
130 appLogger.info( principal + " has MATCHING perm " + prm.getKey() );
132 appLogger.info( principal + " has non-matching perm " + prm.getKey() );