diff options
7 files changed, 27 insertions, 28 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 3634af97..4c03f313 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -50,6 +50,7 @@ import org.onap.aaf.auth.dao.cass.ApprovalDAO; import org.onap.aaf.auth.dao.cass.CacheInfoDAO; import org.onap.aaf.auth.dao.cass.CertDAO; import org.onap.aaf.auth.dao.cass.CredDAO; +import org.onap.aaf.auth.dao.cass.CredDAO.Data; import org.onap.aaf.auth.dao.cass.DelegateDAO; import org.onap.aaf.auth.dao.cass.FutureDAO; import org.onap.aaf.auth.dao.cass.HistoryDAO; @@ -61,10 +62,9 @@ import org.onap.aaf.auth.dao.cass.PermDAO; import org.onap.aaf.auth.dao.cass.RoleDAO; import org.onap.aaf.auth.dao.cass.Status; import org.onap.aaf.auth.dao.cass.UserRoleDAO; -import org.onap.aaf.auth.dao.cass.CredDAO.Data; import org.onap.aaf.auth.env.AuthzTrans; -import org.onap.aaf.auth.env.AuthzTransFilter; import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE; +import org.onap.aaf.auth.env.AuthzTransFilter; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.auth.org.Organization; import org.onap.aaf.cadi.Hash; @@ -780,7 +780,7 @@ public class Question { checkLessThanDays(trans,7,now,cdd); return Result.ok(cdd.expires); } else if (debug!=null) { - load(debug, cdd,dbcred); + load(debug, cdd); } break; case CredDAO.BASIC_AUTH_SHA256: @@ -793,7 +793,7 @@ public class Question { checkLessThanDays(trans,7,now,cdd); return Result.ok(cdd.expires); } else if (debug!=null) { - load(debug, cdd, dbcred); + load(debug, cdd); } break; default: @@ -809,14 +809,10 @@ public class Question { } } // end for each if(debug==null) { - debug=new StringBuilder(); + trans.audit().printf("No cred matches ip=%s, user=%s\n",trans.ip(),user); } else { - debug.append(", "); + trans.audit().printf("No cred matches ip=%s, user=%s %s\n",trans.ip(),user,debug.toString()); } - - debug.append("cred="); - debug.append(new String(cred)); - trans.audit().printf("No cred matches ip=%s, user=%s, %s\n",trans.ip(),user,trans.encryptor().encrypt(debug.toString())); if(expired!=null) { // Note: this is only returned if there are no good Credentials rv = Result.err(Status.ERR_Security, @@ -830,13 +826,11 @@ public class Question { } - private void load(StringBuilder debug, Data cdd, byte[] dbcred) { + private void load(StringBuilder debug, Data cdd) { debug.append("DB Entry: user="); debug.append(cdd.id); debug.append(",type="); debug.append(cdd.type); - debug.append(",cred="); - debug.append(Hash.toHex(dbcred)); debug.append(",expires="); debug.append(Chrono.dateTime(cdd.expires)); debug.append('\n'); diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml index ddaebff3..c465f818 100644 --- a/auth/auth-hello/pom.xml +++ b/auth/auth-hello/pom.xml @@ -49,13 +49,11 @@ <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-core</artifactId> - <version>${project.version}</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> - <version>${project.version}</version> </dependency> </dependencies> @@ -101,7 +99,6 @@ <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> - <version>1.6.7</version> <extensions>true</extensions> <configuration> <nexusUrl>${nexusproxy}</nexusUrl> @@ -112,7 +109,6 @@ <plugin> <groupId>org.jacoco</groupId> <artifactId>jacoco-maven-plugin</artifactId> - <version>${jacoco.version}</version> <configuration> <excludes> <exclude>**/gen/**</exclude> diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java index 7eb9fd7b..b68b445c 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java @@ -52,7 +52,7 @@ public class API_Mgmt { private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear"; private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip"; private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id"; - private final static String PERM_LOG_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id"; + private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id"; /** * Normal Init level APIs diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java index be1e739b..cf5c92d0 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java @@ -154,7 +154,7 @@ public abstract class AbsUserCache<PERM extends Permission> { } Miss miss = missMap.get(mkey); if(miss==null) { - missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval)); + missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval,key)); return true; } return miss.mayContinue(); @@ -376,12 +376,17 @@ public abstract class AbsUserCache<PERM extends Permission> { keys.addAll(missMap.keySet()); for(String key : keys) { Miss m = missMap.get(key); - if(m!=null && m.timestamp<System.currentTimeMillis()) { - synchronized(missMap) { - missMap.remove(key); + if(m!=null) { + long timeLeft = m.timestamp - System.currentTimeMillis(); + if(timeLeft<0) { + synchronized(missMap) { + missMap.remove(key); + } + access.log(Level.INFO, m.name, " has been removed from Missed Credential Map (" + m.tries + " invalid tries)"); + ++miss; + } else { + access.log(Level.INFO, m.name, " remains in Missed Credential Map (" + m.tries + " invalid tries) for " + (timeLeft/1000) + " more seconds"); } - access.log(Level.INFO, key, "has been removed from Missed Credential Map (" + m.tries + " invalid tries)"); - ++miss; } } } @@ -419,11 +424,14 @@ public abstract class AbsUserCache<PERM extends Permission> { private long timetolive; private long tries; + + private final String name; - public Miss(byte[] first, long timeInterval) { + public Miss(final byte[] first, final long timeInterval, final String name) { timestamp = System.currentTimeMillis() + timeInterval; this.timetolive = timeInterval; tries = 0L; + this.name = name; } @@ -437,6 +445,7 @@ public abstract class AbsUserCache<PERM extends Permission> { } return true; } + } /** diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index 26ad758f..c4634cf4 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -142,7 +142,7 @@ public class Config { public static final String AAF_APPPASS = "aaf_password"; public static final String AAF_LUR_CLASS = "aaf_lur_class"; public static final String AAF_TAF_CLASS = "aaf_taf_class"; - public static final String AAF_TAF_CLASS_DEF = "org.osaaf.cadi.aaf.v2_0.AAFTaf"; + public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf"; public static final String AAF_CONNECTOR_CLASS = "aaf_connector_class"; public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; public static final String AAF_CONN_TIMEOUT = "aaf_conn_timeout"; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java index 6a49401c..22ba702c 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java @@ -121,6 +121,6 @@ public class BasicPrincipal extends BearerPrincipal implements GetCred { @Override public String personalName() { - return null; // personalName not available with Basic Auth + return name; // personalName not available with Basic Auth } } diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java index dee7fc21..1fafe2e8 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java @@ -103,7 +103,7 @@ public class JU_BasicPrincipal { assertTrue(Math.abs(bp.created() - created) < 10); assertThat(bp.toString(), is(expected)); assertThat(bp.tag(), is("BAth")); - assertThat(bp.personalName(), is(nullValue())); + assertThat(bp.personalName(), is(bp.getName())); // This test hits the abstract class BearerPrincipal assertThat(bp.getBearer(), is(bearer)); |