confluent based image

[dmaap/kafka11aaf.git] / src / main / java / org / onap / dmaap / commonauth / kafka / base / authorization / Cadi3AAFProvider.java
diff --git a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java

index 9cc45fe..56fd1bb 100644 (file)
--- a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java
+++ b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java
@@ -22,8 +22,12 @@ package org.onap.dmaap.commonauth.kafka.base.authorization;
  
  import java.io.FileInputStream;
  import java.io.IOException;
+import java.util.Map;
  import java.util.Properties;
  
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  
@@ -40,9 +44,55 @@ public class Cadi3AAFProvider implements AuthorizationProvider {
  
         private static PropAccess access;
         private static AAFCon<?> aafcon;
-       private static final String CADI_PROPERTIES = "/opt/kafka/config/cadi.properties";
+       private static final String CADI_PROPERTIES = "/etc/kafka/data/cadi.properties";
         private static final String AAF_LOCATOR_ENV = "aaf_locate_url";
-       private static final String MR_NAMESPACE = "org.onap.dmaap.mr";
+       private static String apiKey = null;
+       private static String kafkaUsername = null;
+       private static AAFAuthn<?> aafAuthn;
+       private static AbsAAFLur<AAFPermission> aafLur;
+       private static boolean enableCadi = false;
+       private static final Logger logger = LoggerFactory.getLogger(Cadi3AAFProvider.class);
+
+       static {
+
+               if (System.getenv("enableCadi") != null && System.getenv("enableCadi").equals("true")) {
+                       enableCadi = true;
+               }
+               Configuration config = Configuration.getConfiguration();
+               try {
+                       if (config == null) {
+                               logger.error("CRITICAL ERROR|Check java.security.auth.login.config VM argument|");
+                       } else {
+                               // read the section for KafkaServer
+                               AppConfigurationEntry[] entries = config.getAppConfigurationEntry("KafkaServer");
+                               if (entries == null) {
+                                       logger.error(
+                                                       "CRITICAL ERROR|Check config contents passed in java.security.auth.login.config VM argument|");
+                                       kafkaUsername = "kafkaUsername";
+                                       apiKey = "apiKey";
+
+                               } else {
+                                       for (int i = 0; i < entries.length; i++) {
+                                               AppConfigurationEntry entry = entries[i];
+                                               Map<String, ?> optionsMap = entry.getOptions();
+                                               kafkaUsername = (String) optionsMap.get("username");
+                                               apiKey = (String) optionsMap.get("password");
+                                       }
+                               }
+                       }
+               } catch (Exception e) {
+                       logger.error("CRITICAL ERROR: JAAS configuration incorrectly set: " + e.getMessage());
+               }
+       }
+
+       public static String getKafkaUsername() {
+               return kafkaUsername;
+       }
+
+       public static boolean isCadiEnabled() {
+
+               return enableCadi;
+       }
  
         public static AAFAuthn<?> getAafAuthn() throws CadiException {
                 if (aafAuthn == null) {
@@ -51,11 +101,6 @@ public class Cadi3AAFProvider implements AuthorizationProvider {
                 return aafAuthn;
         }
  
-       private static AAFAuthn<?> aafAuthn;
-       private static AbsAAFLur<AAFPermission> aafLur;
-
-       private static final Logger logger = LoggerFactory.getLogger(Cadi3AAFProvider.class);
-
         public Cadi3AAFProvider() {
                 setup();
         }
@@ -133,18 +178,34 @@ public class Cadi3AAFProvider implements AuthorizationProvider {
         }
  
         public String authenticate(String userId, String password) throws Exception {
+
                 logger.info("^Event received  with   username " + userId);
-               if (userId.equals("admin")) {
-                       logger.info("User Admin by passess AAF call ....");
+
+               boolean enableCadi = System.getenv("enableCadi") == null ? true : false;
+               if (!enableCadi) {
                         return null;
-               }
-               String aafResponse = aafAuthn.validate(userId, password);
-               logger.info("aafResponse=" + aafResponse + " for " + userId);
+               } else {
+                       if (userId.equals(kafkaUsername)) {
+                               if (password.equals(apiKey)) {
+                                       logger.info("by passes the authentication for the admin " + kafkaUsername);
+                                       return null;
+                               } else {
+                                       String errorMessage = "Authentication failed for user " + kafkaUsername;
+                                       logger.error(errorMessage);
+                                       return errorMessage;
+                               }
  
-               if (aafResponse != null) {
-                       logger.error("Authentication failed for user ." + userId);
+                       }
+
+                       String aafResponse = aafAuthn.validate(userId, password);
+                       logger.info("aafResponse=" + aafResponse + " for " + userId);
+
+                       if (aafResponse != null) {
+                               logger.error("Authentication failed for user ." + userId);
+                       }
+                       return aafResponse;
                 }
-               return aafResponse;
+
         }
  
  }