summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Perm.java4
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java9
-rw-r--r--auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java2
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2FormHttpTafResp.java6
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java91
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTafResp.java6
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java8
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java22
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java26
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java8
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java8
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java15
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java22
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java17
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java18
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java17
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java5
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java10
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java27
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java4
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/taf/dos/test/JU_DenialOfServiceTaf.java6
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java7
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java8
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_PuntTafResp.java3
-rw-r--r--docs/sections/installation/client_vol.rst2
27 files changed, 277 insertions, 79 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Perm.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Perm.java
index 469284a2..acfb3390 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Perm.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/Perm.java
@@ -106,7 +106,9 @@ public class Perm implements Comparable<Perm> {
try {
while(iter.hasNext()) {
row = iter.next();
- Perm pk = new Perm(row.getString(0),row.getString(1),row.getString(2),row.getString(3), row.getString(4), row.getSet(5,String.class));
+ Perm pk = new Perm(
+ row.getString(0),row.getString(1),row.getString(2),
+ row.getString(3), row.getString(4), row.getSet(5,String.class));
keys.put(pk.encode(), pk);
data.put(pk,pk.roles);
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
index bc563f39..96349aed 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CachingFileAccess.java
@@ -37,7 +37,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
-import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import java.util.Map.Entry;
@@ -553,10 +552,10 @@ public class CachingFileAccess<TRANS extends Trans> extends HttpCode<TRANS, Void
content.remove(entry.getKey());
//System.out.println("removed Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());
}
- for(int i=end;i<size;++i) {
- Entry<String, Content> entry = scont.get(i).entry;
- //System.out.println("remaining Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());
- }
+// for(int i=end;i<size;++i) {
+// Entry<String, Content> entry = scont.get(i).entry;
+// //System.out.println("remaining Cache Item " + entry.getKey() + "/" + new Date(entry.getValue().access).toString());
+// }
}
}
}
diff --git a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java
index 27f771c1..3c68f61d 100644
--- a/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java
+++ b/auth/auth-fs/src/test/java/org/onap/aaf/auth/fs/test/JU_AAF_FS.java
@@ -48,8 +48,6 @@ import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
-import org.junit.Test;
-
public class JU_AAF_FS {
AuthzEnv aEnv;
AAF_FS aafFs;
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2FormHttpTafResp.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2FormHttpTafResp.java
index 23d87e3e..6adb4641 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2FormHttpTafResp.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/OAuth2FormHttpTafResp.java
@@ -32,19 +32,20 @@ import org.onap.aaf.cadi.taf.AbsTafResp;
import org.onap.aaf.cadi.taf.TafResp;
public class OAuth2FormHttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = DirectOAuthTAF.class.getSimpleName();
private HttpServletResponse httpResp;
private RESP status;
private final boolean wasFailed;
public OAuth2FormHttpTafResp(Access access, OAuth2FormPrincipal principal, String desc, RESP status, HttpServletResponse resp, boolean wasFailed) {
- super(access,principal, desc);
+ super(access,tafName,principal, desc);
httpResp = resp;
this.status = status;
this.wasFailed = wasFailed;
}
public OAuth2FormHttpTafResp(Access access, TrustPrincipal principal, String desc, RESP status,HttpServletResponse resp) {
- super(access,principal, desc);
+ super(access,tafName,principal, desc);
httpResp = resp;
this.status = status;
wasFailed = true; // if Trust Principal added, must be good
@@ -62,4 +63,5 @@ public class OAuth2FormHttpTafResp extends AbsTafResp implements TafResp {
public boolean isFailedAttempt() {
return wasFailed;
}
+
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
index a5ef6d14..682540ea 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java
@@ -30,18 +30,20 @@ import java.util.Map;
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.User;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CachedPrincipal.Resp;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Holder;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.lur.LocalPermission;
+import org.onap.aaf.cadi.util.Timing;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.util.Split;
@@ -107,15 +109,16 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
protected User<AAFPermission> loadUser(final Principal principal) {
final String name = principal.getName();
-// TODO Create a dynamic way to declare domains supported.
final long start = System.nanoTime();
+ final Holder<Float> remote = new Holder<Float>(0f);
+
final boolean[] success = new boolean[]{false};
-// new Exception("loadUser").printStackTrace();
try {
return aaf.best(new Retryable<User<AAFPermission>>() {
@Override
public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ final long remoteStart = System.nanoTime();
Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF);
// In the meantime, lookup User, create if necessary
@@ -137,7 +140,9 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
}
// OK, done all we can, now get content
- if(fp.get(aaf.timeout)) {
+ boolean ok = fp.get(aaf.timeout);
+ remote.set(Timing.millis(remoteStart));
+ if(ok) {
success[0]=true;
Map<String, Permission> newMap = user.newMap();
boolean willLog = aaf.access.willLog(Level.DEBUG);
@@ -170,51 +175,61 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> {
success[0]=false;
return null;
} finally {
- float time = (System.nanoTime()-start)/1000000f;
- aaf.access.log(Level.INFO, success[0]?"Loaded":"Load Failure",name,"from AAF in",time,"ms");
+ aaf.access.printf(Level.INFO, "AAFLurPerm: %s %s perms from AAF in %f ms, remote=%f",
+ (success[0]?"Loaded":"Load Failure"),name,Timing.millis(start),remote.get());
}
}
- public Resp reload(User<AAFPermission> user) {
+ public Resp reload(final User<AAFPermission> user) {
final String name = user.name;
long start = System.nanoTime();
- boolean success = false;
+ final Holder<Float> remote = new Holder<Float>(0f);
+ final Holder<Boolean> success = new Holder<Boolean>(false);
try {
- Future<Perms> fp = aaf.client(Config.AAF_DEFAULT_VERSION).read(
- "/authz/perms/user/"+name,
- aaf.permsDF
- );
-
- // OK, done all we can, now get content
- if(fp.get(aaf.timeout)) {
- success = true;
- Map<String,Permission> newMap = user.newMap();
- boolean willLog = aaf.access.willLog(Level.DEBUG);
- for(Perm perm : fp.value.getPerm()) {
- user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
- if(willLog) {
- aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
+ Resp rv = aaf.best(new Retryable<Resp>() {
+ @Override
+ public Resp code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ final long remoteStart = System.nanoTime();
+ Future<Perms> fp = aaf.client(Config.AAF_DEFAULT_VERSION).read(
+ "/authz/perms/user/"+name,
+ aaf.permsDF
+ );
+
+ // OK, done all we can, now get content
+ boolean ok = fp.get(aaf.timeout);
+ remote.set(Timing.millis(remoteStart));
+ if(ok) {
+ success.set(true);
+ Map<String,Permission> newMap = user.newMap();
+ boolean willLog = aaf.access.willLog(Level.DEBUG);
+ for(Perm perm : fp.value.getPerm()) {
+ user.add(newMap, new AAFPermission(perm.getNs(),perm.getType(),perm.getInstance(),perm.getAction(),perm.getRoles()));
+ if(willLog) {
+ aaf.access.log(Level.DEBUG, name,"has",perm.getType(),perm.getInstance(),perm.getAction());
+ }
+ }
+ user.renewPerm();
+ return Resp.REVALIDATED;
+ } else {
+ int code;
+ switch(code=fp.code()) {
+ case 401:
+ aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");
+ break;
+ default:
+ aaf.access.log(Access.Level.ERROR, code, fp.body());
+ }
+ return Resp.UNVALIDATED;
}
}
- user.renewPerm();
- return Resp.REVALIDATED;
- } else {
- int code;
- switch(code=fp.code()) {
- case 401:
- aaf.access.log(Access.Level.ERROR, code, "Unauthorized to make AAF calls");
- break;
- default:
- aaf.access.log(Access.Level.ERROR, code, fp.body());
- }
- return Resp.UNVALIDATED;
- }
+ });
+ return rv;
} catch (Exception e) {
aaf.access.log(e,"Calling","/authz/perms/user/"+name);
return Resp.INACCESSIBLE;
} finally {
- float time = (System.nanoTime()-start)/1000000f;
- aaf.access.log(Level.AUDIT, success?"Reloaded":"Reload Failure",name,"from AAF in",time,"ms");
+ aaf.access.printf(Level.INFO, "AAFLurPerm: %s %s perms from AAF in %f ms (remote=%f)",
+ (success.get()?"Reloaded":"Reload Failure"),name,Timing.millis(start),remote.get());
}
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTafResp.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTafResp.java
index 7e1028a5..9292e75e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTafResp.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTafResp.java
@@ -31,19 +31,20 @@ import org.onap.aaf.cadi.taf.AbsTafResp;
import org.onap.aaf.cadi.taf.TafResp;
public class OAuth2HttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = OAuth2HttpTaf.class.getSimpleName();
private HttpServletResponse httpResp;
private RESP status;
private final boolean wasFailed;
public OAuth2HttpTafResp(Access access, OAuth2Principal principal, String desc, RESP status, HttpServletResponse resp, boolean wasFailed) {
- super(access,principal, desc);
+ super(access,tafName, principal, desc);
httpResp = resp;
this.status = status;
this.wasFailed = wasFailed;
}
public OAuth2HttpTafResp(Access access, TrustPrincipal principal, String desc, RESP status,HttpServletResponse resp) {
- super(access,principal, desc);
+ super(access,tafName, principal, desc);
httpResp = resp;
this.status = status;
wasFailed = true; // if Trust Principal added, must be good
@@ -62,5 +63,4 @@ public class OAuth2HttpTafResp extends AbsTafResp implements TafResp {
return wasFailed;
}
-
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java
index a2dfba37..6f4d5cc7 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CadiWrap.java
@@ -34,6 +34,7 @@ import org.onap.aaf.cadi.filter.PermConverter;
import org.onap.aaf.cadi.lur.EpiLur;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
import org.onap.aaf.cadi.taf.TafResp;
+import org.onap.aaf.cadi.util.Timing;
@@ -113,7 +114,7 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe
*/
@Override
public boolean isUserInRole(String perm) {
- return perm==null?false:checkPerm(access,"(HttpRequest)",principal,pconv,lur,perm);
+ return perm==null?false:checkPerm(access,"isUserInRole",principal,pconv,lur,perm);
}
public static boolean checkPerm(Access access, String caller, Principal principal, PermConverter pconv, Lur lur, String perm) {
@@ -121,12 +122,13 @@ public class CadiWrap extends HttpServletRequestWrapper implements HttpServletRe
access.log(Level.AUDIT,caller, "No Principal in Transaction");
return false;
} else {
+ final long start = System.nanoTime();
perm = pconv.convert(perm);
if(lur.fish(principal,lur.createPerm(perm))) {
- access.log(Level.DEBUG,caller, principal.getName(), "has", perm);
+ access.printf(Level.DEBUG,"%s: %s has %s, %f ms", caller, principal.getName(), perm, Timing.millis(start));
return true;
} else {
- access.log(Level.DEBUG,caller, principal.getName(), "does not have", perm);
+ access.printf(Level.DEBUG,"%s: %s does not have %s, %f ms", caller, principal.getName(), perm, Timing.millis(start));
return false;
}
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java
index 237aa28d..29234ed7 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/CadiFilter.java
@@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.CadiWrap;
import org.onap.aaf.cadi.LocatorException;
@@ -43,11 +44,11 @@ import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.ServletContextAccess;
import org.onap.aaf.cadi.TrustChecker;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.config.Get;
import org.onap.aaf.cadi.taf.TafResp;
import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.util.Timing;
/**
* CadiFilter
@@ -264,22 +265,39 @@ public class CadiFilter implements Filter {
*/
//TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM functions
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ final long startAll = System.nanoTime();
+ long startCode, startValidate;
+ float code=0f, validate=0f;
+ String user = "n/a";
+ String tag = "";
try {
HttpServletRequest hreq = (HttpServletRequest)request;
if(noAuthn(hreq)) {
+ startCode=System.nanoTime();
chain.doFilter(request, response);
+ code = Timing.millis(startCode);
} else {
HttpServletResponse hresp = (HttpServletResponse)response;
+ startValidate=System.nanoTime();
TafResp tresp = httpChecker.validate(hreq, hresp, hreq);
+ validate = Timing.millis(startValidate);
if(tresp.isAuthenticated()==RESP.IS_AUTHENTICATED) {
+ user = tresp.getPrincipal().personalName();
+ tag = tresp.getPrincipal().tag();
CadiWrap cw = new CadiWrap(hreq, tresp, httpChecker.getLur(),getConverter(hreq));
if(httpChecker.notCadi(cw, hresp)) {
+ startCode=System.nanoTime();
oauthFilter.doFilter(cw,response,chain);
+ code = Timing.millis(startCode);
}
- }
+ }
}
} catch (ClassCastException e) {
throw new ServletException("CadiFilter expects Servlet to be an HTTP Servlet",e);
+ } finally {
+ access.printf(Level.WARN, "Trans: user=%s[%s],ip=%s,ms=%f,validate=%f,code=%f",
+ user,tag,request.getRemoteAddr(),
+ Timing.millis(startAll),validate,code);
}
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java
index c216fb57..fb54abdb 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java
@@ -23,6 +23,7 @@ package org.onap.aaf.cadi.taf;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
/**
* AbsTafResp
@@ -34,9 +35,11 @@ import org.onap.aaf.cadi.principal.TaggedPrincipal;
*/
public abstract class AbsTafResp implements TafResp {
- protected final String desc;
- protected final TaggedPrincipal principal;
protected final Access access;
+ protected final String tafName;
+ protected final TaggedPrincipal principal;
+ protected final String desc;
+ private float timing;
/**
* AbsTafResp
@@ -47,11 +50,13 @@ public abstract class AbsTafResp implements TafResp {
* Access (for access to underlying container, i.e. for Logging, auditing, ClassLoaders, etc)
*
* @param access
+ * @param tafname
* @param principal
* @param description
*/
- public AbsTafResp(Access access, TaggedPrincipal principal, String description) {
+ public AbsTafResp(Access access, String tafname, TaggedPrincipal principal, String description) {
this.access = access;
+ this.tafName = tafname;
this.principal = principal;
this.desc = description;
}
@@ -113,4 +118,19 @@ public abstract class AbsTafResp implements TafResp {
return false;
}
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(final long start) {
+ timing = Timing.millis(start);
+ }
+
+ @Override
+ public String taf() {
+ return tafName;
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java
index 5b51c111..1d7967e3 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/HttpEpiTaf.java
@@ -101,8 +101,9 @@ public class HttpEpiTaf implements HttpTaf {
}
try {
for (HttpTaf taf : tafs) {
+ final long start = System.nanoTime();
tresp = taf.validate(reading, req, resp);
- addToLog(log, tresp);
+ addToLog(log, tresp, start);
switch(tresp.isAuthenticated()) {
case TRY_ANOTHER_TAF:
break; // and loop
@@ -181,10 +182,11 @@ public class HttpEpiTaf implements HttpTaf {
return Resp.NOT_MINE;
}
- private void addToLog(List<TafResp> log, TafResp tresp) {
+ private void addToLog(List<TafResp> log, final TafResp tresp, final long start) {
if (log == null) {
return;
}
+ tresp.timing(start);
log.add(tresp);
}
@@ -193,7 +195,7 @@ public class HttpEpiTaf implements HttpTaf {
return;
}
for (TafResp tresp : log) {
- access.log(Level.DEBUG, tresp.desc());
+ access.printf(Level.DEBUG, "%s: %s, ms=%f", tresp.taf(), tresp.desc(), tresp.timing());
}
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java
index 3f80170e..c8abec0a 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/LoginPageTafResp.java
@@ -37,7 +37,7 @@ public class LoginPageTafResp extends AbsTafResp {
private final String loginPageURL;
private LoginPageTafResp(Access access, final HttpServletResponse resp, String loginPageURL) {
- super(access, null, "Multiple Possible HTTP Logins available. Redirecting to Login Choice Page");
+ super(access, "LoginPage", null, "Multiple Possible HTTP Logins available. Redirecting to Login Choice Page");
httpResp = resp;
this.loginPageURL = loginPageURL;
}
@@ -91,4 +91,10 @@ public class LoginPageTafResp extends AbsTafResp {
return NullTafResp.singleton();
}
+
+ @Override
+ public String taf() {
+ return "LoginPage";
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java
index 20fc944a..af6ef9cc 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/NullTafResp.java
@@ -70,4 +70,19 @@ class NullTafResp implements TafResp {
public boolean isFailedAttempt() {
return true;
}
+
+ @Override
+ public float timing() {
+ return 0;
+ }
+
+ @Override
+ public void timing(long start) {
+ }
+
+ @Override
+ public String taf() {
+ return "NULL";
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java
index f496581b..a38c8532 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/PuntTafResp.java
@@ -25,6 +25,7 @@ import java.io.IOException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
/**
* A Punt Resp to make it fast and easy for a Taf to respond that it cannot handle a particular kind of
@@ -33,10 +34,13 @@ import org.onap.aaf.cadi.principal.TaggedPrincipal;
*
*/
public class PuntTafResp implements TafResp {
+ private final String name;
private final String desc;
+ private float timing;
public PuntTafResp(String name, String explanation) {
- desc = name + " is not processing this transaction: " + explanation;
+ this.name = name;
+ desc = "Not processing this transaction: " + explanation;
}
public boolean isValid() {
@@ -66,4 +70,20 @@ public class PuntTafResp implements TafResp {
public boolean isFailedAttempt() {
return false;
}
+
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(long start) {
+ timing = Timing.millis(start);
+ }
+
+ @Override
+ public String taf() {
+ return name;
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java
index a679d994..acade37a 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TafResp.java
@@ -91,4 +91,21 @@ public interface TafResp {
* Be able to check if part of a Failed attempt
*/
public boolean isFailedAttempt();
+
+ /**
+ * report how long this took
+ * @return
+ */
+ public float timing();
+
+ /**
+ * Set end of timing in Millis, given Nanos
+ * @param start
+ */
+ void timing(long start);
+
+ /**
+ * Support Taf Name
+ */
+ String taf();
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java
index 24a79cf3..98ead3ca 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustNotTafResp.java
@@ -25,10 +25,12 @@ import java.io.IOException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
public class TrustNotTafResp implements TafResp {
private final TafResp delegate;
private final String desc;
+ private float timing;
public TrustNotTafResp(final TafResp delegate, final String desc) {
this.delegate = delegate;
@@ -69,8 +71,24 @@ public class TrustNotTafResp implements TafResp {
public boolean isFailedAttempt() {
return true;
}
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(long start) {
+ timing = Timing.millis(start);
+ }
+ @Override
public String toString() {
return desc();
}
+
+ @Override
+ public String taf() {
+ return "TrustNot";
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java
index bc5e8db6..9d3b28ca 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/TrustTafResp.java
@@ -25,11 +25,13 @@ import java.io.IOException;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.util.Timing;
public class TrustTafResp implements TafResp {
private final TafResp delegate;
private final TaggedPrincipal principal;
private final String desc;
+ private float timing;
public TrustTafResp(final TafResp delegate, final TaggedPrincipal principal, final String desc) {
this.delegate = delegate;
@@ -71,8 +73,23 @@ public class TrustTafResp implements TafResp {
public boolean isFailedAttempt() {
return delegate.isFailedAttempt();
}
+ @Override
+ public float timing() {
+ return timing;
+ }
+
+ @Override
+ public void timing(long start) {
+ timing = Timing.millis(start);
+ }
public String toString() {
return principal.getName() + " by trust of " + desc();
}
+
+ @Override
+ public String taf() {
+ return "Trust";
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java
index c17797b8..643cf29e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/basic/BasicHttpTafResp.java
@@ -31,13 +31,14 @@ import org.onap.aaf.cadi.taf.AbsTafResp;
import org.onap.aaf.cadi.taf.TafResp;
public class BasicHttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = BasicHttpTaf.class.getSimpleName();
private HttpServletResponse httpResp;
private String realm;
private RESP status;
private final boolean wasFailed;
public BasicHttpTafResp(Access access, TaggedPrincipal principal, String description, RESP status, HttpServletResponse resp, String realm, boolean wasFailed) {
- super(access,principal, description);
+ super(access, tafName, principal, description);
httpResp = resp;
this.realm = realm;
this.status = status;
@@ -57,6 +58,4 @@ public class BasicHttpTafResp extends AbsTafResp implements TafResp {
public boolean isFailedAttempt() {
return wasFailed;
}
-
-
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java
index b7f63b8e..c18f9036 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509HttpTafResp.java
@@ -29,10 +29,12 @@ import org.onap.aaf.cadi.taf.AbsTafResp;
import org.onap.aaf.cadi.taf.TafResp;
public class X509HttpTafResp extends AbsTafResp implements TafResp {
+ private static final String tafName = X509Taf.class.getSimpleName();
+
private RESP status;
public X509HttpTafResp(Access access, TaggedPrincipal principal, String description, RESP status) {
- super(access, principal, description);
+ super(access, tafName, principal, description);
this.status = status;
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
index 7b7f2db0..77efa956 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
@@ -56,7 +56,6 @@ import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;
import org.onap.aaf.cadi.util.Split;
public class X509Taf implements HttpTaf {
-
private static final String CERTIFICATE_NOT_VALID_FOR_AUTHENTICATION = "Certificate NOT valid for Authentication";
public static final CertificateFactory certFactory;
public static final MessageDigest messageDigest;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java
index b156392d..e5a336f7 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/dos/DenialOfServiceTafResp.java
@@ -27,10 +27,12 @@ import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.taf.AbsTafResp;
public class DenialOfServiceTafResp extends AbsTafResp {
+ private static final String tafName = DenialOfServiceTaf.class.getSimpleName();
+
private RESP ect; // Homage to Arethra Franklin
public DenialOfServiceTafResp(Access access, RESP resp, String description ) {
- super(access, null, description);
+ super(access, tafName, null, description);
ect = resp;
}
@@ -44,4 +46,10 @@ public class DenialOfServiceTafResp extends AbsTafResp {
public RESP authenticate() throws IOException {
return ect;
}
+
+ @Override
+ public String taf() {
+ return "DOS";
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java
new file mode 100644
index 00000000..82bd389a
--- /dev/null
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/util/Timing.java
@@ -0,0 +1,27 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.cadi.util;
+
+public class Timing {
+ public static float millis(final long start) {
+ return (System.nanoTime() - start) / 1000000f;
+ }
+}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java
index 722ac14f..f35f81c1 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java
@@ -37,10 +37,10 @@ import org.junit.Before;
import org.junit.Test;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
-import org.onap.aaf.cadi.Permission;
-import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.CredVal.Type;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.lur.ConfigPrincipal;
import org.onap.aaf.cadi.lur.LocalLur;
import org.onap.aaf.cadi.lur.LocalPermission;
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/dos/test/JU_DenialOfServiceTaf.java b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/dos/test/JU_DenialOfServiceTaf.java
index ce49654b..997ebced 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/dos/test/JU_DenialOfServiceTaf.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/dos/test/JU_DenialOfServiceTaf.java
@@ -131,7 +131,8 @@ public class JU_DenialOfServiceTaf {
dost = new DenialOfServiceTaf(accessMock);
tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
- assertThat(tafResp.desc(), is("DenialOfServiceTaf is not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
assertThat(DenialOfServiceTaf.denyIP(ip1), is(true));
@@ -139,7 +140,8 @@ public class JU_DenialOfServiceTaf {
assertThat(tafResp.desc(), is(ip1 + " is on the IP Denial list"));
tafResp = dost.validate(LifeForm.SBLF, reqMock2, respMock);
- assertThat(tafResp.desc(), is("DenialOfServiceTaf is not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
+ assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
}
@Test
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java
index 6d0c04b7..e4469d30 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java
@@ -40,6 +40,7 @@ import org.onap.aaf.cadi.taf.TafResp.RESP;
public class JU_AbsTafResp {
+ private static final String JUNIT = "Junit";
private static final String name = "name";
private static final String tag = "tag";
private static final String description = "description";
@@ -58,7 +59,7 @@ public class JU_AbsTafResp {
@Test
public void test() {
- AbsTafResp tafResp = new AbsTafResp(access, taggedPrinc, description) {
+ AbsTafResp tafResp = new AbsTafResp(access, JUNIT, taggedPrinc, description) {
@Override public RESP authenticate() throws IOException {
return null;
}
@@ -66,12 +67,13 @@ public class JU_AbsTafResp {
assertThat(tafResp.isValid(), is(true));
assertThat(tafResp.desc(), is(description));
+ assertThat(tafResp.taf(), is(JUNIT));
assertThat(tafResp.isAuthenticated(), is(RESP.IS_AUTHENTICATED));
assertThat(tafResp.getPrincipal(), is(taggedPrinc));
assertThat(tafResp.getAccess(), is(access));
assertThat(tafResp.isFailedAttempt(), is(false));
- tafResp = new AbsTafResp(null, null, null) {
+ tafResp = new AbsTafResp(null, JUNIT, null, null) {
@Override public RESP authenticate() throws IOException {
return null;
}
@@ -81,6 +83,7 @@ public class JU_AbsTafResp {
assertThat(tafResp.isAuthenticated(), is(RESP.TRY_ANOTHER_TAF));
assertThat(tafResp.getPrincipal(), is(nullValue()));
assertThat(tafResp.getAccess(), is(nullValue()));
+ assertThat(tafResp.taf(), is(JUNIT));
assertThat(tafResp.isFailedAttempt(), is(false));
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java
index a1190590..f8e20cbf 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java
@@ -76,7 +76,10 @@ public class JU_EpiTaf {
@Override public RESP authenticate() throws IOException { return null; }
@Override public TaggedPrincipal getPrincipal() { return null; }
@Override public Access getAccess() { return null; }
- @Override public boolean isFailedAttempt() { return false; }
+ @Override public boolean isFailedAttempt() { return false; }
+ @Override public float timing() { return 0; }
+ @Override public void timing(long start) {}
+ @Override public String taf() {return "JUnit";}
}
class TryAnotherTaf implements Taf {
@@ -91,6 +94,9 @@ public class JU_EpiTaf {
@Override public TaggedPrincipal getPrincipal() { return null; }
@Override public Access getAccess() { return null; }
@Override public boolean isFailedAttempt() { return false; }
+ @Override public float timing() { return 0; }
+ @Override public void timing(long start) {}
+ @Override public String taf() {return "JUnit";}
}
class TryAuthenticatingTaf implements Taf {
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_PuntTafResp.java b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_PuntTafResp.java
index 516f4044..aacce522 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_PuntTafResp.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_PuntTafResp.java
@@ -44,7 +44,8 @@ public class JU_PuntTafResp {
assertFalse(punt.isValid());
assertThat(punt.isAuthenticated(), is(RESP.TRY_ANOTHER_TAF));
- assertThat(punt.desc(), is(name + " is not processing this transaction: " + explanation));
+ assertThat(punt.desc(), is("Not processing this transaction: " + explanation));
+ assertThat(punt.taf(), is(name));
assertThat(punt.authenticate(), is(RESP.TRY_ANOTHER_TAF));
assertThat(punt.getPrincipal(), is(nullValue()));
assertThat(punt.getAccess(), is(Access.NULL));
diff --git a/docs/sections/installation/client_vol.rst b/docs/sections/installation/client_vol.rst
index fc33e1bb..059c1d23 100644
--- a/docs/sections/installation/client_vol.rst
+++ b/docs/sections/installation/client_vol.rst
@@ -62,7 +62,7 @@ Query Tag Description
=================== =============== ============
CADI Version VERSION Defaults to CADI version of this
AAF's FQDN AAF_FQDN PUBLIC Name for AAF. For ONAP Test, it is 'aaf-onap-test.osaaf.org'
-Deployer's FQI DEPLOY_FQI deployer@people.osaaf.org. In a REAL system, this would be a person or process
+Deployer's FQI DEPLOY_FQI In a REAL system, this would be a person or process. For ONAP Testing, the id is deploy@people.osaaf.org, password (see Dynamic Properties) is 'demo123456!'
App's Root FQDN APP_FQDN This will show up in the Cert Subject, and should be the name given by Docker. i.e. clamp.onap
App's FQI APP_FQI Fully Qualified ID given by Organization and with AAF NS/domain. ex: clamp@clamp.onap.org
App's Volume VOLUME Volume to put the data, see above. ex: clamp_aaf