summaryrefslogtreecommitdiffstats
path: root/auth/auth-service
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2019-10-15 08:19:50 -0500
committerInstrumental <jonathan.gathman@att.com>2019-10-15 08:35:35 -0500
commit1296352d8eafee57f982a4342ad79ada4aa56d28 (patch)
tree355cdb89d85530a861319f892b0f24236e6adc50 /auth/auth-service
parentbdce7667a6e272e2fa32e298d957a0d9090c5bc9 (diff)
Sonar Fixes, Formatting
Issue-ID: AAF-1019 Change-Id: Ica49d9e7323aad9622ff9d95cc21b87430c22c54 Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-service')
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java42
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java936
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java244
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java8
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java6
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java10
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java24
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java72
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java48
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java42
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java48
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java12
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java128
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java128
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java134
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java24
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java38
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java82
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java6
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java294
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java4
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java14
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java96
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java34
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java8
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java4
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java24
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java16
-rw-r--r--auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java6
38 files changed, 1284 insertions, 1284 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
index bdba4696..ba4df19b 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -79,13 +79,13 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
private DirectAAFUserPass directAAFUserPass;
private final Cluster cluster;
//private final OAuthService oauthService;
-
+
/**
* Construct AuthzAPI with all the Context Supporting Routes that Authz needs
- *
+ *
* @param env
- * @param decryptor
- * @throws APIException
+ * @param decryptor
+ * @throws APIException
*/
public AAF_Service( final AuthzEnv env) throws Exception {
super(env.access(), env);
@@ -99,12 +99,12 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
// Start Background Processing
question = new Question(trans, cluster, CassAccess.KEYSPACE);
question.startTimers(env);
-
+
DirectCertIdentity.set(question.certDAO());
// Have AAFLocator object Create DirectLocators for Location needs
AbsAAFLocator.setCreator(new DirectLocatorCreator(env, question.locateDAO));
-
+
// Initialize Organizations... otherwise, first pass may miss
int org_size = ORGANIZATION.length();
for (String n : env.existingStaticSlotNames()) {
@@ -112,16 +112,16 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
OrganizationFactory.obtain(env, n.substring(org_size));
}
}
-
+
// For direct Introspection needs.
//oauthService = new OAuthService(trans, question);
-
+
facade = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.JSON,question);
facade_XML = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.XML,question);
directAAFUserPass = new DirectAAFUserPass(trans.env(),question);
-
+
// Print results and cleanup
StringBuilder sb = new StringBuilder();
trans.auditTrail(0, sb);
@@ -157,9 +157,9 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
// init functions
API_Mgmt.init(this, facade);
API_Api.init(this, facade);
-
+
}
-
+
@Override
public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException {
final String domain = FQI.reverseDomain(access.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF));
@@ -173,7 +173,7 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
if (additionalTafLurs.length>0) {
System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length);
}
-
+
return new Filter[] {
new AuthzTransFilter(env,aafCon(),
new AAFTrustChecker((Env)env),
@@ -193,8 +193,8 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
new DirectRegistrar(access,question.locateDAO, actualPort)
};
}
-
- @Override
+
+ @Override
public void postStartup(final String hostname, final int port) throws APIException {
try {
CacheInfoDAO.startUpdate(env, aafCon().hman(), aafCon().securityInfo().defSS,hostname,port);
@@ -213,16 +213,16 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
super.destroy();
}
-
+
/**
* Setup XML and JSON implementations for each supported Version type
- *
+ *
* We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
* to do Versions and Content switches
- *
+ *
*/
public void route(HttpMethods meth, String path, API api, Code code) throws Exception {
- Class<?> respCls = facade.mapper().getClass(api);
+ Class<?> respCls = facade.mapper().getClass(api);
if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
String application = applicationJSON(respCls, Config.AAF_DEFAULT_API_VERSION);
@@ -238,7 +238,7 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> {
try {
Log4JLogIt logIt = new Log4JLogIt(args, "authz");
PropAccess propAccess = new PropAccess(logIt,args);
-
+
try {
new JettyServiceStarter<AuthzEnv,AuthzTrans>(
new AAF_Service(new AuthzEnv(propAccess)),true)
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 3b010821..2431e0eb 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -99,8 +99,8 @@ import org.onap.aaf.misc.env.util.Split;
import aaf.v2_0.CredRequest;
/**
- * AuthzCassServiceImpl implements AuthzCassService for
- *
+ * AuthzCassServiceImpl implements AuthzCassService for
+ *
* @author Jonathan
*
* @param <NSS>
@@ -116,12 +116,12 @@ import aaf.v2_0.CredRequest;
*/
public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS>
implements AuthzService <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> {
-
+
private static final String TWO_SPACE = " ";
private Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper;
@Override
public Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() {return mapper;}
-
+
private static final String ASTERIX = "*";
private static final String CACHE = "cache";
private static final String ROOT_NS = Define.ROOT_NS();
@@ -129,28 +129,28 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private final Question ques;
private final Function func;
-
+
public AuthzCassServiceImpl(AuthzTrans trans, Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper,Question question) {
this.ques = question;
func = new Function(trans, question);
this.mapper = mapper;
-
+
}
/***********************************
- * NAMESPACE
+ * NAMESPACE
***********************************/
/**
* createNS
- * @throws DAOException
+ * @throws DAOException
* @see org.onap.aaf.auth.service.AuthzService#createNS(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String, java.lang.String)
*/
- @ApiDoc(
- method = POST,
+ @ApiDoc(
+ method = POST,
path = "/authz/ns",
params = {},
expectedCode = 201,
- errorCodes = { 403,404,406,409 },
+ errorCodes = { 403,404,406,409 },
text = { "Namespace consists of: ",
"<ul><li>name - What you want to call this Namespace</li>",
"<li>responsible(s) - Person(s) who receive Notifications and approves Requests ",
@@ -168,7 +168,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public Result<Void> createNS(final AuthzTrans trans, REQUEST from, NsType type) {
final Result<Namespace> rnamespace = mapper.ns(trans, from);
final ServiceValidator v = new ServiceValidator();
- if (v.ns(rnamespace).err()) {
+ if (v.ns(rnamespace).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
final Namespace namespace = rnamespace.value;
@@ -176,13 +176,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (parentNs.notOK()) {
return Result.err(parentNs);
}
-
+
// Note: Data validate occurs in func.createNS
if (namespace.name.lastIndexOf('.')<0) { // Root Namespace... Function will check if allowed
return func.createNS(trans, namespace, false);
}
-
- Result<FutureDAO.Data> fd = mapper.future(trans, NsDAO.TABLE,from,namespace,true,
+
+ Result<FutureDAO.Data> fd = mapper.future(trans, NsDAO.TABLE,from,namespace,true,
new Mapper.Memo() {
@Override
public String get() {
@@ -204,7 +204,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<String> rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, FUTURE_OP.C);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "NS [%s] is saved for future processing",namespace.name);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -213,16 +213,16 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(fd);
}
}
-
+
@ApiDoc(
- method = POST,
+ method = POST,
path = "/authz/ns/:ns/admin/:id",
params = { "ns|string|true",
- "id|string|true"
+ "id|string|true"
},
expectedCode = 201,
- errorCodes = { 403,404,406,409 },
- text = { "Add an Identity :id to the list of Admins for the Namespace :ns",
+ errorCodes = { 403,404,406,409 },
+ text = { "Add an Identity :id to the list of Admins for the Namespace :ns",
"Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" }
)
@Override
@@ -231,13 +231,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = DELETE,
+ method = DELETE,
path = "/authz/ns/:ns/admin/:id",
params = { "ns|string|true",
- "id|string|true"
+ "id|string|true"
},
expectedCode = 200,
- errorCodes = { 403,404 },
+ errorCodes = { 403,404 },
text = { "Remove an Identity :id from the list of Admins for the Namespace :ns",
"Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" }
)
@@ -247,13 +247,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = POST,
+ method = POST,
path = "/authz/ns/:ns/responsible/:id",
params = { "ns|string|true",
- "id|string|true"
+ "id|string|true"
},
expectedCode = 201,
- errorCodes = { 403,404,406,409 },
+ errorCodes = { 403,404,406,409 },
text = { "Add an Identity :id to the list of Responsibles for the Namespace :ns",
"Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" }
)
@@ -263,13 +263,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = DELETE,
+ method = DELETE,
path = "/authz/ns/:ns/responsible/:id",
params = { "ns|string|true",
- "id|string|true"
+ "id|string|true"
},
expectedCode = 200,
- errorCodes = { 403,404 },
+ errorCodes = { 403,404 },
text = { "Remove an Identity :id to the list of Responsibles for the Namespace :ns",
"Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)",
"Note: A namespace must have at least 1 responsible party"
@@ -284,14 +284,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
* @see org.onap.aaf.auth.service.AuthzService#applyModel(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object)
*/
@ApiDoc(
- method = POST,
+ method = POST,
path = "/authz/ns/:ns/attrib/:key/:value",
params = { "ns|string|true",
"key|string|true",
"value|string|true"},
expectedCode = 201,
- errorCodes = { 403,404,406,409 },
- text = {
+ errorCodes = { 403,404,406,409 },
+ text = {
"Create an attribute in the Namespace",
"You must be given direct permission for key by AAF"
}
@@ -319,9 +319,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (nsd.attrib.get(key)!=null) {
return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key);
}
-
+
// Check if User may put
- if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);
}
@@ -335,14 +335,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@ApiDoc(
- method = GET,
+ method = GET,
path = "/authz/ns/attrib/:key",
params = { "key|string|true" },
expectedCode = 200,
- errorCodes = { 403,404 },
- text = {
+ errorCodes = { 403,404 },
+ text = {
"Read Attributes for Namespace"
}
)
@@ -355,7 +355,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
// May Read
- if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
":"+trans.org().getDomain()+".*:"+key, Question.READ)) {
return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key);
}
@@ -369,13 +369,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@ApiDoc(
- method = PUT,
+ method = PUT,
path = "/authz/ns/:ns/attrib/:key/:value",
params = { "ns|string|true",
"key|string|true"},
expectedCode = 200,
- errorCodes = { 403,404 },
- text = {
+ errorCodes = { 403,404 },
+ text = {
"Update Value on an existing attribute in the Namespace",
"You must be given direct permission for key by AAF"
}
@@ -403,9 +403,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (nsd.attrib.get(key)==null) {
return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key);
}
-
+
// Check if User may put
- if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);
}
@@ -414,20 +414,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
nsd.attrib.put(key, value);
ques.nsDAO().invalidate(trans, nsd);
return ques.nsDAO().update(trans,nsd);
-
+
} finally {
tt.done();
}
}
@ApiDoc(
- method = DELETE,
+ method = DELETE,
path = "/authz/ns/:ns/attrib/:key",
params = { "ns|string|true",
"key|string|true"},
expectedCode = 200,
- errorCodes = { 403,404 },
- text = {
+ errorCodes = { 403,404 },
+ text = {
"Delete an attribute in the Namespace",
"You must be given direct permission for key by AAF"
}
@@ -454,7 +454,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (nsd.attrib.get(key)==null) {
return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key);
}
-
+
// Check if User may del
if (!ques.isGranted(trans, trans.user(), ROOT_NS, "attrib", ":" + ROOT_COMPANY + ".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key);
@@ -471,12 +471,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = GET,
+ method = GET,
path = "/authz/nss/:id",
params = { "id|string|true" },
expectedCode = 200,
- errorCodes = { 404,406 },
- text = {
+ errorCodes = { 404,406 },
+ text = {
"Lists the Owner(s), Admin(s), Description, and Attributes of Namespace :id",
}
)
@@ -486,7 +486,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("NS", ns).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<List<NsDAO.Data>> rlnd = ques.nsDAO().read(trans, ns);
if (rlnd.isOK()) {
if (rlnd.isEmpty()) {
@@ -494,10 +494,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
-
-
+
+
Namespace namespace = new Namespace(rnd.value);
Result<List<String>> rd = func.getOwners(trans, namespace.name, includeExpired);
if (rd.isOK()) {
@@ -507,7 +507,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rd.isOK()) {
namespace.admin = rd.value;
}
-
+
NSS nss = mapper.newInstance(API.NSS);
return mapper.nss(trans, namespace, nss);
} else {
@@ -516,13 +516,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = GET,
+ method = GET,
path = "/authz/nss/admin/:id",
params = { "id|string|true" },
expectedCode = 200,
- errorCodes = { 403,404 },
- text = { "Lists all Namespaces where Identity :id is an Admin",
- "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)"
+ errorCodes = { 403,404 },
+ text = { "Lists all Namespaces where Identity :id is an Admin",
+ "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)"
}
)
@Override
@@ -531,13 +531,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("User", user).err()) {
return Result.err(Status.ERR_BadData, v.errs());
}
-
+
Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".admin", full);
if (rn.notOK()) {
return Result.err(rn);
}
if (rn.isEmpty()) {
- return Result.err(Status.ERR_NotFound, "[%s] is not an admin for any namespaces",user);
+ return Result.err(Status.ERR_NotFound, "[%s] is not an admin for any namespaces",user);
}
NSS nss = mapper.newInstance(API.NSS);
// Note: "loadNamespace" already validates view of Namespace
@@ -545,13 +545,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = GET,
+ method = GET,
path = "/authz/nss/either/:id",
params = { "id|string|true" },
expectedCode = 200,
- errorCodes = { 403,404 },
- text = { "Lists all Namespaces where Identity :id is either an Admin or an Owner",
- "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)"
+ errorCodes = { 403,404 },
+ text = { "Lists all Namespaces where Identity :id is either an Admin or an Owner",
+ "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)"
}
)
@Override
@@ -560,13 +560,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("User", user).err()) {
return Result.err(Status.ERR_BadData, v.errs());
}
-
+
Result<Collection<Namespace>> rn = loadNamepace(trans, user, null, full);
if (rn.notOK()) {
return Result.err(rn);
}
if (rn.isEmpty()) {
- return Result.err(Status.ERR_NotFound, "[%s] is not an admin or owner for any namespaces",user);
+ return Result.err(Status.ERR_NotFound, "[%s] is not an admin or owner for any namespaces",user);
}
NSS nss = mapper.newInstance(API.NSS);
// Note: "loadNamespace" already validates view of Namespace
@@ -595,7 +595,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rls.isOK()) {
namespace.admin=rls.value;
}
-
+
rls = func.getOwners(trans, namespace.name, false);
if (rls.isOK()) {
namespace.owner=rls.value;
@@ -619,7 +619,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
if (endsWith==null || urdd.role.endsWith(endsWith)) {
lm.put(namespace.name,namespace);
- } else {
+ } else {
other.put(namespace.name,namespace);
}
}
@@ -636,12 +636,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
@ApiDoc(
- method = GET,
+ method = GET,
path = "/authz/nss/responsible/:id",
params = { "id|string|true" },
expectedCode = 200,
- errorCodes = { 403,404 },
- text = { "Lists all Namespaces where Identity :id is a Responsible Party",
+ errorCodes = { 403,404 },
+ text = { "Lists all Namespaces where Identity :id is a Responsible Party",
"Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)"
}
)
@@ -656,20 +656,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(rn);
}
if (rn.isEmpty()) {
- return Result.err(Status.ERR_NotFound, "[%s] is not an owner for any namespaces",user);
+ return Result.err(Status.ERR_NotFound, "[%s] is not an owner for any namespaces",user);
}
NSS nss = mapper.newInstance(API.NSS);
// Note: "loadNamespace" prevalidates
return mapper.nss(trans, rn.value, nss);
}
-
+
@ApiDoc(
- method = GET,
+ method = GET,
path = "/authz/nss/children/:id",
params = { "id|string|true" },
expectedCode = 200,
- errorCodes = { 403,404 },
- text = { "Lists all Child Namespaces of Namespace :id",
+ errorCodes = { 403,404 },
+ text = { "Lists all Child Namespaces of Namespace :id",
"Note: This is not a cached read"
}
)
@@ -679,14 +679,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("NS", parent).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<NsDAO.Data> rnd = ques.deriveNs(trans, parent);
if (rnd.notOK()) {
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
Set<Namespace> lm = new HashSet<>();
@@ -701,7 +701,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rls.isOK()) {
namespace.admin=rls.value;
}
-
+
rls = func.getOwners(trans, namespace.name, false);
if (rls.isOK()) {
namespace.owner=rls.value;
@@ -718,11 +718,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@ApiDoc(
- method = PUT,
+ method = PUT,
path = "/authz/ns",
params = {},
expectedCode = 200,
- errorCodes = { 403,404,406 },
+ errorCodes = { 403,404,406 },
text = { "Replace the Current Description of a Namespace with a new one"
}
)
@@ -739,11 +739,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Namespace namespace = nsd.value;
Result<List<NsDAO.Data>> rlnd = ques.nsDAO().read(trans, namespace.name);
-
+
if (rlnd.notOKorIsEmpty()) {
return Result.err(Status.ERR_NotFound, "Namespace [%s] does not exist",namespace.name);
}
-
+
if (ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.write).notOK()) {
return Result.err(Status.ERR_Denied, "You do not have approval to change %s",namespace.name);
}
@@ -755,18 +755,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(rdr);
}
}
-
+
/**
* deleteNS
- * @throws DAOException
+ * @throws DAOException
* @see org.onap.aaf.auth.service.AuthzService#deleteNS(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String, java.lang.String)
*/
@ApiDoc(
- method = DELETE,
+ method = DELETE,
path = "/authz/ns/:ns",
params = { "ns|string|true" },
expectedCode = 200,
- errorCodes = { 403,404,424 },
+ errorCodes = { 403,404,424 },
text = { "Delete the Namespace :ns. Namespaces cannot normally be deleted when there ",
"are still credentials associated with them, but they can be deleted by setting ",
"the \"force\" property. To do this: Add 'force=true' as a query parameter",
@@ -783,19 +783,19 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
/***********************************
- * PERM
+ * PERM
***********************************/
/*
* (non-Javadoc)
* @see org.onap.aaf.auth.service.AuthzService#createOrUpdatePerm(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object, boolean, java.lang.String, java.lang.String, java.lang.String, java.util.List, java.util.List)
*/
- @ApiDoc(
- method = POST,
+ @ApiDoc(
+ method = POST,
path = "/authz/perm",
params = {},
expectedCode = 201,
- errorCodes = {403,404,406,409},
+ errorCodes = {403,404,406,409},
text = { "Permission consists of:",
"<ul><li>type - a Namespace qualified identifier specifying what kind of resource "
+ "is being protected</li>",
@@ -806,7 +806,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
)
@Override
- public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) {
+ public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) {
final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);
final ServiceValidator v = new ServiceValidator();
@@ -824,7 +824,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(rlpdd);
}
if(!rlpdd.isEmpty()) {
- return Result.err(Result.ERR_ConflictAlreadyExists,"Permission already exists");
+ return Result.err(Result.ERR_ConflictAlreadyExists,"Permission already exists");
}
RoleDAO.Data rdd = new RoleDAO.Data();
@@ -836,7 +836,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if(rpdd.notOK()) {
return Result.err(rpdd);
}
-
+
CachedRoleDAO roleDAO = ques.roleDAO();
Result<List<RoleDAO.Data>> rlrdd = roleDAO.read(trans, rdd);
if(rlrdd.notOK()) {
@@ -846,14 +846,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
rdd = rlrdd.value.get(0);
}
}
-
+
String eperm = pdd.encode();
rdd.perms(true).add(eperm);
Result<Void> rv = roleDAO.update(trans, rdd);
if(rv.notOK()) {
return rv;
}
-
+
CachedUserRoleDAO urDAO = ques.userRoleDAO();
UserRoleDAO.Data urdd = new UserRoleDAO.Data();
urdd.user = trans.user();
@@ -883,14 +883,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Status.ERR_ConflictAlreadyExists,
"Permission Type exists as a Namespace");
}
-
+
Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, newPd.value,false,
new Mapper.Memo() {
@Override
public String get() {
- return "Create Permission [" +
- newPd.value.fullType() + '|' +
- newPd.value.instance + '|' +
+ return "Create Permission [" +
+ newPd.value.fullType() + '|' +
+ newPd.value.instance + '|' +
newPd.value.action + ']';
}
},
@@ -904,14 +904,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return nsd;
}
});
-
+
Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, newPd.value.ns);
if (nsr.notOKorIsEmpty()) {
return Result.err(nsr);
}
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans,fd.value,
+ Result<String> rfc = func.createFuture(trans,fd.value,
newPd.value.fullType() + '|' + newPd.value.instance + '|' + newPd.value.action,
trans.user(),
nsr.value.get(0),
@@ -933,12 +933,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authz/perms/:type",
params = {"type|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List All Permissions that match the :type element of the key" }
)
@Override
@@ -956,7 +956,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// We don't have instance & action for mayUserView... do we want to loop through all returned here as well as in mapper?
// Result<NsDAO.Data> r;
// if ((r = ques.mayUserViewPerm(trans, trans.user(), permType)).notOK())return Result.err(r);
-
+
PERMS perms = mapper.newInstance(API.PERMS);
if (!rlpd.isEmpty()) {
// Note: Mapper will restrict what can be viewed
@@ -964,15 +964,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
return Result.ok(perms);
}
-
- @ApiDoc(
- method = GET,
+
+ @ApiDoc(
+ method = GET,
path = "/authz/perms/:type/:instance/:action",
params = {"type|string|true",
"instance|string|true",
"action|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List Permissions that match key; :type, :instance and :action" }
)
@Override
@@ -983,7 +983,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
|| v.nullOrBlank("PermAction", action).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<List<PermDAO.Data>> rlpd = ques.getPermsByName(trans, type, instance, action);
if (rlpd.notOK()) {
return Result.err(rlpd);
@@ -997,12 +997,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.ok(perms);
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authz/perms/user/:user",
params = {"user|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List All Permissions that match user :user",
"<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>"}
)
@@ -1018,25 +1018,25 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rlpd.notOK()) {
return Result.err(rlpd);
}
-
+
PERMS perms = mapper.newInstance(API.PERMS);
-
+
if (rlpd.isEmpty()) {
return Result.ok(perms);
}
// Note: Mapper will restrict what can be viewed
// if user is the same as that which is looked up, no filtering is required
- return mapper.perms(trans, rlpd.value,
- perms,
+ return mapper.perms(trans, rlpd.value,
+ perms,
!user.equals(trans.user()));
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authz/perms/user/:user/scope/:scope",
params = {"user|string|true","scope|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List All Permissions that match user :user, filtered by NS (Scope)",
"<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>",
"<p>'scope' must be expressed as NSs separated by ':'</p>"
@@ -1053,26 +1053,26 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rlpd.notOK()) {
return Result.err(rlpd);
}
-
+
PERMS perms = mapper.newInstance(API.PERMS);
-
+
if (rlpd.isEmpty()) {
return Result.ok(perms);
}
// Note: Mapper will restrict what can be viewed
// if user is the same as that which is looked up, no filtering is required
- return mapper.perms(trans, rlpd.value,
- perms,
+ return mapper.perms(trans, rlpd.value,
+ perms,
scopes,
!user.equals(trans.user()));
}
- @ApiDoc(
- method = POST,
+ @ApiDoc(
+ method = POST,
path = "/authz/perms/user/:user",
params = {"user|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List All Permissions that match user :user",
"<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>",
"",
@@ -1100,15 +1100,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("User", user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
//////////////
PermLookup pl = PermLookup.get(trans,ques,user);
Result<List<PermDAO.Data>> rlpd = pl.getPerms(trans.requested(force));
if (rlpd.notOK()) {
return Result.err(rlpd);
}
-
- /*//TODO
+
+ /*//TODO
1) See if allowed to query
2) See if User is allowed
*/
@@ -1150,25 +1150,25 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
out.add(pdd);
}
}
- }
-
+ }
+
perms = mapper.newInstance(API.PERMS);
if (rlpd.isEmpty()) {
return Result.ok(perms);
}
// Note: Mapper will restrict what can be viewed
// if user is the same as that which is looked up, no filtering is required
- return mapper.perms(trans, rlpd.value,
- perms,
+ return mapper.perms(trans, rlpd.value,
+ perms,
!user.equals(trans.user()));
}
-
- @ApiDoc(
- method = GET,
+
+ @ApiDoc(
+ method = GET,
path = "/authz/perms/role/:role",
params = {"role|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List All Permissions that are granted to :role" }
)
@Override
@@ -1198,12 +1198,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.ok(perms);
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authz/perms/ns/:ns",
params = {"ns|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "List All Permissions that are in Namespace :ns" }
)
@Override
@@ -1220,9 +1220,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
-
+
Result<List<PermDAO.Data>> rlpd = ques.permDAO().readNS(trans, ns);
if (rlpd.notOK()) {
return Result.err(rlpd);
@@ -1235,15 +1235,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
return Result.ok(perms);
}
-
- @ApiDoc(
- method = PUT,
+
+ @ApiDoc(
+ method = PUT,
path = "/authz/perm/:type/:instance/:action",
params = {"type|string|true",
"instance|string|true",
"action|string|true"},
expectedCode = 200,
- errorCodes = { 404,406, 409 },
+ errorCodes = { 404,406, 409 },
text = { "Rename the Permission referenced by :type :instance :action, and "
+ "rename (copy/delete) to the Permission described in PermRequest" }
)
@@ -1259,54 +1259,54 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Status.ERR_Denied, "You do not have approval to change Permission [%s.%s|%s|%s]",
newPd.value.ns,newPd.value.type,newPd.value.instance,newPd.value.action);
}
-
+
Result<NsSplit> nss = ques.deriveNsSplit(trans, origType);
- Result<List<PermDAO.Data>> origRlpd = ques.permDAO().read(trans, nss.value.ns, nss.value.name, origInstance, origAction);
-
+ Result<List<PermDAO.Data>> origRlpd = ques.permDAO().read(trans, nss.value.ns, nss.value.name, origInstance, origAction);
+
if (origRlpd.notOKorIsEmpty()) {
- return Result.err(Status.ERR_PermissionNotFound,
+ return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s|%s|%s] does not exist",
origType,origInstance,origAction);
}
-
+
PermDAO.Data origPd = origRlpd.value.get(0);
if (!origPd.ns.equals(newPd.value.ns)) {
return Result.err(Status.ERR_Denied, "Cannot change namespace with rename command. " +
"<new type> must start with [" + origPd.ns + "]");
}
-
- if ( origPd.type.equals(newPd.value.type) &&
- origPd.action.equals(newPd.value.action) &&
+
+ if ( origPd.type.equals(newPd.value.type) &&
+ origPd.action.equals(newPd.value.action) &&
origPd.instance.equals(newPd.value.instance) ) {
return Result.err(Status.ERR_ConflictAlreadyExists, "New Permission must be different than original permission");
}
-
+
Set<String> origRoles = origPd.roles(false);
if (!origRoles.isEmpty()) {
Set<String> roles = newPd.value.roles(true);
for (String role : origPd.roles) {
- roles.add(role);
+ roles.add(role);
}
- }
-
+ }
+
newPd.value.description = origPd.description;
-
+
Result<Void> rv = null;
-
+
rv = func.createPerm(trans, newPd.value, false);
if (rv.isOK()) {
rv = func.deletePerm(trans, origPd, true, false);
}
return rv;
}
-
- @ApiDoc(
- method = PUT,
+
+ @ApiDoc(
+ method = PUT,
path = "/authz/perm",
params = {},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "Add Description Data to Perm" }
)
@Override
@@ -1344,7 +1344,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
@ApiDoc(
method = PUT,
path = "/authz/role/perm",
@@ -1372,18 +1372,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
// Read full set to get CURRENT values
- Result<List<PermDAO.Data>> rcurr = ques.permDAO().read(trans,
- updt.value.ns,
- updt.value.type,
- updt.value.instance,
+ Result<List<PermDAO.Data>> rcurr = ques.permDAO().read(trans,
+ updt.value.ns,
+ updt.value.type,
+ updt.value.instance,
updt.value.action);
-
+
if (rcurr.notOKorIsEmpty()) {
- return Result.err(Status.ERR_PermissionNotFound,
+ return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s.%s|%s|%s] does not exist",
updt.value.ns,updt.value.type,updt.value.instance,updt.value.action);
}
-
+
// Create a set of Update Roles, which are in Internal Format
Set<String> updtRoles = new HashSet<>();
Result<NsSplit> nss;
@@ -1397,11 +1397,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rv = null;
-
+
for (PermDAO.Data curr : rcurr.value) {
Set<String> currRoles = curr.roles(false);
- // must add roles to this perm, and add this perm to each role
- // in the update, but not in the current
+ // must add roles to this perm, and add this perm to each role
+ // in the update, but not in the current
for (String role : updtRoles) {
if (!currRoles.contains(role)) {
Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);
@@ -1437,17 +1437,17 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
}
- }
- }
- return rv==null?Result.ok():rv;
+ }
+ }
+ return rv==null?Result.ok():rv;
}
-
- @ApiDoc(
+
+ @ApiDoc(
method = DELETE,
path = "/authz/perm",
params = {},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "Delete the Permission referenced by PermKey.",
"You cannot normally delete a permission which is still granted to roles,",
"however the \"force\" property allows you to do just that. To do this: Add",
@@ -1469,7 +1469,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist",
perm.ns,perm.type,perm.instance,perm.action );
}
-
+
Result<FutureDAO.Data> fd = mapper.future(trans,PermDAO.TABLE,from,perm,false,
new Mapper.Memo() {
@Override
@@ -1487,36 +1487,36 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return nsd;
}
});
-
+
switch(fd.status) {
case OK:
Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, perm.ns);
if (nsr.notOKorIsEmpty()) {
return Result.err(nsr);
}
-
- Result<String> rfc = func.createFuture(trans, fd.value,
+
+ Result<String> rfc = func.createFuture(trans, fd.value,
perm.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode());
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
return func.deletePerm(trans,perm,trans.requested(force), false);
default:
return Result.err(fd);
- }
- }
-
- @ApiDoc(
+ }
+ }
+
+ @ApiDoc(
method = DELETE,
path = "/authz/perm/:name/:type/:action",
params = {"type|string|true",
"instance|string|true",
"action|string|true"},
expectedCode = 200,
- errorCodes = { 404,406 },
+ errorCodes = { 404,406 },
text = { "Delete the Permission referenced by :type :instance :action",
"You cannot normally delete a permission which is still granted to roles,",
"however the \"force\" property allows you to do just that. To do this: Add",
@@ -1532,7 +1532,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<PermDAO.Data> pd = ques.permFrom(trans, type, instance, action);
if (pd.isOK()) {
return func.deletePerm(trans, pd.value, trans.requested(force), false);
@@ -1542,7 +1542,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
/***********************************
- * ROLE
+ * ROLE
***********************************/
@ApiDoc(
method = POST,
@@ -1586,8 +1586,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
new Mapper.Memo() {
@Override
public String get() {
- return "Create Role [" +
- rd.value.fullName() +
+ return "Create Role [" +
+ rd.value.fullName() +
']';
}
},
@@ -1601,7 +1601,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return nsd;
}
});
-
+
Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, rd.value.ns);
if (nsr.notOKorIsEmpty()) {
return Result.err(nsr);
@@ -1609,13 +1609,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans, fd.value,
+ Result<String> rfc = func.createFuture(trans, fd.value,
role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.C);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "Role [%s.%s] is saved for future processing",
rd.value.ns,
rd.value.name);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -1636,7 +1636,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@ApiDoc(
method = GET,
path = "/authz/roles/:role",
- params = {"role|string|true"},
+ params = {"role|string|true"},
expectedCode = 200,
errorCodes = {404,406},
text = { "List Roles that match :role",
@@ -1649,7 +1649,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("Role", role).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
// Determine if User can ask this question
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
if (rrdd.isOKhasData()) {
@@ -1660,7 +1660,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} else {
return Result.err(rrdd);
}
-
+
// Look up data
int query = role.indexOf('?');
Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query));
@@ -1722,7 +1722,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
params = {"ns|string|true"},
expectedCode = 200,
errorCodes = {404,406},
- text = { "List all Roles for the Namespace :ns",
+ text = { "List all Roles for the Namespace :ns",
"Note: You must have permission to see any given role"
}
)
@@ -1733,15 +1733,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("NS", ns).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
// check if user is allowed to view NS
- Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns);
+ Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns);
if (rnsd.notOK()) {
- return Result.err(rnsd);
+ return Result.err(rnsd);
}
rnsd = ques.mayUser(trans, trans.user(), rnsd.value, Access.read);
if (rnsd.notOK()) {
- return Result.err(rnsd);
+ return Result.err(rnsd);
}
TimeTaken tt = trans.start("MAP Roles by NS to Roles", Env.SUB);
@@ -1773,7 +1773,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
params = {"name|string|true"},
expectedCode = 200,
errorCodes = {404,406},
- text = { "List all Roles for only the Name of Role (without Namespace)",
+ text = { "List all Roles for only the Name of Role (without Namespace)",
"Note: You must have permission to see any given role"
}
)
@@ -1783,7 +1783,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("Name", name).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
// User Mapper to make sure user is allowed to view NS
TimeTaken tt = trans.start("MAP Roles by Name to Roles", Env.SUB);
@@ -1834,7 +1834,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
TimeTaken tt = trans.start("Map Perm Roles Roles", Env.SUB);
try {
ROLES roles = mapper.newInstance(API.ROLES);
@@ -1846,7 +1846,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if ((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) {
return Result.err(res);
}
-
+
Result<List<PermDAO.Data>> pdlr = ques.permDAO().read(trans, pdd);
if (pdlr.isOK())for (PermDAO.Data pd : pdlr.value) {
Result<List<RoleDAO.Data>> rlrd;
@@ -1910,7 +1910,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
@ApiDoc(
method = POST,
path = "/authz/role/perm",
@@ -1918,7 +1918,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
expectedCode = 201,
errorCodes = {403,404,406,409},
text = { "Grant a Permission to a Role",
- "Permission consists of:",
+ "Permission consists of:",
"<ul><li>type - a Namespace qualified identifier specifying what kind of resource "
+ "is being protected</li>",
"<li>instance - a key, possibly multi-dimensional, that identifies a specific "
@@ -1942,7 +1942,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rrd.notOKorIsEmpty()) {
return Result.err(rrd);
}
-
+
// Validate Role and Perm values
final ServiceValidator v = new ServiceValidator();
if (v.perm(rpd.value)
@@ -1955,9 +1955,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rlrd.notOKorIsEmpty()) {
return Result.err(Status.ERR_RoleNotFound, "Role [%s] does not exist", rrd.value.fullName());
}
-
+
// Check Status of Data in DB (does it exist)
- Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, rpd.value.ns,
+ Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, rpd.value.ns,
rpd.value.type, rpd.value.instance, rpd.value.action);
PermDAO.Data createPerm = null; // if not null, create first
if (rlpd.notOKorIsEmpty()) { // Permission doesn't exist
@@ -1966,7 +1966,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
createPerm = rpd.value;
createPerm.roles.clear();
} else {
- return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist",
+ return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist",
rpd.value.ns,rpd.value.type,rpd.value.instance,rpd.value.action);
}
} else {
@@ -1979,7 +1979,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, rpd.value,true, // Allow grants to create Approvals
new Mapper.Memo() {
@Override
@@ -2007,7 +2007,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans,fd.value,
+ Result<String> rfc = func.createFuture(trans,fd.value,
rpd.value.fullPerm(),
trans.user(),
nsr.value.get(0),
@@ -2018,7 +2018,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
rpd.value.type,
rpd.value.instance,
rpd.value.action);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -2033,7 +2033,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
default:
return Result.err(fd);
}
-
+
}
/**
@@ -2071,17 +2071,17 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return delPermFromRole(trans, updt.value,rrd.value, rreq);
}
-
- private Result<Void> delPermFromRole(final AuthzTrans trans, PermDAO.Data pdd, RoleDAO.Data rdd, REQUEST rreq) {
- Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, pdd.ns, pdd.type,
+
+ private Result<Void> delPermFromRole(final AuthzTrans trans, PermDAO.Data pdd, RoleDAO.Data rdd, REQUEST rreq) {
+ Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, pdd.ns, pdd.type,
pdd.instance, pdd.action);
-
+
if (rlpd.notOKorIsEmpty()) {
- return Result.err(Status.ERR_PermissionNotFound,
+ return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s.%s|%s|%s] does not exist",
pdd.ns,pdd.type,pdd.instance,pdd.action);
}
-
+
Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, pdd,true, // allow ungrants requests
new Mapper.Memo() {
@Override
@@ -2106,7 +2106,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans,fd.value,
+ Result<String> rfc = func.createFuture(trans,fd.value,
pdd.fullPerm(),
trans.user(),
nsr.value.get(0),
@@ -2127,7 +2127,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(fd);
}
}
-
+
/*
@ApiDoc(
method = DELETE,
@@ -2148,7 +2148,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rpns.notOKorIsEmpty()) {
return Result.err(rpns);
}
-
+
final Validator v = new ServiceValidator();
if (v.role(role)
.permType(rpns.value.name,rpns.value.parent)
@@ -2157,26 +2157,26 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<Data> rrns = ques.deriveNs(trans, role);
if (rrns.notOKorIsEmpty()) {
return Result.err(rrns);
}
-
+
final Result<List<RoleDAO.Data>> rrd = ques.roleDAO().read(trans, rrns.value.parent, rrns.value.name);
if (rrd.notOKorIsEmpty()) {
return Result.err(rrd);
}
-
+
final Result<List<PermDAO.Data>> rpd = ques.permDAO().read(trans, rpns.value.parent, rpns.value.name, instance, action);
if (rpd.notOKorIsEmpty()) {
return Result.err(rpd);
}
-
+
return delPermFromRole(trans,rpd.value.get(0), rrd.value.get(0), mapper.ungrantRequest(trans, role, type, instance, action));
}
-
+
@ApiDoc(
method = DELETE,
path = "/authz/role/:role",
@@ -2191,7 +2191,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
if (rrdd.isOKhasData()) {
final ServiceValidator v = new ServiceValidator();
- if (v.nullOrBlank(rrdd.value).err()) {
+ if (v.nullOrBlank(rrdd.value).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
return func.deleteRole(trans, rrdd.value, false, false);
@@ -2241,21 +2241,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return nsd;
}
});
-
+
switch(fd.status) {
case OK:
Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, rd.value.ns);
if (nsr.notOKorIsEmpty()) {
return Result.err(nsr);
}
-
- Result<String> rfc = func.createFuture(trans, fd.value,
+
+ Result<String> rfc = func.createFuture(trans, fd.value,
role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "Role Deletion [%s.%s] is saved for future processing",
rd.value.ns,
rd.value.name);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -2267,14 +2267,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
/***********************************
- * CRED
+ * CRED
***********************************/
private class MayCreateCred implements MayChange {
private Result<NsDAO.Data> nsd;
private AuthzTrans trans;
private CredDAO.Data cred;
private Executor exec;
-
+
public MayCreateCred(AuthzTrans trans, CredDAO.Data cred, Executor exec) {
this.trans = trans;
this.cred = cred;
@@ -2291,7 +2291,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
// Check Org Policy
if (trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) {
- return Result.ok();
+ return Result.ok();
} else {
Result<?> rmc = ques.mayUser(trans, trans.user(), nsd.value, Access.write);
if (rmc.isOKhasData()) {
@@ -2365,13 +2365,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
private final long DAY_IN_MILLIS = 24*3600*1000L;
-
- @ApiDoc(
- method = POST,
+
+ @ApiDoc(
+ method = POST,
path = "/authn/cred",
params = {},
expectedCode = 201,
- errorCodes = {403,404,406,409},
+ errorCodes = {403,404,406,409},
text = { "A credential consists of:",
"<ul><li>id - the ID to create within AAF. The domain is in reverse",
"order of Namespace (i.e. Users of Namespace com.att.myapp would be",
@@ -2385,18 +2385,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public Result<Void> createUserCred(final AuthzTrans trans, REQUEST from) {
final String cmdDescription = ("Create User Credential");
TimeTaken tt = trans.start(cmdDescription, Env.SUB);
-
+
try {
Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);
if (rcred.isOKhasData()) {
rcred = ques.userCredSetup(trans, rcred.value);
-
+
final ServiceValidator v = new ServiceValidator();
-
- if (v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations
+
+ if (v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
// 2016-4 Jonathan, New Behavior - If MechID is not registered with Org, deny creation
Identity mechID = null;
@@ -2406,7 +2406,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} catch (Exception e1) {
trans.error().log(e1,rcred.value.id,"cannot be validated at this time");
}
- if (mechID==null || !mechID.isFound()) {
+ if (mechID==null || !mechID.isFound()) {
return Result.err(Status.ERR_Policy,"MechIDs must be registered with %s before provisioning in AAF",org.getName());
}
@@ -2414,11 +2414,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (nsr.notOKorIsEmpty()) {
return Result.err(Status.ERR_NsNotFound,"Cannot provision %s on non-existent Namespace %s",mechID.id(),rcred.value.ns);
}
-
+
boolean firstID = false;
MayChange mc;
-
+
CassExecutor exec = new CassExecutor(trans, func);
Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, rcred.value.id);
if (rlcd.isOKhasData()) {
@@ -2430,21 +2430,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// May not use the same password in the list
// Note: ASPR specifies character differences, but we don't actually store the
// password to validate char differences.
-
+
// byte[] rawCred = rcred.value.type==CredDAO.RAW?null:; return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
if(rcred.value.type==CredDAO.FQI ) {
if(curr.type==CredDAO.FQI) {
return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
}
} else {
-
+
rb = ques.userCredCheck(trans, curr, rcred.value.cred!=null?rcred.value.cred.array():null);
if (rb.notOK()) {
return Result.err(rb);
} else if (rb.value){
return Result.err(Status.ERR_Policy, "Credential content cannot be reused.");
- } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires))
- && curr.type==rcred.value.type
+ } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires))
+ && curr.type==rcred.value.type
) {
// Allow if expiring differential is greater than 1 day (for TEMP)
// Unless expiring in 1 day
@@ -2453,7 +2453,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
}
- }
+ }
} else {
try {
// 2016-04-12 Jonathan If Caller is the Sponsor and is also an Owner of NS, allow without special Perm
@@ -2469,32 +2469,32 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
String reason;
// We can say "ID does not exist" here
if ((reason=org.validate(trans, Policy.CREATE_MECHID, exec, theMechID,trans.user(),otherMechIDs.toString()))!=null) {
- return Result.err(Status.ERR_Denied, reason);
+ return Result.err(Status.ERR_Denied, reason);
}
firstID=true;
} catch (Exception e) {
return Result.err(e);
}
}
-
+
mc = new MayCreateCred(trans, rcred.value, exec);
-
+
final CredDAO.Data cdd = rcred.value;
Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from, rcred.value,false, // may want to enable in future.
new Mapper.Memo() {
@Override
public String get() {
- return cmdDescription + " [" +
- cdd.id + '|'
- + cdd.type + '|'
+ return cmdDescription + " [" +
+ cdd.id + '|'
+ + cdd.type + '|'
+ cdd.expires + ']';
}
},
mc);
-
+
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans, fd.value,
+ Result<String> rfc = func.createFuture(trans, fd.value,
rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,
trans.user(), nsr.value.get(0), FUTURE_OP.C);
if (rfc.isOK()) {
@@ -2502,7 +2502,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
rcred.value.id,
Integer.toString(rcred.value.type),
rcred.value.expires.toString());
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -2512,11 +2512,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
// Admins are not allowed to set first Cred, but Org has already
// said entity MAY create, typically by Permission
- // We can't know which reason they are allowed here, so we
- // have to assume that any with Special Permission would not be
+ // We can't know which reason they are allowed here, so we
+ // have to assume that any with Special Permission would not be
// an Admin.
if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
- return Result.err(Result.ERR_Denied,
+ return Result.err(Result.ERR_Denied,
"Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
} else {
// Allow IDs that AREN'T part of NS with Org Onboarding Permission (see Org object) to create Temp Passwords.
@@ -2527,7 +2527,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} catch (Exception e) {
trans.error().log(e, "While setting expiration to TempPassword");
}
-
+
Result<?>udr = ques.credDAO().create(trans, rcred.value);
if (udr.isOK()) {
return Result.ok();
@@ -2545,12 +2545,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authn/creds/ns/:ns",
params = {"ns|string|true"},
expectedCode = 200,
- errorCodes = {403,404,406},
+ errorCodes = {403,404,406},
text = { "Return all IDs in Namespace :ns"
}
)
@@ -2560,42 +2560,42 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.ns(ns).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
// check if user is allowed to view NS
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
-
+
TimeTaken tt = trans.start("MAP Creds by NS to Creds", Env.SUB);
- try {
+ try {
USERS users = mapper.newInstance(API.USERS);
Result<List<CredDAO.Data>> rlcd = ques.credDAO().readNS(trans, ns);
-
+
if (rlcd.isOK()) {
if (!rlcd.isEmpty()) {
return mapper.cred(rlcd.value, users);
}
- return Result.ok(users);
+ return Result.ok(users);
} else {
return Result.err(rlcd);
}
} finally {
tt.done();
}
-
+
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authn/creds/id/:ns",
params = {"id|string|true"},
expectedCode = 200,
- errorCodes = {403,404,406},
+ errorCodes = {403,404,406},
text = { "Return all IDs in for ID"
,"(because IDs are multiple, due to multiple Expiration Dates)"
}
@@ -2606,59 +2606,59 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("ID",id).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
String ns = Question.domain2ns(id);
// check if user is allowed to view NS
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
-
+
TimeTaken tt = trans.start("MAP Creds by ID to Creds", Env.SUB);
- try {
+ try {
USERS users = mapper.newInstance(API.USERS);
Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, id);
-
+
if (rlcd.isOK()) {
if (!rlcd.isEmpty()) {
return mapper.cred(rlcd.value, users);
}
- return Result.ok(users);
+ return Result.ok(users);
} else {
return Result.err(rlcd);
}
} finally {
tt.done();
}
-
+
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authn/certs/id/:id",
params = {"id|string|true"},
expectedCode = 200,
- errorCodes = {403,404,406},
+ errorCodes = {403,404,406},
text = { "Return Cert Info for ID"
}
)
@Override
public Result<CERTS> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, String id) {
TimeTaken tt = trans.start("Get Cert Info by ID", Env.SUB);
- try {
+ try {
CERTS certs = mapper.newInstance(API.CERTS);
Result<List<CertDAO.Data>> rlcd = ques.certDAO().readID(trans, id);
-
+
if (rlcd.isOK()) {
if (!rlcd.isEmpty()) {
return mapper.cert(rlcd.value, certs);
}
- return Result.ok(certs);
- } else {
+ return Result.ok(certs);
+ } else {
return Result.err(rlcd);
}
} finally {
@@ -2667,12 +2667,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
- @ApiDoc(
- method = PUT,
+ @ApiDoc(
+ method = PUT,
path = "/authn/cred",
params = {},
expectedCode = 200,
- errorCodes = {300,403,404,406},
+ errorCodes = {300,403,404,406},
text = { "Reset a Credential Password. If multiple credentials exist for this",
"ID, you will need to specify which entry you are resetting in the",
"CredRequest object"
@@ -2686,54 +2686,54 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);
if (rcred.isOKhasData()) {
rcred = ques.userCredSetup(trans, rcred.value);
-
+
final ServiceValidator v = new ServiceValidator();
-
- if (v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations
+
+ if (v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, rcred.value.id);
if (rlcd.notOKorIsEmpty()) {
return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
- }
-
+ }
+
MayChange mc = new MayChangeCred(trans, rcred.value,MayChangeCred.RESET);
- Result<?> rmc = mc.mayChange();
+ Result<?> rmc = mc.mayChange();
if (rmc.notOK()) {
return Result.err(rmc);
}
-
+
List<CredDAO.Data> lcdd = filterList(rlcd.value,CredDAO.BASIC_AUTH, CredDAO.BASIC_AUTH_SHA256);
-
+
Result<Integer> ri = selectEntryIfMultiple((CredRequest)from, lcdd, MayChangeCred.RESET);
if (ri.notOK()) {
return Result.err(ri);
}
int entry = ri.value;
-
-
+
+
final CredDAO.Data cred = rcred.value;
-
+
Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from, rcred.value,false,
new Mapper.Memo() {
@Override
public String get() {
- return cmdDescription + " [" +
- cred.id + '|'
- + cred.type + '|'
+ return cmdDescription + " [" +
+ cred.id + '|'
+ + cred.type + '|'
+ cred.expires + ']';
}
},
mc);
-
+
Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, rcred.value.ns);
if (nsr.notOKorIsEmpty()) {
return Result.err(nsr);
}
-
+
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans, fd.value,
+ Result<String> rfc = func.createFuture(trans, fd.value,
rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,
trans.user(), nsr.value.get(0), FUTURE_OP.U);
if (rfc.isOK()) {
@@ -2741,7 +2741,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
rcred.value.id,
Integer.toString(rcred.value.type),
rcred.value.expires.toString());
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -2754,15 +2754,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} else {
exp = Expiration.TempPassword;
}
-
+
Organization org = trans.org();
CredDAO.Data current = rlcd.value.get(entry);
// If user resets password in same day, we will have a primary key conflict, so subtract 1 day
- if (current.expires.equals(rcred.value.expires)
+ if (current.expires.equals(rcred.value.expires)
&& rlcd.value.get(entry).type==rcred.value.type) {
GregorianCalendar gc = org.expiration(null, exp,rcred.value.id);
gc = Chrono.firstMomentOfDay(gc);
- gc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay());
+ gc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay());
rcred.value.expires = new Date(gc.getTimeInMillis() - DAY_IN_MILLIS);
} else {
rcred.value.expires = org.expiration(null,exp).getTime();
@@ -2775,7 +2775,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (udr.isOK()) {
return Result.ok();
}
-
+
return Result.err(udr);
default:
return Result.err(fd);
@@ -2788,12 +2788,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
- @ApiDoc(
- method = PUT,
+ @ApiDoc(
+ method = PUT,
path = "/authn/cred/:days",
params = {"days|string|true"},
expectedCode = 200,
- errorCodes = {300,403,404,406},
+ errorCodes = {300,403,404,406},
text = { "Extend a Credential Expiration Date. The intention of this API is",
"to avoid an outage in PROD due to a Credential expiring before it",
"can be configured correctly. Measures are being put in place ",
@@ -2807,12 +2807,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
Organization org = trans.org();
final ServiceValidator v = new ServiceValidator();
- if (v.notOK(cred).err() ||
+ if (v.notOK(cred).err() ||
v.nullOrBlank(cred.value.id, "Invalid ID").err() ||
v.user(org,cred.value.id).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
try {
String reason;
if ((reason=org.validate(trans, Policy.MAY_EXTEND_CRED_EXPIRES, new CassExecutor(trans,func)))!=null) {
@@ -2823,13 +2823,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
trans.error().log(e, msg="Could not contact Organization for User Validation");
return Result.err(Status.ERR_Denied, msg);
}
-
+
// Get the list of Cred Entries
Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id);
if (rlcd.notOKorIsEmpty()) {
return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
}
-
+
// Only Passwords can be extended
List<CredDAO.Data> lcdd = filterList(rlcd.value,CredDAO.BASIC_AUTH, CredDAO.BASIC_AUTH_SHA256);
@@ -2854,7 +2854,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if(cd.expires.before(found.expires)) {
return Result.err(Result.ERR_BadData,String.format("Credential's expiration date is more than %s days in the future",days));
}
-
+
cred = ques.credDAO().create(trans, cd);
if (cred.isOK()) {
return Result.ok();
@@ -2863,14 +2863,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} finally {
tt.done();
}
- }
+ }
- @ApiDoc(
- method = DELETE,
+ @ApiDoc(
+ method = DELETE,
path = "/authn/cred",
params = {},
expectedCode = 200,
- errorCodes = {300,403,404,406},
+ errorCodes = {300,403,404,406},
text = { "Delete a Credential. If multiple credentials exist for this",
"ID, you will need to specify which entry you are deleting in the",
"CredRequest object."
@@ -2885,11 +2885,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
MayChange mc = new MayChangeCred(trans,cred.value,MayChangeCred.DELETE);
- Result<?> rmc = mc.mayChange();
+ Result<?> rmc = mc.mayChange();
if (rmc.notOK()) {
return Result.err(rmc);
}
-
+
boolean doForce = trans.requested(force);
Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id);
if (rlcd.notOKorIsEmpty()) {
@@ -2903,7 +2903,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
}
boolean isLastCred = rlcd.value.size()==1;
-
+
int entry;
CredRequest cr = (CredRequest)from;
if(isLastCred) {
@@ -2921,7 +2921,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
++fentry;
if(cdd.type == CredDAO.FQI) {
entry = fentry;
- break;
+ break;
}
}
} else {
@@ -2972,26 +2972,26 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
}
-
+
Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false,
() -> "Delete Credential [" +
cred.value.id +
']',
mc);
-
+
Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, cred.value.ns);
if (nsr.notOKorIsEmpty()) {
return Result.err(nsr);
}
-
+
switch(fd.status) {
case OK:
Result<String> rfc = func.createFuture(trans, fd.value, cred.value.id,
trans.user(), nsr.value.get(0), FUTURE_OP.D);
-
+
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -3031,7 +3031,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
default:
return Result.err(fd);
}
-
+
}
/*
@@ -3105,21 +3105,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private String[] buildVariables(List<CredDAO.Data> value) {
String [] vars = new String[value.size()];
CredDAO.Data cdd;
-
+
for (int i = 0; i < value.size(); i++) {
cdd = value.get(i);
vars[i] = cdd.id + TWO_SPACE + Define.getCredType(cdd.type) + TWO_SPACE + Chrono.niceUTCStamp(cdd.expires) + TWO_SPACE + cdd.tag;
}
return vars;
}
-
+
private String selectCredFromList(List<CredDAO.Data> value, String action) {
StringBuilder errMessage = new StringBuilder();
String userPrompt = MayChangeCred.DELETE.equals(action)?
"Select which cred to delete (set force=true to delete all):":
"Select which cred to " + action + ':';
int numSpaces = value.get(0).id.length() - "Id".length();
-
+
errMessage.append(userPrompt + '\n');
errMessage.append(" ID");
for (int i = 0; i < numSpaces; i++) {
@@ -3135,7 +3135,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
errMessage.append("Run same command again with chosen entry as last parameter");
}
return errMessage.toString();
-
+
}
@Override
@@ -3162,12 +3162,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
- @ApiDoc(
- method = POST,
+ @ApiDoc(
+ method = POST,
path = "/authn/validate",
params = {},
expectedCode = 200,
- errorCodes = { 403 },
+ errorCodes = { 403 },
text = { "Validate a Credential given a Credential Structure. This is a more comprehensive validation, can "
+ "do more than BasicAuth as Credential types exp" }
)
@@ -3192,13 +3192,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Status.ERR_Denied,"Bad Basic Auth");
}
-@ApiDoc(
- method = GET,
+@ApiDoc(
+ method = GET,
path = "/authn/basicAuth",
params = {},
expectedCode = 200,
- errorCodes = { 403 },
- text = { "!!!! DEPRECATED without X509 Authentication STOP USING THIS API BY DECEMBER 2017, or use Certificates !!!!\n"
+ errorCodes = { 403 },
+ text = { "!!!! DEPRECATED without X509 Authentication STOP USING THIS API BY DECEMBER 2017, or use Certificates !!!!\n"
+ "Use /authn/validate instead\n"
+ "Note: Validate a Password using BasicAuth Base64 encoded Header. This HTTP/S call is intended as a fast"
+ " User/Password lookup for Security Frameworks, and responds 200 if it passes BasicAuth "
@@ -3209,14 +3209,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
/***********************************
- * USER-ROLE
+ * USER-ROLE
***********************************/
- @ApiDoc(
- method = POST,
+ @ApiDoc(
+ method = POST,
path = "/authz/userRole",
params = {},
expectedCode = 201,
- errorCodes = {403,404,406,409},
+ errorCodes = {403,404,406,409},
text = { "Create a UserRole relationship (add User to Role)",
"A UserRole is an object Representation of membership of a Role for limited time.",
"If a shorter amount of time for Role ownership is required, use the 'End' field.",
@@ -3233,7 +3233,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(urr);
}
final UserRoleDAO.Data userRole = urr.value;
-
+
final ServiceValidator v = new ServiceValidator();
if (v.user_role(trans.user(),userRole).err() ||
v.user(trans.org(), userRole.user).err()) {
@@ -3241,7 +3241,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
-
+
// Check if user can change first
Result<FutureDAO.Data> fd = mapper.future(trans,UserRoleDAO.TABLE,from,urr.value,true, // may request Approvals
() -> "Add User [" + userRole.user + "] to Role [" +
@@ -3261,7 +3261,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return nsd;
}
});
-
+
NsDAO.Data ndd;
if(userRole.role.startsWith(userRole.user)) {
userRole.ns=userRole.user;
@@ -3277,14 +3277,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname,
+ Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname,
userRole.user, ndd, FUTURE_OP.C);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "UserRole [%s - %s.%s] is saved for future processing",
userRole.user,
userRole.ns,
userRole.rname);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -3296,7 +3296,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
/**
* getUserRolesByRole
*/
@@ -3315,7 +3315,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("Role",role).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<RoleDAO.Data> rrdd;
rrdd = RoleDAO.Data.decode(trans,ques,role);
if (rrdd.notOK()) {
@@ -3326,11 +3326,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (ns.notOK()) {
return Result.err(ns);
}
-
- // boolean filter = true;
+
+ // boolean filter = true;
// if (ns.value.isAdmin(trans.user()) || ns.value.isResponsible(trans.user()))
// filter = false;
-
+
// Get list of roles per user, then add to Roles as we go
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByRole(trans, role);
@@ -3339,7 +3339,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
userSet.add(data);
}
}
-
+
@SuppressWarnings("unchecked")
USERROLES users = (USERROLES) mapper.newInstance(API.USER_ROLES);
// Checked for permission
@@ -3364,18 +3364,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.nullOrBlank("User",user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
// Get list of roles per user, then add to Roles as we go
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, user);
- if (rlurd.notOK()) {
+ if (rlurd.notOK()) {
return Result.err(rlurd);
}
-
+
/* Check for
- * 1) is User
+ * 1) is User
* 2) is User's Supervisor
* 3) Has special global access =read permission
- *
+ *
* If none of the 3, then filter results to NSs in which Calling User has Ns.access * read
*/
boolean mustFilter;
@@ -3401,11 +3401,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
mustFilter = true;
}
}
-
+
List<UserRoleDAO.Data> content;
if (mustFilter) {
content = new ArrayList<>(rlurd.value.size()); // avoid multi-memory redos
-
+
for (UserRoleDAO.Data data : rlurd.value) {
ndd.name=data.ns;
Result<Data> mur = ques.mayUser(trans, callingUser, ndd, Access.read);
@@ -3413,7 +3413,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
content.add(data);
}
}
-
+
} else {
content = rlurd.value;
}
@@ -3426,9 +3426,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.ok(users);
}
-
-
-
+
+
+
@ApiDoc(
method = GET,
path = "/authz/userRole/extend/:user/:role",
@@ -3450,18 +3450,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
if (rrdd.notOK()) {
return Result.err(rrdd);
}
-
+
Result<NsDAO.Data> rcr = ques.mayUser(trans, trans.user(), rrdd.value, Access.write);
boolean mayNotChange;
if ((mayNotChange = rcr.notOK()) && !trans.requested(future)) {
return Result.err(rcr);
}
-
+
Result<List<UserRoleDAO.Data>> rr = ques.userRoleDAO().read(trans, user,role);
if (rr.notOK()) {
return Result.err(rr);
@@ -3481,7 +3481,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(e);
}
- Result<String> rfc = func.createFuture(trans, fto,
+ Result<String> rfc = func.createFuture(trans, fto,
userRole.user+'|'+userRole.role, userRole.user, rcr.value, FUTURE_OP.U);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing",
@@ -3497,14 +3497,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Result.ERR_NotFound,"This user and role doesn't exist");
}
- @ApiDoc(
- method = DELETE,
+ @ApiDoc(
+ method = DELETE,
path = "/authz/userRole/:user/:role",
params = { "user|string|true",
"role|string|true"
},
expectedCode = 200,
- errorCodes = {403,404,406},
+ errorCodes = {403,404,406},
text = { "Remove Role :role from User :user."
}
)
@@ -3521,7 +3521,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rrdd.notOK()) {
return Result.err(rrdd);
}
-
+
RoleDAO.Data rdd = rrdd.value;
Result<NsDAO.Data> rns = ques.mayUser(trans, trans.user(), rdd, Access.write);
@@ -3529,7 +3529,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rns.isOKhasData() && Question.OWNER.equals(rdd.name) && ques.countOwner(trans,rdd.ns)<=1) {
return Result.err(Status.ERR_Denied,"You may not delete the last Owner of " + rdd.ns );
}
-
+
if (mayNotChange=rns.notOK()) {
if (!trans.requested(future)) {
return Result.err(rns);
@@ -3551,13 +3551,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
fto.start = now.getTime();
fto.expires = trans.org().expiration(now, Expiration.Future).getTime();
- Result<String> rfc = func.createFuture(trans, fto,
+ Result<String> rfc = func.createFuture(trans, fto,
userRole.user+'|'+userRole.role, userRole.user, rns.value, FUTURE_OP.D);
if (rfc.isOK()) {
- return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing",
+ return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing",
userRole.user,
userRole.role);
- } else {
+ } else {
return Result.err(rfc);
}
} else {
@@ -3565,13 +3565,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authz/userRole/:user/:role",
params = {"user|string|true",
"role|string|true"},
expectedCode = 200,
- errorCodes = {403,404,406},
+ errorCodes = {403,404,406},
text = { "Returns the User (with Expiration date from listed User/Role) if it exists"
}
)
@@ -3584,7 +3584,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// Result<NsDAO.Data> ns = ques.deriveNs(trans, role);
// if (ns.notOK()) return Result.err(ns);
-//
+//
// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);
// May calling user see by virtue of the Role
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
@@ -3593,9 +3593,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
-
+
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readUserInRole(trans, user, role);
if (rlurd.isOK()) {
@@ -3603,20 +3603,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
userSet.add(data);
}
}
-
+
@SuppressWarnings("unchecked")
USERS users = (USERS) mapper.newInstance(API.USERS);
mapper.users(trans, userSet, users);
return Result.ok(users);
}
- @ApiDoc(
- method = GET,
+ @ApiDoc(
+ method = GET,
path = "/authz/users/role/:role",
params = {"user|string|true",
"role|string|true"},
expectedCode = 200,
- errorCodes = {403,404,406},
+ errorCodes = {403,404,406},
text = { "Returns the User (with Expiration date from listed User/Role) if it exists"
}
)
@@ -3629,14 +3629,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
// Result<NsDAO.Data> ns = ques.deriveNs(trans, role);
// if (ns.notOK()) return Result.err(ns);
-//
+//
// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);
// May calling user see by virtue of the Role
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
if (rrdd.notOK()) {
return Result.err(rrdd);
}
-
+
boolean contactOnly = false;
// Allow the request of any valid user to find the contact of the NS (Owner)
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);
@@ -3647,10 +3647,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(rnd);
}
}
-
+
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByRole(trans, role);
- if (rlurd.isOK()) {
+ if (rlurd.isOK()) {
for (UserRoleDAO.Data data : rlurd.value) {
if (contactOnly) { //scrub data
// Can't change actual object, or will mess up the cache.
@@ -3665,7 +3665,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
}
-
+
@SuppressWarnings("unchecked")
USERS users = (USERS) mapper.newInstance(API.USERS);
mapper.users(trans, userSet, users);
@@ -3692,7 +3692,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
final Validator v = new ServiceValidator();
if (v.nullOrBlank("Type",type)
.nullOrBlank("Instance",instance)
- .nullOrBlank("Action",action)
+ .nullOrBlank("Action",action)
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
@@ -3701,25 +3701,25 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (nss.notOK()) {
return Result.err(nss);
}
-
+
Result<List<NsDAO.Data>> nsd = ques.nsDAO().read(trans, nss.value.ns);
if (nsd.notOK()) {
return Result.err(nsd);
}
-
+
boolean allInstance = ASTERIX.equals(instance);
boolean allAction = ASTERIX.equals(action);
- // Get list of roles per Permission,
+ // Get list of roles per Permission,
// Then loop through Roles to get Users
// Note: Use Sets to avoid processing or responding with Duplicates
Set<String> roleUsed = new HashSet<>();
Set<UserRoleDAO.Data> userSet = new HashSet<>();
-
+
if (!nss.isEmpty()) {
Result<List<PermDAO.Data>> rlp = ques.permDAO().readByType(trans, nss.value.ns, nss.value.name);
if (rlp.isOKhasData()) {
for (PermDAO.Data pd : rlp.value) {
- if ((allInstance || pd.instance.equals(instance)) &&
+ if ((allInstance || pd.instance.equals(instance)) &&
(allAction || pd.action.equals(action))) {
if (ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) {
for (String role : pd.roles) {
@@ -3745,10 +3745,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
/***********************************
- * HISTORY
- ***********************************/
+ * HISTORY
+ ***********************************/
@Override
- public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) {
+ public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
if (v.nullOrBlank("User",user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
@@ -3797,12 +3797,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rrdd.notOK()) {
return Result.err(rrdd);
}
-
+
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);
if (rnd.notOK()) {
return Result.err(rnd);
}
- Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, role, "role", yyyymm);
+ Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, role, "role", yyyymm);
if (resp.notOK()) {
return Result.err(resp);
}
@@ -3828,11 +3828,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
}
-
+
if (resp.notOK()) {
return Result.err(resp);
}
@@ -3842,7 +3842,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
- if (v.nullOrBlank("NS",ns).err()) {
+ if (v.nullOrBlank("NS",ns).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
@@ -3852,7 +3852,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, ns, "ns", yyyymm);
@@ -3868,7 +3868,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
ndd.name = FQI.reverseDomain(subject);
Result<Data> rnd = ques.mayUser(trans, trans.user(), ndd, Access.read);
if (rnd.notOK()) {
- return Result.err(rnd);
+ return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, subject, target, yyyymm);
@@ -3879,7 +3879,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
/***********************************
- * DELEGATE
+ * DELEGATE
***********************************/
@Override
public Result<Void> createDelegate(final AuthzTrans trans, REQUEST base) {
@@ -3895,23 +3895,23 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private Result<Void> createOrUpdateDelegate(final AuthzTrans trans, REQUEST base, final Access access) {
final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);
final ServiceValidator v = new ServiceValidator();
- if (v.delegate(trans.org(),rd).err()) {
+ if (v.delegate(trans.org(),rd).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
final DelegateDAO.Data dd = rd.value;
-
+
Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd);
if (access==Access.create && ddr.isOKhasData()) {
return Result.err(Status.ERR_ConflictAlreadyExists, "[%s] already delegates to [%s]", dd.user, ddr.value.get(0).delegate);
- } else if (access!=Access.create && ddr.notOKorIsEmpty()) {
+ } else if (access!=Access.create && ddr.notOKorIsEmpty()) {
return Result.err(Status.ERR_NotFound, "[%s] does not have a Delegate Record to [%s].",dd.user,access.name());
}
Result<Void> rv = ques.mayUser(trans, dd, access);
if (rv.notOK()) {
return rv;
}
-
+
Result<FutureDAO.Data> fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false,
() -> {
StringBuilder sb = new StringBuilder();
@@ -3928,15 +3928,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
() -> {
return Result.ok(); // Validate in code above
});
-
+
switch(fd.status) {
case OK:
- Result<String> rfc = func.createFuture(trans, fd.value,
+ Result<String> rfc = func.createFuture(trans, fd.value,
dd.user, trans.user(),null, access==Access.create?FUTURE_OP.C:FUTURE_OP.U);
- if (rfc.isOK()) {
+ if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "Delegate for [%s]",
dd.user);
- } else {
+ } else {
return Result.err(rfc);
}
case Status.ACC_Now:
@@ -3962,7 +3962,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (v.notOK(rd).nullOrBlank("User", rd.value.user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
Result<List<DelegateDAO.Data>> ddl;
if ((ddl=ques.delegateDAO().read(trans, rd.value)).notOKorIsEmpty()) {
return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");
@@ -3972,7 +3972,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rv.notOK()) {
return rv;
}
-
+
return ques.delegateDAO().delete(trans, dd, false);
}
@@ -3993,10 +3993,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rv.notOK()) {
return rv;
}
-
+
return ques.delegateDAO().delete(trans, dd, false);
}
-
+
@Override
public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@@ -4011,7 +4011,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (rv.notOK()) {
return Result.err(rv);
}
-
+
TimeTaken tt = trans.start("Get delegates for a user", Env.SUB);
Result<List<DelegateDAO.Data>> dbDelgs = ques.delegateDAO().read(trans, user);
@@ -4023,7 +4023,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
} finally {
tt.done();
- }
+ }
}
@Override
@@ -4051,11 +4051,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
} finally {
tt.done();
- }
+ }
}
/***********************************
- * APPROVAL
+ * APPROVAL
***********************************/
private static final String APPR_FMT = "actor=%s, action=%s, operation=\"%s\", requestor=%s, delegator=%s";
@Override
@@ -4070,7 +4070,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
int numProcessed = 0;
String user = trans.user();
-
+
Result<List<ApprovalDAO.Data>> curr;
Lookup<List<ApprovalDAO.Data>> apprByTicket=null;
for (ApprovalDAO.Data updt : rlad.value) {
@@ -4093,14 +4093,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Map<String, Result<List<DelegateDAO.Data>>> delegateCache = new HashMap<>();
Map<UUID, FutureDAO.Data> futureCache = new HashMap<>();
FutureDAO.Data hasDeleted = new FutureDAO.Data();
-
+
for (ApprovalDAO.Data cd : curr.value) {
if ("pending".equals(cd.status)) {
// Check for right record. Need ID, or (Ticket&Trans.User==Appr)
// If Default ID
boolean delegatedAction = ques.isDelegated(trans, user, cd.approver, delegateCache);
String delegator = cd.approver;
- if (updt.id!=null ||
+ if (updt.id!=null ||
(updt.ticket!=null && user.equals(cd.approver)) ||
(updt.ticket!=null && delegatedAction)) {
if (updt.ticket.equals(cd.ticket)) {
@@ -4178,7 +4178,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(Status.ERR_ActionNotCompleted,numProcessed + " out of " + numApprs + " completed");
}
-
+
private static class Changed {
private boolean hasChanged = false;
@@ -4202,7 +4202,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
- if (v.nullOrBlank("User", user).err()) {
+ if (v.nullOrBlank("User", user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
@@ -4217,7 +4217,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket) {
final Validator v = new ServiceValidator();
- if (v.nullOrBlank("Ticket", ticket).err()) {
+ if (v.nullOrBlank("Ticket", ticket).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
UUID uuid;
@@ -4226,7 +4226,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} catch (IllegalArgumentException e) {
return Result.err(Status.ERR_BadData,e.getMessage());
}
-
+
Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO().readByTicket(trans, uuid);
if (rapd.isOK()) {
return mapper.approvals(rapd.value);
@@ -4234,23 +4234,23 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(rapd);
}
}
-
+
@Override
public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver) {
final Validator v = new ServiceValidator();
if (v.nullOrBlank("Approver", approver).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
-
+
List<ApprovalDAO.Data> listRapds = new ArrayList<>();
-
+
Result<List<ApprovalDAO.Data>> myRapd = ques.approvalDAO().readByApprover(trans, approver);
if (myRapd.notOK()) {
return Result.err(myRapd);
}
-
+
listRapds.addAll(myRapd.value);
-
+
Result<List<DelegateDAO.Data>> delegatedFor = ques.delegateDAO().readByDelegate(trans, approver);
if (delegatedFor.isOK()) {
for (DelegateDAO.Data dd : delegatedFor.value) {
@@ -4258,7 +4258,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
String delegator = dd.user;
Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO().readByApprover(trans, delegator);
if (rapd.isOK()) {
- for (ApprovalDAO.Data d : rapd.value) {
+ for (ApprovalDAO.Data d : rapd.value) {
if (!d.user.equals(trans.user())) {
listRapds.add(d);
}
@@ -4267,10 +4267,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
}
-
+
return mapper.approvals(listRapds);
}
-
+
/* (non-Javadoc)
* @see org.onap.aaf.auth.service.AuthzService#clearCache(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String)
*/
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java
index f9f23f46..4a756f26 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -33,31 +33,31 @@ import org.onap.aaf.auth.service.mapper.Mapper;
public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> {
public Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper();
-
+
/***********************************
- * NAMESPACE
+ * NAMESPACE
***********************************/
/**
- *
+ *
* @param trans
* @param user
* @param ns
* @return
- * @throws DAOException
- * @throws
+ * @throws DAOException
+ * @throws
*/
public Result<Void> createNS(AuthzTrans trans, REQUEST request, NsType type);
/**
- *
+ *
* @param trans
* @param ns
* @return
*/
public Result<Void> addAdminNS(AuthzTrans trans, String ns, String id);
-
+
/**
- *
+ *
* @param trans
* @param ns
* @return
@@ -65,7 +65,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> delAdminNS(AuthzTrans trans, String ns, String id);
/**
- *
+ *
* @param trans
* @param ns
* @param id
@@ -74,7 +74,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> addResponsibleNS(AuthzTrans trans, String ns, String id);
/**
- *
+ *
* @param trans
* @param ns
* @param id
@@ -83,7 +83,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> delResponsibleNS(AuthzTrans trans, String ns, String id);
/**
- *
+ *
* @param trans
* @param ns
* @param key
@@ -93,7 +93,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> createNsAttrib(AuthzTrans trans, String ns, String key, String value);
/**
- *
+ *
* @param trans
* @param ns
* @param key
@@ -103,7 +103,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<?> updateNsAttrib(AuthzTrans trans, String ns, String key, String value);
/**
- *
+ *
* @param trans
* @param ns
* @param key
@@ -112,7 +112,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> deleteNsAttrib(AuthzTrans trans, String ns, String key);
/**
- *
+ *
* @param trans
* @param ns
* @param key
@@ -122,23 +122,23 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
/**
- *
+ *
* @param trans
* @param ns
* @return
*/
public Result<NSS> getNSbyName(AuthzTrans trans, String ns, boolean full);
-
+
/**
- *
+ *
* @param trans
* @param user
* @return
*/
public Result<NSS> getNSbyAdmin(AuthzTrans trans, String user, boolean full);
-
+
/**
- *
+ *
* @param trans
* @param user
* @return
@@ -146,7 +146,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<NSS> getNSbyResponsible(AuthzTrans trans, String user, boolean full);
/**
- *
+ *
* @param trans
* @param user
* @return
@@ -154,7 +154,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<NSS> getNSbyEither(AuthzTrans trans, String user, boolean full);
/**
- *
+ *
* @param trans
* @param parent
* @return
@@ -162,15 +162,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<NSS> getNSsChildren(AuthzTrans trans, String parent);
/**
- *
+ *
* @param trans
* @param req
* @return
*/
public Result<Void> updateNsDescription(AuthzTrans trans, REQUEST req);
-
+
/**
- *
+ *
* @param trans
* @param ns
* @param user
@@ -180,29 +180,29 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> deleteNS(AuthzTrans trans, String ns);
/***********************************
- * PERM
+ * PERM
***********************************/
/**
- *
+ *
* @param trans
* @param rreq
* @return
- * @throws DAOException
+ * @throws DAOException
* @throws MappingException
*/
public Result<Void> createPerm(AuthzTrans trans, REQUEST rreq);
-
+
/**
- *
+ *
* @param trans
* @param childPerm
* @return
- * @throws DAOException
+ * @throws DAOException
*/
public Result<PERMS> getPermsByType(AuthzTrans trans, String perm);
-
+
/**
- *
+ *
* @param trans
* @param type
* @param instance
@@ -216,14 +216,14 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
* Gets all the permissions for a user across all the roles it is assigned to
* @param userName
* @return
- * @throws Exception
+ * @throws Exception
* @throws Exception
*/
public Result<PERMS> getPermsByUser(AuthzTrans trans, String userName);
/**
* Gets all the permissions for a user across all the roles it is assigned to, filtered by NS (Scope)
- *
+ *
* @param trans
* @param user
* @param scopes
@@ -234,30 +234,30 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
/**
* Gets all the permissions for a user across all the roles it is assigned to
- *
+ *
* Add AAF Perms representing the "MayUser" calls if
* 1) Allowed
* 2) User has equivalent permission
- *
+ *
* @param userName
* @return
- * @throws Exception
+ * @throws Exception
* @throws Exception
*/
public Result<PERMS> getPermsByUser(AuthzTrans trans, PERMS perms, String userName);
/**
- *
+ *
* Gets all the permissions for a user across all the roles it is assigned to
- *
+ *
* @param roleName
* @return
* @throws Exception
*/
public Result<PERMS> getPermsByRole(AuthzTrans trans, String roleName);
-
+
/**
- *
+ *
* @param trans
* @param ns
* @return
@@ -266,7 +266,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
/**
* rename permission
- *
+ *
* @param trans
* @param rreq
* @param isRename
@@ -276,25 +276,25 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
* @return
*/
public Result<Void> renamePerm(AuthzTrans trans, REQUEST rreq, String origType, String origInstance, String origAction);
-
+
/**
- *
+ *
* @param trans
* @param req
* @return
*/
public Result<Void> updatePermDescription(AuthzTrans trans, REQUEST req);
-
+
/**
- *
+ *
* @param trans
* @param from
* @return
*/
public Result<Void> resetPermRoles(AuthzTrans trans, REQUEST from);
-
+
/**
- *
+ *
* @param trans
* @param from
* @return
@@ -303,7 +303,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> deletePerm(AuthzTrans trans, REQUEST from);
/**
- *
+ *
* @param trans
* @param user
* @param perm
@@ -315,22 +315,22 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
Result<Void> deletePerm(AuthzTrans trans, String perm, String type, String action);
/***********************************
- * ROLE
+ * ROLE
***********************************/
/**
- *
+ *
* @param trans
* @param user
* @param role
* @param approvers
* @return
- * @throws DAOException
+ * @throws DAOException
* @throws Exception
*/
public Result<Void> createRole(AuthzTrans trans, REQUEST req);
/**
- *
+ *
* @param trans
* @param role
* @return
@@ -338,16 +338,16 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<ROLES> getRolesByName(AuthzTrans trans, String role);
/**
- *
+ *
* @param trans
* @param user
* @return
- * @throws DAOException
+ * @throws DAOException
*/
public Result<ROLES> getRolesByUser(AuthzTrans trans, String user);
/**
- *
+ *
* @param trans
* @param user
* @return
@@ -355,7 +355,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<ROLES> getRolesByNS(AuthzTrans trans, String user);
/**
- *
+ *
* @param trans
* @param name
* @return
@@ -363,7 +363,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<ROLES> getRolesByNameOnly(AuthzTrans trans, String name);
/**
- *
+ *
* @param trans
* @param type
* @param instance
@@ -373,25 +373,25 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action);
/**
- *
+ *
* @param trans
* @param req
* @return
*/
public Result<Void> updateRoleDescription(AuthzTrans trans, REQUEST req);
-
+
/**
- *
+ *
* @param trans
* @param rreq
* @return
* @throws DAOException
*/
public Result<Void> addPermToRole(AuthzTrans trans, REQUEST rreq);
-
-
+
+
/**
- *
+ *
* @param trans
* @param rreq
* @return
@@ -411,18 +411,18 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> delPermFromRole(AuthzTrans trans, String role, String type, String instance, String action);
/**
- *
+ *
* @param trans
* @param user
* @param role
* @return
- * @throws DAOException
- * @throws MappingException
+ * @throws DAOException
+ * @throws MappingException
*/
public Result<Void> deleteRole(AuthzTrans trans, String role);
/**
- *
+ *
* @param trans
* @param req
* @return
@@ -430,11 +430,11 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> deleteRole(AuthzTrans trans, REQUEST req);
/***********************************
- * CRED
+ * CRED
***********************************/
/**
- *
+ *
* @param trans
* @param from
* @return
@@ -442,7 +442,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
Result<Void> createUserCred(AuthzTrans trans, REQUEST from);
/**
- *
+ *
* @param trans
* @param from
* @return
@@ -450,7 +450,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
Result<Void> resetUserCred(AuthzTrans trans, REQUEST from);
/**
- *
+ *
* @param trans
* @param from
* @param days
@@ -459,15 +459,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
Result<Void> extendUserCred(AuthzTrans trans, REQUEST from, String days);
/**
- *
+ *
* @param trans
* @param ns
* @return
*/
public Result<USERS> getCredsByNS(AuthzTrans trans, String ns);
-
+
/**
- *
+ *
* @param trans
* @param id
* @return
@@ -475,7 +475,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<USERS> getCredsByID(AuthzTrans trans, String id);
/**
- *
+ *
* @param trans
* @param req
* @param id
@@ -484,15 +484,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<CERTS> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, String id);
/**
- *
+ *
* @param trans
* @param credReq
* @return
*/
public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST credReq);
-
+
/**
- *
+ *
* @param trans
* @param user
* @return
@@ -501,15 +501,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Date> doesCredentialMatch(AuthzTrans trans, REQUEST credReq);
/**
- *
+ *
* @param trans
* @param basicAuth
* @return
*/
public Result<Date> validateBasicAuth(AuthzTrans trans, String basicAuth);
-
+
/**
- *
+ *
* @param trans
* @param role
* @return
@@ -517,7 +517,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<USERS> getUsersByRole(AuthzTrans trans, String role);
/**
- *
+ *
* @param trans
* @param role
* @return
@@ -525,7 +525,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<USERS> getUserInRole(AuthzTrans trans, String user, String role);
/**
- *
+ *
* @param trans
* @param type
* @param instance
@@ -533,15 +533,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
* @return
*/
public Result<USERS> getUsersByPermission(AuthzTrans trans,String type, String instance, String action);
-
-
+
+
/***********************************
- * USER-ROLE
+ * USER-ROLE
***********************************/
/**
- *
+ *
* @param trans
* @param user
* @param request
@@ -551,7 +551,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> createUserRole(AuthzTrans trans, REQUEST request);
/**
- *
+ *
* @param trans
* @param role
* @return
@@ -559,7 +559,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<USERROLES> getUserRolesByRole(AuthzTrans trans, String role);
/**
- *
+ *
* @param trans
* @param role
* @return
@@ -570,9 +570,9 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
* Note: Removed "resetRolesForUsers" because it was too dangerous, and
* removed "resetUsersForRoles" because it was being misused.
*/
-
+
/**
- *
+ *
* @param trans
* @param user
* @param role
@@ -582,23 +582,23 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
String role);
/**
- *
+ *
* @param trans
* @param user
* @param usr
* @param role
* @return
- * @throws DAOException
+ * @throws DAOException
*/
public Result<Void> deleteUserRole(AuthzTrans trans, String usr, String role);
/***********************************
- * HISTORY
- ***********************************/
+ * HISTORY
+ ***********************************/
/**
- *
+ *
* @param trans
* @param user
* @param yyyymm
@@ -607,7 +607,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<HISTORY> getHistoryByUser(AuthzTrans trans, String user, int[] yyyymm, int sort);
/**
- *
+ *
* @param trans
* @param subj
* @param yyyymm
@@ -617,7 +617,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<HISTORY> getHistoryByRole(AuthzTrans trans, String subj, int[] yyyymm, int sort);
/**
- *
+ *
* @param trans
* @param subj
* @param yyyymm
@@ -627,7 +627,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<HISTORY> getHistoryByPerm(AuthzTrans trans, String subj, int[] yyyymm, int sort);
/**
- *
+ *
* @param trans
* @param subj
* @param yyyymm
@@ -637,7 +637,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String subj, int[] yyyymm, int sort);
/**
- *
+ *
* @param trans
* @param target
* @param yyyymm
@@ -647,28 +647,28 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, int sort);
/***********************************
- * DELEGATE
+ * DELEGATE
***********************************/
/**
- *
+ *
* @param trans
* @param delegates
* @return
* @throws Exception
*/
public Result<Void> createDelegate(AuthzTrans trans, REQUEST reqDelegate);
-
+
/**
- *
+ *
* @param trans
* @param delegates
* @return
* @throws Exception
*/
public Result<Void> updateDelegate(AuthzTrans trans, REQUEST reqDelegate);
-
+
/**
- *
+ *
* @param trans
* @param userName
* @param delegate
@@ -676,9 +676,9 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
* @throws Exception
*/
public Result<Void> deleteDelegate(AuthzTrans trans, REQUEST reqDelegate);
-
+
/**
- *
+ *
* @param trans
* @param userName
* @return
@@ -686,17 +686,17 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> deleteDelegate(AuthzTrans trans, String userName);
/**
- *
+ *
* @param trans
* @param user
* @return
* @throws Exception
*/
public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user);
-
+
/**
- *
+ *
* @param trans
* @param delegate
* @return
@@ -704,10 +704,10 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<DELGS> getDelegatesByDelegate(AuthzTrans trans, String delegate);
/***********************************
- * APPROVAL
+ * APPROVAL
***********************************/
/**
- *
+ *
* @param trans
* @param user
* @param approver
@@ -717,7 +717,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> updateApproval(AuthzTrans trans, APPROVALS approvals);
/**
- *
+ *
* @param trans
* @param user
* @return
@@ -725,7 +725,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user);
/**
- *
+ *
* @param trans
* @param ticket
* @return
@@ -733,7 +733,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket);
/**
- *
+ *
* @param trans
* @param approver
* @return
@@ -741,7 +741,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver);
/**
- *
+ *
* @param trans
* @param cname
* @return
@@ -749,7 +749,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> cacheClear(AuthzTrans trans, String cname);
/**
- *
+ *
* @param trans
* @param cname
* @param segment
@@ -758,7 +758,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT
public Result<Void> cacheClear(AuthzTrans trans, String cname, int[] segment);
/**
- *
+ *
* @param trans
*/
public void dbReset(AuthzTrans trans);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java
index ac799f4e..e2cf5e5a 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -32,7 +32,7 @@ public abstract class Code extends HttpCode<AuthzTrans, AuthzFacade> implements
super(facade, description, roles);
this.useJSON = useJSON;
}
-
+
public <D extends Code> D clone(AuthzFacade facade, boolean useJSON) throws Exception {
@SuppressWarnings("unchecked")
D d = (D)clone();
@@ -40,5 +40,5 @@ public abstract class Code extends HttpCode<AuthzTrans, AuthzFacade> implements
d.context = facade;
return d;
}
-
+
} \ No newline at end of file
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java
index a1ceb75a..7279a14e 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -24,7 +24,7 @@ package org.onap.aaf.auth.service;
import org.onap.aaf.auth.layer.Result;
/**
- * There are several ways to determine if
+ * There are several ways to determine if
* @author Jonathan
*
*/
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java
index 70d131a5..4410d7b7 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -42,10 +42,10 @@ import org.onap.aaf.cadi.Symm;
public class API_Api {
// Hide Public Constructor
private API_Api() {}
-
+
/**
* Normal Init level APIs
- *
+ *
* @param authzAPI
* @param facade
* @throws Exception
@@ -74,7 +74,7 @@ public class API_Api {
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
String pathInfo = req.getPathInfo();
int question = pathInfo.lastIndexOf('?');
-
+
pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/"
String nameOrContextType=Symm.base64noSplit.decode(pathInfo);
Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType,
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java
index 7c74be1b..77c460ce 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -38,7 +38,7 @@ import org.onap.aaf.auth.service.mapper.Mapper.API;
public class API_Approval {
// Hide Public Constructor
private API_Approval() {}
-
+
public static void init(AAF_Service authzAPI, AuthzFacade facade) throws Exception {
/**
@@ -50,11 +50,11 @@ public class API_Approval {
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.getApprovalsByUser(trans, resp, pathParam(req,"user"));
if (r.isOK()) {
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
/**
@@ -68,8 +68,8 @@ public class API_Approval {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
/**
@@ -83,8 +83,8 @@ public class API_Approval {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
@@ -99,8 +99,8 @@ public class API_Approval {
resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
}
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
index fbc1baa2..c23471a0 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -61,25 +61,25 @@ public class API_Creds {
// needed to validate Creds even when already Authenticated x509
/**
* TIME SENSITIVE APIs
- *
+ *
* These will be first in the list
- *
+ *
* @param env
* @param authzAPI
* @param facade
- * @param directAAFUserPass
+ * @param directAAFUserPass
* @throws Exception
*/
public static void timeSensitiveInit(Env env, AAF_Service authzAPI, AuthzFacade facade, final DirectAAFUserPass directAAFUserPass) throws Exception {
/**
* Basic Auth, quick Validation
- *
+ *
* Responds OK or NotAuthorized
*/
authzAPI.route(env, HttpMethods.GET, "/authn/basicAuth", new Code(facade,"Is given BasicAuth valid?",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
@@ -92,7 +92,7 @@ public class API_Creds {
// have to check Basic Auth here, because it might be CSP.
String authz = req.getHeader("Authorization");
if (authz.startsWith("Basic ")) {
- BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf();
+ BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf();
if (bht!=null) {
BasicPrincipal bp = new BasicPrincipal(authz,"");
CredVal cv = bht.getCredVal(bp.getDomain());
@@ -109,8 +109,8 @@ public class API_Creds {
TimeTaken tt = trans.start("Direct Validation", Env.REMOTE);
try {
if (directAAFUserPass.validate(
- decoded.substring(0,colon),
- CredVal.Type.PASSWORD ,
+ decoded.substring(0,colon),
+ CredVal.Type.PASSWORD ,
decoded.substring(colon+1).getBytes(),trans)) {
resp.setStatus(HttpStatus.OK_200);
} else {
@@ -133,58 +133,58 @@ public class API_Creds {
}
}
},"text/plain","*/*","*");
-
- /**
+
+ /**
* returns whether a given Credential is valid
*/
authzAPI.route(POST, "/authn/validate", API.CRED_REQ, new Code(facade,"Is given Credential valid?",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
// will be a valid Entity. Do we need to add permission
- //if(trans.fish("ns","password","request")) or the like
+ //if(trans.fish("ns","password","request")) or the like
Result<Date> r = context.doesCredentialMatch(trans, req, resp);
if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
// Can't do "401", because that is on the call itself
- // 403 Implies you MAY NOT Ask.
+ // 403 Implies you MAY NOT Ask.
resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406);
}
}
- });
+ });
- /**
+ /**
* returns whether a given Credential is valid
*/
authzAPI.route(GET, "/authn/cert/id/:id", API.CERTS, new Code(facade,"Get Cert Info by ID",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getCertInfoByID(trans, req, resp, pathParam(req,":id") );
if (r.isOK()) {
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
} else {
// For Security, we don't give any info out on why failed, other than forbidden
resp.setStatus(HttpStatus.FORBIDDEN_403);
}
}
- });
+ });
}
-
+
/**
* Normal Init level APIs
- *
+ *
* @param authzAPI
* @param facade
* @throws Exception
@@ -195,7 +195,7 @@ public class API_Creds {
*/
authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) {
@Override
- public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Result<Void> r = context.createUserCred(trans, req);
if (r.isOK()) {
resp.setStatus(HttpStatus.CREATED_201);
@@ -204,40 +204,40 @@ public class API_Creds {
}
}
});
-
- /**
+
+ /**
* gets all credentials by Namespace
*/
authzAPI.route(GET, "/authn/creds/ns/:ns", API.USERS, new Code(facade,"Get Creds for a Namespace",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getCredsByNS(trans, resp, pathParam(req, "ns"));
if (r.isOK()) {
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
}
}
});
-
- /**
+
+ /**
* gets all credentials by ID
*/
authzAPI.route(GET, "/authn/creds/id/:id", API.USERS, new Code(facade,"Get Creds by ID",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getCredsByID(trans, resp, pathParam(req, "id"));
if (r.isOK()) {
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
} else {
context.error(trans,resp,r);
}
@@ -252,7 +252,7 @@ public class API_Creds {
authzAPI.route(PUT,"/authn/cred",API.CRED_REQ,new Code(facade,"Update an ID/Credential", true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.changeUserCred(trans, req);
if (r.isOK()) {
resp.setStatus(HttpStatus.OK_200);
@@ -266,7 +266,7 @@ public class API_Creds {
* Extend ID/Credential
* This behavior will accelerate getting out of P1 outages due to ignoring renewal requests, or
* other expiration issues.
- *
+ *
* Scenario is that people who are solving Password problems at night, are not necessarily those who
* know what the passwords are supposed to be. Also, changing Password, without changing Configurations
* using that password only exacerbates the P1 Issue.
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java
index ec1824b1..6ad62f28 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -50,14 +50,14 @@ public class API_Delegate {
Result<Void> r = context.createDelegate(trans, req, resp);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
default:
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
-
+
/**
* Update a delegate
*/
@@ -68,14 +68,14 @@ public class API_Delegate {
Result<Void> r = context.updateDelegate(trans, req, resp);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
-
+
/**
* DELETE delegates for a user
*/
@@ -86,14 +86,14 @@ public class API_Delegate {
Result<Void> r = context.deleteDelegate(trans, req, resp);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
-
+
/**
* DELETE a delegate
*/
@@ -104,14 +104,14 @@ public class API_Delegate {
Result<Void> r = context.deleteDelegate(trans, pathParam(req, "user_name"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
-
+
/**
* Read who is delegating for User
*/
@@ -122,12 +122,12 @@ public class API_Delegate {
Result<Void> r = context.getDelegatesByUser(trans, pathParam(req, "user"), resp);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
/**
@@ -140,12 +140,12 @@ public class API_Delegate {
Result<Void> r = context.getDelegatesByDelegate(trans, pathParam(req, "delegate"), resp);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
- }
- }
+ }
+ }
});
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java
index ce730cec..341719c3 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -44,20 +44,20 @@ import org.onap.aaf.auth.service.mapper.Mapper.API;
/**
* Pull certain types of History Info
- *
- * Specify yyyymm as
+ *
+ * Specify yyyymm as
* single - 201504
* commas 201503,201504
* ranges 201501-201504
* combinations 201301,201401,201501-201504
- *
+ *
* @author Jonathan
*
*/
public class API_History {
/**
* Normal Init level APIs
- *
+ *
* @param authzAPI
* @param facade
* @throws Exception
@@ -82,7 +82,7 @@ public class API_History {
Result<Void> r = context.getHistoryByUser(trans, resp, pathParam(req,":user"),years,descend);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -105,11 +105,11 @@ public class API_History {
context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));
return;
}
-
+
Result<Void> r = context.getHistoryByNS(trans, resp, pathParam(req,":ns"),years,descend);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -136,7 +136,7 @@ public class API_History {
Result<Void> r = context.getHistoryByRole(trans, resp, pathParam(req,":role"),years,descend);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -159,20 +159,20 @@ public class API_History {
context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));
return;
}
-
+
Result<Void> r = context.getHistoryByPerm(trans, resp, pathParam(req,":type"),years,descend);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
- * Get History by Subject
+ * Get History by Subject
*/
authzAPI.route(GET,"/authz/hist/subject/:type/:subject",API.HISTORY,new Code(facade,"Get History by Perm Type", true) {
@Override
@@ -186,11 +186,11 @@ public class API_History {
context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage()));
return;
}
-
+
Result<Void> r = context.getHistoryBySubject(trans, resp, pathParam(req,":type"), pathParam(req,":subject"),years,descend);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -205,9 +205,9 @@ public class API_History {
if ("true".equalsIgnoreCase(req.getParameter("asc")))return 1;
return 0;
}
-
+
// Get Common "yyyymm" parameter, or none
-
+
private static int[] getYears(HttpServletRequest req) throws NumberFormatException {
// Sonar says threading issues.
SimpleDateFormat FMT = new SimpleDateFormat("yyyyMM");
@@ -237,8 +237,8 @@ public class API_History {
GregorianCalendar gc = new GregorianCalendar();
gc.set(GregorianCalendar.MONTH, Integer.parseInt(range[1].substring(4,6))-1);
gc.set(GregorianCalendar.YEAR, Integer.parseInt(range[1].substring(0,4)));
- int end = getNum(FMT.format(gc.getTime()));
-
+ int end = getNum(FMT.format(gc.getTime()));
+
gc.set(GregorianCalendar.MONTH, Integer.parseInt(range[0].substring(4,6))-1);
gc.set(GregorianCalendar.YEAR, Integer.parseInt(range[0].substring(0,4)));
for (int i=getNum(FMT.format(gc.getTime()));i<=end;gc.add(GregorianCalendar.MONTH, 1),i=getNum(FMT.format(gc.getTime()))) {
@@ -258,7 +258,7 @@ public class API_History {
}
return ym;
}
-
+
private static int getNum(String n) {
if (n==null || n.length()!=6) throw new NumberFormatException(n + " is not in YYYYMM format");
return Integer.parseInt(n);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java
index d99e1ada..d79ab589 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -56,7 +56,7 @@ public class API_Mgmt {
/**
* Normal Init level APIs
- *
+ *
* @param authzAPI
* @param facade
* @throws Exception
@@ -73,14 +73,14 @@ public class API_Mgmt {
switch(r.status) {
case OK:
trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
* Clear Cache
*/
@@ -94,7 +94,7 @@ public class API_Mgmt {
case OK:
trans.audit().log("Cache " + area + " has been cleared by "+trans.user());
trans.checkpoint(SUCCESS,Trans.ALWAYS);
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -127,7 +127,7 @@ public class API_Mgmt {
});
/**
- * Deny an IP
+ * Deny an IP
*/
authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) {
@Override
@@ -140,17 +140,17 @@ public class API_Mgmt {
resp.setStatus(HttpStatus.CREATED_201);
} else {
- context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
ip + " is already being denied"));
}
} else {
trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
trans.getUserPrincipal().getName() + " is not allowed to set IP Denial"));
}
}
});
-
+
/**
* Stop Denying an IP
*/
@@ -164,19 +164,19 @@ public class API_Mgmt {
trans.checkpoint(SUCCESS,Trans.ALWAYS);
resp.setStatus(HttpStatus.OK_200);
} else {
- context.error(trans,resp,Result.err(Status.ERR_NotFound,
+ context.error(trans,resp,Result.err(Status.ERR_NotFound,
ip + " is not on the denial list"));
}
} else {
trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial"));
}
}
});
/**
- * Deny an ID
+ * Deny an ID
*/
authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) {
@Override
@@ -188,17 +188,17 @@ public class API_Mgmt {
trans.checkpoint(SUCCESS,Trans.ALWAYS);
resp.setStatus(HttpStatus.CREATED_201);
} else {
- context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
id + " is already being denied"));
}
} else {
trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
trans.getUserPrincipal().getName() + " is not allowed to set ID Denial"));
}
}
});
-
+
/**
* Stop Denying an ID
*/
@@ -212,19 +212,19 @@ public class API_Mgmt {
trans.checkpoint(SUCCESS,Trans.ALWAYS);
resp.setStatus(HttpStatus.OK_200);
} else {
- context.error(trans,resp,Result.err(Status.ERR_NotFound,
+ context.error(trans,resp,Result.err(Status.ERR_NotFound,
id + " is not on the denial list"));
}
} else {
trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial"));
}
}
});
/**
- * Deny an ID
+ * Deny an ID
*/
authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) {
@Override
@@ -236,17 +236,17 @@ public class API_Mgmt {
trans.checkpoint(SUCCESS,Trans.ALWAYS);
resp.setStatus(HttpStatus.CREATED_201);
} else {
- context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
+ context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists,
id + " is already being special Logged"));
}
} else {
trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging"));
}
}
});
-
+
/**
* Stop Denying an ID
*/
@@ -260,12 +260,12 @@ public class API_Mgmt {
trans.checkpoint(SUCCESS,Trans.ALWAYS);
resp.setStatus(HttpStatus.OK_200);
} else {
- context.error(trans,resp,Result.err(Status.ERR_NotFound,
+ context.error(trans,resp,Result.err(Status.ERR_NotFound,
id + " is not on the special Logging list"));
}
} else {
trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization");
- context.error(trans,resp,Result.err(Status.ERR_Denied,
+ context.error(trans,resp,Result.err(Status.ERR_Denied,
trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging"));
}
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java
index 45bc9d0f..0f73a03a 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -39,20 +39,20 @@ import org.onap.aaf.auth.service.mapper.Mapper.API;
public class API_Multi {
public static void init(AAF_Service authzAPI, AuthzFacade facade) throws Exception {
-
+
authzAPI.route(POST,"/authz/multi",API.VOID, new Code(facade,"Multiple Request API",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.addResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
case Status.ACC_Future:
- resp.setStatus(HttpStatus.ACCEPTED_202);
+ resp.setStatus(HttpStatus.ACCEPTED_202);
break;
default:
context.error(trans,resp,r);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java
index b06e3651..420beed5 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -47,24 +47,24 @@ public class API_NS {
public static void init(AAF_Service authzAPI, AuthzFacade facade) throws Exception {
/**
* puts a new Namespace in Authz DB
- *
+ *
* TESTCASES: TC_NS1, TC_NSdelete1
*/
authzAPI.route(POST,"/authz/ns",API.NS_REQ, new Code(facade,"Create a Namespace",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
NsType nst = NsType.fromString(req.getParameter("type"));
Result<Void> r = context.requestNS(trans, req, resp,nst);
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
case Status.ACC_Future:
- resp.setStatus(HttpStatus.ACCEPTED_202);
+ resp.setStatus(HttpStatus.ACCEPTED_202);
break;
default:
context.error(trans,resp,r);
@@ -72,22 +72,22 @@ public class API_NS {
}
}
);
-
+
/**
* removes a Namespace from Authz DB
- *
+ *
* TESTCASES: TC_NS1, TC_NSdelete1
*/
authzAPI.route(DELETE,"/authz/ns/:ns",API.VOID, new Code(facade,"Delete a Namespace",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.deleteNS(trans, req, resp, pathParam(req,":ns"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -98,22 +98,22 @@ public class API_NS {
/**
* Add an Admin in NS in Authz DB
- *
+ *
* TESTCASES: TC_NS1
*/
authzAPI.route(POST,"/authz/ns/:ns/admin/:id",API.VOID, new Code(facade,"Add an Admin to a Namespace",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.addAdminToNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
case Status.ACC_Future:
- resp.setStatus(HttpStatus.ACCEPTED_202);
+ resp.setStatus(HttpStatus.ACCEPTED_202);
break;
default:
context.error(trans,resp,r);
@@ -121,22 +121,22 @@ public class API_NS {
}
}
);
-
+
/**
* Removes an Admin from Namespace in Authz DB
- *
+ *
* TESTCASES: TC_NS1
*/
authzAPI.route(DELETE,"/authz/ns/:ns/admin/:id",API.VOID, new Code(facade,"Remove an Admin from a Namespace",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.delAdminFromNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -147,22 +147,22 @@ public class API_NS {
/**
* Add an Admin in NS in Authz DB
- *
+ *
* TESTCASES: TC_NS1
*/
authzAPI.route(POST,"/authz/ns/:ns/responsible/:id",API.VOID, new Code(facade,"Add a Responsible Identity to a Namespace",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.addResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
case Status.ACC_Future:
- resp.setStatus(HttpStatus.ACCEPTED_202);
+ resp.setStatus(HttpStatus.ACCEPTED_202);
break;
default:
context.error(trans,resp,r);
@@ -173,39 +173,39 @@ public class API_NS {
/**
- *
+ *
*/
authzAPI.route(GET,"/authz/nss/:id",API.NSS, new Code(facade,"Return Information about Namespaces", true) {
@Override
public void handle(
- AuthzTrans trans,
- HttpServletRequest req,
+ AuthzTrans trans,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getNSsByName(trans, resp, pathParam(req,":id"),TRUE.equals(req.getParameter(FULL)));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
}
- );
-
+ );
+
/**
* Get all Namespaces where user is an admin
*/
authzAPI.route(GET,"/authz/nss/admin/:user",API.NSS, new Code(facade,"Return Namespaces where User is an Admin", true) {
@Override
public void handle(
- AuthzTrans trans,
- HttpServletRequest req,
+ AuthzTrans trans,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getNSsByAdmin(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL)));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -213,20 +213,20 @@ public class API_NS {
}
}
);
-
+
/**
* Get all Namespaces where user is a responsible party
*/
authzAPI.route(GET,"/authz/nss/responsible/:user",API.NSS, new Code(facade,"Return Namespaces where User is Responsible", true) {
@Override
public void handle(
- AuthzTrans trans,
- HttpServletRequest req,
+ AuthzTrans trans,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getNSsByResponsible(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL)));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -241,13 +241,13 @@ public class API_NS {
authzAPI.route(GET,"/authz/nss/either/:user",API.NSS, new Code(facade,"Return Namespaces where User Admin or Owner", true) {
@Override
public void handle(
- AuthzTrans trans,
- HttpServletRequest req,
+ AuthzTrans trans,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getNSsByEither(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL)));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -262,13 +262,13 @@ public class API_NS {
authzAPI.route(GET,"/authz/nss/children/:id",API.NSS, new Code(facade,"Return Child Namespaces", true) {
@Override
public void handle(
- AuthzTrans trans,
- HttpServletRequest req,
+ AuthzTrans trans,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getNSsChildren(trans, resp, pathParam(req,":id"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -283,36 +283,36 @@ public class API_NS {
authzAPI.route(PUT,"/authz/ns",API.NS_REQ,new Code(facade,"Set a Description for a Namespace",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.updateNsDescription(trans, req, resp);
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
- });
-
+ });
+
/**
* Removes an Owner from Namespace in Authz DB
- *
+ *
* TESTCASES: TC_NS1
*/
authzAPI.route(DELETE,"/authz/ns/:ns/responsible/:id",API.VOID, new Code(facade,"Remove a Responsible Identity from Namespace",true) {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.delResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -324,13 +324,13 @@ public class API_NS {
authzAPI.route(POST,"/authz/ns/:ns/attrib/:key/:value",API.VOID, new Code(facade,"Add an Attribute from a Namespace",true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r = context.createAttribForNS(trans, resp,
- pathParam(req,":ns"),
+ Result<Void> r = context.createAttribForNS(trans, resp,
+ pathParam(req,":ns"),
pathParam(req,":key"),
pathParam(req,":value"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
default:
context.error(trans,resp,r);
@@ -345,7 +345,7 @@ public class API_NS {
Result<Void> r = context.readNsByAttrib(trans, resp, pathParam(req,":key"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -357,13 +357,13 @@ public class API_NS {
authzAPI.route(PUT,"/authz/ns/:ns/attrib/:key/:value",API.VOID, new Code(facade,"update an Attribute from a Namespace",true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r = context.updAttribForNS(trans, resp,
- pathParam(req,":ns"),
+ Result<Void> r = context.updAttribForNS(trans, resp,
+ pathParam(req,":ns"),
pathParam(req,":key"),
pathParam(req,":value"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -371,16 +371,16 @@ public class API_NS {
}
}
);
-
+
authzAPI.route(DELETE,"/authz/ns/:ns/attrib/:key",API.VOID, new Code(facade,"delete an Attribute from a Namespace",true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
- Result<Void> r = context.delAttribForNS(trans, resp,
- pathParam(req,":ns"),
+ Result<Void> r = context.delAttribForNS(trans, resp,
+ pathParam(req,":ns"),
pathParam(req,":key"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -390,6 +390,6 @@ public class API_NS {
);
}
-
-
+
+
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java
index 04654d47..d65304ca 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -44,15 +44,15 @@ import org.onap.aaf.misc.env.util.Split;
public class API_Perms {
public static void timeSensitiveInit(AAF_Service authzAPI, AuthzFacade facade) throws Exception {
- /**
+ /**
* gets all permissions by user name
*/
authzAPI.route(GET, "/authz/perms/user/:user", API.PERMS, new Code(facade,"Get Permissions by User",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
String scopes = req.getParameter("scopes");
Result<Void> r;
if (scopes==null) {
@@ -61,8 +61,8 @@ public class API_Perms {
r = context.getPermsByUserScope(trans, resp, pathParam(req, "user"),Split.split(':', scopes));
}
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -70,20 +70,20 @@ public class API_Perms {
}
});
-
- /**
+
+ /**
* gets all permissions by user name
*/
authzAPI.route(POST, "/authz/perms/user/:user", API.PERMS, new Code(facade,"Get Permissions by User, Query AAF Perms",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getPermsByUserWithAAFQuery(trans, req, resp, pathParam(req, "user"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -101,14 +101,14 @@ public class API_Perms {
*/
authzAPI.route(POST,"/authz/perm",API.PERM_REQ,new Code(facade,"Create a Permission",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.createPerm(trans, req, resp);
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ case OK:
+ resp.setStatus(HttpStatus.CREATED_201);
break;
default:
context.error(trans,resp,r);
@@ -116,22 +116,22 @@ public class API_Perms {
}
});
- /**
+ /**
* get details of Permission
*/
authzAPI.route(GET, "/authz/perms/:type/:instance/:action", API.PERMS, new Code(facade,"Get Permissions by Key",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
- Result<Void> r = context.getPermsByName(trans, resp,
+
+ Result<Void> r = context.getPermsByName(trans, resp,
pathParam(req, "type"),
URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8),
pathParam(req, "action"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -139,20 +139,20 @@ public class API_Perms {
}
});
-
- /**
+
+ /**
* get children of Permission
*/
authzAPI.route(GET, "/authz/perms/:type", API.PERMS, new Code(facade,"Get Permissions by Type",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getPermsByType(trans, resp, pathParam(req, "type"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -161,20 +161,20 @@ public class API_Perms {
});
-
+
/**
* gets all permissions by role name
*/
authzAPI.route(GET,"/authz/perms/role/:role",API.PERMS,new Code(facade,"Get Permissions by Role",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getPermsForRole(trans, resp, pathParam(req, "role"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -187,78 +187,78 @@ public class API_Perms {
*/
authzAPI.route(GET,"/authz/perms/ns/:ns",API.PERMS,new Code(facade,"Get PermsByNS",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getPermsByNS(trans, resp, pathParam(req, "ns"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
* Set a perm's description
*/
authzAPI.route(PUT,"/authz/perm",API.PERM_REQ,new Code(facade,"Set Description for Permission",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.updatePermDescription(trans, req, resp);
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
- });
-
+ });
+
/**
* Update a permission with a rename
*/
authzAPI.route(PUT,"/authz/perm/:type/:instance/:action",API.PERM_REQ,new Code(facade,"Update a Permission",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
- Result<Void> r = context.renamePerm(trans, req, resp,
- pathParam(req, "type"),
- URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8),
+
+ Result<Void> r = context.renamePerm(trans, req, resp,
+ pathParam(req, "type"),
+ URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8),
pathParam(req, "action"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
- });
-
+ });
+
/**
* Delete a Permission
*/
authzAPI.route(DELETE,"/authz/perm",API.PERM_REQ,new Code(facade,"Delete a Permission",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.deletePerm(trans,req, resp);
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -266,25 +266,25 @@ public class API_Perms {
}
});
-
-
+
+
/**
* Delete a Permission
*/
authzAPI.route(DELETE,"/authz/perm/:name/:type/:action",API.PERM_KEY,new Code(facade,"Delete a Permission",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.deletePerm(trans, resp,
pathParam(req, ":name"),
pathParam(req, ":type"),
pathParam(req, ":action"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java
index 6088dd36..038e6fb8 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -51,16 +51,16 @@ public class API_Roles {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.createRole(trans, req, resp);
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
case Status.ACC_Future:
- resp.setStatus(HttpStatus.ACCEPTED_202);
+ resp.setStatus(HttpStatus.ACCEPTED_202);
break;
default:
context.error(trans,resp,r);
@@ -69,19 +69,19 @@ public class API_Roles {
}
);
- /**
+ /**
* get Role by name
*/
authzAPI.route(GET, "/authz/roles/:role", API.ROLES, new Code(facade,"GetRolesByFullName",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getRolesByName(trans, resp, pathParam(req, "role"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -91,19 +91,19 @@ public class API_Roles {
});
- /**
+ /**
* gets all Roles by user name
*/
authzAPI.route(GET, "/authz/roles/user/:name", API.ROLES, new Code(facade,"GetRolesByUser",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getRolesByUser(trans, resp, pathParam(req, "name"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -112,19 +112,19 @@ public class API_Roles {
});
- /**
+ /**
* gets all Roles by Namespace
*/
authzAPI.route(GET, "/authz/roles/ns/:ns", API.ROLES, new Code(facade,"GetRolesByNS",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.getRolesByNS(trans, resp, pathParam(req, "ns"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -132,25 +132,25 @@ public class API_Roles {
}
});
- /**
+ /**
* gets all Roles by Name without the Namespace
*/
authzAPI.route(GET, "/authz/roles/name/:name", API.ROLES, new Code(facade,"GetRolesByNameOnly",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.getRolesByNameOnly(trans, resp, pathParam(req, ":name"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
* Deletes a Role from Authz DB by Object
*/
@@ -158,24 +158,24 @@ public class API_Roles {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.deleteRole(trans, req, resp);
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
-
+
}
);
-
-
+
+
/**
* Deletes a Role from Authz DB by Key
*/
@@ -183,22 +183,22 @@ public class API_Roles {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.deleteRole(trans, resp, pathParam(req,":role"));
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
-
+
}
);
-
+
/**
* Add a Permission to a Role (Grant)
@@ -207,14 +207,14 @@ public class API_Roles {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.addPermToRole(trans, req, resp);
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
default:
context.error(trans,resp,r);
@@ -222,72 +222,72 @@ public class API_Roles {
}
}
);
-
+
/**
* Get all Roles by Permission
*/
authzAPI.route(GET,"/authz/roles/perm/:type/:instance/:action",API.ROLES,new Code(facade,"GetRolesByPerm",true) {
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
- Result<Void> r = context.getRolesByPerm(trans, resp,
+
+ Result<Void> r = context.getRolesByPerm(trans, resp,
pathParam(req, "type"),
URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8),
pathParam(req, "action"));
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
* Set a role's description
*/
authzAPI.route(PUT,"/authz/role",API.ROLE_REQ,new Code(facade,"Set Description for role",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.updateRoleDescription(trans, req, resp);
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
- });
-
+ });
+
/**
* Set a permission's roles to roles given
*/
authzAPI.route(PUT,"/authz/role/perm",API.ROLE_PERM_REQ,new Code(facade,"Set a Permission's Roles",true) {
@Override
public void handle(
- AuthzTrans trans,
+ AuthzTrans trans,
HttpServletRequest req,
HttpServletResponse resp) throws Exception {
-
+
Result<Void> r = context.resetPermRoles(trans, req, resp);
switch(r.status) {
- case OK:
- resp.setStatus(HttpStatus.OK_200);
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
- });
-
+ });
+
/**
* Delete a Permission from a Role
* With multiple perms
@@ -296,13 +296,13 @@ public class API_Roles {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
Result<Void> r = context.delPermFromRole(trans, req, resp);
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -318,17 +318,17 @@ public class API_Roles {
@Override
public void handle(
AuthzTrans trans,
- HttpServletRequest req,
+ HttpServletRequest req,
HttpServletResponse resp) throws Exception {
- Result<Void> r = context.delPermFromRole(trans, resp,
+ Result<Void> r = context.delPermFromRole(trans, resp,
pathParam(req,":role"),
pathParam(req,":type"),
pathParam(req,":instance"),
pathParam(req,":action"));
-
+
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java
index d5ce00c3..526766eb 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -46,7 +46,7 @@ import org.onap.aaf.cadi.config.Config;
public class API_User {
/**
* Normal Init level APIs
- *
+ *
* @param authzAPI
* @param facade
* @throws Exception
@@ -58,8 +58,8 @@ public class API_User {
authzAPI.route(GET,"/authz/users/perm/:type/:instance/:action",API.USERS,new Code(facade,"Get Users By Permission", true) {
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
-// trans.checkpoint(pathParam(req,"type") + " "
-// + pathParam(req,"instance") + " "
+// trans.checkpoint(pathParam(req,"type") + " "
+// + pathParam(req,"instance") + " "
// + pathParam(req,"action"));
//
Result<Void> r = context.getUsersByPermission(trans, resp,
@@ -68,7 +68,7 @@ public class API_User {
pathParam(req, ":action"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -86,14 +86,14 @@ public class API_User {
Result<Void> r = context.getUsersByRole(trans, resp, pathParam(req, ":role"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
* Get User Role if exists
* @deprecated
@@ -104,7 +104,7 @@ public class API_User {
Result<Void> r = context.getUserInRole(trans, resp, pathParam(req,":user"),pathParam(req,":role"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -121,16 +121,16 @@ public class API_User {
Result<Void> r = context.getUserInRole(trans, resp, pathParam(req,":user"),pathParam(req,":role"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
}
-
+
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java
index 15d2302f..f4bea1d9 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -46,7 +46,7 @@ import org.onap.aaf.auth.service.mapper.Mapper.API;
public class API_UserRole {
/**
* Normal Init level APIs
- *
+ *
* @param authzAPI
* @param facade
* @throws Exception
@@ -61,15 +61,15 @@ public class API_UserRole {
Result<Void> r = context.requestUserRole(trans, req, resp);
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.CREATED_201);
+ resp.setStatus(HttpStatus.CREATED_201);
break;
default:
context.error(trans,resp,r);
}
}
});
-
-
+
+
/**
* Get UserRoles by Role
*/
@@ -79,14 +79,14 @@ public class API_UserRole {
Result<Void> r = context.getUserRolesByRole(trans, resp, pathParam(req,":role"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
}
});
-
+
/**
* Get UserRoles by User
*/
@@ -96,7 +96,7 @@ public class API_UserRole {
Result<Void> r = context.getUserRolesByUser(trans, resp, pathParam(req,":user"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
@@ -117,8 +117,8 @@ public class API_UserRole {
context.error(trans,resp,removeAPI);
}
});
-
-
+
+
/**
* Update users attached to role in path
*/
@@ -132,8 +132,8 @@ public class API_UserRole {
/*
* END REMOVE Dangerous API
*/
-
-
+
+
/**
* Extend Expiration Date (according to Organizational rules)
*/
@@ -143,17 +143,17 @@ public class API_UserRole {
Result<Void> r = context.extendUserRoleExpiration(trans,resp,pathParam(req,":user"),pathParam(req,":role"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
}
-
+
}
-
+
});
-
-
+
+
/**
* Create a new ID/Credential
*/
@@ -163,7 +163,7 @@ public class API_UserRole {
Result<Void> r = context.deleteUserRole(trans, resp, pathParam(req,":user"),pathParam(req,":role"));
switch(r.status) {
case OK:
- resp.setStatus(HttpStatus.OK_200);
+ resp.setStatus(HttpStatus.OK_200);
break;
default:
context.error(trans,resp,r);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java
index f9ea39d6..4630ba81 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -35,12 +35,12 @@ import org.onap.aaf.auth.rserv.RServlet;
* AuthzFacade
* This layer is responsible for covering the Incoming Messages, be they XML, JSON or just entries on the URL,
* and converting them to data that can be called on the Service Layer.
- *
+ *
* Upon response, this layer, because it knew the incoming Data Formats (i.e. XML/JSON), the HTTP call types
* are set on "ContentType" on Response.
- *
+ *
* Finally, we wrap the call in Time Stamps with explanation of what is happing for Audit trails.
- *
+ *
* @author Jonathan
*
*/
@@ -52,13 +52,13 @@ public interface AuthzFacade {
* Namespaces
*/
public abstract Result<Void> requestNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, NsType type);
-
+
public abstract Result<Void> getNSsByName(AuthzTrans trans, HttpServletResponse resp, String ns, boolean full);
-
+
public abstract Result<Void> getNSsByAdmin(AuthzTrans trans, HttpServletResponse resp, String user, boolean full);
-
+
public abstract Result<Void> getNSsByResponsible(AuthzTrans trans, HttpServletResponse resp, String user, boolean full);
-
+
public abstract Result<Void> getNSsByEither(AuthzTrans trans, HttpServletResponse resp, String user, boolean full);
public abstract Result<Void> getNSsChildren(AuthzTrans trans, HttpServletResponse resp, String pathParam);
@@ -70,7 +70,7 @@ public interface AuthzFacade {
public abstract Result<Void> addResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id);
public abstract Result<Void> delResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id);
-
+
public abstract Result<Void> updateNsDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
public abstract Result<Void> deleteNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String ns);
@@ -87,40 +87,40 @@ public interface AuthzFacade {
/*
* Permissions
*/
- public abstract Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
- public abstract Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp,
+ public abstract Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
+
+ public abstract Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp,
String type, String instance, String action);
public abstract Result<Void> getPermsByUser(AuthzTrans trans, HttpServletResponse response, String user);
public abstract Result<Void> getPermsByUserScope(AuthzTrans trans, HttpServletResponse resp, String user, String[] scopes);
-
+
public abstract Result<Void> getPermsByUserWithAAFQuery(AuthzTrans trans, HttpServletRequest request, HttpServletResponse response, String user);
-
+
public abstract Result<Void> getPermsByType(AuthzTrans trans, HttpServletResponse resp, String type);
public abstract Result<Void> getPermsForRole(AuthzTrans trans, HttpServletResponse response, String roleName);
public abstract Result<Void> getPermsByNS(AuthzTrans trans, HttpServletResponse response, String ns);
-
+
public abstract Result<Void> renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp,
String type, String instance, String action);
-
+
public abstract Result<Void> updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
- public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletResponse resp,
+ public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletResponse resp,
String perm, String type, String action);
/*
* Roles
*/
public abstract Result<Void> createRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse response);
-
+
public abstract Result<Void> getRolesByName(AuthzTrans trans,HttpServletResponse resp, String name);
public abstract Result<Void> getRolesByNS(AuthzTrans trans, HttpServletResponse resp, String ns);
@@ -132,12 +132,12 @@ public interface AuthzFacade {
public abstract Result<Void> getRolesByPerm(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action);
public abstract Result<Void> updateRoleDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> addPermToRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> delPermFromRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp);
- public abstract Result<Void> delPermFromRole(AuthzTrans trans, HttpServletResponse resp,
+ public abstract Result<Void> delPermFromRole(AuthzTrans trans, HttpServletResponse resp,
String role, String type, String instance, String action);
public abstract Result<Void> deleteRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
@@ -147,10 +147,10 @@ public interface AuthzFacade {
/*
* Users
*/
-
+
public abstract Result<Void> getUsersByRole(AuthzTrans trans, HttpServletResponse resp, String role);
-
- public abstract Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp,
+
+ public abstract Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp,
String type, String instance, String action);
@@ -159,13 +159,13 @@ public interface AuthzFacade {
* Delegates
*/
public abstract Result<Void> createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> deleteDelegate(AuthzTrans trans, String user);
-
+
public abstract Result<Void> getDelegatesByUser(AuthzTrans trans, String userName, HttpServletResponse resp);
public abstract Result<Void> getDelegatesByDelegate(AuthzTrans trans, String userName, HttpServletResponse resp);
@@ -202,11 +202,11 @@ public interface AuthzFacade {
* UserRole
*/
public abstract Result<Void> requestUserRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role);
-
+
public abstract Result<Void> getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role);
-
+
public abstract Result<Void> getUserRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user);
public abstract Result<Void> deleteUserRole(AuthzTrans trans, HttpServletResponse resp, String user, String role);
@@ -214,19 +214,19 @@ public interface AuthzFacade {
/*
* resetUsersForRoles and resetRolesForUsers is too dangerous and not helpful.
*/
-
+
public abstract Result<Void> extendUserRoleExpiration(AuthzTrans trans, HttpServletResponse resp, String user,
String role);
/*
- * Approval
+ * Approval
*/
public abstract Result<Void> updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp);
-
+
public abstract Result<Void> getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user);
-
+
public abstract Result<Void> getApprovalsByTicket(AuthzTrans trans, HttpServletResponse resp, String ticket);
-
+
public abstract Result<Void> getApprovalsByApprover(AuthzTrans trans, HttpServletResponse resp, String approver);
@@ -234,7 +234,7 @@ public interface AuthzFacade {
* History
*/
public abstract Result<Void> getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort);
-
+
public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String role, int[] yyyymm, final int sort);
public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String perm, int[] yyyymm, final int sort);
@@ -244,12 +244,12 @@ public interface AuthzFacade {
public abstract Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String type, String subject, int[] yyyymm, int sort);
/*
- * Cache
+ * Cache
*/
public abstract Result<Void> cacheClear(AuthzTrans trans, String pathParam);
public abstract Result<Void> cacheClear(AuthzTrans trans, String string,String segments);
-
+
public abstract void dbReset(AuthzTrans trans);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java
index 1d7f31e5..0554a025 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -50,6 +50,6 @@ public class AuthzFacadeFactory {
(trans,new Mapper_2_0(question),question),
type);
}
-
+
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
index 10138d2c..60b76ea2 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -80,7 +80,7 @@ import aaf.v2_0.Api;
/**
* AuthzFacade
- *
+ *
* This Service Facade encapsulates the essence of the API Service can do, and provides
* a single created object for elements such as RosettaDF.
*
@@ -91,14 +91,14 @@ import aaf.v2_0.Api;
* a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.
* 4) Log Service info, warnings and exceptions as necessary
* 5) When asked by the API layer, this will create and write Error content to the OutputStream
- *
- * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be
+ *
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be
* clearly coordinated with the API Documentation
- *
+ *
* @author Pavani & Jonathan
*
*/
-public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> extends FacadeImpl implements AuthzFacade
+public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> extends FacadeImpl implements AuthzFacade
{
private static final String FORBIDDEN = "Forbidden";
private static final String NOT_FOUND = "Not Found";
@@ -155,14 +155,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
(errDF = env.newDataFactory(service.mapper().getClass(API.ERROR))).in(dataType).out(dataType);
(apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType);
}
-
+
public Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() {
return service.mapper();
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, int)
- *
+ *
* Note: Conforms to AT&T TSS RESTful Error Structure
*/
@Override
@@ -186,7 +186,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
dlist.toArray(detail);
}
//int httpstatus;
-
+
switch(result.status) {
case ERR_ActionNotCompleted:
msgId = "SVC1202";
@@ -216,7 +216,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
detail[0] = msg;
response.setStatus(/*httpstatus=*/403);
break;
-
+
case ERR_NsNotFound:
msgId = "SVC2404";
detail[0] = NOT_FOUND;
@@ -263,25 +263,25 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
detail[0] = NOT_ACCEPTABLE;
response.setStatus(/*httpstatus=*/406);
break;
-
+
case ERR_ConflictAlreadyExists:
msgId = "SVC1409";
detail[0] = "Conflict Already Exists";
response.setStatus(/*httpstatus=*/409);
break;
-
+
case ERR_DependencyExists:
msgId = "SVC1424";
detail[0] = "Failed Dependency";
response.setStatus(/*httpstatus=*/424);
break;
-
+
case ERR_NotImplemented:
msgId = "SVC1501";
- detail[0] = "Not Implemented";
+ detail[0] = "Not Implemented";
response.setStatus(/*httpstatus=*/501);
break;
-
+
case Status.ACC_Future:
msgId = "SVC1202";
detail[0] = "Accepted for Future, pending Approvals";
@@ -292,14 +292,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
detail[0] = "Choice Needed";
response.setStatus(/*httpstatus=*/300);
break;
- case ERR_Backend:
+ case ERR_Backend:
msgId = "SVC2500";
detail[0] = GENERAL_SERVICE_ERROR;
response.setStatus(/*httpstatus=*/500);
hidemsg = true;
break;
- default:
+ default:
msgId = "SVC1500";
detail[0] = GENERAL_SERVICE_ERROR;
response.setStatus(/*httpstatus=*/500);
@@ -311,7 +311,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
StringBuilder holder = new StringBuilder();
ERR em = service.mapper().errorFromMessage(holder,msgId,msg,detail);
trans.checkpoint(
- "ErrResp [" +
+ "ErrResp [" +
msgId +
"] " +
holder.toString(),
@@ -325,7 +325,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
trans.error().log(e,"unable to send response for",msg);
}
}
-
+
///////////////////////////
// Namespace
///////////////////////////
@@ -341,7 +341,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public static final String GET_NS_CHILDREN = "getNamespaceChildren";
public static final String UPDATE_NS_DESC = "updateNamespaceDescription";
public static final String DELETE_NS = "deleteNamespace";
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#createNS(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -361,10 +361,10 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
trans.error().log("Invalid Input",IN,CREATE_NS);
return Result.err(Status.ERR_BadData,"Invalid Input");
}
-
+
Result<Void> rp = service.createNS(trans,request,type);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,nsRequestDF.getOutType());
return Result.ok();
default:
@@ -387,7 +387,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.addAdminNS(trans,ns,id);
switch(rp.status) {
- case OK:
+ case OK:
//TODO Perms??
setContentType(resp,nsRequestDF.getOutType());
resp.getOutputStream().println();
@@ -412,7 +412,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.delAdminNS(trans, ns, id);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,nsRequestDF.getOutType());
return Result.ok();
default:
@@ -435,7 +435,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.addResponsibleNS(trans,ns,id);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,nsRequestDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -459,7 +459,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.delResponsibleNS(trans, ns, id);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,nsRequestDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -483,7 +483,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<NSS> rp = service.getNSbyName(trans, ns, full );
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -501,7 +501,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
// TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getNSsByAdmin(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
@@ -512,7 +512,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<NSS> rp = service.getNSbyAdmin(trans, user, full);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -530,7 +530,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
// TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getNSsByResponsible(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
@@ -541,7 +541,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<NSS> rp = service.getNSbyResponsible(trans, user, full);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -569,9 +569,9 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
TimeTaken tt = trans.start(GET_NS_BY_EITHER + ' ' + user, Env.SUB|Env.ALWAYS);
try {
Result<NSS> rp = service.getNSbyEither(trans, user, full);
-
+
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -600,7 +600,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<NSS> rp = service.getNSsChildren(trans, parent);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<NSS> data = nssDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -637,7 +637,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.updateNsDescription(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,nsRequestDF.getOutType());
return Result.ok();
default:
@@ -650,7 +650,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
/*
* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#requestNS(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -661,7 +661,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.deleteNS(trans,ns);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,nsRequestDF.getOutType());
return Result.ok();
default:
@@ -679,7 +679,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private final static String NS_UPDATE_ATTRIB = "nsUpdateAttrib";
private final static String READ_NS_BY_ATTRIB = "readNsByAttrib";
private final static String NS_DELETE_ATTRIB = "nsDeleteAttrib";
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#createAttribForNS(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String)
*/
@@ -689,7 +689,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<?> rp = service.createNsAttrib(trans,ns,key,value);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp, keysDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -713,7 +713,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<KEYS> rp = service.readNsByAttrib(trans, key);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<KEYS> data = keysDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -741,7 +741,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<?> rp = service.updateNsAttrib(trans,ns,key,value);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp, keysDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -766,7 +766,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<?> rp = service.deleteNsAttrib(trans,ns,key);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp, keysDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -796,14 +796,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public static final String UPDATE_PERM_DESC = "updatePermissionDescription";
public static final String SET_PERMISSION_ROLES_TO = "setPermissionRolesTo";
public static final String DELETE_PERMISSION = "deletePermission";
-
+
/*
* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#createOrUpdatePerm(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String, java.lang.String, java.lang.String)
*/
@Override
public Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
- TimeTaken tt = trans.start( CREATE_PERMISSION, Env.SUB|Env.ALWAYS);
+ TimeTaken tt = trans.start( CREATE_PERMISSION, Env.SUB|Env.ALWAYS);
try {
REQUEST rreq;
try {
@@ -811,15 +811,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
- rreq = data.asObject();
+ rreq = data.asObject();
} catch (APIException e) {
trans.error().log("Invalid Input",IN,CREATE_PERMISSION);
return Result.err(Status.ERR_BadData,"Invalid Input");
}
-
+
Result<Void> rp = service.createPerm(trans,rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -832,7 +832,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getChildPerms(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
*/
@@ -840,7 +840,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public Result<Void> getPermsByType(AuthzTrans trans, HttpServletResponse resp, String perm) {
TimeTaken tt = trans.start(GET_PERMS_BY_TYPE + ' ' + perm, Env.SUB|Env.ALWAYS);
try {
-
+
Result<PERMS> rp = service.getPermsByType(trans, perm);
switch(rp.status) {
case OK:
@@ -862,15 +862,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
- public Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp,
+ public Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp,
String type, String instance, String action) {
-
+
TimeTaken tt = trans.start(GET_PERMS_BY_NAME + ' ' + type
+ '|' + instance + '|' + action, Env.SUB|Env.ALWAYS);
try {
-
+
Result<PERMS> rp = service.getPermsByName(trans, type, instance, action);
switch(rp.status) {
case OK:
@@ -902,7 +902,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<PERMS> rp = service.getPermsByUser(trans, user);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -921,7 +921,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getPermissionByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
*/
@@ -931,7 +931,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<PERMS> rp = service.getPermsByUserScope(trans, user, scopes);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -952,7 +952,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getPermissionByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
*/
@@ -966,7 +966,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
- perms = data.asObject();
+ perms = data.asObject();
} catch (APIException e) {
trans.error().log("Invalid Input",IN,GET_PERMISSIONS_BY_USER_WITH_QUERY);
return Result.err(Status.ERR_BadData,"Invalid Input");
@@ -974,7 +974,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<PERMS> rp = service.getPermsByUser(trans, perms, user);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -994,7 +994,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getPermissionsForRole(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
*/
@@ -1023,7 +1023,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> getPermsByNS(AuthzTrans trans,HttpServletResponse resp,String ns) {
TimeTaken tt = trans.start(GET_PERMISSIONS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS);
@@ -1058,7 +1058,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public Result<Void> renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp,
String origType, String origInstance, String origAction) {
String cmdDescription = UPDATE_PERMISSION;
- TimeTaken tt = trans.start( cmdDescription + ' ' + origType + ' ' + origInstance + ' ' + origAction, Env.SUB|Env.ALWAYS);
+ TimeTaken tt = trans.start( cmdDescription + ' ' + origType + ' ' + origInstance + ' ' + origAction, Env.SUB|Env.ALWAYS);
try {
REQUEST rreq;
try {
@@ -1066,15 +1066,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
- rreq = data.asObject();
+ rreq = data.asObject();
} catch (APIException e) {
trans.error().log("Invalid Input",IN,cmdDescription);
return Result.err(Status.ERR_BadData,"Invalid Input");
}
-
+
Result<Void> rp = service.renamePerm(trans,rreq, origType, origInstance, origAction);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1087,7 +1087,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(UPDATE_PERM_DESC, Env.SUB|Env.ALWAYS);
@@ -1106,7 +1106,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.updatePermDescription(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permRequestDF.getOutType());
return Result.ok();
default:
@@ -1119,8 +1119,8 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
-
+
+
@Override
public Result<Void> resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(SET_PERMISSION_ROLES_TO, Env.SUB|Env.ALWAYS);
@@ -1136,11 +1136,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
trans.error().log("Invalid Input",IN, SET_PERMISSION_ROLES_TO);
return Result.err(Status.ERR_BadData,"Invalid Input");
}
-
+
Result<Void> rp = service.resetPermRoles(trans, rreq);
-
+
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1153,7 +1153,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(DELETE_PERMISSION, Env.SUB|Env.ALWAYS);
@@ -1173,7 +1173,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<Void> rp = service.deletePerm(trans,rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1193,7 +1193,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.deletePerm(trans,type,instance,action);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1213,7 +1213,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public static final String GET_ROLES_BY_NAME_ONLY = "getRolesByNameOnly";
public static final String GET_ROLES_BY_NAME = "getRolesByName";
public static final String GET_ROLES_BY_PERM = "getRolesByPerm";
- public static final String UPDATE_ROLE_DESC = "updateRoleDescription";
+ public static final String UPDATE_ROLE_DESC = "updateRoleDescription";
public static final String ADD_PERM_TO_ROLE = "addPermissionToRole";
public static final String DELETE_PERM_FROM_ROLE = "deletePermissionFromRole";
public static final String UPDATE_MGTPERM_ROLE = "updateMgtPermRole";
@@ -1238,7 +1238,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.createRole(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,roleRequestDF.getOutType());
return Result.ok();
default:
@@ -1261,7 +1261,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<ROLES> rp = service.getRolesByName(trans, role);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1290,7 +1290,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<ROLES> rp = service.getRolesByUser(trans, user);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1319,7 +1319,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<ROLES> rp = service.getRolesByNS(trans, ns);
switch(rp.status) {
- case OK:
+ case OK:
if (!rp.isEmpty()) {
RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
@@ -1353,7 +1353,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<ROLES> rp = service.getRolesByNameOnly(trans, nameOnly);
switch(rp.status) {
- case OK:
+ case OK:
if (!rp.isEmpty()) {
RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
@@ -1386,7 +1386,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<ROLES> rp = service.getRolesByPerm(trans, type,instance,action);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1428,7 +1428,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.updateRoleDescription(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,roleRequestDF.getOutType());
return Result.ok();
default:
@@ -1460,7 +1460,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.addPermToRole(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -1493,7 +1493,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.delPermFromRole(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -1518,7 +1518,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.delPermFromRole(trans, role, type, instance, action);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
resp.getOutputStream().println();
return Result.ok();
@@ -1539,7 +1539,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.deleteRole(trans, role);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1571,7 +1571,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
Result<Void> rp = service.deleteRole(trans, rreq);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1599,7 +1599,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
/**
* Create Credential
- *
+ *
*/
public Result<Void> createUserCred(AuthzTrans trans, HttpServletRequest req) {
TimeTaken tt = trans.start(CREATE_CRED, Env.SUB|Env.ALWAYS);
@@ -1668,11 +1668,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
public Result<Void> getCredsByNS(AuthzTrans trans, HttpServletResponse resp, String ns) {
TimeTaken tt = trans.start(GET_CREDS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS);
-
+
try {
Result<USERS> ru = service.getCredsByNS(trans,ns);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans,trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1689,21 +1689,21 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} finally {
tt.done();
}
-
+
}
-
-
+
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#getCredsByID(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
*/
@Override
public Result<Void> getCredsByID(AuthzTrans trans, HttpServletResponse resp, String id) {
TimeTaken tt = trans.start(GET_CREDS_BY_ID + ' ' + id, Env.SUB|Env.ALWAYS);
-
+
try {
Result<USERS> ru = service.getCredsByID(trans,id);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1720,7 +1720,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} finally {
tt.done();
}
-
+
}
@Override
@@ -1741,10 +1741,10 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(e);
} finally {
tt.done();
- }
+ }
}
-
-
+
+
@Override
public Result<Date> doesCredentialMatch(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(DOES_CRED_MATCH, Env.SUB|Env.ALWAYS);
@@ -1763,7 +1763,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return Result.err(e);
} finally {
tt.done();
- }
+ }
}
@@ -1792,11 +1792,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
@Override
public Result<Void> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String id) {
TimeTaken tt = trans.start(GET_CERT_BY_ID, Env.SUB|Env.ALWAYS);
- try {
+ try {
Result<CERTS> rci = service.getCertInfoByID(trans,req,id);
-
+
switch(rci.status) {
- case OK:
+ case OK:
if (Question.willSpecialLog(trans, trans.user())) {
RosettaData<CERTS> data = certsDF.newData(trans).load(rci.value);
Question.logEncryptTrace(trans,data.asString());
@@ -1822,11 +1822,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public static final String DELETE_DELEGATE = "deleteDelegate";
public static final String GET_DELEGATE_USER = "getDelegatesByUser";
public static final String GET_DELEGATE_DELG = "getDelegatesByDelegate";
-
+
@Override
public Result<Void> createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(CREATE_DELEGATE, Env.SUB|Env.ALWAYS);
- try {
+ try {
Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream());
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1840,11 +1840,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(UPDATE_DELEGATE, Env.SUB|Env.ALWAYS);
- try {
+ try {
Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream());
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1858,7 +1858,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(DELETE_DELEGATE, Env.SUB|Env.ALWAYS);
@@ -1876,7 +1876,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> deleteDelegate(AuthzTrans trans, String userName) {
TimeTaken tt = trans.start(DELETE_DELEGATE + ' ' + userName, Env.SUB|Env.ALWAYS);
@@ -1889,15 +1889,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> getDelegatesByUser(AuthzTrans trans, String user, HttpServletResponse resp) {
TimeTaken tt = trans.start(GET_DELEGATE_USER, Env.SUB|Env.ALWAYS);
try {
Result<DELGS> rd = service.getDelegatesByUser(trans, user);
-
+
switch(rd.status) {
- case OK:
+ case OK:
RosettaData<DELGS> data = delgDF.newData(trans).load(rd.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1922,7 +1922,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<DELGS> rd = service.getDelegatesByDelegate(trans, delegate);
switch(rd.status) {
- case OK:
+ case OK:
RosettaData<DELGS> data = delgDF.newData(trans).load(rd.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -1964,10 +1964,10 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
} catch (APIException e) {
return Result.err(Status.ERR_BadData,"Invalid Input");
}
-
+
Result<Void> rp = service.createUserRole(trans,request);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -1980,14 +1980,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role) {
TimeTaken tt = trans.start(GET_USERROLES + ' ' + user + '|' + role, Env.SUB|Env.ALWAYS);
try {
Result<USERS> ru = service.getUserInRole(trans,user,role);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2015,7 +2015,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<USERROLES> ru = service.getUserRolesByUser(trans,user);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERROLES> data = userrolesDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2036,14 +2036,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
@Override
public Result<Void> getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role) {
TimeTaken tt = trans.start(GET_USERROLES_BY_ROLE + ' ' + role, Env.SUB|Env.ALWAYS);
try {
Result<USERROLES> ru = service.getUserRolesByRole(trans,role);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERROLES> data = userrolesDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2064,7 +2064,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#extendUserRoleExpiration(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String)
@@ -2088,7 +2088,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<Void> rp = service.deleteUserRole(trans,user,role);
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -2106,7 +2106,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private static final String GET_APPROVALS_BY_USER = "getApprovalsByUser.";
private static final String GET_APPROVALS_BY_TICKET = "getApprovalsByTicket.";
private static final String GET_APPROVALS_BY_APPROVER = "getApprovalsByApprover.";
-
+
@Override
public Result<Void> updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) {
TimeTaken tt = trans.start(UPDATE_APPROVAL, Env.SUB|Env.ALWAYS);
@@ -2117,9 +2117,9 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
Result<Void> rp = service.updateApproval(trans, data.asObject());
-
+
switch(rp.status) {
- case OK:
+ case OK:
setContentType(resp,approvalDF.getOutType());
return Result.ok();
default:
@@ -2132,20 +2132,20 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
@Override
public Result<Void> getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user) {
TimeTaken tt = trans.start(GET_APPROVALS_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS);
try {
Result<APPROVALS> rp = service.getApprovalsByUser(trans, user);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
-
+
setContentType(resp,permsDF.getOutType());
return Result.ok();
default:
@@ -2165,7 +2165,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<APPROVALS> rp = service.getApprovalsByApprover(trans, approver);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2191,7 +2191,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<APPROVALS> rp = service.getApprovalsByTicket(trans, ticket);
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2212,7 +2212,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
-
+
public static final String GET_USERS_PERMISSION = "getUsersByPermission";
public static final String GET_USERS_ROLE = "getUsersByRole";
@@ -2225,7 +2225,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<USERS> ru = service.getUsersByRole(trans,role);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2249,13 +2249,13 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
* @see com.att.authz.facade.AuthzFacade#getUsersByPermission(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String)
*/
@Override
- public Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp,
+ public Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp,
String type, String instance, String action) {
TimeTaken tt = trans.start(GET_USERS_PERMISSION + ' ' + type + ' ' + instance + ' ' +action, Env.SUB|Env.ALWAYS);
try {
Result<USERS> ru = service.getUsersByPermission(trans,type,instance,action);
switch(ru.status) {
- case OK:
+ case OK:
RosettaData<USERS> data = usersDF.newData(trans).load(ru.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2275,7 +2275,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
-
+
public static final String GET_HISTORY_USER = "getHistoryByUser";
public static final String GET_HISTORY_ROLE = "getHistoryByRole";
public static final String GET_HISTORY_PERM = "getHistoryByPerm";
@@ -2305,7 +2305,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<HISTORY> rh = service.getHistoryByUser(trans,user,yyyymm,sort);
switch(rh.status) {
- case OK:
+ case OK:
RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2348,7 +2348,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<HISTORY> rh = service.getHistoryByRole(trans,role,yyyymm,sort);
switch(rh.status) {
- case OK:
+ case OK:
RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2391,7 +2391,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<HISTORY> rh = service.getHistoryByNS(trans,ns,yyyymm,sort);
switch(rh.status) {
- case OK:
+ case OK:
RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2434,7 +2434,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<HISTORY> rh = service.getHistoryByPerm(trans,perm,yyyymm,sort);
switch(rh.status) {
- case OK:
+ case OK:
RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2478,7 +2478,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
Result<HISTORY> rh = service.getHistoryBySubject(trans,subject,target,yyyymm,sort);
switch(rh.status) {
- case OK:
+ case OK:
RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value);
if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
@@ -2498,9 +2498,9 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
}
- public final static String CACHE_CLEAR = "cacheClear ";
+ public final static String CACHE_CLEAR = "cacheClear ";
// public final static String CACHE_VALIDATE = "validateCache";
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#cacheClear(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String)
*/
@@ -2601,7 +2601,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
tt.done();
}
}
-
+
public final static String API_EXAMPLE = "apiExample";
@@ -2612,7 +2612,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) {
TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);
try {
- String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional);
+ String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional);
resp.getOutputStream().print(content);
setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);
return Result.ok();
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java
index 0e67ac49..d5e1c305 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java
index c66525da..549e6ed8 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -55,7 +55,7 @@ public interface Mapper<
ERROR,
APPROVALS>
{
- enum API{NSS,NS_REQ,
+ enum API{NSS,NS_REQ,
PERMS,PERM_KEY,PERM_REQ,
ROLES,ROLE,ROLE_REQ,ROLE_PERM_REQ,
USERS,USER_ROLE_REQ,USER_ROLES,
@@ -83,12 +83,12 @@ public interface Mapper<
public Result<APPROVALS> approvals(List<ApprovalDAO.Data> lAppr);
public Result<List<ApprovalDAO.Data>> approvals(APPROVALS apprs);
public Result<List<PermDAO.Data>> perms(AuthzTrans trans, PERMS perms);
-
+
public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, REQUEST from);
public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, REQUEST from);
public REQUEST ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action);
public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, REQUEST from);
-
+
/*
* Check Requests of varying sorts for Future fields set
*/
@@ -108,9 +108,9 @@ public interface Mapper<
public Result<KEYS> keys(Collection<String> from);
public Result<HISTORY> history(AuthzTrans trans, List<HistoryDAO.Data> history, final int sort);
-
+
public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);
-
+
/*
* A Memo Creator... Use to avoid creating superfluous Strings until needed.
*/
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
index 26216c65..7abbcf6f 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -103,7 +103,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
public Mapper_2_0(Question q) {
this.q = q;
}
-
+
/* (non-Javadoc)
* @see org.onap.aaf.auth.service.mapper.Mapper#ns(java.lang.Object, org.onap.aaf.auth.service.mapper.Mapper.Holder)
*/
@@ -116,7 +116,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
namespace.owner = from.getResponsible();
namespace.description = from.getDescription();
trans.checkpoint(namespace.name, Env.ALWAYS);
-
+
NsType nt = NsType.fromString(from.getType());
if (nt.equals(NsType.UNKNOWN)) {
String ns = namespace.name;
@@ -133,7 +133,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
}
namespace.type = nt.type;
-
+
return Result.ok(namespace);
}
@@ -215,7 +215,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
} finally {
tt.done();
}
-
+
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
@@ -230,14 +230,14 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return instanceCompare;
}
return typeCompare;
- }
+ }
});
} finally {
tt.done();
}
return Result.ok(to);
}
-
+
@Override
public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, String[] nss, boolean filter) {
List<Perm> perms = to.getPerm();
@@ -268,7 +268,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
} finally {
tt.done();
}
-
+
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
@@ -283,7 +283,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return instanceCompare;
}
return typeCompare;
- }
+ }
});
} finally {
tt.done();
@@ -297,7 +297,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
for (Perm p : perms.getPerm()) {
Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());
PermDAO.Data pd = new PermDAO.Data();
- if (nss.isOK()) {
+ if (nss.isOK()) {
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = p.getInstance();
@@ -313,12 +313,12 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.ok(lpd);
}
-
+
@Override
public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {
return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());
}
-
+
@Override
public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
@@ -326,19 +326,19 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
if (perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");
Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());
PermDAO.Data pd = new PermDAO.Data();
- if (nss.isOK()) {
+ if (nss.isOK()) {
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = from.getPerm().getInstance();
pd.action = from.getPerm().getAction();
trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
-
+
String[] roles = {};
-
+
if (from.getRole() != null) {
roles = from.getRole().split(",");
}
- for (String role : roles) {
+ for (String role : roles) {
pd.roles(true).add(role);
}
return Result.ok(pd);
@@ -346,13 +346,13 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.err(nss);
}
}
-
+
@Override
public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());
RoleDAO.Data rd = new RoleDAO.Data();
- if (nss.isOK()) {
+ if (nss.isOK()) {
rd.ns = nss.value.ns;
rd.name = nss.value.name;
trans.checkpoint(rd.fullName(), Env.ALWAYS);
@@ -361,7 +361,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.err(nss);
}
}
-
+
@Override
public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {
PermRequest from = (PermRequest)req;
@@ -380,7 +380,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.ok(pd);
} else {
Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
- if (nss.isOK()) {
+ if (nss.isOK()) {
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = from.getInstance();
@@ -393,7 +393,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
}
}
-
+
@Override
public Request ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action) {
RolePermRequest rpr = new RolePermRequest();
@@ -402,7 +402,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
pkey.setInstance(instance);
pkey.setAction(action);
rpr.setPerm(pkey);
-
+
rpr.setRole(role);
return rpr;
}
@@ -429,7 +429,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
*/
@Override
public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
- final boolean needNS = trans.requested(REQD_TYPE.ns);
+ final boolean needNS = trans.requested(REQD_TYPE.ns);
for (RoleDAO.Data frole : from) {
// Only Add Data to view if User is allowed to see this Role
if (!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
@@ -443,7 +443,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p);
if (rpa.notOK())
return Result.err(rpa);
-
+
String[] pa = rpa.value;
Pkey pKey = new Pkey();
pKey.setType(pa[0]+'.'+pa[1]);
@@ -460,7 +460,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
/*
* (non-Javadoc)
* @see org.onap.aaf.auth.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)
- *
+ *
* Note: Prevalidate all data for permission to view
*/
@Override
@@ -480,7 +480,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
/*
* (non-Javadoc)
* @see org.onap.aaf.auth.service.mapper.Mapper#users(java.util.Collection, java.lang.Object)
- *
+ *
* Note: Prevalidate all data for permission to view
*/
@Override
@@ -537,12 +537,12 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
if (passwd != null) {
to.cred = ByteBuffer.wrap(passwd.getBytes());
- to.type = CredDAO.RAW;
+ to.type = CredDAO.RAW;
} else {
to.type = CredDAO.NONE;
}
}
-
+
// Note: Ensure requested EndDate created will match Organization Password Rules
// P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
@@ -550,7 +550,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.ok(to);
}
-
+
@Override
public Result<Users> cred(List<CredDAO.Data> from, Users to) {
List<User> cu = to.getUser();
@@ -564,7 +564,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
return Result.ok(to);
}
-
+
@Override
public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {
List<Cert> lc = to.getCert();
@@ -572,7 +572,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
Cert cert = new Cert();
cert.setId(fcred.id);
cert.setX500(fcred.x500);
- /**TODO - change Interface
+ /**TODO - change Interface
* @deprecated */
cert.setFingerprint(fcred.serial.toByteArray());
lc.add(cert);
@@ -583,15 +583,15 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
/**
* Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester
* is allowed to change this value directly
- *
+ *
* Returning Result.OK means it should be done in the future.
* Returning Result.ACC_Now means to act on table change now.
*/
@Override
- public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
+ public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
Bytification content, boolean enableApproval, Memo memo, MayChange mc) {
Result<?> rMayChange;
- boolean needsAppr = enableApproval?trans.requested(REQD_TYPE.future):false;
+ boolean needsAppr = enableApproval?trans.requested(REQD_TYPE.future):false;
if (!needsAppr && (needsAppr = (rMayChange=mc.mayChange()).notOK())) {
if (enableApproval) {
if (!trans.requested(AuthzTrans.REQD_TYPE.future)) {
@@ -601,16 +601,16 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
return Result.err(rMayChange);
}
}
- GregorianCalendar now = new GregorianCalendar();
+ GregorianCalendar now = new GregorianCalendar();
GregorianCalendar start = from.getStart()==null?now:from.getStart().toGregorianCalendar();
-
+
GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);
XMLGregorianCalendar xgc;
if ((xgc=from.getEnd())!=null) {
GregorianCalendar fgc = xgc.toGregorianCalendar();
expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration
}
-
+
//TODO needs two answers from this. What's the NSS, and may Change.
FutureDAO.Data fto;
if (start.after(now) || needsAppr ) {
@@ -669,7 +669,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
item.setUser(data.user);
items.add(item);
}
-
+
if (sort != 0) {
TimeTaken tt = trans.start("Sort ", Env.SUB);
try {
@@ -697,7 +697,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
return err;
}
-
+
@Override
public Class<?> getClass(API api) {
switch(api) {
@@ -753,17 +753,17 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
case ERROR: return (A)new Error();
case API: return (A)new Api();
case VOID: return null;
-
+
case APPROVALS: return (A) new Approvals();
case DELG_REQ: return (A) new DelgRequest();
}
return null;
}
-
+
@SuppressWarnings("unchecked")
/**
* Get Typed Marshaler as they are defined
- *
+ *
* @param api
* @return
*/
@@ -799,7 +799,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
}
return Result.ok(apprs);
}
-
+
@Override
public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {
List<ApprovalDAO.Data> lappr = new ArrayList<>();
@@ -815,7 +815,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
ad.status=a.getStatus();
ad.operation=a.getOperation();
ad.memo=a.getMemo();
-
+
XMLGregorianCalendar xgc = a.getUpdated();
if (xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();
lappr.add(ad);
@@ -859,15 +859,15 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo
/*
* We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever
* the date is created from.
- */
+ */
private Date getExpires(Organization org, Expiration exp, Request base, String id) {
XMLGregorianCalendar end = base.getEnd();
GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();
GregorianCalendar orggc;
- orggc = org.expiration(gc,exp,id);
+ orggc = org.expiration(gc,exp,id);
// We'll choose the lesser of dates to ensure Policy Compliance...
-
+
GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;
// Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.
endgc = Chrono.firstMomentOfDay(endgc);
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index 56785fee..1c0c4aab 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -36,9 +36,9 @@ import org.onap.aaf.auth.validation.Validator;
/**
* Validator
* Consistently apply content rules for content (incoming)
- *
- * Note: We restrict content for usability in URLs (because RESTful service), and avoid
- * issues with Regular Expressions, and other enabling technologies.
+ *
+ * Note: We restrict content for usability in URLs (because RESTful service), and avoid
+ * issues with Regular Expressions, and other enabling technologies.
* @author Jonathan
*
*/
@@ -57,13 +57,13 @@ public class ServiceValidator extends Validator {
if (pd==null) {
msg("Perm Data is null.");
} else {
- if(!pd.ns.contains("@")) {
+ if(!pd.ns.contains("@")) {
ns(pd.ns);
}
permType(pd.type,pd.ns);
permInstance(pd.instance);
permAction(pd.action);
- if (pd.roles!=null) {
+ if (pd.roles!=null) {
for (String role : pd.roles) {
role(role);
}
@@ -86,7 +86,7 @@ public class ServiceValidator extends Validator {
}
return this;
}
-
+
public ServiceValidator role(RoleDAO.Data pd) {
if (pd==null) {
msg("Role Data is null.");
@@ -151,14 +151,14 @@ public class ServiceValidator extends Validator {
if (idx>0) {
str = str.substring(0,idx);
}
-
+
if (org.supportsRealm(cd.id)) {
String resp = org.isValidID(trans, str);
if (isNew && (resp!=null && resp.length()>0)) {
msg(cd.id,str);
}
}
-
+
if (cd.type==null) {
msg("Credential Type must be set");
} else {
@@ -193,17 +193,17 @@ public class ServiceValidator extends Validator {
ns(ns.name);
for (String s : ns.admin) {
if (nob(s,ID_CHARS)) {
- msg("Admin [" + s + "] is invalid.");
+ msg("Admin [" + s + "] is invalid.");
}
-
+
}
for (String s : ns.owner) {
if (nob(s,ID_CHARS)) {
- msg("Responsible [" + s + "] is invalid.");
+ msg("Responsible [" + s + "] is invalid.");
}
-
+
}
-
+
if (ns.attrib!=null) {
for (Pair<String, String> at : ns.attrib) {
if (nob(at.x,NAME_CHARS)) {
@@ -221,14 +221,14 @@ public class ServiceValidator extends Validator {
public ServiceValidator user_role(String user, UserRoleDAO.Data urdd) {
role(user,urdd.role);
- if(!urdd.role.startsWith(user)) {
+ if(!urdd.role.startsWith(user)) {
nullOrBlank("UserRole.ns",urdd.ns);
nullOrBlank("UserRole.rname",urdd.rname);
}
return this;
}
-
+
public ServiceValidator user_role(UserRoleDAO.Data urdd) {
if (urdd==null) {
msg("UserRole is null");
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java
index a6b1f395..32e2414f 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java
index 724e5b5a..4f000e62 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -52,13 +52,13 @@ public class JU_API_Creds {
@SuppressWarnings("static-access")
@Test
- public void testInit(){
+ public void testInit(){
try {
api_Creds.init(authzAPI, facade);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
- }
+ }
}
@SuppressWarnings("static-access")
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java
index 69db8664..5a430c65 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java
index ea48c8e4..8a85b5d8 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java
index fd27e663..6df1bd61 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java
index 9868cfe8..7b52b760 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java
index 6e2f469b..0597da24 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java
index 679665e2..78d85a1e 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java
index 95b26fc1..7330960e 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java
index 91c0e140..460113b6 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java
index fd664d6c..f562280b 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
index 9a804c98..e992337b 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -75,7 +75,7 @@ import aaf.v2_0.Users;
@RunWith(MockitoJUnitRunner.class)
public abstract class JU_BaseServiceImpl {
- protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals>
+ protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals>
acsi;
protected Mapper_2_0 mapper;
@@ -88,7 +88,7 @@ public abstract class JU_BaseServiceImpl {
// NOTE: Annotation format (@Mock and @Spy) do NOT seem to always work as a Base Class,
// so we construct manually.
//
-// Mock Objects
+// Mock Objects
protected HistoryDAO historyDAO = mock(HistoryDAO.class);
protected CacheInfoDAO cacheInfoDAO = mock(CacheInfoDAO.class);
protected CachedNSDAO nsDAO = mock(CachedNSDAO.class);
@@ -102,32 +102,32 @@ public abstract class JU_BaseServiceImpl {
protected DelegateDAO delegateDAO = mock(DelegateDAO.class);
protected ApprovalDAO approvalDAO = mock(ApprovalDAO.class);
- // Spy Objects
+ // Spy Objects
@Spy
protected static PropAccess access = new PropAccess();
@Spy
protected static AuthzEnv env = new AuthzEnv(access);
@Spy
protected static AuthzTrans trans = env.newTransNoAvg();
-
+
// @Spy doesn't seem to work on Question.
@Spy
protected Question question = spy(new Question(trans,
historyDAO,cacheInfoDAO,nsDAO,permDAO,
roleDAO,userRoleDAO,credDAO,certDAO,
locateDAO,futureDAO,delegateDAO,approvalDAO));
-
+
public void setUp() throws Exception {
when(trans.org()).thenReturn(org);
when(org.getDomain()).thenReturn("org.onap");
Define.set(access);
access.setProperty(Config.CADI_LATITUDE, "38.0");
access.setProperty(Config.CADI_LONGITUDE, "-72.0");
-
+
mapper = new Mapper_2_0(question);
acsi = new AuthzCassServiceImpl<>(trans, mapper, question);
}
-
+
//////////
// Common Data Objects
/////////
@@ -144,7 +144,7 @@ public abstract class JU_BaseServiceImpl {
rv.add(ndd);
return rv;
}
-
+
/**
* Setup Role Data for Mock Usages
* @param trans
@@ -163,7 +163,7 @@ public abstract class JU_BaseServiceImpl {
}
when(question.userRoleDAO().read(trans, user, ns+'.'+role)).thenReturn(result);
}
-
+
protected UserRoleDAO.Data urData(String user, String ns, String rname, int days) {
UserRoleDAO.Data urdd = new UserRoleDAO.Data();
urdd.user = user;
@@ -182,7 +182,7 @@ public abstract class JU_BaseServiceImpl {
list.add(t);
return list;
}
-
+
protected <T> List<T> emptyList(Class<T> cls) {
return new ArrayList<>();
}
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
index 2bb907ac..9cd5ecdf 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -49,9 +49,9 @@ import junit.framework.Assert;
@RunWith(MockitoJUnitRunner.class)
public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl {
- @Mock
- private Result<CredDAO.Data> rcdd;
-
+ @Mock
+ private Result<CredDAO.Data> rcdd;
+
@Before
public void setUp() throws Exception {
super.setUp();
@@ -110,7 +110,7 @@ public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl {
when(orgIdentity.isFound()).thenReturn(true);
String ns = "org.onap.sample";
when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
-
+
CredDAO.Data cdd = credDataFound(cr,100);
when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(cdd));
when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(listOf(cdd)));
@@ -126,7 +126,7 @@ public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl {
cr.setType(CredDAO.RAW);
return cr;
}
-
+
private CredDAO.Data credDataFound(CredRequest cr, int days) {
CredDAO.Data cdd = new CredDAO.Data();
cdd.id = cr.getId();
@@ -144,5 +144,5 @@ public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl {
cdd.expires = gc.getTime();
return cdd;
}
-
+
} \ No newline at end of file
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java
index 53ba519c..c4829ff1 100644
--- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java
@@ -7,9 +7,9 @@
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
- * *
+ * *
* * http://www.apache.org/licenses/LICENSE-2.0
- * *
+ * *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -54,7 +54,7 @@ public class JU_ServiceValidator {
assertTrue(validator.errs().equals("ERR_Security\n"));
}
-
+
@Test
public void permInstance() {
assertFalse(validator.permInstance("hello").err());