X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=blobdiff_plain;f=PolicyEngineUtils%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Futils%2FAAFPolicyClientImpl.java;h=fcdc7e9f8c40445a16fc6c269b8a240a301a9689;hp=5c46c76f717287fe9ae61051771925ab3bdb64ec;hb=e9b8aa0223e6f042c0533176ae8222fb061852de;hpb=a5ccc101707216e8ffc07773c17799c60360863f diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java index 5c46c76f7..fcdc7e9f8 100644 --- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java +++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java @@ -2,15 +2,15 @@ * ============LICENSE_START======================================================= * PolicyEngineUtils * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * Modified Copyright (C) 2018 Samsung Electronics Co., Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -18,6 +18,7 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.utils; import java.security.Principal; @@ -32,53 +33,41 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.locator.PropertyLocator; import org.onap.aaf.cadi.principal.UnAuthPrincipal; - - /** - * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization. - * + * AAF Client: Generic AAF Client implementation to connect to AAF Resources to + * validate permissions and authorization. + * */ -public class AAFPolicyClientImpl implements AAFPolicyClient{ +public class AAFPolicyClientImpl implements AAFPolicyClient { private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName()); private static final String ENVIRONMENT = "ENVIRONMENT"; - - // Warning Please don't Change these Values. Confirm with AAF team. - private static final String DEVL_AAF_URL = ""; - private static final String TEST_AAF_URL = ""; - private static final String PROD_AAF_URL = ""; - private static final String DEFAULT_AFT_LATITUDE = "32.780140"; - private static final String DEFAULT_AFT_LONGITUDE = "-96.800451"; - private static final String TEST_AFT_ENVIRONMENT = "AFTUAT"; - private static final String PROD_AFT_ENVIRONMENT = "AFTPRD"; - private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache - private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache - private static AAFPolicyClientImpl instance = null; - - private static Properties props = new Properties(); + private static Properties cadiprops = new Properties(); private static AAFCon aafCon = null; private static AAFLurPerm aafLurPerm = null; private static AAFAuthn aafAuthn = null; private static PropAccess access = null; - private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{ + private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException { setup(properties); } /** - * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * Gets the instance of the AAFClient instance. Needs Proper properties with + * CLIENT_ID, CLIENT_KEY and ENVIRONMENT * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT * @return AAFClient instance. - * @throws AAFPolicyException Exceptions. + * @throws AAFPolicyException + * Exceptions. */ - public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{ - if(instance == null) { + public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException { + if (instance == null) { logger.info("Creating AAFClient Instance "); instance = new AAFPolicyClientImpl(properties); } @@ -87,84 +76,77 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ // To set Property values && Connections. private static void setup(Properties properties) throws AAFPolicyException { - if(properties!=null && !properties.isEmpty()){ - props = System.getProperties(); - props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE)); - props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE)); - String aftEnv = TEST_AFT_ENVIRONMENT; - props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID")); - props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass")); - if(properties.containsKey(Config.AAF_URL)){ - // if given a value in properties file. - props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL)); - }else{ - // Set Default values. - if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){ - props.setProperty(Config.AAF_URL, TEST_AAF_URL); - }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){ - props.setProperty(Config.AAF_URL, PROD_AAF_URL); - aftEnv = PROD_AFT_ENVIRONMENT; - }else{ - props.setProperty(Config.AAF_URL, DEVL_AAF_URL); - } - } - props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv)); - props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES)); - props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT)); - }else{ + if (properties != null && !properties.isEmpty()) { + cadiprops = properties; + access = new PolicyAccess(cadiprops, + Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString()))); + } else { logger.error("Required Property value is missing : " + ENVIRONMENT); throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT); } - access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString()))); - setUpAAF(); + setUpAaf(); } /** * Updates the Properties file in case if required. * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT - * @throws AAFPolicyException exceptions if any. + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @throws AAFPolicyException + * exceptions if any. */ @Override - public void updateProperties(Properties properties) throws AAFPolicyException{ + public void updateProperties(Properties properties) throws AAFPolicyException { setup(properties); } /** * Checks the Authentication and Permissions for the given values. * - * @param mechID MechID or ATT ID must be registered under the Name space. - * @param pass Password pertaining to the MechID or ATTID. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * Username must be registered under the Name space. + * @param pass + * Password pertaining to the Username. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return */ @Override - public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){ - return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action); + public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) { + return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action); } /** * Checks the Authentication of the UserName and Password Given. * - * @param userName UserName or MechID - * @param pass Password. + * @param userName + * UserName + * @param pass + * Password. * @return True or False. */ @Override - public boolean checkAuth(String userName, String pass){ + public boolean checkAuth(String userName, String pass) { if (aafAuthn == null) { return false; } try { - int i=0; - do{ - if(aafAuthn.validate(userName, pass)==null){ + int index = 0; + do { + String aafAuthResponse = aafAuthn.validate(userName, pass); + if (aafAuthResponse == null) { return true; + } else { + logger.warn("User, " + userName + ", failed to authenticate with AAF. \n" + "AAF Response is " + + aafAuthResponse); } - i++; - }while(i<2); + index++; + } + while (index < 2); } catch (Exception e) { logger.error(e.getMessage() + e); } @@ -173,24 +155,31 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } /** - * Checks Permissions for the given UserName, Password and Type, Instance Action. + * Checks Permissions for the given UserName, Password and Type, Instance + * Action. * - * @param userName UserName or MechID - * @param pass Password. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * UserName + * @param pass + * Password. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return True or False. */ @Override - public boolean checkPerm(String userName, String pass, String type, String instance, String action){ - int i =0; - Boolean result= false; - do{ - if(aafCon!=null && aafLurPerm !=null){ + public boolean checkPerm(String userName, String pass, String type, String instance, String action) { + int index = 0; + Boolean result = false; + do { + if (aafCon != null && aafLurPerm != null) { try { aafCon.basicAuth(userName, pass); - AAFPermission perm = new AAFPermission(type, instance, action); + AAFPermission perm = + new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type, instance, action); final Principal p = new UnAuthPrincipal(userName); result = aafLurPerm.fish(p, perm); } catch (CadiException e) { @@ -198,14 +187,16 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ aafLurPerm.destroy(); } } - i++; - }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues. + index++; + } + while (index < 2 && !result); // Try once more to check if this can be passed. AAF has some issues. return result; } - private static boolean setUpAAF(){ + private static boolean setUpAaf() { try { - aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100")); + aafCon = new AAFConHttp(access, + new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100")); aafLurPerm = aafCon.newLur(); aafAuthn = aafCon.newAuthn(aafLurPerm); return true;