Create Functioning Client Sample for Docs

Issue-ID: AAF-221
Change-Id: Iaefe6700a900a712409bda7ddfd18932ed4c0fda
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>

10 files changed, 196 insertions, 22 deletions

diff --git a/auth/.gitignore b/auth/.gitignore
index 199008cd..3ff6f78c 100644
--- a/auth/.gitignore
+++ b/auth/.gitignore
@@ -2,3 +2,4 @@
 /.project
 /target/
 /aaf_*
+/deploy.gz
diff --git a/auth/auth-cass/docker/dinstall.sh b/auth/auth-cass/docker/dinstall.sh
index 9362896d..3726b6d2 100644
--- a/auth/auth-cass/docker/dinstall.sh
+++ b/auth/auth-cass/docker/dinstall.sh
@@ -1,4 +1,3 @@
-#!/bin/bash dinstall
 if ["`docker ps -a | grep aaf_cass`" == ""]; then
   docker run --name aaf_cass  -d cassandra:3.11
   echo "Check for running Docker Container aaf_cass, then run again."
@@ -8,6 +7,7 @@ else
   docker cp "../src/main/cql/." aaf_cass:/opt/app/cass_init
 fi 
 
+
 echo "Docker Installed Basic Cassandra on aaf_cass.  Executing the following "
 echo "NOTE: This creator provided is only a Single Instance. For more complex Cassandra, create independently"
 echo ""
diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_JettyServiceStarter.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_JettyServiceStarter.java
index 39af2568..9a02b634 100644
--- a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_JettyServiceStarter.java
+++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_JettyServiceStarter.java
@@ -51,9 +51,9 @@ import org.mockito.Mock;
 public class JU_JettyServiceStarter {
 	private PropAccess propAccess = new PropAccess();
 	private JettyServiceStarter<AuthzEnv,AuthzTrans> jss;
-	class TestService extends AbsService{
+	class TestService extends AbsService<AuthzEnv,AuthzTrans>{
 
-		public TestService(Access access, BasicEnv env) throws CadiException {
+		public TestService(Access access, AuthzEnv env) throws CadiException {
 			super(access, env);
 			// TODO Auto-generated constructor stub
 		}
@@ -65,11 +65,11 @@ public class JU_JettyServiceStarter {
 		}
 
 		@Override
-		public Registrant[] registrants(int port) throws CadiException, LocatorException {
+		public Registrant<AuthzEnv>[] registrants(int port) throws CadiException, LocatorException {
 			// TODO Auto-generated method stub
 			return null;
 		}
-		
+
 	}
 	@SuppressWarnings("unchecked")
 	@Before
diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile
index f2920de5..729a460e 100644
--- a/auth/docker/Dockerfile
+++ b/auth/docker/Dockerfile
@@ -15,11 +15,10 @@ COPY lib /opt/app/aaf/${AAF_COMPONENT}/lib
 COPY theme /opt/app/aaf/${AAF_COMPONENT}/theme
 COPY bin /opt/app/aaf/${AAF_COMPONENT}/bin
 
-CMD ["/bin/bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+#CMD ["/bin/bash","/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
 
 # For Debugging installation
-# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts"]
-#CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
 # Java Debugging VM Args
 #     "-Xdebug",\
 #     "-Xnoagent",\
diff --git a/auth/docker/d.props b/auth/docker/d.props
index 08a96348..b955872a 100644
--- a/auth/docker/d.props
+++ b/auth/docker/d.props
@@ -7,7 +7,7 @@ CONF_ROOT_DIR=/opt/app/osaaf
 
 # Local Env info
 HOSTNAME=meriadoc.mithril.sbc.com
-HOST_IP=192.168.99.102
+HOST_IP=192.168.99.100
 CASS_HOST=cass.aaf.osaaf.org:172.17.0.2
 
 
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index ace2e507..23fa72f5 100644
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -3,11 +3,7 @@
 # Docker Building Script.  Reads all the components generated by install, on per-version basis
 #
 # Pull in Variables from d.props
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
-./d.props
+. ./d.props
 # TODO add ability to do DEBUG settings
 
 if ["$1" == ""]; then
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 33f3014d..2b5f709a 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -1,9 +1,5 @@
 #!/bin/bash drun.sh
-ORG=onap
-PROJECT=aaf
-DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
-./d.props
+. ./d.props
 
 
 if [ "$1" == "" ]; then
@@ -52,5 +48,5 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
 	  ${LINKS} \
 	  --publish $PORTMAP \
 	  --mount type=bind,source=$CONF_ROOT_DIR,target=/opt/app/osaaf \
-	  ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
+	  ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} 
 done
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
index b4bca20d..34371940 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/TestConnectivity.java
@@ -70,6 +70,8 @@ public class TestConnectivity {
 				aaflocate = access.getProperty(Config.AAF_LOCATE_URL);
 				if(aaflocate==null) {
 					print(true,"Properties must contain ",Config.AAF_LOCATE_URL);
+				} else if (!aaflocate.endsWith("/locate")) {
+					aaflocate += "/locate";
 				}
 			}
 			
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test1/MultiThreadPermHit.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test1/MultiThreadPermHit.java
index 229f41a7..3a023d71 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test1/MultiThreadPermHit.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/lur/aaf/test1/MultiThreadPermHit.java
@@ -33,12 +33,13 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.locator.PropertyLocator;
+import org.onap.aaf.cadi.principal.UnAuthPrincipal;
 import org.onap.aaf.stillNeed.TestPrincipal;
 
 public class MultiThreadPermHit {
 	public static void main(String args[]) {
 		// Link or reuse to your Logging mechanism
-		PropAccess myAccess = new PropAccess(); // 
+		PropAccess myAccess = new PropAccess(args); // 
 		
 		// 
 		try {
@@ -93,7 +94,10 @@ public class MultiThreadPermHit {
 					// Now you can ask the LUR (Local Representative of the User Repository about Authorization
 					// With CADI, in J2EE, you can call isUserInRole("org.osaaf.mygroup|mytype|write") on the Request Object 
 					// instead of creating your own LUR
-					final Principal p = new TestPrincipal(id);
+					//
+					// If possible, use the Principal provided by the Authentication Call.  If that is not possible
+					// because of separation Classes by tooling, or other such reason, you can use "UnAuthPrincipal"
+					final Principal p = new UnAuthPrincipal(id);
 					for(int i=0;i<4;++i) {
 						if(aafLur.fish(p, perm)) {
 							System.out.println("Yes, " + id + " has permission for " + perm.getKey());
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
new file mode 100644
index 00000000..f338c726
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/client/sample/Sample.java
@@ -0,0 +1,176 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.client.sample;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.principal.UnAuthPrincipal;
+import org.onap.aaf.cadi.util.Split;
+import org.onap.aaf.misc.env.APIException;
+
+public class Sample {
+	private static Sample singleton;
+	final private AAFConHttp aafcon;
+	final private AAFLurPerm aafLur;
+	final private AAFAuthn<?> aafAuthn;
+	
+	/**
+	 * This method is to emphasize the importance of not creating the AAFObjects over and over again.
+	 * @return
+	 */
+	public static Sample singleton() {
+		return singleton;
+	}
+
+	public Sample(Access myAccess) throws APIException, CadiException, LocatorException {
+		aafcon = new AAFConHttp(myAccess);
+		aafLur = aafcon.newLur();
+		aafAuthn = aafcon.newAuthn(aafLur);
+	}
+	
+	/**
+	 * Checking credentials outside of HTTP/S presents fewer options initially. There is not, for instance,
+	 * the option of using 2-way TLS HTTP/S. 
+	 *  
+	 *  However, Password Checks are still useful, and, if the Client Certificate could be obtained in other ways, the 
+	 *  Interface can be expanded in the future to include Certificates.
+	 * @throws CadiException 
+	 * @throws IOException 
+	 */
+	public Principal checkUserPass(String fqi, String pass) throws IOException, CadiException {
+		String ok = aafAuthn.validate(fqi, pass);
+		if(ok==null) {
+			System.out.println("Success!");
+			/*
+			 UnAuthPrincipal means that it is not coming from the official Authorization chain.
+			 This is useful for Security Plugins which don't use Principal as the tie between
+			 Authentication and Authorization
+			
+			 You can also use this if you want to check Authorization without actually Authenticating, as may
+			 be the case with certain Onboarding Tooling.
+			*/
+			return new UnAuthPrincipal(fqi);
+		} else {
+			System.out.printf("Failure: %s\n",ok);
+			return null;
+		}
+		
+
+	}
+
+	/**
+	 * An example of looking for One Permission within all the permissions user has.  CADI does cache these,
+	 * so the call is not expensive.
+	 * 
+	 * Note: If you are using "J2EE" (Servlets), CADI ties this function to the method: 
+	 *    HttpServletRequest.isUserInRole(String user)
+	 *    
+	 *  The J2EE user can expect that his servlet will NOT be called without a Validated Principal, and that
+	 *  "isUserInRole()" will validate if the user has the Permission designated.
+	 *  
+	 */
+	public boolean oneAuthorization(Principal fqi, Permission p) {
+		return aafLur.fish(fqi, p);
+	}
+	
+	public List<Permission> allAuthorization(Principal fqi) {
+		List<Permission> pond = new ArrayList<Permission>();
+		aafLur.fishAll(fqi, pond);
+		return pond;
+	}
+	
+	
+	public static void main(String[] args) {
+		// Note: you can pick up Properties from Command line as well as VM Properties
+		// Code "user_fqi=... user_pass=..." (where user_pass can be encrypted) in the command line for this sample.
+		// Also code "perm=<perm type>|<instance>|<action>" to test a specific Permission
+		PropAccess myAccess = new PropAccess(args); 
+		try {
+			/*
+			 * NOTE:  Do NOT CREATE new aafcon, aafLur and aafAuthn each transaction.  They are built to be
+			 * reused!
+			 * 
+			 * This is why this code demonstrates "Sample" as a singleton.
+			 */
+			singleton = new Sample(myAccess);
+			String user = myAccess.getProperty("user_fqi");
+			String pass= myAccess.getProperty("user_pass");
+			
+			if(user==null || pass==null) {
+				System.err.println("This Sample class requires properties user_fqi and user_pass");
+			} else {
+				pass =  myAccess.decrypt(pass, false); // Note, with "false", decryption will only happen if starts with "enc:"
+				// See the CODE for Java Methods used
+				Principal fqi = Sample.singleton().checkUserPass(user,pass);
+				
+				if(fqi==null) {
+					System.out.println("OK, normally, you would cease processing for an "
+							+ "unauthenticated user, but for the purpose of Sample, we'll keep going.\n");
+					fqi=new UnAuthPrincipal(user);
+				}
+				
+				// AGAIN, NOTE: If your client fails Authentication, the right behavior 99.9%
+				// of the time is to drop the transaction.  We continue for sample only.
+				
+				// note, default String for perm
+				String permS = myAccess.getProperty("perm","org.osaaf.aaf.access|*|read");
+				String[] permA = Split.splitTrim('|', permS);
+				if(permA.length>2) {
+					final Permission perm = new AAFPermission(permA[0],permA[1],permA[2]);
+					// See the CODE for Java Methods used
+					if(singleton().oneAuthorization(fqi, perm)) {
+						System.out.printf("Success: %s has %s\n",fqi.getName(),permS);
+					} else {
+						System.out.printf("%s does NOT have %s\n",fqi.getName(),permS);
+					}
+				}
+				
+				
+				// Another form, you can get ALL permissions in a list
+				// See the CODE for Java Methods used
+				List<Permission> permL = singleton().allAuthorization(fqi);
+				if(permL.size()==0) {
+					System.out.printf("User %s has no Permissions THAT THE CALLER CAN SEE",fqi.getName());
+				} else {
+					System.out.print("Success:\n");
+					for(Permission p : permL) {
+						System.out.printf("\t%s has %s\n",fqi.getName(),p.getKey());
+					}
+				}
+			}
+		} catch (APIException | CadiException | LocatorException | IOException e) {
+			e.printStackTrace();
+		}
+	}
+}