diff options
author | Instrumental <jcgmisc@stl.gathman.org> | 2018-04-18 10:52:42 -0500 |
---|---|---|
committer | Instrumental <jcgmisc@stl.gathman.org> | 2018-04-18 10:52:52 -0500 |
commit | 087706284431e63ea77b934859a47beeb59e4592 (patch) | |
tree | f96525f12d0a243f35739d6b909ae892068945bf /auth | |
parent | 3c0e04b9064ff069f5e594a5023c2f18ba487e80 (diff) |
Support Multiple Realms for DefaultOrg
Issue-ID: AAF-254
Change-Id: I89a9b1ceaa304861debd4c7dd21879e0b1fc902a
Signed-off-by: Instrumental <jcgmisc@stl.gathman.org>
Diffstat (limited to 'auth')
7 files changed, 67 insertions, 16 deletions
diff --git a/auth/auth-cass/docker/backup/backup.sh b/auth/auth-cass/docker/backup/backup.sh index db59d16e..1359d3de 100644 --- a/auth/auth-cass/docker/backup/backup.sh +++ b/auth/auth-cass/docker/backup/backup.sh @@ -1,28 +1,32 @@ # BEGIN Store prev -if [ -e "6day" ]; then - rm -Rf 6day +BD=/opt/app/osaaf/backup +if [ -e "$BD/6day" ]; then + rm -Rf $BD/6day fi -PREV=6day -for D in 5day 4day 3day 2day yesterday; do +PREV=$BD/6day +for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do if [ -e "$D" ]; then mv "$D" "$PREV" fi PREV="$D" done -if [ -e "today" ]; then - mv today yesterday - gzip yesterday/* +if [ -e "$BD/today" ]; then + if [ -e "$BD/backup.log" ]; then + mv $BD/backup.log $BD/today + fi + gzip $BD/today/* + mv $BD/today $BD/yesterday fi +mkdir $BD/today + # END Store prev date docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup" -docker container cp cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh +docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh # echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh" docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh -mkdir today -docker container cp aaf_cass:/opt/app/cass_backup/. today - +docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today date diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 1f679075..b7b17c90 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -40,23 +40,23 @@ import org.onap.aaf.auth.dao.cass.DelegateDAO; import org.onap.aaf.auth.dao.cass.FutureDAO; import org.onap.aaf.auth.dao.cass.Namespace; import org.onap.aaf.auth.dao.cass.NsDAO; +import org.onap.aaf.auth.dao.cass.NsDAO.Data; import org.onap.aaf.auth.dao.cass.NsSplit; import org.onap.aaf.auth.dao.cass.NsType; import org.onap.aaf.auth.dao.cass.PermDAO; import org.onap.aaf.auth.dao.cass.RoleDAO; import org.onap.aaf.auth.dao.cass.Status; import org.onap.aaf.auth.dao.cass.UserRoleDAO; -import org.onap.aaf.auth.dao.cass.NsDAO.Data; import org.onap.aaf.auth.dao.hl.Question.Access; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.auth.org.Executor; import org.onap.aaf.auth.org.Organization; -import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.auth.org.Organization.Expiration; import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.Organization.Policy; +import org.onap.aaf.auth.org.OrganizationException; public class Function { @@ -735,7 +735,7 @@ public class Function { private Result<Void> checkValidID(AuthzTrans trans, Date now, String user) { Organization org = trans.org(); - if (user.endsWith(org.getRealm())) { + if (org.supportsRealm(user)) { try { if (org.getIdentity(trans, user) == null) { return Result.err(Status.ERR_Denied, diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 6d7a3586..8476e06c 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -78,6 +78,12 @@ public interface Organization { * @return */ public String getRealm(); + + public boolean supportsRealm(String user); + + public void addSupportedRealm(String r); + + String getDomain(); @@ -373,6 +379,15 @@ public interface Organization { } @Override + public boolean supportsRealm(String r) { + return false; + } + + @Override + public void addSupportedRealm(String r) { + } + + @Override public String getDomain() { return N_A; } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java index 843e2682..57d37d0b 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java @@ -29,6 +29,7 @@ import java.util.concurrent.ConcurrentHashMap; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.cadi.util.FQI; +import org.onap.aaf.cadi.util.Split; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.impl.BasicEnv; @@ -98,6 +99,13 @@ public class OrganizationFactory { Class<Organization> cls = (Class<Organization>) Class.forName(orgClass); Constructor<Organization> cnst = cls.getConstructor(Env.class,String.class); org = cnst.newInstance(env,orgNS); + String other_realms = env.getProperty(orgNS+".also_supports"); + if(other_realms!=null) { + for(String r : Split.splitTrim(',', other_realms)) { + org.addSupportedRealm(r); + } + } + } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 5674e247..935f99bf 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -56,9 +56,12 @@ public class DefaultOrg implements Organization { final String realm; private final String NAME,mailHost,mailFrom; + private final Set<String> supportedRealms; public DefaultOrg(Env env, String realm) throws OrganizationException { this.realm = realm; + supportedRealms=new HashSet<String>(); + supportedRealms.add(realm); domain=FQI.reverseDomain(realm); atDomain = '@'+domain; String s; @@ -668,5 +671,21 @@ public class DefaultOrg implements Organization { return addressArray; } - + private String extractRealm(final String r) { + int at; + if((at=r.indexOf('@'))>=0) { + return FQI.reverseDomain(r.substring(at+1)); + } + return r; + } + @Override + public boolean supportsRealm(final String r) { + return supportedRealms.contains(extractRealm(r)) || r.endsWith(realm); } + + @Override + public synchronized void addSupportedRealm(final String r) { + supportedRealms.add(extractRealm(r)); + } + +} diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java index e6f058a4..d4606284 100644 --- a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java +++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java @@ -109,6 +109,11 @@ public class JU_DefaultOrg { assertTrue(realmTest == REALM); } + public void supportsRealm() { + String otherRealm = "org.ossaf.something"; + defaultOrg.addSupportedRealm(otherRealm); + assertTrue(defaultOrg.supportsRealm(otherRealm)); + } //@Test public void testGetName() throws OrganizationException{ String testName = defaultOrg.getName(); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java index 446bf46d..a6bbbb0b 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java @@ -153,7 +153,7 @@ public class ServiceValidator extends Validator { str = str.substring(0,idx); } - if(cd.id.endsWith(org.getRealm())) { + if(org.supportsRealm(cd.id)) { if(isNew && (str=org.isValidID(trans, str)).length()>0) { msg(cd.id,str); } |