summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
authorInstrumental <jcgmisc@stl.gathman.org>2018-04-18 10:52:42 -0500
committerInstrumental <jcgmisc@stl.gathman.org>2018-04-18 10:52:52 -0500
commit087706284431e63ea77b934859a47beeb59e4592 (patch)
treef96525f12d0a243f35739d6b909ae892068945bf /auth
parent3c0e04b9064ff069f5e594a5023c2f18ba487e80 (diff)
Support Multiple Realms for DefaultOrg
Issue-ID: AAF-254 Change-Id: I89a9b1ceaa304861debd4c7dd21879e0b1fc902a Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-cass/docker/backup/backup.sh26
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java6
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java15
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java8
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java21
-rw-r--r--auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java5
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java2
7 files changed, 67 insertions, 16 deletions
diff --git a/auth/auth-cass/docker/backup/backup.sh b/auth/auth-cass/docker/backup/backup.sh
index db59d16e..1359d3de 100644
--- a/auth/auth-cass/docker/backup/backup.sh
+++ b/auth/auth-cass/docker/backup/backup.sh
@@ -1,28 +1,32 @@
# BEGIN Store prev
-if [ -e "6day" ]; then
- rm -Rf 6day
+BD=/opt/app/osaaf/backup
+if [ -e "$BD/6day" ]; then
+ rm -Rf $BD/6day
fi
-PREV=6day
-for D in 5day 4day 3day 2day yesterday; do
+PREV=$BD/6day
+for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do
if [ -e "$D" ]; then
mv "$D" "$PREV"
fi
PREV="$D"
done
-if [ -e "today" ]; then
- mv today yesterday
- gzip yesterday/*
+if [ -e "$BD/today" ]; then
+ if [ -e "$BD/backup.log" ]; then
+ mv $BD/backup.log $BD/today
+ fi
+ gzip $BD/today/*
+ mv $BD/today $BD/yesterday
fi
+mkdir $BD/today
+
# END Store prev
date
docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup"
-docker container cp cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh
+docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh
# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh"
docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh
-mkdir today
-docker container cp aaf_cass:/opt/app/cass_backup/. today
-
+docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today
date
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 1f679075..b7b17c90 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -40,23 +40,23 @@ import org.onap.aaf.auth.dao.cass.DelegateDAO;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.Namespace;
import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.NsDAO.Data;
import org.onap.aaf.auth.dao.cass.NsSplit;
import org.onap.aaf.auth.dao.cass.NsType;
import org.onap.aaf.auth.dao.cass.PermDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.NsDAO.Data;
import org.onap.aaf.auth.dao.hl.Question.Access;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.auth.org.Executor;
import org.onap.aaf.auth.org.Organization;
-import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.auth.org.Organization.Expiration;
import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.Organization.Policy;
+import org.onap.aaf.auth.org.OrganizationException;
public class Function {
@@ -735,7 +735,7 @@ public class Function {
private Result<Void> checkValidID(AuthzTrans trans, Date now, String user) {
Organization org = trans.org();
- if (user.endsWith(org.getRealm())) {
+ if (org.supportsRealm(user)) {
try {
if (org.getIdentity(trans, user) == null) {
return Result.err(Status.ERR_Denied,
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 6d7a3586..8476e06c 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -78,6 +78,12 @@ public interface Organization {
* @return
*/
public String getRealm();
+
+ public boolean supportsRealm(String user);
+
+ public void addSupportedRealm(String r);
+
+
String getDomain();
@@ -373,6 +379,15 @@ public interface Organization {
}
@Override
+ public boolean supportsRealm(String r) {
+ return false;
+ }
+
+ @Override
+ public void addSupportedRealm(String r) {
+ }
+
+ @Override
public String getDomain() {
return N_A;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
index 843e2682..57d37d0b 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
@@ -29,6 +29,7 @@ import java.util.concurrent.ConcurrentHashMap;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.cadi.util.FQI;
+import org.onap.aaf.cadi.util.Split;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.impl.BasicEnv;
@@ -98,6 +99,13 @@ public class OrganizationFactory {
Class<Organization> cls = (Class<Organization>) Class.forName(orgClass);
Constructor<Organization> cnst = cls.getConstructor(Env.class,String.class);
org = cnst.newInstance(env,orgNS);
+ String other_realms = env.getProperty(orgNS+".also_supports");
+ if(other_realms!=null) {
+ for(String r : Split.splitTrim(',', other_realms)) {
+ org.addSupportedRealm(r);
+ }
+ }
+
} catch (ClassNotFoundException | NoSuchMethodException | SecurityException |
InstantiationException | IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 5674e247..935f99bf 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -56,9 +56,12 @@ public class DefaultOrg implements Organization {
final String realm;
private final String NAME,mailHost,mailFrom;
+ private final Set<String> supportedRealms;
public DefaultOrg(Env env, String realm) throws OrganizationException {
this.realm = realm;
+ supportedRealms=new HashSet<String>();
+ supportedRealms.add(realm);
domain=FQI.reverseDomain(realm);
atDomain = '@'+domain;
String s;
@@ -668,5 +671,21 @@ public class DefaultOrg implements Organization {
return addressArray;
}
-
+ private String extractRealm(final String r) {
+ int at;
+ if((at=r.indexOf('@'))>=0) {
+ return FQI.reverseDomain(r.substring(at+1));
+ }
+ return r;
+ }
+ @Override
+ public boolean supportsRealm(final String r) {
+ return supportedRealms.contains(extractRealm(r)) || r.endsWith(realm);
}
+
+ @Override
+ public synchronized void addSupportedRealm(final String r) {
+ supportedRealms.add(extractRealm(r));
+ }
+
+}
diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
index e6f058a4..d4606284 100644
--- a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
+++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java
@@ -109,6 +109,11 @@ public class JU_DefaultOrg {
assertTrue(realmTest == REALM);
}
+ public void supportsRealm() {
+ String otherRealm = "org.ossaf.something";
+ defaultOrg.addSupportedRealm(otherRealm);
+ assertTrue(defaultOrg.supportsRealm(otherRealm));
+ }
//@Test
public void testGetName() throws OrganizationException{
String testName = defaultOrg.getName();
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index 446bf46d..a6bbbb0b 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -153,7 +153,7 @@ public class ServiceValidator extends Validator {
str = str.substring(0,idx);
}
- if(cd.id.endsWith(org.getRealm())) {
+ if(org.supportsRealm(cd.id)) {
if(isNew && (str=org.isValidID(trans, str)).length()>0) {
msg(cd.id,str);
}