summaryrefslogtreecommitdiffstats
path: root/auth/auth-service
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-07-02 21:41:55 -0500
committerInstrumental <jonathan.gathman@att.com>2018-07-02 21:42:28 -0500
commitca76fbda94492f1b0c895ff0f4070381f17472f0 (patch)
tree8180941d2fdc474c282ac5272e014c2f45b7da48 /auth/auth-service
parentc060284812fbbc18fcf22eb628c47c251505fe50 (diff)
Add ability for BAuth by domain
Issue-ID: AAF-361 Change-Id: I6f437ffcfef5555f44acfb32fd6020f86f8cf403 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-service')
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java6
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java1
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java47
3 files changed, 34 insertions, 20 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
index 3ae2fbfb..40640007 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
@@ -163,9 +163,9 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
try {
Object[] atl=new Object[additionalTafLurs.length+2];
atl[0]=new DirectAAFLur(env,question); // Note, this will be assigned by AuthzTransFilter to TrustChecker
- atl[1]=new BasicHttpTaf(env, directAAFUserPass,
- domain,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)),
- false);
+ atl[1]= new BasicHttpTaf(env, directAAFUserPass,
+ domain,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)),
+ false);
if(additionalTafLurs.length>0) {
System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 519721ce..f3207798 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -532,7 +532,6 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS
NSS nss = mapper.newInstance(API.NSS);
// Note: "loadNamespace" already validates view of Namespace
return mapper.nss(trans, rn.value, nss);
-
}
@ApiDoc(
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index d31c9d01..390c3089 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -42,9 +42,11 @@ import org.onap.aaf.auth.service.Code;
import org.onap.aaf.auth.service.facade.AuthzFacade;
import org.onap.aaf.auth.service.mapper.Mapper.API;
import org.onap.aaf.cadi.CredVal;
+import org.onap.aaf.cadi.CredVal.Type;
import org.onap.aaf.cadi.Symm;
import org.onap.aaf.cadi.principal.BasicPrincipal;
import org.onap.aaf.cadi.principal.X509Principal;
+import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
@@ -90,23 +92,36 @@ public class API_Creds {
// have to check Basic Auth here, because it might be CSP.
String authz = req.getHeader("Authorization");
if(authz.startsWith("Basic ")) {
- String decoded = Symm.base64noSplit.decode(authz.substring(6));
- int colon = decoded.indexOf(':');
- TimeTaken tt = trans.start("Direct Validation", Env.REMOTE);
- try {
- if(directAAFUserPass.validate(
- decoded.substring(0,colon),
- CredVal.Type.PASSWORD ,
- decoded.substring(colon+1).getBytes(),trans)) {
-
- resp.setStatus(HttpStatus.OK_200);
- } else {
- // DME2 at this version crashes without some sort of response
- resp.getOutputStream().print("");
- resp.setStatus(HttpStatus.FORBIDDEN_403);
+ BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf();
+ if(bht!=null) {
+ BasicPrincipal bp = new BasicPrincipal(authz,"");
+ CredVal cv = bht.getCredVal(bp.getDomain());
+ if(cv!=null) {
+ if(cv.validate(bp.getName(), Type.PASSWORD, bp.getCred(), null) ) {
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ }
+ }
+ } else {
+ String decoded = Symm.base64noSplit.decode(authz.substring(6));
+ int colon = decoded.indexOf(':');
+ TimeTaken tt = trans.start("Direct Validation", Env.REMOTE);
+ try {
+ if(directAAFUserPass.validate(
+ decoded.substring(0,colon),
+ CredVal.Type.PASSWORD ,
+ decoded.substring(colon+1).getBytes(),trans)) {
+
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ // DME2 at this version crashes without some sort of response
+ resp.getOutputStream().print("");
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ }
+ } finally {
+ tt.done();
}
- } finally {
- tt.done();
}
}
} else if(p == null) {