summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--INFO.yaml4
-rw-r--r--auth-client/pom.xml4
-rw-r--r--auth/auth-batch/pom.xml9
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java2
-rw-r--r--auth/auth-cass/pom.xml2
-rw-r--r--auth/auth-certman/pom.xml2
-rw-r--r--auth/auth-cmd/pom.xml35
-rw-r--r--auth/auth-cmd/src/assemble/auth-cmd.xml34
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java292
-rw-r--r--auth/auth-cmd/temp0
-rw-r--r--auth/auth-core/pom.xml2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java3
-rw-r--r--auth/auth-deforg/pom.xml4
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java4
-rw-r--r--auth/auth-fs/pom.xml6
-rw-r--r--auth/auth-gui/pom.xml11
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java3
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java4
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java61
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java6
-rw-r--r--auth/auth-hello/pom.xml2
-rw-r--r--auth/auth-locate/pom.xml7
-rw-r--r--auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/service/JU_LocateServiceImplTest.java100
-rw-r--r--auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/validation/JU_LocateValidatorTest.java187
-rw-r--r--auth/auth-oauth/pom.xml7
-rw-r--r--auth/auth-service/pom.xml11
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java3
-rw-r--r--auth/docker/Dockerfile2
-rw-r--r--auth/docker/d.props4
-rwxr-xr-xauth/docker/dbuild.sh2
-rw-r--r--auth/docker/dpush.sh4
-rw-r--r--auth/pom.xml4
-rw-r--r--auth/sample/local/org.osaaf.aaf.p12bin4172 -> 4180 bytes
-rw-r--r--cadi/aaf/pom.xml2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java401
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/.gitignore1
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java75
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java10
-rw-r--r--cadi/client/pom.xml7
-rw-r--r--cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java1
-rw-r--r--cadi/core/pom.xml2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java33
-rw-r--r--cadi/oauth-enduser/pom.xml6
-rw-r--r--cadi/pom.xml8
-rw-r--r--cadi/shiro-osgi-bundle/pom.xml3
-rw-r--r--cadi/shiro/pom.xml2
-rw-r--r--conf/CA/intermediate.sh57
-rw-r--r--conf/CA/newIntermediate.sh3
-rw-r--r--docs/.gitignore5
-rw-r--r--docs/index.rst17
-rw-r--r--docs/sections/architecture/aaf_architecture.rst38
-rw-r--r--docs/sections/architecture/images/SecurityArchAAF.svg55
-rw-r--r--docs/sections/architecture/images/SecurityArchAAFOrg.svg128
-rw-r--r--docs/sections/architecture/images/SecurityArchBasic_1.svg48
-rw-r--r--docs/sections/architecture/images/SecurityArchBasic_TLS.svg62
-rw-r--r--docs/sections/architecture/images/SecurityArchCADI.svg64
-rw-r--r--docs/sections/architecture/images/SecurityArchCADIClient.svg70
-rw-r--r--docs/sections/architecture/images/SecurityArchFull.svg275
-rw-r--r--docs/sections/architecture/images/aaf-cm.pngbin0 -> 149239 bytes
-rw-r--r--docs/sections/architecture/images/aaf-object-model.jpg (renamed from docs/aaf-object-model.jpg)bin189989 -> 189989 bytes
-rw-r--r--docs/sections/architecture/index.rst12
-rw-r--r--docs/sections/architecture/security.rst150
-rw-r--r--docs/sections/configuration/client.rst211
-rw-r--r--docs/sections/configuration/index.rst12
-rw-r--r--docs/sections/configuration/service.rst5
-rw-r--r--docs/sections/installation/Bootstrapping-AAF-Components.rst256
-rw-r--r--docs/sections/installation/Installation.rst19
-rw-r--r--docs/sections/installation/fromsource.rst7
-rw-r--r--docs/sections/installation/index.rst12
-rw-r--r--docs/sections/installation/standalone.rst7
-rw-r--r--docs/sections/logging.rst70
-rw-r--r--docs/sections/release-notes.rst72
-rw-r--r--misc/env/pom.xml2
-rw-r--r--misc/log4j/pom.xml2
-rw-r--r--misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java7
-rw-r--r--misc/log4j/src/test/java/org/onap/aaf/misc/env/log4j/JU_LogFileNamerTest.java13
-rw-r--r--misc/pom.xml4
-rw-r--r--misc/rosetta/pom.xml13
-rw-r--r--misc/xgen/pom.xml2
-rw-r--r--pom.xml5
-rw-r--r--version.properties4
82 files changed, 2593 insertions, 488 deletions
diff --git a/INFO.yaml b/INFO.yaml
index 2a588c65..b90cb9b4 100644
--- a/INFO.yaml
+++ b/INFO.yaml
@@ -34,9 +34,9 @@ committers:
id: 'giri'
timezone: 'India/Bangalore'
- name: 'Huabing Zhao'
- email: 'zhao.huabing@zte.com.cn'
+ email: 'zhaohuabing@gmail.com'
company: 'ZTE'
- id: 'HuabingZhao'
+ id: 'Huabing_Zhao'
timezone: 'China/Chengdu'
- name: 'Kiran Kamineni'
email: 'kiran.k.kamineni@intel.com'
diff --git a/auth-client/pom.xml b/auth-client/pom.xml
index 789e24ee..7366421f 100644
--- a/auth-client/pom.xml
+++ b/auth-client/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-client</artifactId>
@@ -34,7 +34,7 @@
<packaging>jar</packaging>
<properties>
- <project.interfaceVersion>2.1.0-SNAPSHOT</project.interfaceVersion>
+ <project.interfaceVersion>2.1.1-SNAPSHOT</project.interfaceVersion>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.test.failure.ignore>true</maven.test.failure.ignore>
<!-- SONAR -->
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 00638a75..0e54d318 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -97,31 +97,26 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-env</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-rosetta</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-cass</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
@@ -152,7 +147,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -163,7 +157,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java
index b2043f07..2a55af76 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/Batch.java
@@ -89,8 +89,6 @@ public abstract class Batch {
protected static final String VERSION="VERSION";
public static final String GUI_URL="GUI_URL";
- protected static final String ORA_URL="ora_url";
- protected static final String ORA_PASSWORD="ora_password";
protected final Organization org;
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index cc61f19b..b5a14264 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 10a3bb0b..7da6464f 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index 1adf1350..55c709f8 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -95,7 +95,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -106,7 +105,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
@@ -165,6 +163,35 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <configuration>
+ <classifier>tests</classifier>
+ <archive>
+ <manifest>
+ <mainClass>org.onap.aaf.auth.cmd.AAFcli</mainClass>
+ </manifest>
+ <manifestEntries>
+ <Sealed>true</Sealed>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <id>full</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>src/assemble/auth-cmd.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
</plugins>
</build>
@@ -172,13 +199,11 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
diff --git a/auth/auth-cmd/src/assemble/auth-cmd.xml b/auth/auth-cmd/src/assemble/auth-cmd.xml
new file mode 100644
index 00000000..7a86ea84
--- /dev/null
+++ b/auth/auth-cmd/src/assemble/auth-cmd.xml
@@ -0,0 +1,34 @@
+<?xml version='1.0' encoding='utf-8'?>
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+
+ <id>full</id>
+ <formats>
+ <format>jar</format>
+ </formats>
+
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <dependencySets>
+ <dependencySet>
+ <unpack>true</unpack>
+ <scope>compile</scope>
+ <includes>
+ <include>org.onap.aaf.authz:aaf-auth-cmd</include>
+ <include>org.onap.aaf.authz:aaf-auth-core</include>
+ <include>org.onap.aaf.authz:aaf-auth-client</include>
+ <include>org.onap.aaf.authz:aaf-cadi-aaf</include>
+ <include>org.onap.aaf.authz:aaf-cadi-core</include>
+ <include>org.onap.aaf.authz:aaf-cadi-client</include>
+ <include>org.onap.aaf.authz:aaf-misc-env</include>
+ <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>jline:jline</include>
+ </includes>
+ </dependencySet>
+
+ </dependencySets>
+ <fileSets>
+ <fileSet>
+ <directory>src/main/xsd</directory>
+ </fileSet>
+ </fileSets>
+</assembly> \ No newline at end of file
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java
index 72aa0ccd..2efbff73 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/AAFcli.java
@@ -42,11 +42,11 @@ import org.onap.aaf.auth.cmd.user.User;
import org.onap.aaf.auth.common.Define;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Locator;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.SecuritySetter;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
@@ -59,7 +59,6 @@ import org.onap.aaf.misc.env.APIException;
import jline.console.ConsoleReader;
public class AAFcli {
- private static final String HTTPS = "https://";
protected static PrintWriter pw;
protected HMangr hman;
// Storage for last reused client. We can do this
@@ -439,174 +438,167 @@ public class AAFcli {
AAFSSO aafsso = new AAFSSO(args);
try {
PropAccess access = aafsso.access();
- Define.set(access);
- AuthzEnv env = new AuthzEnv(access);
-
- StringBuilder err = aafsso.err();
- String noexit = access.getProperty("no_exit");
- if (err != null) {
- err.append("to continue...");
- System.err.println(err);
- if(noexit!=null) {
- System.exit(1);
- }
- }
-
- Reader rdr = null;
- boolean exitOnFailure = true;
- /*
- * Check for "-" options anywhere in command line
- */
- StringBuilder sb = new StringBuilder();
- for (int i = 0; i < args.length; ++i) {
- if ("-i".equalsIgnoreCase(args[i])) {
- rdr = new InputStreamReader(System.in);
- // } else if("-o".equalsIgnoreCase(args[i])) {
- // // shall we do something different? Output stream is
- // already done...
- } else if ("-f".equalsIgnoreCase(args[i])) {
- if (args.length > i + 1) {
- rdr = new FileReader(args[++i]);
- }
- } else if ("-a".equalsIgnoreCase(args[i])) {
- exitOnFailure = false;
- } else if ("-c".equalsIgnoreCase(args[i])) {
- isConsole = true;
- } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {
- access.setProperty(Cmd.STARTDATE, args[++i]);
- } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {
- access.setProperty(Cmd.ENDDATE, args[++i]);
- } else if ("-t".equalsIgnoreCase(args[i])) {
- isTest = true;
- } else if ("-d".equalsIgnoreCase(args[i])) {
- showDetails = true;
- } else if ("-n".equalsIgnoreCase(args[i])) {
- ignoreDelay = true;
- } else {
- if (sb.length() > 0) {
- sb.append(' ');
- }
- sb.append(args[i]);
- }
- }
-
- SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
- Locator<URI> loc;
- String aafUrl = access.getProperty(Config.AAF_URL);
- if(aafUrl==null) {
- aafsso.setLogDefault();
- aafsso.setStdErrDefault();
- aafUrl=AAFSSO.cons.readLine("aaf_url=%s", HTTPS);
- if(aafUrl.length()==0) {
- System.exit(0);
- } else if(!aafUrl.startsWith(HTTPS)) {
- aafUrl=HTTPS+aafUrl;
- }
- aafsso.addProp(Config.AAF_URL, aafUrl);
- }
- // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan
- if(!aafsso.loginOnly()) {
- try {
- loc = new AAFLocator(si,new URI(aafUrl));
- } catch (Throwable t) {
- aafsso.setStdErrDefault();
- throw t;
- } finally {
- // Other Access is done writing to StdOut and StdErr, reset Std out
- aafsso.setLogDefault();
- }
-
- TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
- HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion("2.0");
+ if(aafsso.ok()) {
+ Define.set(access);
+ AuthzEnv env = new AuthzEnv(access);
- if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) {
- access.log(Level.ERROR, Config.AAF_DEFAULT_REALM,"is required");
+ Reader rdr = null;
+ boolean exitOnFailure = true;
+ /*
+ * Check for "-" options anywhere in command line
+ */
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < args.length; ++i) {
+ if ("-i".equalsIgnoreCase(args[i])) {
+ rdr = new InputStreamReader(System.in);
+ // } else if("-o".equalsIgnoreCase(args[i])) {
+ // // shall we do something different? Output stream is
+ // already done...
+ } else if ("-f".equalsIgnoreCase(args[i])) {
+ if (args.length > i + 1) {
+ rdr = new FileReader(args[++i]);
+ }
+ } else if ("-a".equalsIgnoreCase(args[i])) {
+ exitOnFailure = false;
+ } else if ("-c".equalsIgnoreCase(args[i])) {
+ isConsole = true;
+ } else if ("-s".equalsIgnoreCase(args[i]) && args.length > i + 1) {
+ access.setProperty(Cmd.STARTDATE, args[++i]);
+ } else if ("-e".equalsIgnoreCase(args[i]) && args.length > i + 1) {
+ access.setProperty(Cmd.ENDDATE, args[++i]);
+ } else if ("-t".equalsIgnoreCase(args[i])) {
+ isTest = true;
+ } else if ("-d".equalsIgnoreCase(args[i])) {
+ showDetails = true;
+ } else if ("-n".equalsIgnoreCase(args[i])) {
+ ignoreDelay = true;
+ } else {
+ if (sb.length() > 0) {
+ sb.append(' ');
+ }
+ sb.append(args[i]);
+ }
}
+ SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class);
+ Locator<URI> loc;
- AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si,
- new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false)));
- if(!ignoreDelay) {
- File delay = new File("aafcli.delay");
- if(delay.exists()) {
- BufferedReader br = new BufferedReader(new FileReader(delay));
- try {
- globalDelay = Integer.parseInt(br.readLine());
- } catch(Exception e) {
- access.log(Level.DEBUG,e);
- } finally {
- br.close();
+ aafsso.setLogDefault();
+ aafsso.setStdErrDefault();
+
+ // Note, with AAF Locator, this may not longer be necessary 3/2018 Jonathan
+ if(!aafsso.loginOnly()) {
+ try {
+ loc = new AAFLocator(si,new URI(access.getProperty(Config.AAF_URL)));
+ } catch (Throwable t) {
+ aafsso.setStdErrDefault();
+ throw t;
+ } finally {
+ // Other Access is done writing to StdOut and StdErr, reset Std out
+ aafsso.setLogDefault();
+ }
+
+ TIMEOUT = Integer.parseInt(access.getProperty(Config.AAF_CONN_TIMEOUT, Config.AAF_CONN_TIMEOUT_DEF));
+ HMangr hman = new HMangr(access, loc).readTimeout(TIMEOUT).apiVersion(Config.AAF_DEFAULT_VERSION);
+
+ if(access.getProperty(Config.AAF_DEFAULT_REALM)==null) {
+ access.setProperty(Config.AAF_DEFAULT_REALM, "people.osaaf.org");
+ aafsso.addProp(Config.AAF_DEFAULT_REALM, "people.osaaf.org");
+ }
+
+
+ AAFcli aafcli = new AAFcli(access,env, new OutputStreamWriter(System.out), hman, si,
+ new HBasicAuthSS(si,aafsso.user(), access.decrypt(aafsso.enc_pass(),false)));
+ if(!ignoreDelay) {
+ File delay = new File("aafcli.delay");
+ if(delay.exists()) {
+ BufferedReader br = new BufferedReader(new FileReader(delay));
+ try {
+ globalDelay = Integer.parseInt(br.readLine());
+ } catch(Exception e) {
+ access.log(Level.DEBUG,e);
+ } finally {
+ br.close();
+ }
}
}
- }
- try {
- if (isConsole) {
- System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");
- System.out.println("Type '?' for help with command line editing");
- System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");
-
- ConsoleReader reader = new ConsoleReader();
- try {
- reader.setPrompt("aafcli > ");
+ try {
+ if (isConsole) {
+ System.out.println("Type 'help' for short help or 'help -d' for detailed help with aafcli commands");
+ System.out.println("Type '?' for help with command line editing");
+ System.out.println("Type 'q', 'quit', or 'exit' to quit aafcli\n");
+ ConsoleReader reader = new ConsoleReader();
+ try {
+ reader.setPrompt("aafcli > ");
+
+ String line;
+ while ((line = reader.readLine()) != null) {
+ showDetails = (line.contains("-d"))?true:false;
+
+ if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {
+ break;
+ } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d")
+ || line.equalsIgnoreCase("help")) {
+ line = "--help";
+ } else if (line.equalsIgnoreCase("cls")) {
+ reader.clearScreen();
+ continue;
+ } else if (line.equalsIgnoreCase("?")) {
+ keyboardHelp();
+ continue;
+ }
+ try {
+ aafcli.eval(line);
+ pw.flush();
+ } catch (Exception e) {
+ pw.println(e.getMessage());
+ pw.flush();
+ }
+ }
+ } finally {
+ reader.close();
+ }
+ } else if (rdr != null) {
+ BufferedReader br = new BufferedReader(rdr);
String line;
- while ((line = reader.readLine()) != null) {
- showDetails = (line.contains("-d"))?true:false;
-
- if (line.equalsIgnoreCase("quit") || line.equalsIgnoreCase("q") || line.equalsIgnoreCase("exit")) {
+ while ((line = br.readLine()) != null) {
+ if (!aafcli.eval(line) && exitOnFailure) {
+ rv = 1;
break;
- } else if (line.equalsIgnoreCase("--help -d") || line.equalsIgnoreCase("help -d")
- || line.equalsIgnoreCase("help")) {
- line = "--help";
- } else if (line.equalsIgnoreCase("cls")) {
- reader.clearScreen();
- continue;
- } else if (line.equalsIgnoreCase("?")) {
- keyboardHelp();
- continue;
- }
- try {
- aafcli.eval(line);
- pw.flush();
- } catch (Exception e) {
- pw.println(e.getMessage());
- pw.flush();
}
}
- } finally {
- reader.close();
- }
- } else if (rdr != null) {
- BufferedReader br = new BufferedReader(rdr);
- String line;
- while ((line = br.readLine()) != null) {
- if (!aafcli.eval(line) && exitOnFailure) {
- rv = 1;
- break;
+ } else { // just run the command line
+ aafcli.verbose(false);
+ if (sb.length() == 0) {
+ sb.append("--help");
}
+ rv = aafcli.eval(sb.toString()) ? 0 : 1;
}
- } else { // just run the command line
- aafcli.verbose(false);
- if (sb.length() == 0) {
- sb.append("--help");
+
+ } finally {
+ aafcli.close();
+
+ // Don't close if No Reader, or it's a Reader of Standard In
+ if (rdr != null && !(rdr instanceof InputStreamReader)) {
+ rdr.close();
}
- rv = aafcli.eval(sb.toString()) ? 0 : 1;
- }
-
- } finally {
- aafcli.close();
-
- // Don't close if No Reader, or it's a Reader of Standard In
- if (rdr != null && !(rdr instanceof InputStreamReader)) {
- rdr.close();
}
}
}
- aafsso.writeFiles();
} finally {
aafsso.close();
+ StringBuilder err = aafsso.err();
+ String noexit = aafsso.access().getProperty("no_exit");
+ if (err != null) {
+ err.append("to continue...");
+ System.err.println(err);
+ }
+ if(noexit==null) {
+ return;
+ }
+
}
-
} catch (MessageException e) {
System.out.println("MessageException caught");
diff --git a/auth/auth-cmd/temp b/auth/auth-cmd/temp
deleted file mode 100644
index e69de29b..00000000
--- a/auth/auth-cmd/temp
+++ /dev/null
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 426a3069..54704814 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java
index 6f0ea084..1e7a0530 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/common/Define.java
@@ -51,7 +51,7 @@ public class Define {
}
public static void set(Access access) throws CadiException {
- ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.onap.aaf");
+ ROOT_NS = access.getProperty(Config.AAF_ROOT_NS,"org.osaaf.aaf");
ROOT_COMPANY = access.getProperty(Config.AAF_ROOT_COMPANY,null);
if(ROOT_COMPANY==null) {
int last = ROOT_NS.lastIndexOf('.');
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java
index e295c867..e6f2fc95 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/Log4JLogIt.java
@@ -62,6 +62,9 @@ public class Log4JLogIt implements LogIt {
logs.mkdirs();
}
+ if(System.getProperty("log4j.configuration")==null) {
+ System.setProperty("log4j.configuration", etc_dir+'/'+propsFile);
+ }
LogFileNamer lfn = new LogFileNamer(log_dir,root);
try {
service=lfn.setAppender("service"); // when name is split, i.e. authz|service, the Appender is "authz", and "service"
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
index 034c0b96..7aa6ecb9 100644
--- a/auth/auth-deforg/pom.xml
+++ b/auth/auth-deforg/pom.xml
@@ -26,7 +26,7 @@
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
@@ -95,13 +95,11 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 3d42b63c..eefb2732 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -21,7 +21,8 @@
******************************************************************************/
package org.onap.aaf.org;
-import java.io.*;
+import java.io.File;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.GregorianCalendar;
@@ -160,7 +161,6 @@ public class DefaultOrg implements Organization {
@Override
public DefaultOrgIdentity getIdentity(AuthzTrans trans, String id) throws OrganizationException {
int at = id.indexOf('@');
- String attt = at<0?id:id.substring(0, at);
return new DefaultOrgIdentity(trans,at<0?id:id.substring(0, at),this);
}
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index c2fb4fb4..f4bbbc1f 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -86,13 +86,11 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- <version>${project.version}</version>
</dependency>
</dependencies>
@@ -124,7 +122,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -135,7 +132,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 4e3a0bf0..4c4a3c92 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -50,19 +50,16 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-client</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-cmd</artifactId>
- <version>${project.version}</version>
</dependency>
<!-- Add the Organizations you wish to support. You can delete ONAP if
@@ -71,25 +68,21 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-deforg</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-client</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-xgen</artifactId>
- <version>${project.version}</version>
</dependency>
@@ -143,7 +136,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -154,7 +146,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
index 1bffbb6f..96ec002e 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java
@@ -196,10 +196,11 @@ public class NsHistory extends Page {
String user = i.getUser();
AbsCell userCell = new TextCell(user);
+ String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
rv.add(new AbsCell[] {
new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
userCell,
- new TextCell(i.getMemo())
+ new TextCell(memo)
});
}
} finally {
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
index 64a0db17..b7a9960c 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java
@@ -207,11 +207,11 @@ public class PermHistory extends Page {
for (Item i : histItems) {
String user = i.getUser();
AbsCell userCell = new TextCell(user);
-
+ String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
rv.add(new AbsCell[] {
new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
userCell,
- new TextCell(i.getMemo())
+ new TextCell(memo)
});
}
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java
index 37526b86..a4d8bed3 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java
@@ -121,35 +121,38 @@ public class RoleDetail extends Page {
Future<Roles> fr = client.read("/authz/roles/"+pRole+"?ns",gui.getDF(Roles.class));
Future<UserRoles> fur = client.read("/authz/userRoles/role/"+pRole,gui.getDF(UserRoles.class));
if(fr.get(AAF_GUI.TIMEOUT)) {
- Role role = fr.value.getRole().get(0);
- trans.put(sRole, role);
- Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write"));
- trans.put(sMayWrite,mayWrite);
- Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve"));
- trans.put(sMayApprove, mayApprove);
-
- if(mayWrite || mayApprove) {
- Mark js = new Mark();
- Mark fn = new Mark();
- hgen.js(js)
- .function(fn,"touchedDesc")
- .li("d=document.getElementById('descText');",
- "if (d.orig == undefined ) {",
- " d.orig = d.value;",
- " d.addEventListener('keyup',changedDesc);",
- " d.removeEventListener('keypress',touchedDesc);",
- "}").end(fn)
- .function(fn,"changedDesc")
- .li(
- "dcb=document.getElementById('descCB');",
- "d=document.getElementById('descText');",
- "dcb.checked= (d.orig != d.value)"
- ).end(fn)
- .end(js);
-
- Mark mark = new Mark();
- hgen.incr(mark,"form","method=post");
- trans.put(sMark, mark);
+ List<Role> roles = fr.value.getRole();
+ if(!roles.isEmpty()) {
+ Role role = fr.value.getRole().get(0);
+ trans.put(sRole, role);
+ Boolean mayWrite = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"write"));
+ trans.put(sMayWrite,mayWrite);
+ Boolean mayApprove = trans.fish(new AAFPermission(role.getNs()+".access",":role:"+role.getName(),"approve"));
+ trans.put(sMayApprove, mayApprove);
+
+ if(mayWrite || mayApprove) {
+ Mark js = new Mark();
+ Mark fn = new Mark();
+ hgen.js(js)
+ .function(fn,"touchedDesc")
+ .li("d=document.getElementById('descText');",
+ "if (d.orig == undefined ) {",
+ " d.orig = d.value;",
+ " d.addEventListener('keyup',changedDesc);",
+ " d.removeEventListener('keypress',touchedDesc);",
+ "}").end(fn)
+ .function(fn,"changedDesc")
+ .li(
+ "dcb=document.getElementById('descCB');",
+ "d=document.getElementById('descText');",
+ "dcb.checked= (d.orig != d.value)"
+ ).end(fn)
+ .end(js);
+
+ Mark mark = new Mark();
+ hgen.incr(mark,"form","method=post");
+ trans.put(sMark, mark);
+ }
}
} else {
trans.error().printf("Error calling AAF for Roles in GUI, Role Detail %d: %s",fr.code(),fr.body());
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
index 7b07b60d..5f7625aa 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java
@@ -38,7 +38,6 @@ import org.onap.aaf.auth.gui.Page;
import org.onap.aaf.auth.gui.Table;
import org.onap.aaf.auth.gui.Table.Cells;
import org.onap.aaf.auth.gui.table.AbsCell;
-import org.onap.aaf.auth.gui.table.RefCell;
import org.onap.aaf.auth.gui.table.TableData;
import org.onap.aaf.auth.gui.table.TextCell;
import org.onap.aaf.cadi.CadiException;
@@ -195,11 +194,12 @@ public class RoleHistory extends Page {
for (Item i : histItems) {
String user = i.getUser();
AbsCell userCell = new TextCell(user);
-
+
+ String memo = i.getMemo().replace("<script>", "&lt;script&gt;").replace("</script>", "&lt;/script&gt;");
rv.add(new AbsCell[] {
new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()),
userCell,
- new TextCell(i.getMemo())
+ new TextCell(memo)
});
}
} else {
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index c465f818..38cdba8d 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 1699da2a..28e85e17 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -49,19 +49,16 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-cass</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
</dependencies>
@@ -110,7 +107,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -121,7 +117,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/service/JU_LocateServiceImplTest.java b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/service/JU_LocateServiceImplTest.java
new file mode 100644
index 00000000..d9200d76
--- /dev/null
+++ b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/service/JU_LocateServiceImplTest.java
@@ -0,0 +1,100 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.locate.service;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.auth.dao.cass.LocateDAO;
+import org.onap.aaf.auth.dao.cass.LocateDAO.Data;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.locate.mapper.Mapper;
+import org.onap.aaf.misc.env.APIException;
+
+import locate.v1_0.MgmtEndpoint;
+import locate.v1_0.MgmtEndpoints;
+
+public class JU_LocateServiceImplTest {
+
+ @Mock
+ private AuthzTrans trans;
+ @Mock
+ private LocateDAO locateDAO;
+ @Mock
+ private Mapper mapper;
+ @Mock
+ private Result<List<Data>> result;
+ @Mock
+ private Result endPointResult;
+ @Mock
+ private MgmtEndpoints meps;
+ @Mock
+ private MgmtEndpoint mgmtEndPoint;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.initMocks(this);
+ }
+
+ @Test
+ public void test() throws APIException {
+ LocateServiceImpl locateServiceImpl = new LocateServiceImpl(trans, locateDAO, mapper);
+
+ assertEquals(mapper, locateServiceImpl.mapper());
+
+ when(locateDAO.readByName(trans, "http")).thenReturn(result);
+ when(mapper.endpoints(result, "1.0", "other")).thenReturn(endPointResult);
+
+ Result output = locateServiceImpl.getEndPoints(trans, "http", "1.0", "other");
+
+ assertEquals(endPointResult, output);
+
+ List<MgmtEndpoint> mgmtEndPoints = new ArrayList<MgmtEndpoint>();
+ mgmtEndPoints.add(mgmtEndPoint);
+
+ when(mgmtEndPoint.getName()).thenReturn("http.Endpoint1");
+ when(mgmtEndPoint.getHostname()).thenReturn("HOST1");
+ when(mgmtEndPoint.getPort()).thenReturn(9090);
+ when(mgmtEndPoint.getProtocol()).thenReturn("HTTP");
+
+ when(meps.getMgmtEndpoint()).thenReturn(mgmtEndPoints);
+ output = locateServiceImpl.putMgmtEndPoints(trans, meps);
+
+ assertEquals(output.toString(), Result.ok().toString());
+
+ when(trans.fish(any())).thenReturn(true);
+ Data data = new LocateDAO.Data();
+ when(mapper.locateData(mgmtEndPoint)).thenReturn(data);
+ output = locateServiceImpl.removeMgmtEndPoints(trans, meps);
+
+ assertEquals(output.toString(), Result.ok().toString());
+ }
+
+}
diff --git a/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/validation/JU_LocateValidatorTest.java b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/validation/JU_LocateValidatorTest.java
new file mode 100644
index 00000000..ef076da8
--- /dev/null
+++ b/auth/auth-locate/src/test/java/org/onap/aaf/auth/locate/validation/JU_LocateValidatorTest.java
@@ -0,0 +1,187 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.locate.validation;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import locate.v1_0.Endpoint;
+import locate.v1_0.Endpoints;
+import locate.v1_0.MgmtEndpoint;
+import locate.v1_0.MgmtEndpoint.SpecialPorts;
+import locate.v1_0.MgmtEndpoints;
+
+public class JU_LocateValidatorTest {
+
+ @Mock
+ private Endpoint endpoint;
+
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private Endpoints endpoints;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private MgmtEndpoints me;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private MgmtEndpoint mgmtEndpoint;
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private SpecialPorts specialPort;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.initMocks(this);
+ }
+
+ @Test
+ public void testNullEndPoint() {
+ LocateValidator validator = new LocateValidator();
+
+ validator.endpoint(null);
+ assertEquals("Endpoint Data is null.\n", validator.errs());
+ }
+
+ @Test
+ public void testEndPoint() {
+ LocateValidator validator = new LocateValidator();
+
+ when(endpoint.getName()).thenReturn("Endpoint1");
+ when(endpoint.getHostname()).thenReturn("HOST1");
+ when(endpoint.getPort()).thenReturn(9090);
+ when(endpoint.getProtocol()).thenReturn("HTTP");
+
+ validator.endpoint(endpoint);
+
+ assertEquals("Endpoint Name must prefixed by Namespace\n", validator.errs());
+ }
+
+ @Test
+ public void testSubProtoCol() {
+ LocateValidator validator = new LocateValidator();
+
+ List<String> subProtocol = new ArrayList<String>();
+ subProtocol.add(null);
+
+ when(endpoint.getName()).thenReturn("EndPoint.Endpoint1");
+ when(endpoint.getHostname()).thenReturn("HOST1");
+ when(endpoint.getPort()).thenReturn(9090);
+ when(endpoint.getProtocol()).thenReturn("HTTP");
+ when(endpoint.getSubprotocol()).thenReturn(subProtocol);
+
+ validator.endpoint(endpoint);
+
+ assertEquals("Endpoint Subprotocol is null.\n", validator.errs());
+ }
+
+ @Test
+ public void testNullEndpoints() {
+ LocateValidator validator = new LocateValidator();
+
+ validator.endpoints(null, false);
+ validator.mgmt_endpoint_key(null);
+ validator.mgmt_endpoints(null, false);
+ assertEquals("Endpoints Data is null.\n" + "MgmtEndpoints Data is null.\n" + "MgmtEndpoints Data is null.\n",
+ validator.errs());
+ }
+
+ @Test
+ public void testEndpointsWithListContaingNull() {
+ LocateValidator validator = new LocateValidator();
+ when(endpoints.getEndpoint().size()).thenReturn(0);
+ when(me.getMgmtEndpoint().size()).thenReturn(0);
+
+ validator.endpoints(endpoints, true);
+ validator.mgmt_endpoints(me, false);
+ assertEquals("Endpoints contains no endpoints\n" + "MgmtEndpoints contains no data\n", validator.errs());
+ }
+
+ @Test
+ public void testEndpointsWithSpecialPortsNull() {
+ LocateValidator validator = new LocateValidator();
+
+ when(endpoint.getName()).thenReturn("EndPoint.Endpoint1");
+ when(endpoint.getHostname()).thenReturn("HOST1");
+ when(endpoint.getPort()).thenReturn(9090);
+ when(endpoint.getProtocol()).thenReturn("HTTP");
+ List<String> subprotocol = new ArrayList<String>();
+ when(endpoint.getSubprotocol()).thenReturn(subprotocol);
+
+ List<Endpoint> endpointList = new ArrayList<Endpoint>();
+ endpointList.add(endpoint);
+
+ when(mgmtEndpoint.getName()).thenReturn("EndPoint.Endpoint1");
+ when(mgmtEndpoint.getHostname()).thenReturn("HOST1");
+ when(mgmtEndpoint.getPort()).thenReturn(9090);
+ when(mgmtEndpoint.getProtocol()).thenReturn("HTTP");
+ List<SpecialPorts> specialPorts = new ArrayList<SpecialPorts>();
+ specialPorts.add(null);
+ when(mgmtEndpoint.getSpecialPorts()).thenReturn(specialPorts);
+ List<MgmtEndpoint> mgmtEndpoints = new ArrayList<MgmtEndpoint>();
+ mgmtEndpoints.add(mgmtEndpoint);
+
+ when(endpoints.getEndpoint()).thenReturn(endpointList);
+ when(me.getMgmtEndpoint()).thenReturn(mgmtEndpoints);
+
+ validator.endpoints(endpoints, false);
+ validator.mgmt_endpoints(me, true);
+ assertEquals("Special Ports is null.\n", validator.errs());
+ }
+
+ @Test
+ public void testEndpointsWithSpecialPorts() {
+ LocateValidator validator = new LocateValidator();
+
+ when(mgmtEndpoint.getName()).thenReturn("EndPoint.Endpoint1");
+ when(mgmtEndpoint.getHostname()).thenReturn("HOST1");
+ when(mgmtEndpoint.getPort()).thenReturn(9090);
+ when(mgmtEndpoint.getProtocol()).thenReturn("HTTP");
+
+ List<SpecialPorts> specialPorts = new ArrayList<SpecialPorts>();
+ specialPorts.add(specialPort);
+
+ when(specialPort.getName()).thenReturn("Port1");
+ when(specialPort.getProtocol()).thenReturn("HTTP");
+ when(specialPort.getPort()).thenReturn(9090);
+
+ List<String> versions = new ArrayList<String>();
+ versions.add("1");
+
+ when(specialPort.getProtocolVersions()).thenReturn(versions);
+
+ when(mgmtEndpoint.getSpecialPorts()).thenReturn(specialPorts);
+ List<MgmtEndpoint> mgmtEndpoints = new ArrayList<MgmtEndpoint>();
+ mgmtEndpoints.add(mgmtEndpoint);
+
+ when(me.getMgmtEndpoint()).thenReturn(mgmtEndpoints);
+
+ validator.endpoints(endpoints, false);
+ validator.mgmt_endpoints(me, true);
+ validator.mgmt_endpoint_key(me);
+ assertEquals(false, validator.err());
+
+ }
+}
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index daed471b..16a3715b 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -49,19 +49,16 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-cass</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
</dependencies>
@@ -105,7 +102,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -116,7 +112,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index 7d8f4534..f54d7c48 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -50,13 +50,11 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-client</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<!-- Add the Organizations you wish to support. You can delete ONAP if
@@ -65,31 +63,26 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-deforg</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-cass</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-oauth</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-rosetta</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
@@ -137,7 +130,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -148,7 +140,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index e8468d6a..519721ce 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -1574,7 +1574,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS
}
// Look up data
- Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, role);
+ int query = role.indexOf('?');
+ Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query));
if(rlrd.isOK()) {
// Note: Mapper will restrict what can be viewed
ROLES roles = mapper.newInstance(API.ROLES);
diff --git a/auth/docker/Dockerfile b/auth/docker/Dockerfile
index 609c26ed..d744d69c 100644
--- a/auth/docker/Dockerfile
+++ b/auth/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM rmannfv/aaf-base:openjdk8
+FROM rmannfv/aaf-base:xenial
MAINTAINER AAF Team, AT&T 2018
ENV VERSION=${AAF_VERSION}
diff --git a/auth/docker/d.props b/auth/docker/d.props
index 00624514..e56d4597 100644
--- a/auth/docker/d.props
+++ b/auth/docker/d.props
@@ -2,7 +2,9 @@
ORG=onap
PROJECT=aaf
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.0-SNAPSHOT
+OLD_VERSION=2.1.0-SNAPSHOT
+NEW_VERSION=2.1.1
+VERSION=2.1.1-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# Local Env info
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index ed99ec99..ce299171 100755
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -17,6 +17,8 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' Dockerfile > ../aaf_${VERSION}/Dockerfile
cd ..
docker build -t ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION}
+ docker tag ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION}
+ docker tag ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION}
rm aaf_${VERSION}/Dockerfile
cd -
done
diff --git a/auth/docker/dpush.sh b/auth/docker/dpush.sh
index 3c1a28fc..78129796 100644
--- a/auth/docker/dpush.sh
+++ b/auth/docker/dpush.sh
@@ -11,6 +11,8 @@ else
fi
for AAF_COMPONENT in ${AAF_COMPONENTS}; do
- docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
+ docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${OLD_VERSION}
+ docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION}
+ docker push ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${NEW_VERSION}
done
diff --git a/auth/pom.xml b/auth/pom.xml
index c3726b5d..f543c794 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -26,7 +26,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
@@ -35,7 +35,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.interfaceVersion>2.1.0-SNAPSHOT</project.interfaceVersion>
+ <project.interfaceVersion>2.1.1-SNAPSHOT</project.interfaceVersion>
<!-- >project.jettyVersion>9.3.22.v20171030</project.jettyVersion -->
<project.jettyVersion>9.4.8.v20171121</project.jettyVersion>
<powermock.version>1.5.1</powermock.version>
diff --git a/auth/sample/local/org.osaaf.aaf.p12 b/auth/sample/local/org.osaaf.aaf.p12
index 1e1ce696..ac1dece8 100644
--- a/auth/sample/local/org.osaaf.aaf.p12
+++ b/auth/sample/local/org.osaaf.aaf.p12
Binary files differ
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index 9c57e3c4..d1583d26 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 8948bc3c..522568a9 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -25,17 +25,19 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.io.PrintStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map.Entry;
import java.util.Properties;
+import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
-import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
@@ -43,9 +45,10 @@ import org.onap.aaf.cadi.util.TheConsole;
public class AAFSSO {
public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole();
- private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
+// private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
- private Properties diskprops = null; // use for temp storing User/Password on disk
+ private Properties diskprops;
+ private boolean touchDiskprops;
private File dot_aaf = null;
private File sso = null; // instantiated, if ever, with diskprops
@@ -61,132 +64,316 @@ public class AAFSSO {
private PrintStream os;
private Method close;
+ private final PrintStream stdOutOrig;
+ private final PrintStream stdErrOrig;
+ private boolean ok;
public AAFSSO(String[] args) throws IOException, CadiException {
- String[] nargs = parseArgs(args);
+ ok = true;
+ List<String> nargs = parseArgs(args);
+ diskprops = new Properties();
+ touchDiskprops = false;
dot_aaf = new File(System.getProperty("user.home") + "/.aaf");
if (!dot_aaf.exists()) {
dot_aaf.mkdirs();
}
+ stdOutOrig = System.out;
+ stdErrOrig = System.err;
File f = new File(dot_aaf, "sso.out");
os = new PrintStream(new FileOutputStream(f, true));
System.setOut(os);
System.setErr(os);
- access = new PropAccess(os, nargs);
- Config.setDefaultRealm(access);
-
- user = access.getProperty(Config.AAF_APPID);
- encrypted_pass = access.getProperty(Config.AAF_APPPASS);
-
+ sso = new File(dot_aaf, "sso.props");
+ if(sso.exists()) {
+ InputStream propStream = new FileInputStream(sso);
+ try {
+ diskprops.load(propStream);
+ } finally {
+ propStream.close();
+ }
+ }
+
+// String keyfile = diskprops.getProperty(Config.CADI_KEYFILE);
+// if(keyfile==null) {
+// keyfile = dot_aaf.getCanonicalPath()+".keyfile";
+// touchDiskprops=true;
+// }
File dot_aaf_kf = new File(dot_aaf, "keyfile");
- sso = new File(dot_aaf, "sso.props");
if (removeSSO) {
if (dot_aaf_kf.exists()) {
dot_aaf_kf.setWritable(true, true);
dot_aaf_kf.delete();
}
if (sso.exists()) {
- sso.delete();
+ Properties temp = new Properties();
+ // Keep only these
+ for(Entry<Object, Object> es : diskprops.entrySet()) {
+ if(Config.CADI_LATITUDE.equals(es.getKey()) ||
+ Config.CADI_LONGITUDE.equals(es.getKey()) ||
+ Config.AAF_DEFAULT_REALM.equals(es.getKey())) {
+ temp.setProperty(es.getKey().toString(), es.getValue().toString());
+ }
+ }
+ diskprops = temp;
+ touchDiskprops = true;
}
+ String[] naargs = new String[nargs.size()];
+ nargs.toArray(naargs);
+ access = new PropAccess(os, naargs);
+ ok = false;
+ setLogDefault();
System.out.println("AAF SSO information removed");
- if (doExit) {
- System.exit(0);
+ } else {
+ // Config.setDefaultRealm(access);
+
+ if (!dot_aaf_kf.exists()) {
+ FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
+ try {
+ fos.write(Symm.keygen());
+ setReadonly(dot_aaf_kf);
+ } finally {
+ fos.close();
+ }
}
- }
- if (!dot_aaf_kf.exists()) {
- FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
- try {
- fos.write(Symm.keygen());
- setReadonly(dot_aaf_kf);
- } finally {
- fos.close();
+ for(Entry<Object, Object> es : diskprops.entrySet()) {
+ nargs.add(es.getKey().toString() + '=' + es.getValue().toString());
}
- }
-
- String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props
- if (keyfile == null) {
- access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
- }
-
- String alias = access.getProperty(Config.CADI_ALIAS);
- if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) {
- user = alias;
- access.setProperty(Config.AAF_APPID, user);
- use_X509 = true;
- } else {
- use_X509 = false;
- Symm decryptor = Symm.obtain(dot_aaf_kf);
- if (user == null) {
- if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) {
- String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
- FileInputStream fos = new FileInputStream(sso);
- try {
- access.load(fos);
- user = access.getProperty(Config.AAF_APPID);
- encrypted_pass = access.getProperty(Config.AAF_APPPASS);
- // decrypt with .aaf, and re-encrypt with regular Keyfile
- access.setProperty(Config.AAF_APPPASS,
- access.encrypt(decryptor.depass(encrypted_pass)));
- if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
- access.setProperty(Config.CM_URL, cm_url);
+ String[] naargs = new String[nargs.size()];
+ nargs.toArray(naargs);
+ access = new PropAccess(os, naargs);
+
+ if(loginOnly) {
+ for(String tag : new String[] {Config.AAF_APPID, Config.AAF_APPPASS,
+ Config.CADI_ALIAS, Config.CADI_KEYSTORE,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) {
+ access.getProperties().remove(tag);
+ diskprops.remove(tag);
+ }
+ touchDiskprops=true;
+// TODO Do we want to require reset of Passwords at least every Eight Hours.
+// } else if (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS)) {
+// for(String tag : new String[] {Config.AAF_APPPASS,Config.CADI_KEYSTORE_PASSWORD,Config.CADI_KEY_PASSWORD}) {
+// access.getProperties().remove(tag);
+// diskprops.remove(tag);
+// }
+// touchDiskprops=true;
+ }
+
+ String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case its CertificateMan props
+ if (keyfile == null) {
+ access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
+ addProp(Config.CADI_KEYFILE,dot_aaf_kf.getAbsolutePath());
+ }
+
+
+ String alias, appID;
+ alias = access.getProperty(Config.CADI_ALIAS);
+ if(alias==null) {
+ appID = access.getProperty(Config.AAF_APPID);
+ user=appID;
+ } else {
+ user=alias;
+ appID=null;
+ }
+
+ String keystore=access.getProperty(Config.CADI_KEYSTORE);
+ String keystore_pass=access.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+
+ if(user==null || (alias!=null && (keystore==null || keystore_pass==null))) {
+ String select = null;
+ String name;
+ for (File tsf : dot_aaf.listFiles()) {
+ name = tsf.getName();
+ if (!name.contains("trust") && (name.endsWith(".jks") || name.endsWith(".p12"))) {
+ select = cons.readLine("Use %s for Identity? (y/n): ",tsf.getName());
+ if("y".equalsIgnoreCase(select)) {
+ keystore = tsf.getCanonicalPath();
+ access.setProperty(Config.CADI_KEYSTORE, keystore);
+ addProp(Config.CADI_KEYSTORE, keystore);
+ char[] password = cons.readPassword("Keystore Password: ");
+ encrypted_pass= access.encrypt(new String(password));
+ access.setProperty(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass);
+ addProp(Config.CADI_KEYSTORE_PASSWORD, encrypted_pass);
+
+ // TODO READ Aliases out of Keystore?
+ user = alias = cons.readLine("Keystore alias: ");
+ access.setProperty(Config.CADI_ALIAS, user);
+ addProp(Config.CADI_ALIAS, user);
+ break;
}
- } finally {
- fos.close();
- }
- } else {
- diskprops = new Properties();
- String realm = Config.getDefaultRealm();
- // Turn on Console Sysout
- System.setOut(System.out);
- user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
- if (user == null) {
- user = System.getProperty("user.name") + '@' + realm;
- } else if (user.length() == 0) { //
- user = System.getProperty("user.name") + '@' + realm;
- } else if ((user.indexOf('@') < 0) && (realm != null)) {
- user = user + '@' + realm;
}
- access.setProperty(Config.AAF_APPID, user);
- diskprops.setProperty(Config.AAF_APPID, user);
- encrypted_pass = new String(cons.readPassword("aaf_password: "));
- System.setOut(os);
- encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ }
+ if(alias==null) {
+ user = appID = cons.readLine(Config.AAF_APPID + ": ");
+ access.setProperty(Config.AAF_APPID, appID);
+ addProp(Config.AAF_APPID, appID);
+ char[] password = cons.readPassword(Config.AAF_APPPASS + ": ");
+ encrypted_pass= access.encrypt(new String(password));
access.setProperty(Config.AAF_APPPASS, encrypted_pass);
- diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
- diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
+ addProp(Config.AAF_APPPASS, encrypted_pass);
+ }
+ } else {
+ encrypted_pass = access.getProperty(Config.CADI_KEYSTORE_PASSWORD);
+ if(encrypted_pass == null) {
+ keystore_pass = null;
+ encrypted_pass = access.getProperty(Config.AAF_APPPASS);
+ } else {
+ keystore_pass = encrypted_pass;
}
}
- }
- if (user == null) {
- err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
- }
-
- if (encrypted_pass == null && alias == null) {
- if (err == null) {
- err = new StringBuilder();
+
+
+ if (alias!=null) {
+ use_X509 = true;
} else {
- err.append("and ");
+ use_X509 = false;
+ Symm decryptor = Symm.obtain(dot_aaf_kf);
+ if (user == null) {
+ if (sso.exists()) {
+ String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
+ FileInputStream fos = new FileInputStream(sso);
+ try {
+ access.load(fos);
+ user = access.getProperty(Config.AAF_APPID);
+ encrypted_pass = access.getProperty(Config.AAF_APPPASS);
+ // decrypt with .aaf, and re-encrypt with regular Keyfile
+ access.setProperty(Config.AAF_APPPASS,
+ access.encrypt(decryptor.depass(encrypted_pass)));
+ if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
+ access.setProperty(Config.CM_URL, cm_url);
+ }
+ } finally {
+ fos.close();
+ }
+ } else {
+ diskprops = new Properties();
+ String realm = Config.getDefaultRealm();
+ // Turn on Console Sysout
+ System.setOut(System.out);
+ user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
+ if (user == null) {
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if (user.length() == 0) { //
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if ((user.indexOf('@') < 0) && (realm != null)) {
+ user = user + '@' + realm;
+ }
+ access.setProperty(Config.AAF_APPID, user);
+ diskprops.setProperty(Config.AAF_APPID, user);
+ encrypted_pass = new String(cons.readPassword("aaf_password: "));
+ System.setOut(os);
+ encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ access.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
+ }
+ }
+ }
+ if (user == null) {
+ err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
+ }
+
+ if (encrypted_pass == null && alias == null) {
+ if (err == null) {
+ err = new StringBuilder();
+ } else {
+ err.append("and ");
+ }
+ err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
+ }
+
+ String locateUrl = access.getProperty(Config.AAF_LOCATE_URL);
+ if(locateUrl==null) {
+ locateUrl=AAFSSO.cons.readLine("AAF Locator FQDN/machine[:port]=https://");
+ if(locateUrl==null || locateUrl.length()==0) {
+ err = new StringBuilder(Config.AAF_LOCATE_URL);
+ err.append(" is required.");
+ ok = false;
+ return;
+ } else {
+ locateUrl="https://"+locateUrl+"/locate";
+ }
+ access.setProperty(Config.AAF_LOCATE_URL, locateUrl);
+ addProp(Config.AAF_LOCATE_URL, locateUrl);
+ }
+
+ String aafUrl = "https://AAF_LOCATE_URL/AAF_NS.service/2.0";
+ access.setProperty(Config.AAF_URL, aafUrl);
+ access.setProperty(Config.CM_URL, "https://AAF_LOCATE_URL/AAF_NS.cm/2.0");
+ String cadiLatitude = access.getProperty(Config.CADI_LATITUDE);
+ if(cadiLatitude==null) {
+ System.out.println("# If you do not know your Global Coordinates, we suggest bing.com/maps");
+ cadiLatitude=AAFSSO.cons.readLine("cadi_latitude[0.000]=");
+ if(cadiLatitude==null || cadiLatitude.isEmpty()) {
+ cadiLatitude="0.000";
+ }
+ access.setProperty(Config.CADI_LATITUDE, cadiLatitude);
+ addProp(Config.CADI_LATITUDE, cadiLatitude);
+
}
- err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
+ String cadiLongitude = access.getProperty(Config.CADI_LONGITUDE);
+ if(cadiLongitude==null) {
+ cadiLongitude=AAFSSO.cons.readLine("cadi_longitude[0.000]=");
+ if(cadiLongitude==null || cadiLongitude.isEmpty()) {
+ cadiLongitude="0.000";
+ }
+ access.setProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ addProp(Config.CADI_LONGITUDE, cadiLongitude);
+ }
+
+ String cadi_truststore = access.getProperty(Config.CADI_TRUSTSTORE);
+ if(cadi_truststore==null) {
+ String name;
+ String select;
+ for (File tsf : dot_aaf.listFiles()) {
+ name = tsf.getName();
+ if (name.contains("trust") &&
+ (name.endsWith(".jks") || name.endsWith(".p12"))) {
+ select = cons.readLine("Use %s for TrustStore? (y/n):",tsf.getName());
+ if("y".equalsIgnoreCase(select)) {
+ cadi_truststore=tsf.getCanonicalPath();
+ access.setProperty(Config.CADI_TRUSTSTORE, cadi_truststore);
+ addProp(Config.CADI_TRUSTSTORE, cadi_truststore);
+ break;
+ }
+ }
+ }
+ }
+ if(cadi_truststore!=null) {
+ if(cadi_truststore.indexOf(File.separatorChar)<0) {
+ cadi_truststore=dot_aaf.getPath()+File.separator+cadi_truststore;
+ }
+ String cadi_truststore_password = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD);
+ if(cadi_truststore_password==null) {
+ cadi_truststore_password=AAFSSO.cons.readLine("cadi_truststore_password[%s]=","changeit");
+ cadi_truststore_password = access.encrypt(cadi_truststore_password);
+ access.setProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password);
+ addProp(Config.CADI_TRUSTSTORE_PASSWORD, cadi_truststore_password);
+ }
+ }
+ ok = err==null;
}
+ writeFiles();
}
public void setLogDefault() {
this.setLogDefault(PropAccess.DEFAULT);
+ System.setOut(stdOutOrig);
}
public void setStdErrDefault() {
access.setLogLevel(PropAccess.DEFAULT);
- System.setErr(System.err);
+ System.setOut(stdErrOrig);
}
public void setLogDefault(Level level) {
- access.setLogLevel(level);
- System.setOut(System.out);
+ if(access!=null) {
+ access.setLogLevel(level);
+ }
+ System.setOut(stdOutOrig);
}
public boolean loginOnly() {
@@ -194,29 +381,33 @@ public class AAFSSO {
}
public void addProp(String key, String value) {
- if (diskprops != null) {
- diskprops.setProperty(key, value);
+ if(key==null || value==null) {
+ return;
}
+ touchDiskprops=true;
+ diskprops.setProperty(key, value);
}
public void writeFiles() throws IOException {
- // Store Creds, if they work
- if (diskprops != null) {
- if (!dot_aaf.exists()) {
- dot_aaf.mkdirs();
+ if(touchDiskprops) {
+ // Store Creds, if they work
+ if (diskprops != null) {
+ if (!dot_aaf.exists()) {
+ dot_aaf.mkdirs();
+ }
+ FileOutputStream fos = new FileOutputStream(sso);
+ try {
+ diskprops.store(fos, "AAF Single Signon");
+ } finally {
+ fos.close();
+ setReadonly(sso);
+ }
}
- FileOutputStream fos = new FileOutputStream(sso);
- try {
- diskprops.store(fos, "AAF Single Signon");
- } finally {
- fos.close();
+ if (sso != null) {
setReadonly(sso);
+ sso.setWritable(true, true);
}
}
- if (sso != null) {
- setReadonly(sso);
- sso.setWritable(true, true);
- }
}
public PropAccess access() {
@@ -250,7 +441,7 @@ public class AAFSSO {
}
}
- private String[] parseArgs(String[] args)
+ private List<String> parseArgs(String[] args)
{
List<String> larg = new ArrayList<String>(args.length);
@@ -271,9 +462,7 @@ public class AAFSSO {
larg.add(args[i]);
}
}
- String[] nargs = new String[larg.size()];
- larg.toArray(nargs);
- return nargs;
+ return larg;
}
private void setReadonly(File file) {
@@ -282,4 +471,8 @@ public class AAFSSO {
file.setReadable(false, false);
file.setReadable(true, true);
}
+
+ public boolean ok() {
+ return ok;
+ }
}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/.gitignore b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/.gitignore
new file mode 100644
index 00000000..52448be5
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/.gitignore
@@ -0,0 +1 @@
+/JU_CmAgentCreate.java
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java
new file mode 100644
index 00000000..27a1a271
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenClientFactoryTest.java
@@ -0,0 +1,75 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.oauth.test;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.security.GeneralSecurityException;
+
+import org.junit.Test;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLocator;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.locator.PropertyLocator;
+import org.onap.aaf.cadi.oauth.TokenClientFactory;
+import org.onap.aaf.misc.env.APIException;
+
+import junit.framework.Assert;
+
+public class JU_TokenClientFactoryTest {
+
+ /**
+ * Acceptable Locator Patterns for choosing AAFLocator over others
+ */
+ @Test
+ public void testLocatorString() {
+ /*
+ PropAccess access = new PropAccess();
+ access.setProperty(Config.AAF_LOCATE_URL, "https://xytz.sbbc.dd:8095/locate");
+ access.setProperty(Config.CADI_LATITUDE, "39.000");
+ access.setProperty(Config.CADI_LONGITUDE, "-72.000");
+ TokenClientFactory tcf;
+ try {
+ System.out.println("one");
+ tcf = TokenClientFactory.instance(access);
+ System.out.println("two");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd/locate/hello") instanceof AAFLocator);
+ System.out.println("three");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate/hello") instanceof AAFLocator);
+ System.out.println("four");
+ Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/hello") instanceof AAFLocator);
+ System.out.println("five");
+ Assert.assertEquals(true, tcf.bestLocator("https://AAF_LOCATE_URL/AAF_FS.hello/2.0") instanceof AAFLocator);
+ System.out.println("six");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/locate") instanceof PropertyLocator);
+ System.out.println("seven");
+ Assert.assertEquals(true, tcf.bestLocator("https://xytz.sbbc.dd:8234/Something") instanceof PropertyLocator);
+ } catch (APIException | GeneralSecurityException | IOException | CadiException | LocatorException | URISyntaxException e) {
+ e.printStackTrace();
+ Assert.fail();
+ }
+ */
+ }
+
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java
index 34997fe6..7a64f71c 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java
@@ -74,10 +74,9 @@ public class JU_AAFSSO {
assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
assertThat(sso.loginOnly(), is(true));
-
- assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(false));
- sso.writeFiles();
- assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
+
+// Not necessarily true
+// assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
sso.setLogDefault();
sso.setStdErrDefault();
@@ -92,7 +91,7 @@ public class JU_AAFSSO {
assertThat(new File(aafDir).exists(), is(true));
assertThat(new File(aafDir + "/.aaf").exists(), is(true));
- assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(false));
assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
assertThat(sso.loginOnly(), is(false));
@@ -106,7 +105,6 @@ public class JU_AAFSSO {
assertThat(sso.useX509(), is(false));
sso.close();
- sso.close();
}
private void recursiveDelete(File file) {
diff --git a/cadi/client/pom.xml b/cadi/client/pom.xml
index b9ba4a1f..2f2a7ce8 100644
--- a/cadi/client/pom.xml
+++ b/cadi/client/pom.xml
@@ -22,7 +22,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -90,13 +90,10 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-misc-rosetta</artifactId>
- <version>${project.version}</version>
-
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
@@ -116,7 +113,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -127,7 +123,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
index b7558c02..d14e747a 100644
--- a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
+++ b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_PropertyLocator.java
@@ -96,6 +96,7 @@ public class JU_PropertyLocator {
pl.destroy();
pl = new PropertyLocator(uris);
+
}
@Test(expected=LocatorException.class)
diff --git a/cadi/core/pom.xml b/cadi/core/pom.xml
index 59513118..e57adb83 100644
--- a/cadi/core/pom.xml
+++ b/cadi/core/pom.xml
@@ -16,7 +16,7 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
index 82645c31..ea3891f9 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Symm.java
@@ -117,7 +117,8 @@ public class Symm {
private static char passChars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+!@#$%^&*(){}[]?:;,.".toCharArray();
-
+ private static Symm internalOnly = null;
+
/**
* Use this to create special case Case Sets and/or Line breaks
*
@@ -537,10 +538,10 @@ public class Symm {
* @throws CadiException
*/
public static Symm obtain(Access access) throws CadiException {
- Symm symm = Symm.baseCrypt();
-
String keyfile = access.getProperty(Config.CADI_KEYFILE,null);
if(keyfile!=null) {
+ Symm symm = Symm.baseCrypt();
+
File file = new File(keyfile);
try {
access.log(Level.INIT, Config.CADI_KEYFILE,"points to",file.getCanonicalPath());
@@ -570,8 +571,14 @@ public class Symm {
}
throw new CadiException("ERROR: " + filename + " does not exist!");
}
+ return symm;
+ } else {
+ try {
+ return internalOnly();
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
}
- return symm;
}
/**
* Create a new random key
@@ -855,4 +862,22 @@ public class Symm {
return newSymm;
}
+
+ /**
+ * This Symm is generated for internal JVM use. It has no external keyfile, but can be used
+ * for securing Memory, as it remains the same ONLY of the current JVM
+ * @return
+ * @throws IOException
+ */
+ public static synchronized Symm internalOnly() throws IOException {
+ if(internalOnly==null) {
+ ByteArrayInputStream baos = new ByteArrayInputStream(keygen());
+ try {
+ internalOnly = Symm.obtain(baos);
+ } finally {
+ baos.close();
+ }
+ }
+ return internalOnly;
+ }
}
diff --git a/cadi/oauth-enduser/pom.xml b/cadi/oauth-enduser/pom.xml
index 83ea803a..e3d025b1 100644
--- a/cadi/oauth-enduser/pom.xml
+++ b/cadi/oauth-enduser/pom.xml
@@ -25,13 +25,11 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<name>AAF CADI Sample OAuth EndUser</name>
- <groupId>org.onap.aaf.authz</groupId>
- <version>2.1.0-SNAPSHOT</version>
<artifactId>aaf-cadi-oauth-enduser</artifactId>
<packaging>jar</packaging>
@@ -85,12 +83,10 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
</dependencies>
diff --git a/cadi/pom.xml b/cadi/pom.xml
index 5dfdf9ef..4393f080 100644
--- a/cadi/pom.xml
+++ b/cadi/pom.xml
@@ -22,14 +22,12 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
- <groupId>org.onap.aaf.authz</groupId>
- <artifactId>parent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>parent</artifactId>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
- <groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
- <version>2.1.0-SNAPSHOT</version>
<inceptionYear>2015-07-20</inceptionYear>
<organization>
<name>ONAP</name>
diff --git a/cadi/shiro-osgi-bundle/pom.xml b/cadi/shiro-osgi-bundle/pom.xml
index 578a1b66..83846bc4 100644
--- a/cadi/shiro-osgi-bundle/pom.xml
+++ b/cadi/shiro-osgi-bundle/pom.xml
@@ -25,11 +25,12 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
+ <name>AAF Shiro CADI Plugin</name>
<artifactId>aaf-shiro-aafrealm-osgi-bundle</artifactId>
<packaging>bundle</packaging>
diff --git a/cadi/shiro/pom.xml b/cadi/shiro/pom.xml
index 4e7790cf..01c89dd4 100644
--- a/cadi/shiro/pom.xml
+++ b/cadi/shiro/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/conf/CA/intermediate.sh b/conf/CA/intermediate.sh
deleted file mode 100644
index b2071504..00000000
--- a/conf/CA/intermediate.sh
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-# Initialize a manual Cert. This is NOT entered in Certman Records
-#
- if [ -e intermediate.serial ]; then
- ((SERIAL=`cat intermediate.serial` + 1))
- else
- SERIAL=1
- fi
- echo $SERIAL > intermediate.serial
-DIR=intermediate_$SERIAL
-
-mkdir -p $DIR/private $DIR/certs $DIR/newcerts
-chmod 700 $DIR/private
-chmod 755 $DIR/certs $DIR/newcerts
-touch $DIR/index.txt
-if [ ! -e $DIR/serial ]; then
- echo '01' > $DIR/serial
-fi
-cp manual.sh p12.sh subject.aaf $DIR
-
-if [ "$1" == "" ]; then
- CN=intermediateCA_$SERIAL
-else
- CN=$1
-fi
-
-SUBJECT="/CN=$CN`cat subject.aaf`"
-echo $SUBJECT
- echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
- echo "Enter the PassPhrase for the Key for $CN: "
- `stty -echo`
- read PASSPHRASE
- `stty echo`
-
- # Create a regaular rsa encrypted key
- openssl req -new -newkey rsa:4096 -sha256 -keyout $DIR/private/ca.key \
- -out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
- -passout stdin << EOF
-$PASSPHRASE
-EOF
-
- chmod 400 $DIR/private/$CN.key
- openssl req -verify -text -noout -in $DIR/$CN.csr
-
- # Sign it
- openssl ca -config openssl.conf -extensions v3_intermediate_ca \
- -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
- -infiles $DIR/$CN.csr
-
- openssl x509 -text -noout -in $DIR/certs/ca.crt
-
-
- openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
-
-
-
-
diff --git a/conf/CA/newIntermediate.sh b/conf/CA/newIntermediate.sh
index 88b524b9..94103051 100644
--- a/conf/CA/newIntermediate.sh
+++ b/conf/CA/newIntermediate.sh
@@ -44,7 +44,8 @@ EOF
# Sign it
openssl ca -config openssl.conf -extensions v3_intermediate_ca \
- -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
+ -days 1826 \
+ -cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
-infiles $DIR/$CN.csr
openssl x509 -text -noout -in $DIR/certs/ca.crt
diff --git a/docs/.gitignore b/docs/.gitignore
new file mode 100644
index 00000000..965350de
--- /dev/null
+++ b/docs/.gitignore
@@ -0,0 +1,5 @@
+/_static/
+/etc/
+/.tox/
+/conf.py
+/tox.ini
diff --git a/docs/index.rst b/docs/index.rst
index 3ce33136..3b903c24 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -13,11 +13,18 @@ This is a critical function for Cloud environments, as Services need to be able
To be effective during a computer transaction, Security must not only be secure, but very fast. Given that each transaction must be checked and validated for Authorization and Authentication, it is critical that all elements on this path perform optimally.
+Sections
+++++++++
.. toctree::
- :maxdepth: 3
-
-
+ :maxdepth: 1
+ :glob:
+
+ sections/architecture/index
+ sections/installation/index
+ sections/configuration/index
+ sections/logging
+ sections/release-notes
Introduction
------------
@@ -25,7 +32,7 @@ AAF contains some elements of Role Based Authorization, but includes Attribute B
|image0|
-.. |image0| image:: aaf-object-model.jpg
+.. |image0| image:: sections/architecture/images/aaf-object-model.jpg
:height: 600px
:width: 800px
@@ -41,5 +48,3 @@ The Data is managed by RESTful API, with Admin functions supplemented by Charact
-CADI (A Framework for providing Enterprise Class Authentication and Authorization with minimal configuration to Containers and Standalone Services)
-Cassandra (GRID Core)
-
--Hadoop Plugin (a plugin via Hadoop Group Mapper mechanism)
diff --git a/docs/sections/architecture/aaf_architecture.rst b/docs/sections/architecture/aaf_architecture.rst
new file mode 100644
index 00000000..815a5a48
--- /dev/null
+++ b/docs/sections/architecture/aaf_architecture.rst
@@ -0,0 +1,38 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+AAF Architecture
+================
+AAF is designed to cover Fine-Grained Authorization, meaning that the Authorizations provided are able to used an Application’s detailed authorizations, such as whether a user may be on a particular page, or has access to a particular Pub-SUB topic controlled within the App.
+
+This is a critical function for Cloud environments, as Services need to be able to be installed and running in a very short time, and should not be encumbered with local configurations of Users, Permissions and Passwords.
+
+To be effective during a computer transaction, Security must not only be secure, but very fast. Given that each transaction must be checked and validated for Authorization and Authentication, it is critical that all elements on this path perform optimally.
+
+|image0|
+
+.. |image0| image:: images/aaf-object-model.jpg
+ :height: 600px
+ :width: 800px
+
+Certificate Manager
+===================
+
+Overview
+--------
+Every secure transaction requires 1) Encryption 2) Authentication 3) Authorization.
+
+ - HTTP/S provides the core Encryption whenever used, so all of AAF Components require HTTP/S to the current protocol standards (current is TLS 1.1+ as of Nov 2016)
+ - HTTP/S requires X.509 certificates at least on the Server at minimum. (in this mode, 1 way, a client Certificate is generated)
+ - Certificate Manager can generate certificates signed by the AT&T Internal Certificate Authority, which is secure and cost effective if external access are not needed
+ - These same certificates can be used for identifying the Application during the HTTP/S transaction, making a separate UserID/Password unnecessary for Authentication.
+ - Authentication - In order to tie generated certificates to a specific Application Identity, AAF Certificate Manager embeds a ILM AppID in the Subject. These are created by AT&T specific Internal Certificate Authority, which only generates certificates for AAF Certman. Since AAF Certman validates the Sponsorship of the AppID with requests (automatically), the end user can depend on the AppID embedded in the Subject to be valid without resorting to external calls or passwords.
+
+ - ex:
+ - Authorization - AAF Certman utilizes AAF's Fine-grained authorizations to ensure that only the right entities perform functions, thus ensuring the integrity of the entire Certificate Process
+
+|image1|
+
+.. |image1| image:: images/aaf-cm.png
+ :height: 768px
+ :width: 1024px
diff --git a/docs/sections/architecture/images/SecurityArchAAF.svg b/docs/sections/architecture/images/SecurityArchAAF.svg
new file mode 100644
index 00000000..34b592ab
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchAAF.svg
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="210.566" height="286.166" viewBox="0, 0, 210.566, 286.166">
+ <g id="AAF" transform="translate(-283.488, -41.5)">
+ <g>
+ <path d="M360.277,242.79 L448.072,242.79 C452.228,242.79 455.597,244.074 455.597,245.659 L455.597,276.982 C455.597,278.567 452.228,279.851 448.072,279.851 L360.277,279.851 C356.12,279.851 352.751,278.567 352.751,276.982 L352.751,245.659 C352.751,244.074 356.12,242.79 360.277,242.79 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 404.174, 264.314)">
+ <tspan x="-16.57" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Service</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,79.5 L428.002,79.5 C430.693,79.5 432.875,80.785 432.875,82.369 L432.875,113.692 C432.875,115.277 430.693,116.562 428.002,116.562 L371.153,116.562 C368.462,116.562 366.281,115.277 366.281,113.692 L366.281,82.369 C366.281,80.785 368.462,79.5 371.153,79.5 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 101.024)">
+ <tspan x="-20.745" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Cert Man</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,201.967 L428.002,201.967 C430.693,201.967 432.874,203.252 432.874,204.837 L432.874,236.16 C432.874,237.744 430.693,239.029 428.002,239.029 L371.153,239.029 C368.462,239.029 366.28,237.744 366.28,236.16 L366.28,204.837 C366.28,203.252 368.462,201.967 371.153,201.967 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.577, 223.491)">
+ <tspan x="-14.175" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">OAuth</tspan>
+ </text>
+ </g>
+ <path d="M305.139,73 L493.554,73 L493.554,327.166 L305.139,327.166 L305.139,73 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <text transform="matrix(1, 0, 0, 1, 380.99, 60.5)">
+ <tspan x="-12.155" y="-7" font-family="HelveticaNeue" font-size="13" fill="#000000" fill-opacity="0.87">AAF</tspan>
+ <tspan x="12.155" y="-7" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87"> </tspan>
+ <tspan x="-76.495" y="5" font-family="HelveticaNeue" font-size="9" fill="#000000" fill-opacity="0.87">(Application Authorization Framework)</tspan>
+ </text>
+ <g>
+ <path d="M355.161,279.851 L383.272,279.851 C384.603,279.851 385.682,280.931 385.682,282.263 L385.682,308.589 C385.682,309.92 384.603,311 383.272,311 L355.161,311 C353.83,311 352.751,309.92 352.751,308.589 L352.751,282.263 C352.751,280.931 353.83,279.851 355.161,279.851 z" fill="#15C6D6" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 369.216, 297.941)">
+ <tspan x="-13.155" y="1.374" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Authn</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M390.797,278.605 L450.482,278.605 C453.307,278.605 455.597,279.728 455.597,281.113 L455.597,308.492 C455.597,309.877 453.307,311 450.482,311 L390.797,311 C387.972,311 385.682,309.877 385.682,308.492 L385.682,281.113 C385.682,279.728 387.972,278.605 390.797,278.605 z" fill="#D6AF15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 420.639, 297.419)">
+ <tspan x="-12.775" y="1.029" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Authz</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,161.145 L428.002,161.145 C430.693,161.145 432.875,162.43 432.875,164.014 L432.875,195.337 C432.875,196.922 430.693,198.207 428.002,198.207 L371.153,198.207 C368.462,198.207 366.281,196.922 366.281,195.337 L366.281,164.014 C366.281,162.43 368.462,161.145 371.153,161.145 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 182.669)">
+ <tspan x="-17.13" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Locator</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,120.322 L428.002,120.322 C430.693,120.322 432.875,121.607 432.875,123.192 L432.875,154.515 C432.875,156.099 430.693,157.384 428.002,157.384 L371.153,157.384 C368.462,157.384 366.281,156.099 366.281,154.515 L366.281,123.192 C366.281,121.607 368.462,120.322 371.153,120.322 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 138.083)">
+ <tspan x="-8.7" y="-1.5" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">GUI </tspan>
+ <tspan x="-25.564" y="8.5" font-family="HelveticaNeue" font-size="8" fill="#FFFFFF" fill-opacity="0.87">(Management)</tspan>
+ </text>
+ </g>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/SecurityArchAAFOrg.svg b/docs/sections/architecture/images/SecurityArchAAFOrg.svg
new file mode 100644
index 00000000..f003b810
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchAAFOrg.svg
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="427.813" height="340" viewBox="0, 0, 427.813, 340">
+ <g id="Connections" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M366.78,98.146 L209.158,119.643" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M208.753,116.671 L201.232,120.724 L209.564,122.616 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M353.251,291.445 L206.695,276.655" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M206.996,273.67 L198.736,275.852 L206.394,279.64 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(0.991, -0.136, 0.136, 0.991, 269.475, 112.33)">
+ <tspan x="-11" y="-7.49" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Sign</tspan>
+ <tspan x="-14.052" y="9.31" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">CSRs</tspan>
+ </text>
+ <text transform="matrix(0.996, 0.095, -0.095, 0.996, 260.93, 287.412)">
+ <tspan x="-21.796" y="-9.522" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Delegate</tspan>
+ <tspan x="-26.493" y="6.078" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">by Domain</tspan>
+ </text>
+ <g>
+ <path d="M353.251,263.072 L211.399,240.185" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M211.877,237.223 L203.501,238.911 L210.921,243.147 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ </g>
+ <g id="AAF" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M360.277,242.79 L448.072,242.79 C452.228,242.79 455.597,244.074 455.597,245.659 L455.597,276.982 C455.597,278.567 452.228,279.851 448.072,279.851 L360.277,279.851 C356.12,279.851 352.751,278.567 352.751,276.982 L352.751,245.659 C352.751,244.074 356.12,242.79 360.277,242.79 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 404.174, 264.314)">
+ <tspan x="-16.57" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Service</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,79.5 L428.002,79.5 C430.693,79.5 432.875,80.785 432.875,82.369 L432.875,113.692 C432.875,115.277 430.693,116.562 428.002,116.562 L371.153,116.562 C368.462,116.562 366.281,115.277 366.281,113.692 L366.281,82.369 C366.281,80.785 368.462,79.5 371.153,79.5 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 101.024)">
+ <tspan x="-20.745" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Cert Man</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,201.967 L428.002,201.967 C430.693,201.967 432.874,203.252 432.874,204.837 L432.874,236.16 C432.874,237.744 430.693,239.029 428.002,239.029 L371.153,239.029 C368.462,239.029 366.28,237.744 366.28,236.16 L366.28,204.837 C366.28,203.252 368.462,201.967 371.153,201.967 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.577, 223.491)">
+ <tspan x="-14.175" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">OAuth</tspan>
+ </text>
+ </g>
+ <path d="M305.139,73 L493.554,73 L493.554,327.166 L305.139,327.166 L305.139,73 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <text transform="matrix(1, 0, 0, 1, 380.99, 60.5)">
+ <tspan x="-12.155" y="-7" font-family="HelveticaNeue" font-size="13" fill="#000000" fill-opacity="0.87">AAF</tspan>
+ <tspan x="12.155" y="-7" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87"> </tspan>
+ <tspan x="-76.495" y="5" font-family="HelveticaNeue" font-size="9" fill="#000000" fill-opacity="0.87">(Application Authorization Framework)</tspan>
+ </text>
+ <g>
+ <path d="M355.161,279.851 L383.272,279.851 C384.603,279.851 385.682,280.931 385.682,282.263 L385.682,308.589 C385.682,309.92 384.603,311 383.272,311 L355.161,311 C353.83,311 352.751,309.92 352.751,308.589 L352.751,282.263 C352.751,280.931 353.83,279.851 355.161,279.851 z" fill="#15C6D6" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 369.216, 297.941)">
+ <tspan x="-13.155" y="1.374" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Authn</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M390.797,278.605 L450.482,278.605 C453.307,278.605 455.597,279.728 455.597,281.113 L455.597,308.492 C455.597,309.877 453.307,311 450.482,311 L390.797,311 C387.972,311 385.682,309.877 385.682,308.492 L385.682,281.113 C385.682,279.728 387.972,278.605 390.797,278.605 z" fill="#D6AF15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 420.639, 297.419)">
+ <tspan x="-12.775" y="1.029" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Authz</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,161.145 L428.002,161.145 C430.693,161.145 432.875,162.43 432.875,164.014 L432.875,195.337 C432.875,196.922 430.693,198.207 428.002,198.207 L371.153,198.207 C368.462,198.207 366.281,196.922 366.281,195.337 L366.281,164.014 C366.281,162.43 368.462,161.145 371.153,161.145 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 182.669)">
+ <tspan x="-17.13" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Locator</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,120.322 L428.002,120.322 C430.693,120.322 432.875,121.607 432.875,123.192 L432.875,154.515 C432.875,156.099 430.693,157.384 428.002,157.384 L371.153,157.384 C368.462,157.384 366.281,156.099 366.281,154.515 L366.281,123.192 C366.281,121.607 368.462,120.322 371.153,120.322 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 138.083)">
+ <tspan x="-8.7" y="-1.5" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">GUI </tspan>
+ <tspan x="-25.564" y="8.5" font-family="HelveticaNeue" font-size="8" fill="#FFFFFF" fill-opacity="0.87">(Management)</tspan>
+ </text>
+ </g>
+ </g>
+ <g id="Organization" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M89.448,90 L191.034,90 C195.843,90 199.741,92.149 199.741,94.8 L199.741,147.2 C199.741,149.851 195.843,152 191.034,152 L89.448,152 C84.639,152 80.741,149.851 80.741,147.2 L80.741,94.8 C80.741,92.149 84.639,90 89.448,90 z" fill="#4D9BAF" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 139.612, 119)">
+ <tspan x="-38.87" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Certificate</tspan>
+ <tspan x="-34.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Authority</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M89.448,299 L191.034,299 C195.843,299 199.741,301.149 199.741,303.8 L199.741,356.2 C199.741,358.851 195.843,361 191.034,361 L89.448,361 C84.639,361 80.741,358.851 80.741,356.2 L80.741,303.8 C80.741,301.149 84.639,299 89.448,299 z" fill="#4D9BAF" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 139.612, 330.5)">
+ <tspan x="-17.629" y="-7" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">DNS</tspan>
+ <tspan x="-25.454" y="7" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">(Externally </tspan>
+ <tspan x="-17.314" y="19" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">Visible)</tspan>
+ </text>
+ </g>
+ <path d="M67.741,73 L213.741,73 L213.741,381 L67.741,381 L67.741,73 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <g>
+ <g>
+ <path d="M89.448,157.75 L191.034,157.75 C195.843,157.75 199.741,162.447 199.741,168.24 L199.741,282.76 C199.741,288.553 195.843,293.25 191.034,293.25 L89.448,293.25 C84.639,293.25 80.741,288.553 80.741,282.76 L80.741,168.24 C80.741,162.447 84.639,157.75 89.448,157.75 z" fill="#4D9BAF" fill-opacity="0.87"/>
+ <text transform="matrix(-0, -1, 1, -0, 140.241, 211.015)">
+ <tspan x="-24.744" y="-34.173" font-family="HelveticaNeue" font-size="16" fill="#FFFFFF" fill-opacity="0.87">Formal</tspan>
+ <tspan x="-45.104" y="-16.173" font-family="HelveticaNeue" font-size="16" fill="#FFFFFF" fill-opacity="0.87">Organization</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M142.278,176.934 L195.204,176.934 C197.71,176.934 199.741,178.038 199.741,179.401 L199.741,206.325 C199.741,207.687 197.71,208.792 195.204,208.792 L142.278,208.792 C139.772,208.792 137.741,207.687 137.741,206.325 L137.741,179.401 C137.741,178.038 139.772,176.934 142.278,176.934 z" fill="#438596" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 168.741, 192.863)">
+ <tspan x="-22.914" y="-2.5" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Notification</tspan>
+ <tspan x="-15.089" y="8.5" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">System</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M142.278,216.731 L195.204,216.731 C197.71,216.731 199.741,217.835 199.741,219.197 L199.741,246.122 C199.741,247.484 197.71,248.588 195.204,248.588 L142.278,248.588 C139.772,248.588 137.741,247.484 137.741,246.122 L137.741,219.197 C137.741,217.835 139.772,216.731 142.278,216.731 z" fill="#438596" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 168.741, 232.978)">
+ <tspan x="-16.335" y="-2.818" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Identity/</tspan>
+ <tspan x="-19.166" y="8.182" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Hierarchy</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M142.278,255.89 L195.204,255.89 C197.71,255.89 199.741,256.994 199.741,258.356 L199.741,285.281 C199.741,286.643 197.71,287.747 195.204,287.747 L142.278,287.747 C139.772,287.747 137.741,286.643 137.741,285.281 L137.741,258.356 C137.741,256.994 139.772,255.89 142.278,255.89 z" fill="#438596" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 168.741, 272.137)">
+ <tspan x="-19.507" y="-2.818" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Company </tspan>
+ <tspan x="-16.42" y="8.182" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Authn(s)</tspan>
+ </text>
+ </g>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 126.872, 60.5)">
+ <tspan x="-59.631" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Organizationally Defined</tspan>
+ </text>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/SecurityArchBasic_1.svg b/docs/sections/architecture/images/SecurityArchBasic_1.svg
new file mode 100644
index 00000000..1066f2c3
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchBasic_1.svg
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="516.973" height="313.5" viewBox="0, 0, 516.973, 313.5">
+ <g id="Basics" transform="translate(-175.969, -237)">
+ <path d="M186.675,488.5 L303.255,488.5 C308.773,488.5 313.247,490.649 313.247,493.3 L313.247,545.7 C313.247,548.351 308.773,550.5 303.255,550.5 L186.675,550.5 C181.156,550.5 176.682,548.351 176.682,545.7 L176.682,493.3 C176.682,490.649 181.156,488.5 186.675,488.5 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.965, 519.497)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.936,464.5 L683.521,464.5 C688.33,464.5 692.229,467.481 692.229,471.158 L692.229,543.841 C692.229,547.519 688.33,550.5 683.521,550.5 L581.936,550.5 C577.127,550.5 573.229,547.519 573.229,543.841 L573.229,471.158 C573.229,467.481 577.127,464.5 581.936,464.5 z" fill="#38AB4E"/>
+ <g>
+ <path d="M582.649,237 L684.234,237 C689.043,237 692.942,239.149 692.942,241.8 L692.942,294.2 C692.942,296.851 689.043,299 684.234,299 L582.649,299 C577.84,299 573.942,296.851 573.942,294.2 L573.942,241.8 C573.942,239.149 577.84,237 582.649,237 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.812, 266)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M631.441,299.5 L633.285,442" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M630.285,442.039 L633.388,450 L636.285,441.962 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M574.31,520.114 L335.202,521.06" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M335.19,518.06 L327.202,521.091 L335.214,524.06 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.729, 504.138)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ <path d="M185.961,488.5 L302.541,488.5 C308.06,488.5 312.534,490.649 312.534,493.3 L312.534,545.7 C312.534,548.351 308.06,550.5 302.541,550.5 L185.961,550.5 C180.442,550.5 175.969,548.351 175.969,545.7 L175.969,493.3 C175.969,490.649 180.442,488.5 185.961,488.5 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.251, 519.498)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.222,464.5 L682.808,464.5 C687.617,464.5 691.515,467.481 691.515,471.158 L691.515,543.842 C691.515,547.519 687.617,550.5 682.808,550.5 L581.222,550.5 C576.413,550.5 572.515,547.519 572.515,543.842 L572.515,471.158 C572.515,467.481 576.413,464.5 581.222,464.5 z" fill="#38AB4E"/>
+ <g>
+ <path d="M581.936,237 L683.521,237 C688.33,237 692.229,239.149 692.229,241.8 L692.229,294.2 C692.229,296.851 688.33,299 683.521,299 L581.936,299 C577.127,299 573.229,296.851 573.229,294.2 L573.229,241.8 C573.229,239.149 577.127,237 581.936,237 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.099, 266)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.015, 504.139)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/SecurityArchBasic_TLS.svg b/docs/sections/architecture/images/SecurityArchBasic_TLS.svg
new file mode 100644
index 00000000..664593bd
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchBasic_TLS.svg
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="517.817" height="313.5" viewBox="0, 0, 517.817, 313.5">
+ <g id="TLS" transform="translate(-175.969, -237)">
+ <text transform="matrix(-0, 1, -1, -0, 639.901, 366.492)">
+ <tspan x="-22.253" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">TLS 1.2+</tspan>
+ </text>
+ <text transform="matrix(1, -0, 0, 1, 439.736, 509.201)">
+ <tspan x="-22.253" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">TLS 1.2+</tspan>
+ </text>
+ <text transform="matrix(1, 0, 0, 1, 634.155, 457.499)">
+ <tspan x="-19.244" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ <text transform="matrix(-0, 1, -1, -0, 320.012, 516.681)">
+ <tspan x="-19.244" y="3.235" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ </g>
+ <g id="Basics" transform="translate(-175.969, -237)">
+ <path d="M186.675,488.5 L303.255,488.5 C308.773,488.5 313.247,490.649 313.247,493.3 L313.247,545.7 C313.247,548.351 308.773,550.5 303.255,550.5 L186.675,550.5 C181.156,550.5 176.682,548.351 176.682,545.7 L176.682,493.3 C176.682,490.649 181.156,488.5 186.675,488.5 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.965, 519.497)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.936,464.5 L683.521,464.5 C688.33,464.5 692.229,467.481 692.229,471.158 L692.229,543.841 C692.229,547.519 688.33,550.5 683.521,550.5 L581.936,550.5 C577.127,550.5 573.229,547.519 573.229,543.841 L573.229,471.158 C573.229,467.481 577.127,464.5 581.936,464.5 z" fill="#38AB4E"/>
+ <g>
+ <path d="M582.649,237 L684.234,237 C689.043,237 692.942,239.149 692.942,241.8 L692.942,294.2 C692.942,296.851 689.043,299 684.234,299 L582.649,299 C577.84,299 573.942,296.851 573.942,294.2 L573.942,241.8 C573.942,239.149 577.84,237 582.649,237 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.812, 266)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M631.441,299.5 L633.285,442" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M630.285,442.039 L633.388,450 L636.285,441.962 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M574.31,520.114 L335.202,521.06" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M335.19,518.06 L327.202,521.091 L335.214,524.06 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.729, 504.138)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ <path d="M185.961,488.5 L302.541,488.5 C308.06,488.5 312.534,490.649 312.534,493.3 L312.534,545.7 C312.534,548.351 308.06,550.5 302.541,550.5 L185.961,550.5 C180.442,550.5 175.969,548.351 175.969,545.7 L175.969,493.3 C175.969,490.649 180.442,488.5 185.961,488.5 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.251, 519.498)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.222,464.5 L682.808,464.5 C687.617,464.5 691.515,467.481 691.515,471.158 L691.515,543.842 C691.515,547.519 687.617,550.5 682.808,550.5 L581.222,550.5 C576.413,550.5 572.515,547.519 572.515,543.842 L572.515,471.158 C572.515,467.481 576.413,464.5 581.222,464.5 z" fill="#38AB4E"/>
+ <g>
+ <path d="M581.936,237 L683.521,237 C688.33,237 692.229,239.149 692.229,241.8 L692.229,294.2 C692.229,296.851 688.33,299 683.521,299 L581.936,299 C577.127,299 573.229,296.851 573.229,294.2 L573.229,241.8 C573.229,239.149 577.127,237 581.936,237 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.099, 266)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.015, 504.139)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/SecurityArchCADI.svg b/docs/sections/architecture/images/SecurityArchCADI.svg
new file mode 100644
index 00000000..b05a7f90
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchCADI.svg
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="517.259" height="323.537" viewBox="0, 0, 517.259, 323.537">
+ <g id="CADI" transform="translate(-176.682, -236.872)">
+ <text transform="matrix(0, 1, -1, 0, 565.177, 521.164)">
+ <tspan x="-28.221" y="1.366" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">X509 Client</tspan>
+ </text>
+ <text transform="matrix(1, -0, 0, 1, 632.729, 307.083)">
+ <tspan x="-28.221" y="1.917" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">X509 Client</tspan>
+ </text>
+ <text transform="matrix(1, 0, -0, 1, 650.783, 318.583)">
+ <tspan x="-31.576" y="1.922" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">or BasicAuth</tspan>
+ </text>
+ <g>
+ <g>
+ <path d="M583.149,441 L684.734,441 C689.543,441 693.442,441.832 693.442,442.858 L693.442,463.142 C693.442,464.168 689.543,465 684.734,465 L583.149,465 C578.34,465 574.442,464.168 574.442,463.142 L574.442,442.858 C574.442,441.832 578.34,441 583.149,441 z" fill="#CA3F3F" fill-opacity="0.862"/>
+ <path d="M583.149,441 L684.734,441 C689.543,441 693.442,441.832 693.442,442.858 L693.442,463.142 C693.442,464.168 689.543,465 684.734,465 L583.149,465 C578.34,465 574.442,464.168 574.442,463.142 L574.442,442.858 C574.442,441.832 578.34,441 583.149,441 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 633.442, 452.5)">
+ <tspan x="-26.477" y="2.25" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">CADI Filter</tspan>
+ </text>
+ </g>
+ <g>
+ <g>
+ <path d="M331.312,493.536 L331.312,546.463 C331.312,548.969 330.703,551 329.952,551 L315.107,551 C314.356,551 313.747,548.969 313.747,546.463 L313.747,493.536 C313.747,491.031 314.356,489 315.107,489 L329.952,489 C330.703,489 331.312,491.031 331.312,493.536 z" fill="#CA3F3F"/>
+ <path d="M331.312,493.536 L331.312,546.463 C331.312,548.969 330.703,551 329.952,551 L315.107,551 C314.356,551 313.747,548.969 313.747,546.463 L313.747,493.536 C313.747,491.031 314.356,489 315.107,489 L329.952,489 C330.703,489 331.312,491.031 331.312,493.536 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ </g>
+ <text transform="matrix(-0, 1, -1, -0, 319.997, 519.5)">
+ <tspan x="-19.256" y="1.25" font-family="HelveticaNeue" font-size="8" fill="#FFFFFF" fill-opacity="0.87">CADI Filter</tspan>
+ </text>
+ </g>
+ <path d="M186.675,488.372 L303.255,488.372 C308.774,488.372 313.248,490.521 313.248,493.172 L313.248,545.572 C313.248,548.223 308.774,550.372 303.255,550.372 L186.675,550.372 C181.156,550.372 176.682,548.223 176.682,545.572 L176.682,493.172 C176.682,490.521 181.156,488.372 186.675,488.372 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.965, 519.37)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.936,464.372 L683.522,464.372 C688.331,464.372 692.229,467.353 692.229,471.03 L692.229,543.714 C692.229,547.391 688.331,550.372 683.522,550.372 L581.936,550.372 C577.127,550.372 573.229,547.391 573.229,543.714 L573.229,471.03 C573.229,467.353 577.127,464.372 581.936,464.372 z" fill="#38AB4E"/>
+ <g>
+ <path d="M582.649,236.872 L684.234,236.872 C689.043,236.872 692.942,239.021 692.942,241.672 L692.942,294.072 C692.942,296.723 689.043,298.872 684.234,298.872 L582.649,298.872 C577.84,298.872 573.942,296.723 573.942,294.072 L573.942,241.672 C573.942,239.021 577.84,236.872 582.649,236.872 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.812, 265.872)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 631.212, 433.373)">
+ <tspan x="-19.244" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ <g>
+ <path d="M631.442,299.373 L631.943,414.772" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M628.943,414.785 L631.978,422.772 L634.943,414.759 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M574.311,519.987 L353.842,519.762" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M353.845,516.762 L345.842,519.754 L353.839,522.762 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.729, 504.011)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ <text transform="matrix(-0, 1, -1, -0, 337.577, 519.5)">
+ <tspan x="-19.244" y="3.235" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/SecurityArchCADIClient.svg b/docs/sections/architecture/images/SecurityArchCADIClient.svg
new file mode 100644
index 00000000..66ab0737
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchCADIClient.svg
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="517.259" height="330.354" viewBox="0, 0, 517.259, 330.354">
+ <g id="CADI" transform="translate(-176.682, -236.872)">
+ <text transform="matrix(0, 1, -1, 0, 565.177, 521.164)">
+ <tspan x="-28.221" y="1.366" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">X509 Client</tspan>
+ </text>
+ <text transform="matrix(1, -0, 0, 1, 632.729, 307.083)">
+ <tspan x="-28.221" y="1.917" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">X509 Client</tspan>
+ </text>
+ <text transform="matrix(1, 0, -0, 1, 650.783, 318.583)">
+ <tspan x="-31.576" y="1.922" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">or BasicAuth</tspan>
+ </text>
+ <g>
+ <g>
+ <path d="M583.149,441 L684.734,441 C689.543,441 693.442,441.832 693.442,442.858 L693.442,463.142 C693.442,464.168 689.543,465 684.734,465 L583.149,465 C578.34,465 574.442,464.168 574.442,463.142 L574.442,442.858 C574.442,441.832 578.34,441 583.149,441 z" fill="#CA3F3F" fill-opacity="0.862"/>
+ <path d="M583.149,441 L684.734,441 C689.543,441 693.442,441.832 693.442,442.858 L693.442,463.142 C693.442,464.168 689.543,465 684.734,465 L583.149,465 C578.34,465 574.442,464.168 574.442,463.142 L574.442,442.858 C574.442,441.832 578.34,441 583.149,441 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 633.442, 452.5)">
+ <tspan x="-26.477" y="2.25" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">CADI Filter</tspan>
+ </text>
+ </g>
+ <g>
+ <g>
+ <path d="M331.312,493.536 L331.312,546.463 C331.312,548.969 330.703,551 329.952,551 L315.107,551 C314.356,551 313.747,548.969 313.747,546.463 L313.747,493.536 C313.747,491.031 314.356,489 315.107,489 L329.952,489 C330.703,489 331.312,491.031 331.312,493.536 z" fill="#CA3F3F"/>
+ <path d="M331.312,493.536 L331.312,546.463 C331.312,548.969 330.703,551 329.952,551 L315.107,551 C314.356,551 313.747,548.969 313.747,546.463 L313.747,493.536 C313.747,491.031 314.356,489 315.107,489 L329.952,489 C330.703,489 331.312,491.031 331.312,493.536 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ </g>
+ <text transform="matrix(-0, 1, -1, -0, 319.997, 519.5)">
+ <tspan x="-19.256" y="1.25" font-family="HelveticaNeue" font-size="8" fill="#FFFFFF" fill-opacity="0.87">CADI Filter</tspan>
+ </text>
+ </g>
+ <path d="M186.675,488.372 L303.255,488.372 C308.774,488.372 313.248,490.521 313.248,493.172 L313.248,545.572 C313.248,548.223 308.774,550.372 303.255,550.372 L186.675,550.372 C181.156,550.372 176.682,548.223 176.682,545.572 L176.682,493.172 C176.682,490.521 181.156,488.372 186.675,488.372 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.965, 519.37)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.936,464.372 L683.522,464.372 C688.331,464.372 692.229,467.353 692.229,471.03 L692.229,543.714 C692.229,547.391 688.331,550.372 683.522,550.372 L581.936,550.372 C577.127,550.372 573.229,547.391 573.229,543.714 L573.229,471.03 C573.229,467.353 577.127,464.372 581.936,464.372 z" fill="#38AB4E"/>
+ <g>
+ <path d="M582.649,236.872 L684.234,236.872 C689.043,236.872 692.942,239.021 692.942,241.672 L692.942,294.072 C692.942,296.723 689.043,298.872 684.234,298.872 L582.649,298.872 C577.84,298.872 573.942,296.723 573.942,294.072 L573.942,241.672 C573.942,239.021 577.84,236.872 582.649,236.872 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.812, 265.872)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 631.212, 433.373)">
+ <tspan x="-19.244" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ <g>
+ <path d="M631.442,299.373 L631.943,414.772" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M628.943,414.785 L631.978,422.772 L634.943,414.759 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M574.311,519.987 L353.842,519.762" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M353.845,516.762 L345.842,519.754 L353.839,522.762 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.729, 504.011)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ <text transform="matrix(-0, 1, -1, -0, 337.577, 519.5)">
+ <tspan x="-19.244" y="3.235" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ </g>
+ <g id="CADI_Client" transform="translate(-176.682, -236.872)">
+ <text transform="matrix(1, -0, 0, 1, 459.076, 543.239)">
+ <tspan x="-89.025" y="-13.986" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Utilize CADI Client REST client (auto </tspan>
+ <tspan x="-89.025" y="-1.986" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">loads credentials, Contexts, etc)</tspan>
+ </text>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/SecurityArchFull.svg b/docs/sections/architecture/images/SecurityArchFull.svg
new file mode 100644
index 00000000..f25fd0c2
--- /dev/null
+++ b/docs/sections/architecture/images/SecurityArchFull.svg
@@ -0,0 +1,275 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="627.701" height="525.726" viewBox="0, 0, 627.701, 525.726">
+ <g id="Direct_AAF" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M572.081,454.632 L395.909,317.04" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M397.756,314.675 L389.604,312.116 L394.062,319.404 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M606.551,441 L445.662,316.508" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M447.498,314.135 L439.335,311.612 L443.826,318.88 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(0.79, 0.613, -0.613, 0.79, 497.62, 402.334)">
+ <tspan x="-43.687" y="-9.685" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">1) User/Password</tspan>
+ <tspan x="-58.872" y="8.315" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">validation (if Basic Auth)</tspan>
+ </text>
+ <text transform="matrix(0.79, 0.613, -0.613, 0.79, 531.051, 387.658)">
+ <tspan x="-22.418" y="-9.685" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">2) Obtain</tspan>
+ <tspan x="-41.762" y="8.315" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">AAF Permissions</tspan>
+ </text>
+ </g>
+ <g id="AAF_Batch" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M351.193,158.06 L351.024,222.389 C351.016,225.434 349.725,227.899 348.14,227.893 L316.818,227.788 C315.233,227.783 313.955,225.31 313.963,222.265 L314.132,157.936 C314.14,154.89 315.431,152.426 317.015,152.431 L348.338,152.537 C349.923,152.542 351.201,155.015 351.193,158.06 z" fill="#D65E15" fill-opacity="0.52"/>
+ <text transform="matrix(-0.003, 1, -1, -0.003, 332.578, 190.162)">
+ <tspan x="-13.15" y="-3.013" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Batch </tspan>
+ <tspan x="-28.805" y="8.987" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Maintenance</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M314.463,190.662 L209.956,190.662" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M209.956,187.662 L201.956,190.662 L209.956,193.662 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(1, 0, -0, 1, 259.372, 193.06)">
+ <tspan x="-19.959" y="-6.244" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Expiring</tspan>
+ <tspan x="-16.604" y="9.356" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Events</tspan>
+ </text>
+ <g>
+ <path d="M200.956,198.706 L229.109,198.706 L229.109,224.632 L209.956,224.632" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M209.956,221.632 L201.956,224.632 L209.956,227.632 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M351.693,200.083 L437.888,200.083" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-dasharray="3,2"/>
+ <path d="M437.888,203.083 L445.888,200.083 L437.888,197.083 z" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ </g>
+ <g id="AAF_Cassandra" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M485.176,158.06 L485.007,222.389 C484.999,225.434 483.708,227.899 482.123,227.893 L450.8,227.788 C449.216,227.783 447.938,225.31 447.946,222.265 L448.114,157.936 C448.122,154.89 449.414,152.426 450.998,152.431 L482.321,152.537 C483.906,152.542 485.184,155.015 485.176,158.06 z" fill="#1715D6" fill-opacity="0.52"/>
+ <text transform="matrix(-0.003, 1, -1, -0.003, 463.496, 190.162)">
+ <tspan x="-24.075" y="-3.013" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Cassandra</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M433.476,96.895 L462.989,144.836" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-dasharray="3,2"/>
+ <path d="M460.434,146.409 L467.183,151.648 L465.544,143.263 z" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M433.476,180.993 L439.445,180.993" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-dasharray="3,2"/>
+ <path d="M439.445,183.993 L447.445,180.993 L439.445,177.993 z" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M433.476,219.752 L441.331,213.665" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-dasharray="3,2"/>
+ <path d="M443.169,216.036 L447.655,208.765 L439.494,211.294 z" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M448.674,243.29 L460.62,233.94" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-dasharray="3,2"/>
+ <path d="M462.469,236.303 L466.919,229.01 L458.771,231.578 z" fill-opacity="0" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ </g>
+ <g id="Connections" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M366.78,98.146 L209.158,119.643" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M208.753,116.671 L201.232,120.724 L209.564,122.616 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M353.251,291.445 L206.695,276.655" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M206.996,273.67 L198.736,275.852 L206.394,279.64 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(0.991, -0.136, 0.136, 0.991, 269.475, 112.33)">
+ <tspan x="-11" y="-7.49" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Sign</tspan>
+ <tspan x="-14.052" y="9.31" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">CSRs</tspan>
+ </text>
+ <text transform="matrix(0.996, 0.095, -0.095, 0.996, 260.93, 287.412)">
+ <tspan x="-21.796" y="-9.522" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Delegate</tspan>
+ <tspan x="-26.493" y="6.078" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">by Domain</tspan>
+ </text>
+ <g>
+ <path d="M353.251,263.072 L211.399,240.185" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M211.877,237.223 L203.501,238.911 L210.921,243.147 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ </g>
+ <g id="AAF" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M360.277,242.79 L448.072,242.79 C452.228,242.79 455.597,244.074 455.597,245.659 L455.597,276.982 C455.597,278.567 452.228,279.851 448.072,279.851 L360.277,279.851 C356.12,279.851 352.751,278.567 352.751,276.982 L352.751,245.659 C352.751,244.074 356.12,242.79 360.277,242.79 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 404.174, 264.314)">
+ <tspan x="-16.57" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Service</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,79.5 L428.002,79.5 C430.693,79.5 432.875,80.785 432.875,82.369 L432.875,113.692 C432.875,115.277 430.693,116.562 428.002,116.562 L371.153,116.562 C368.462,116.562 366.281,115.277 366.281,113.692 L366.281,82.369 C366.281,80.785 368.462,79.5 371.153,79.5 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 101.024)">
+ <tspan x="-20.745" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Cert Man</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,201.967 L428.002,201.967 C430.693,201.967 432.874,203.252 432.874,204.837 L432.874,236.16 C432.874,237.744 430.693,239.029 428.002,239.029 L371.153,239.029 C368.462,239.029 366.28,237.744 366.28,236.16 L366.28,204.837 C366.28,203.252 368.462,201.967 371.153,201.967 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.577, 223.491)">
+ <tspan x="-14.175" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">OAuth</tspan>
+ </text>
+ </g>
+ <path d="M305.139,73 L493.554,73 L493.554,327.166 L305.139,327.166 L305.139,73 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <text transform="matrix(1, 0, 0, 1, 380.99, 60.5)">
+ <tspan x="-12.155" y="-7" font-family="HelveticaNeue" font-size="13" fill="#000000" fill-opacity="0.87">AAF</tspan>
+ <tspan x="12.155" y="-7" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87"> </tspan>
+ <tspan x="-76.495" y="5" font-family="HelveticaNeue" font-size="9" fill="#000000" fill-opacity="0.87">(Application Authorization Framework)</tspan>
+ </text>
+ <g>
+ <path d="M355.161,279.851 L383.272,279.851 C384.603,279.851 385.682,280.931 385.682,282.263 L385.682,308.589 C385.682,309.92 384.603,311 383.272,311 L355.161,311 C353.83,311 352.751,309.92 352.751,308.589 L352.751,282.263 C352.751,280.931 353.83,279.851 355.161,279.851 z" fill="#15C6D6" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 369.216, 297.941)">
+ <tspan x="-13.155" y="1.374" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Authn</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M390.797,278.605 L450.482,278.605 C453.307,278.605 455.597,279.728 455.597,281.113 L455.597,308.492 C455.597,309.877 453.307,311 450.482,311 L390.797,311 C387.972,311 385.682,309.877 385.682,308.492 L385.682,281.113 C385.682,279.728 387.972,278.605 390.797,278.605 z" fill="#D6AF15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 420.639, 297.419)">
+ <tspan x="-12.775" y="1.029" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Authz</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,161.145 L428.002,161.145 C430.693,161.145 432.875,162.43 432.875,164.014 L432.875,195.337 C432.875,196.922 430.693,198.207 428.002,198.207 L371.153,198.207 C368.462,198.207 366.281,196.922 366.281,195.337 L366.281,164.014 C366.281,162.43 368.462,161.145 371.153,161.145 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 182.669)">
+ <tspan x="-17.13" y="-0.264" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">Locator</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M371.153,120.322 L428.002,120.322 C430.693,120.322 432.875,121.607 432.875,123.192 L432.875,154.515 C432.875,156.099 430.693,157.384 428.002,157.384 L371.153,157.384 C368.462,157.384 366.281,156.099 366.281,154.515 L366.281,123.192 C366.281,121.607 368.462,120.322 371.153,120.322 z" fill="#D65F15" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 399.578, 138.083)">
+ <tspan x="-8.7" y="-1.5" font-family="HelveticaNeue" font-size="10" fill="#FFFFFF" fill-opacity="0.87">GUI </tspan>
+ <tspan x="-25.564" y="8.5" font-family="HelveticaNeue" font-size="8" fill="#FFFFFF" fill-opacity="0.87">(Management)</tspan>
+ </text>
+ </g>
+ </g>
+ <g id="Organization" transform="translate(-66.241, -41.5)">
+ <g>
+ <path d="M89.448,90 L191.034,90 C195.843,90 199.741,92.149 199.741,94.8 L199.741,147.2 C199.741,149.851 195.843,152 191.034,152 L89.448,152 C84.639,152 80.741,149.851 80.741,147.2 L80.741,94.8 C80.741,92.149 84.639,90 89.448,90 z" fill="#4D9BAF" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 139.612, 119)">
+ <tspan x="-38.87" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Certificate</tspan>
+ <tspan x="-34.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Authority</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M89.448,299 L191.034,299 C195.843,299 199.741,301.149 199.741,303.8 L199.741,356.2 C199.741,358.851 195.843,361 191.034,361 L89.448,361 C84.639,361 80.741,358.851 80.741,356.2 L80.741,303.8 C80.741,301.149 84.639,299 89.448,299 z" fill="#4D9BAF" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 139.612, 330.5)">
+ <tspan x="-17.629" y="-7" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">DNS</tspan>
+ <tspan x="-25.454" y="7" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">(Externally </tspan>
+ <tspan x="-17.314" y="19" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">Visible)</tspan>
+ </text>
+ </g>
+ <path d="M67.741,73 L213.741,73 L213.741,381 L67.741,381 L67.741,73 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <g>
+ <g>
+ <path d="M89.448,157.75 L191.034,157.75 C195.843,157.75 199.741,162.447 199.741,168.24 L199.741,282.76 C199.741,288.553 195.843,293.25 191.034,293.25 L89.448,293.25 C84.639,293.25 80.741,288.553 80.741,282.76 L80.741,168.24 C80.741,162.447 84.639,157.75 89.448,157.75 z" fill="#4D9BAF" fill-opacity="0.87"/>
+ <text transform="matrix(-0, -1, 1, -0, 140.241, 211.015)">
+ <tspan x="-24.744" y="-34.173" font-family="HelveticaNeue" font-size="16" fill="#FFFFFF" fill-opacity="0.87">Formal</tspan>
+ <tspan x="-45.104" y="-16.173" font-family="HelveticaNeue" font-size="16" fill="#FFFFFF" fill-opacity="0.87">Organization</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M142.278,176.934 L195.204,176.934 C197.71,176.934 199.741,178.038 199.741,179.401 L199.741,206.325 C199.741,207.687 197.71,208.792 195.204,208.792 L142.278,208.792 C139.772,208.792 137.741,207.687 137.741,206.325 L137.741,179.401 C137.741,178.038 139.772,176.934 142.278,176.934 z" fill="#438596" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 168.741, 192.863)">
+ <tspan x="-22.914" y="-2.5" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Notification</tspan>
+ <tspan x="-15.089" y="8.5" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">System</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M142.278,216.731 L195.204,216.731 C197.71,216.731 199.741,217.835 199.741,219.197 L199.741,246.122 C199.741,247.484 197.71,248.588 195.204,248.588 L142.278,248.588 C139.772,248.588 137.741,247.484 137.741,246.122 L137.741,219.197 C137.741,217.835 139.772,216.731 142.278,216.731 z" fill="#438596" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 168.741, 232.978)">
+ <tspan x="-16.335" y="-2.818" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Identity/</tspan>
+ <tspan x="-19.166" y="8.182" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Hierarchy</tspan>
+ </text>
+ </g>
+ <g>
+ <path d="M142.278,255.89 L195.204,255.89 C197.71,255.89 199.741,256.994 199.741,258.356 L199.741,285.281 C199.741,286.643 197.71,287.747 195.204,287.747 L142.278,287.747 C139.772,287.747 137.741,286.643 137.741,285.281 L137.741,258.356 C137.741,256.994 139.772,255.89 142.278,255.89 z" fill="#438596" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 168.741, 272.137)">
+ <tspan x="-19.507" y="-2.818" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Company </tspan>
+ <tspan x="-16.42" y="8.182" font-family="HelveticaNeue" font-size="9" fill="#FFFFFF" fill-opacity="0.87">Authn(s)</tspan>
+ </text>
+ </g>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 126.872, 60.5)">
+ <tspan x="-59.631" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Organizationally Defined</tspan>
+ </text>
+ </g>
+ <g id="TLS" transform="translate(-66.241, -41.5)">
+ <text transform="matrix(-0, 1, -1, -0, 639.901, 366.492)">
+ <tspan x="-22.253" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">TLS 1.2+</tspan>
+ </text>
+ <text transform="matrix(1, -0, 0, 1, 439.736, 509.201)">
+ <tspan x="-22.253" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">TLS 1.2+</tspan>
+ </text>
+ <text transform="matrix(1, 0, 0, 1, 634.155, 457.499)">
+ <tspan x="-19.244" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ <text transform="matrix(-0, 1, -1, -0, 320.012, 516.681)">
+ <tspan x="-19.244" y="3.235" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ </g>
+ <g id="CADI" transform="translate(-66.241, -41.5)">
+ <text transform="matrix(0, 1, -1, 0, 565.177, 521.164)">
+ <tspan x="-28.221" y="1.366" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">X509 Client</tspan>
+ </text>
+ <text transform="matrix(1, -0, 0, 1, 632.729, 307.083)">
+ <tspan x="-28.221" y="1.917" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">X509 Client</tspan>
+ </text>
+ <text transform="matrix(1, 0, -0, 1, 650.783, 318.583)">
+ <tspan x="-31.576" y="1.922" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">or BasicAuth</tspan>
+ </text>
+ <g>
+ <g>
+ <path d="M583.149,441 L684.734,441 C689.543,441 693.442,441.832 693.442,442.858 L693.442,463.142 C693.442,464.168 689.543,465 684.734,465 L583.149,465 C578.34,465 574.442,464.168 574.442,463.142 L574.442,442.858 C574.442,441.832 578.34,441 583.149,441 z" fill="#CA3F3F" fill-opacity="0.862"/>
+ <path d="M583.149,441 L684.734,441 C689.543,441 693.442,441.832 693.442,442.858 L693.442,463.142 C693.442,464.168 689.543,465 684.734,465 L583.149,465 C578.34,465 574.442,464.168 574.442,463.142 L574.442,442.858 C574.442,441.832 578.34,441 583.149,441 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 633.442, 452.5)">
+ <tspan x="-26.477" y="2.25" font-family="HelveticaNeue" font-size="11" fill="#FFFFFF" fill-opacity="0.87">CADI Filter</tspan>
+ </text>
+ </g>
+ <g>
+ <g>
+ <path d="M331.312,493.536 L331.312,546.463 C331.312,548.969 330.703,551 329.952,551 L315.107,551 C314.356,551 313.747,548.969 313.747,546.463 L313.747,493.536 C313.747,491.031 314.356,489 315.107,489 L329.952,489 C330.703,489 331.312,491.031 331.312,493.536 z" fill="#CA3F3F"/>
+ <path d="M331.312,493.536 L331.312,546.463 C331.312,548.969 330.703,551 329.952,551 L315.107,551 C314.356,551 313.747,548.969 313.747,546.463 L313.747,493.536 C313.747,491.031 314.356,489 315.107,489 L329.952,489 C330.703,489 331.312,491.031 331.312,493.536 z" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ </g>
+ <text transform="matrix(-0, 1, -1, -0, 319.997, 519.5)">
+ <tspan x="-19.256" y="1.25" font-family="HelveticaNeue" font-size="8" fill="#FFFFFF" fill-opacity="0.87">CADI Filter</tspan>
+ </text>
+ </g>
+ <path d="M186.675,488.372 L303.255,488.372 C308.774,488.372 313.248,490.521 313.248,493.172 L313.248,545.572 C313.248,548.223 308.774,550.372 303.255,550.372 L186.675,550.372 C181.156,550.372 176.682,548.223 176.682,545.572 L176.682,493.172 C176.682,490.521 181.156,488.372 186.675,488.372 z" fill="#38AB4E"/>
+ <text transform="matrix(1, 0, 0, 1, 244.965, 519.37)">
+ <tspan x="-42.661" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Application</tspan>
+ <tspan x="-15.257" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF">Two</tspan>
+ </text>
+ <path d="M581.936,464.372 L683.522,464.372 C688.331,464.372 692.229,467.353 692.229,471.03 L692.229,543.714 C692.229,547.391 688.331,550.372 683.522,550.372 L581.936,550.372 C577.127,550.372 573.229,547.391 573.229,543.714 L573.229,471.03 C573.229,467.353 577.127,464.372 581.936,464.372 z" fill="#38AB4E"/>
+ <g>
+ <path d="M582.649,236.872 L684.234,236.872 C689.043,236.872 692.942,239.021 692.942,241.672 L692.942,294.072 C692.942,296.723 689.043,298.872 684.234,298.872 L582.649,298.872 C577.84,298.872 573.942,296.723 573.942,294.072 L573.942,241.672 C573.942,239.021 577.84,236.872 582.649,236.872 z" fill="#7A40CA" fill-opacity="0.87"/>
+ <text transform="matrix(1, 0, 0, 1, 635.812, 265.872)">
+ <tspan x="-35.896" y="-4.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">User One</tspan>
+ <tspan x="-31.161" y="15.5" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">(Person)</tspan>
+ </text>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 631.212, 433.373)">
+ <tspan x="-19.244" y="3" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ <g>
+ <path d="M631.442,299.373 L631.943,414.772" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M628.943,414.785 L631.978,422.772 L634.943,414.759 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <g>
+ <path d="M574.311,519.987 L353.842,519.762" fill-opacity="0" stroke="#000000" stroke-width="1"/>
+ <path d="M353.845,516.762 L345.842,519.754 L353.839,522.762 z" fill="#000000" fill-opacity="1" stroke="#000000" stroke-width="1" stroke-opacity="1"/>
+ </g>
+ <text transform="matrix(1, 0, 0, 1, 632.729, 504.011)">
+ <tspan x="-42.661" y="-6.219" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">Application</tspan>
+ <tspan x="-15.75" y="13.781" font-family="HelveticaNeue" font-size="17" fill="#FFFFFF" fill-opacity="0.87">One</tspan>
+ </text>
+ <text transform="matrix(-0, 1, -1, -0, 337.577, 519.5)">
+ <tspan x="-19.244" y="3.235" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">HTTP/S</tspan>
+ </text>
+ </g>
+ <g id="CADI_Client" transform="translate(-66.241, -41.5)">
+ <text transform="matrix(1, -0, 0, 1, 459.076, 543.239)">
+ <tspan x="-89.025" y="-13.986" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">Utilize CADI Client REST client (auto </tspan>
+ <tspan x="-89.025" y="-1.986" font-family="HelveticaNeue" font-size="11" fill="#000000" fill-opacity="0.87">loads credentials, Contexts, etc)</tspan>
+ </text>
+ </g>
+</svg>
diff --git a/docs/sections/architecture/images/aaf-cm.png b/docs/sections/architecture/images/aaf-cm.png
new file mode 100644
index 00000000..602f17e4
--- /dev/null
+++ b/docs/sections/architecture/images/aaf-cm.png
Binary files differ
diff --git a/docs/aaf-object-model.jpg b/docs/sections/architecture/images/aaf-object-model.jpg
index 30caa7d5..30caa7d5 100644
--- a/docs/aaf-object-model.jpg
+++ b/docs/sections/architecture/images/aaf-object-model.jpg
Binary files differ
diff --git a/docs/sections/architecture/index.rst b/docs/sections/architecture/index.rst
new file mode 100644
index 00000000..5a20f2d1
--- /dev/null
+++ b/docs/sections/architecture/index.rst
@@ -0,0 +1,12 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Architecture
+============
+.. toctree::
+ :maxdepth: 2
+ :glob:
+
+ *
+
diff --git a/docs/sections/architecture/security.rst b/docs/sections/architecture/security.rst
new file mode 100644
index 00000000..93247899
--- /dev/null
+++ b/docs/sections/architecture/security.rst
@@ -0,0 +1,150 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Security Architecture
+=====================
+Communicating
+-------------
+When one compute process needs to communicate to another, it does so with networking.
+
+The service side is always compute process, but the client can be of two types:
+ * People (via browser, or perhaps command line tool)
+ * Compute process talking to another computer process.
+
+In larger systems, it is atypical to have just one connection, but will the call initiated by the initial actor will cause additional calls after it. Thus, we demonstrate both a client call, and a subsequent call in the following:
+
+Thus, the essential building blocks of any networked system is made up of a caller and any subsquent calls.
+
+.. image:: images/SecurityArchBasic_1.svg
+ :width: 70%
+ :align: center
+
+
+Communicating *Securely*
+------------------------
+Whenever two processing entities exist that need to communicate securely, it is *essential* that
+ * The communications between the two are encrypted
+ * The identities of the caller and callee are established (authentication)
+ * The caller must be allowed to do what it is asking to do (authorization)
+
+
+**Encryption**
+
+Encryption is provided by HTTP/S with the TLS 1.2+ protocol. Lesser protocols can also be added, but it is highly recommended that the protocol go no lower than TLS 1.1
+
+.. image:: images/SecurityArchBasic_TLS.svg
+ :width: 70%
+ :align: center
+
+**Establishing Identity**
+
+*Client Side*
+
+In order to be secure of the Server Identity, the client will:
+ * Carefully select the Endpoint for the server (URL)
+ * The Service side Certificate chain obtained by TLS must ultimately be signed by a Certificate Authority that is trusted.
+
+*Server Side*
+
+The server side is a little harder to accomplish, because, while a client can choose carefully whom he contacts, the server, ultimately, might be contacted by literally anyone.
+
+To solve this difficult problem, the CADI Framework Filter is attached to the incoming transaction before any code by Application 1 or Application 2 is invoked. The CADI Framework does the following:
+ A) Establishes the claimed Identity (this differs by Protocol)
+
+ i) The Identity needs to be a Fully Qualified Identity (FQI), meaning it has
+
+ #) An ID approved by Organization (such as bob)
+ #) A Domain establishing where the Credential is defined (ex: @bobs.garage.com)
+ #) FQI Example: bob@bobs.garage.com
+
+ B) Validates the credential of the FQI ( *Authentication* )
+
+ i) Basic Auth (User/Password) is validated against the system supporting the domain
+ ii) AAF Certman can create a fine-grained X509 certificate, which can derive FQI
+ iii) If the FQI fails the Credential test in any way, the transaction is terminated
+
+ C) Obtain *Authorization* information
+
+ i) This might include a call to AAF which will return all the Permissions of the User per Application Context
+ ii) This might involve pulling these from Cache
+ iii) This also might be pulled from Token
+
+.. image:: images/SecurityArchCADI.svg
+ :width: 70%
+ :align: center
+
+Enabling the Client to Send Securely
+------------------------------------
+
+Once a secure scenario is in place, the client must provide more information, or he will be rejected by the secured server.
+
+ * FQI (Fully Qualified Identity)
+ * Credential
+ * If User/Password, then the client must send via "BasicAuth" Protocol
+ * If two-way X509 identity, then the client must load the Cert and Private Key into the Client Software outside of the calling process.
+ * If Token based Identity, such as OAuth2, the token must be placed on the call in just the right way.
+ * Upstream Identity
+ * Application Two might well want to process Authorizations based on the *end-user*, not the current caller. In this scenario, Application One must provide the End User FQI in addition to its own before Application Two will accept.
+
+In order to do this efficiently, ONAP services will use the CADI Client, which includes
+ * Connection Information by Configuration
+ * Encryption of any sensitive information in Configuration, such as Password, so that Configuration files will have no clear-text secrets.
+ * Highly scalable Endpoint information (at the very least, of AAF components)
+ * The ability to propogate the Identity of originating Caller (User One)
+
+.. image:: images/SecurityArchCADIClient.svg
+ :width: 70%
+ :align: center
+
+
+Obtaining Security Information
+------------------------------
+
+In order for the client and server to perform securely, the need information they can trust, including
+ * TLS needs X509 Certificate for the Server and any Client wishing to authenticate using Certificates
+ * Any User/Password Credentials need to be validated real time
+ * The server needs comprehensible Authorization information, preferably at the Application Scope
+ * The client needs to find a server, even if the server must be massively geo-scaled
+
+The AAF Suite provides the following elements:
+ * AAF Service
+ This service provides fine-grained Authorization information, and can, if required, also provide specialized Passwords for Applications (that allow for configuration migrations without a maintainance window)
+ * OAuth
+ AAF provides Token and Introspection service, but can also delegate to Organizatinally defined OAuth Services as well.
+ * Locator
+ Provides machine and port information by geo-location for massively scalable services. This is optional for ONAP services, but required for AAF as part of its reliability and scalability solution.
+ * GUI
+ AAF provides a GUI for managing Namespaces (for Applications), Roles, Permissions and Credentials.
+ * Certificate Manager
+ Since AAF has fine-grained information about Identities, it can provide Certificates with FQIs embedded. CADI Framework understands when and how to trust these FQIs. When used, these Certificates provide enhanced speed and additional resiliency to the system, as they do not require network connections to validate.
+
+.. image:: images/SecurityArchAAF.svg
+ :width: 30%
+ :align: center
+
+The Organization
+----------------
+
+AAF is only a tool to reflect the Organization it is setup for. AAF does not, for instance, know what IDs are acceptable to a particular company. Every Organization (or Company) will also likely have its own Certificate Authority and DNS. Most importantly, each Organzation will have a hierarchy of who is responsible for any give person or application.
+
+ * AAF's Certman connects to the Organization's CA via SCEP protocol (Others can be created as well)
+ * AAF ties into the Organizational hierarchy. Currently, this is through a feed of IDs and relationships.
+ * AAF can process some Passwords, but delegate off others based on domain.
+
+.. image:: images/SecurityArchAAFOrg.svg
+ :width: 70%
+ :align: center
+
+The Whole Picture
+-----------------
+
+CADI is a framework that enforces validations of Identities, and uses those Identities to obtain Authorization information for the Server. The CADI client ensures that the right information is passed during secure connections.
+
+AAF provides essential information based on the Organization to services in order to enable secure transactions between components. It also provides sustaining processing capabilities to ensure that Credentials and Authorization relationships are maintained.
+
+.. image:: images/SecurityArchFull.svg
+ :width: 90%
+ :align: center
+
+
diff --git a/docs/sections/configuration/client.rst b/docs/sections/configuration/client.rst
new file mode 100644
index 00000000..31106b88
--- /dev/null
+++ b/docs/sections/configuration/client.rst
@@ -0,0 +1,211 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+Client Configuration
+====================
+
+TEST version of "cadi.properties"
+---------------------------------
+These properties point you to the ONAP TEST environment.
+
+Properties are separated into
+
+ * etc
+ * main Property file which provides Client specific info. As a client, this could be put in container, or placed on Host Box
+ * The important thing is to LINK the property with Location and Certificate Properties, see "local"
+ * local
+ * where there is Machine specific information (i.e. GEO Location (Latitude/Longitude)
+ * where this is Machine specific Certificates (for running services)
+ * This is because the certificates used must match the Endpoint that the Container is running on
+ * Note Certificate Manager can Place all these components together in one place.
+ * For April, 2018, please write Jonathan.gathman@att.com for credentials until TEST Env with Certificate Manager is fully tested. Include
+ 1. AAF Namespace (you MUST be the owner for the request to be accepted)
+ 2. Fully Qualified App ID (ID + Namespace)
+ 3. Machine to be deployed on.
+
+Client Credentials
+------------------
+For Beijing, full TLS is expected among all components. AAF provides the "Certificate Manager" which can "Place" Certificate information
+
+Example Source Code
+-------------------
+Note the FULL class is available in the authz repo, cadi_aaf/org/onap/aaf/client/sample/Sample.java
+
+.. code:: java
+
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.client.sample;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.principal.UnAuthPrincipal;
+import org.onap.aaf.cadi.util.Split;
+import org.onap.aaf.misc.env.APIException;
+
+public class Sample {
+ private static Sample singleton;
+ final private AAFConHttp aafcon;
+ final private AAFLurPerm aafLur;
+ final private AAFAuthn<?> aafAuthn;
+
+ /**
+ * This method is to emphasize the importance of not creating the AAFObjects over and over again.
+ * @return
+ */
+ public static Sample singleton() {
+ return singleton;
+ }
+
+ public Sample(Access myAccess) throws APIException, CadiException, LocatorException {
+ aafcon = new AAFConHttp(myAccess);
+ aafLur = aafcon.newLur();
+ aafAuthn = aafcon.newAuthn(aafLur);
+ }
+
+ /**
+ * Checking credentials outside of HTTP/S presents fewer options initially. There is not, for instance,
+ * the option of using 2-way TLS HTTP/S.
+ *
+ * However, Password Checks are still useful, and, if the Client Certificate could be obtained in other ways, the
+ * Interface can be expanded in the future to include Certificates.
+ * @throws CadiException
+ * @throws IOException
+ */
+ public Principal checkUserPass(String fqi, String pass) throws IOException, CadiException {
+ String ok = aafAuthn.validate(fqi, pass);
+ if(ok==null) {
+ System.out.println("Success!");
+ /*
+ UnAuthPrincipal means that it is not coming from the official Authorization chain.
+ This is useful for Security Plugins which don't use Principal as the tie between
+ Authentication and Authorization
+
+ You can also use this if you want to check Authorization without actually Authenticating, as may
+ be the case with certain Onboarding Tooling.
+ */
+ return new UnAuthPrincipal(fqi);
+ } else {
+ System.out.printf("Failure: %s\n",ok);
+ return null;
+ }
+
+
+ }
+
+ /**
+ * An example of looking for One Permission within all the permissions user has. CADI does cache these,
+ * so the call is not expensive.
+ *
+ * Note: If you are using "J2EE" (Servlets), CADI ties this function to the method:
+ * HttpServletRequest.isUserInRole(String user)
+ *
+ * The J2EE user can expect that his servlet will NOT be called without a Validated Principal, and that
+ * "isUserInRole()" will validate if the user has the Permission designated.
+ *
+ */
+ public boolean oneAuthorization(Principal fqi, Permission p) {
+ return aafLur.fish(fqi, p);
+ }
+
+ public List<Permission> allAuthorization(Principal fqi) {
+ List<Permission> pond = new ArrayList<Permission>();
+ aafLur.fishAll(fqi, pond);
+ return pond;
+ }
+
+
+ public static void main(String[] args) {
+ // Note: you can pick up Properties from Command line as well as VM Properties
+ // Code "user_fqi=... user_pass=..." (where user_pass can be encrypted) in the command line for this sample.
+ // Also code "perm=<perm type>|<instance>|<action>" to test a specific Permission
+ PropAccess myAccess = new PropAccess(args);
+ try {
+ /*
+ * NOTE: Do NOT CREATE new aafcon, aafLur and aafAuthn each transaction. They are built to be
+ * reused!
+ *
+ * This is why this code demonstrates "Sample" as a singleton.
+ */
+ singleton = new Sample(myAccess);
+ String user = myAccess.getProperty("user_fqi");
+ String pass= myAccess.getProperty("user_pass");
+
+ if(user==null || pass==null) {
+ System.err.println("This Sample class requires properties user_fqi and user_pass");
+ } else {
+ pass = myAccess.decrypt(pass, false); // Note, with "false", decryption will only happen if starts with "enc:"
+ // See the CODE for Java Methods used
+ Principal fqi = Sample.singleton().checkUserPass(user,pass);
+
+ if(fqi==null) {
+ System.out.println("OK, normally, you would cease processing for an "
+ + "unauthenticated user, but for the purpose of Sample, we'll keep going.\n");
+ fqi=new UnAuthPrincipal(user);
+ }
+
+ // AGAIN, NOTE: If your client fails Authentication, the right behavior 99.9%
+ // of the time is to drop the transaction. We continue for sample only.
+
+ // note, default String for perm
+ String permS = myAccess.getProperty("perm","org.osaaf.aaf.access|*|read");
+ String[] permA = Split.splitTrim('|', permS);
+ if(permA.length>2) {
+ final Permission perm = new AAFPermission(permA[0],permA[1],permA[2]);
+ // See the CODE for Java Methods used
+ if(singleton().oneAuthorization(fqi, perm)) {
+ System.out.printf("Success: %s has %s\n",fqi.getName(),permS);
+ } else {
+ System.out.printf("%s does NOT have %s\n",fqi.getName(),permS);
+ }
+ }
+
+
+ // Another form, you can get ALL permissions in a list
+ // See the CODE for Java Methods used
+ List<Permission> permL = singleton().allAuthorization(fqi);
+ if(permL.size()==0) {
+ System.out.printf("User %s has no Permissions THAT THE CALLER CAN SEE",fqi.getName());
+ } else {
+ System.out.print("Success:\n");
+ for(Permission p : permL) {
+ System.out.printf("\t%s has %s\n",fqi.getName(),p.getKey());
+ }
+ }
+ }
+ } catch (APIException | CadiException | LocatorException | IOException e) {
+ e.printStackTrace();
+ }
+ }
+} \ No newline at end of file
diff --git a/docs/sections/configuration/index.rst b/docs/sections/configuration/index.rst
new file mode 100644
index 00000000..cc65cad3
--- /dev/null
+++ b/docs/sections/configuration/index.rst
@@ -0,0 +1,12 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Configuration
+=============
+.. toctree::
+ :maxdepth: 2
+ :glob:
+
+ *
+
diff --git a/docs/sections/configuration/service.rst b/docs/sections/configuration/service.rst
new file mode 100644
index 00000000..7cbbb748
--- /dev/null
+++ b/docs/sections/configuration/service.rst
@@ -0,0 +1,5 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+Service Configuration
+=====================
diff --git a/docs/sections/installation/Bootstrapping-AAF-Components.rst b/docs/sections/installation/Bootstrapping-AAF-Components.rst
new file mode 100644
index 00000000..2bb329d6
--- /dev/null
+++ b/docs/sections/installation/Bootstrapping-AAF-Components.rst
@@ -0,0 +1,256 @@
+.. contents::
+ :depth: 3
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Summary
+Essentials
+Technologies required to run AAF
+Optional Technologies for special cases
+Data Definitions
+AAF Data Definitions
+ILM (Identity Lifecycle Management)
+Initializing Default Implementation
+Extract Sample Configuration
+Certificate Authority
+Creating your own Certificate Authority (if desired)
+Create your Intermediate CAs
+Use the Intermediate CA for creating Service/Identity Certs (can be utilized by Certman with LocalCA)
+Copy initializations to Host Machine
+Load Data and/or Meta-Data into Cassandra
+Build Source
+Run Java
+
+Summary
+-------
+
+AAF Components are all Java(tm) HTTP/S based RESTful services, with the following exceptions:
+
+ - AAF GUI component is an HTTP/S HTML5 generating component. It uses the same code base, but isn't strictly RESTful according to definition.
+ - AAF FS component is a FileServer, and is HTTP only (not TLS), so it can deliver publicly accessible artifacts without Authentication.
+
+Essentials
+==========
+
+Technologies required to run AAF
+--------------------------------
+
+ - Java(tm). Version 8.121+
+ - Oracle Java previous to Oracle Java SE 8 to version 8 Update 121 is vulnerable to "SWEET32" attack.
+
+ 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
+
+ - Cassandra, Version 2.1.14+
+ - X509 Certificates (at minimum to support HTTP/S TLS transactions (TLS1.1 and TLS1.2 are default, but can be configured).
+
+Optional Technologies for special cases
+---------------------------------------
+
+ - Build your own Certificate Authority for Bootstrapping and/or Certificate Manager component.
+ - openssl
+ - bash
+
+Data Definitions
+----------------
+
+AAF Data Definitions
+
+ - AAF is Data Driven, and therefore, needs to have some structure around the Initial Data so that it can function. You will need to define:
+
+Your Organization:
+ - Example: Are you a company? Do you already have a well known internet URL?
+ - If so, you should set up AAF Namespaces with this in mind. Example:
+
+ - for "Kumquat Industries, LTD", with internet presence "kumquats4you.com" (currently, a fictitious name), you would want all your AAF Namespaces to start with:
+
+"com.kumquats4you"
+The examples all use
+
+"org.osaaf"
+
+However it is recommended that you change this once you figure out your organizations' structure.
+Your AAF Root Namespace
+This can be within your company namespace, i.e.
+
+"com.kumquats4you.aaf"
+
+but you might consider putting it under different root structure.
+Again, the bootstrapping examples use:
+
+"org.osaaf.aaf"
+
+While creating these, recognize that
+2nd position of the Namespace indicates company/organization
+3rd+ position are applications within that company/organization
+
+"com.kumquats4you.dmaap"
+
+Following this "positional" structure is required for expected Authorization behavior.
+
+
+ILM (Identity Lifecycle Management)
+Neither Authentication nor Authorization make any sense outside the context of Identity within your Organization.
+
+Some organizations or companies will have their own ILM managers.
+
+If so you may write your own implementation of "Organization"
+Ensure the ILM of choice can be access real-time, or consider exporting the data into File Based mechanism (see entry)
+AAF comes with a "DefaultOrganization", which implements a file based localization of ILM in a simple text file
+
+Each line represents an identity in the organization, including essential contact information, and reporting structure
+This file can be updated by bringing in the entire file via ftp or other file transfer protocol, HOWEVER
+Provide a process that
+Validates no corruption has occurred
+Pulls the ENTIRE file down before moving into the place where AAF Components will see it.
+Take advantage of UNIX File System behaviors, by MOVING the file into place (mv), rather than copying while AAF is Active
+Note: This file-based methodology has been shown to be extremely effective for a 1 million+ Identity organization
+TBA-how to add an entry
+
+TBA-what does "sponsorship mean"
+
+Initializing Default Implementation
+This is recommended for learning/testing AAF. You can modify and save off this information for your Organizational use at your discretion.
+
+Extract Sample Configuration
+On your Linux box (creating/setting permissions as required)
+
+mkdir -p /opt/app/osaaf
+
+cd /opt/app/osaaf
+
+# Download AAF_sample_config_v1.zip (TBA)
+
+jar -xvf AAF_sample_config_v1.zip
+
+Certificate Authority
+You need to identify a SAFE AND SECURE machine when working with your own Certificate Authority. Realize that if a hacker gets the private keys of your CA or Intermediate CAs, you will be TOTALLY Compromised.
+
+For that reason, many large companies will isolate any machines dealing with Certificates, and that is the recommendation here as well... However, this page cannot explain what works best for you. JSCEP is an option if you have this setup already.
+
+If you choose to make your own CA, at the very least, once you create your private key for your Root Cert, and your Intermediate Certs, you might consider saving your Private Keys off line and removing from the exposed box. Again, this is YOUR responsibility, and must follow your policy.
+
+
+
+IMPORTANT! As you create Certificates for Identities, the Identities you use MUST be identities in your ILM. See /opt/app/aaf/osaaf/data/identities.dat
+
+Creating your own Certificate Authority (if desired)
+1) Obtain all the Shell Scripts from the "conf/CA" directory which you can get the from the git repo.
+
+For this example, we'll put everything in /opt/app/osaaf
+
+mkdir /opt/app/osaaf/CA, if required
+
+$ cd /opt/app/osaaf/CA
+
+view README.txt for last minute info
+
+view an/or change "subject.aaf" for your needs. This format will be used on all generated certs from the CA.
+
+$ cat subject.aaf
+
+If you will be using PKCS11 option, review the "cfg.pkcs11" file as well
+
+$ cat cfg.pkcs11
+
+$ bash newca.sh
+
+Obviously, save off your passphrase in an encrypted place... how you do this is your procedure
+
+At this point, your Root CA information has been created. If you want to start over, you may use "bash clean.sh"
+
+Create your Intermediate CAs
+2) You do NOT sign regular Cert requests with your Root. You only sign with Intermediate CA. The "intermediate.sh" will create a NEW Intermediate CA Directory and copy appropriate Shell scripts over. Do this for as many Intermediate CAs as you need.
+
+$ bash newIntermediate.sh
+
+creates directories in order, intermediate_1, intermediate_2, etc.
+
+Use the Intermediate CA for creating Service/Identity Certs (can be utilized by Certman with LocalCA)
+3) When creating a Manual Certificate, DO THIS from the Intermediate CA needed
+
+$ cd intermediate_1
+
+4) Create initial Certificate for AAF
+
+IMPORTANT! As you create Certificates for Identities, the Identities you use MUST be identities in your ILM. See /opt/app/aaf/osaaf/data/identities.dat
+
+To create LOCALLY, meaning create the CSR, and submit immediately, do the following
+
+$ bash manual.sh <machine-name> -local
+
+FQI (Fully Qualified Identity):
+
+<identity from identities.dat>@<domain, ex: aaf.osaaf.org>
+
+To create Information suitable for Emailing, and signing the returned CSR
+
+$ bash manual.sh <machine-name>
+
+FQI (Fully Qualified Identity):
+
+<identity from identities.dat>@<domain, ex: aaf.osaaf.org>
+
+5) Create p12 file for AAF
+
+REMAIN in the intermediate directory...
+
+$ bash p12.sh <machine-name>
+
+Copy initializations to Host Machine
+AAF is setup so it can run
+
+On the O/S, using Java
+On Docker
+On K8
+In each case, even for Docker/K8, we utilize the File O/S for host specific information. This is because
+
+Many things are Host Specific
+The Hostname required for TLS interactions
+Cassandra specific information (when external/clustered)
+Logging (if logging is done in container, it will be lost if container goes down)
+To make things simpler, we are assuming that the file structure will be "/opt/app/osaaf". The code supports changing this, but documentation will wait until use cases arises for ONAP.
+
+Steps:
+
+1) Copy "osaaf.zip" to your Host Machine, where osaaf.zip is provided by AAF SME. // TODO POST SAMPLE HERE
+
+2) Copy your "p12" file generated by your CA (see above), and place in your "certs" directory
+
+3) SSH (or otherwise login) to your Docker/K8 Host Machine
+
+4) setup your directories (you might need to be root, then adjust what you need for O/S File Permissions
+
+$ mkdir /opt/app/osaaf
+
+$ cd /opt/app/osaaf
+
+$ mkdir cred logs
+
+$ unzip ~/osaaf.zip
+
+$ mv ~/<p12 file from CA above> cred
+
+$
+
+Unzip the "osaaf.zip" so it goes into the /opt/app/osaaf directory (should have "etc", "data", "public" and "certs" directories)
+
+4) Modify "org.osaaf.props" to have
+
+
+
+Load Data and/or Meta-Data into Cassandra
+Setting this initial Data can be done directly onto Cassadra using "cqlsh" using the following "cql" files:
+
+init<version>.cql (whatever is latest in the "zip" file)
+osaaf.cql
+ This file contains initial Authorization Structures, see AAF Data Structures.
+ This is where you would modify your own initial Structures.
+Build Source
+(if not done already)
+
+Run Java
+Note: If you have a Kubernets requirement (support), it is STILL RECOMMENDED you run AAF as stand-alone Java Components on your system, and work out any modifications required BEFORE trying to run in Kubernetes.
+
+TBA <java -Dcadi_prop_files=/opt/app/osaaf/etc/org.osaaf.locator.props -cp <path> File>
+
diff --git a/docs/sections/installation/Installation.rst b/docs/sections/installation/Installation.rst
new file mode 100644
index 00000000..1852f848
--- /dev/null
+++ b/docs/sections/installation/Installation.rst
@@ -0,0 +1,19 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+Installation
+============
+
+Environment
+-----------
+
+
+Steps
+-----
+
+
+
+
+Testing
+-------
+
diff --git a/docs/sections/installation/fromsource.rst b/docs/sections/installation/fromsource.rst
new file mode 100644
index 00000000..6586ff5b
--- /dev/null
+++ b/docs/sections/installation/fromsource.rst
@@ -0,0 +1,7 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+AAF From Source Code
+====================
+
diff --git a/docs/sections/installation/index.rst b/docs/sections/installation/index.rst
new file mode 100644
index 00000000..a3aeddec
--- /dev/null
+++ b/docs/sections/installation/index.rst
@@ -0,0 +1,12 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Installation
+============
+.. toctree::
+ :maxdepth: 2
+ :glob:
+
+ *
+
diff --git a/docs/sections/installation/standalone.rst b/docs/sections/installation/standalone.rst
new file mode 100644
index 00000000..5c8cb651
--- /dev/null
+++ b/docs/sections/installation/standalone.rst
@@ -0,0 +1,7 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+
+Standalone Java Installation
+============================
+
diff --git a/docs/sections/logging.rst b/docs/sections/logging.rst
new file mode 100644
index 00000000..9064b597
--- /dev/null
+++ b/docs/sections/logging.rst
@@ -0,0 +1,70 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+Logging
+=======
+
+.. note::
+ * This section is used to describe the informational or diagnostic messages emitted from
+ a software component and the methods or collecting them.
+
+ * This section is typically: provided for a platform-component and sdk; and
+ referenced in developer and user guides
+
+ * This note must be removed after content has been added.
+
+
+Where to Access Information
+---------------------------
+AAF uses log4j framework to generate logs and all the logs are stored in a persistent volume.
+
+Error / Warning Messages
+------------------------
+Following are the error codes
+
+| Create a Permission - Expected=201, Explicit=403, 404, 406, 409
+| Set Description for Permission - Expected=200, Explicit=404, 406
+| Delete a Permission Expected=200, Explicit=404, 406
+| Update a Permission - Expected=200, Explicit==04, 406, 409
+| Get Permissions by Type - Expected=200, Explicit=404, 406
+| Get Permissions by Key - Expected=200, Explicit=404, 406
+| Get PermsByNS - Expected=200, Explicit==404, 406
+| Get Permissions by Role - Expected=200, Explicit=404, 406
+| Get Permissions by User, Query AAF Perms - Expected=200, Explicit=404, 406
+| Get Permissions by User - Expected=200, Explicit=404, 406
+| Create Role - Expected=201, Explicit=403, 404, 406, 409
+| Set Description for role= - Expected=200, Explicit=404, 406
+| Delete Role - Expected=200, Explicit==404, 406
+| Delete Permission from Role - Expected=200, Explicit=404, 406
+| Add Permission to Role - Expected=201, Explicit=403, 404, 406, 409
+| Set a Permission's Roles - Expected=201, Explicit=403, 404, 406, 409
+| GetRolesByFullName - Expected=200, Explicit=404, 406
+| GetRolesByNameOnly - Expected=200, Explicit=404, 406
+| GetRolesByNS - Expected=200, Explicit=404, 406
+| GetRolesByPerm - Expected=200, Explicit=404, 406
+| GetRolesByUser - Expected=200, Explicit=404, 406
+| Request User Role Access - Expected=201, Explicit=403, 404, 406, 409
+| Get if User is In Role - Expected=200, Explicit=403, 404, 406
+| Delete User Role - Expected=200, Explicit=403, 404, 406
+| Update Users for a role - Expected=200, Explicit=403, 404, 406
+| Update Roles for a user - Expected=200, Explicit=403, 404, 406
+| Get UserRoles by Role - Expected=200, Explicit=404, 406
+| Get UserRoles by User - Expected=200, Explicit=404, 406
+| Create a Namespace - Expected=201, Explicit=403, 404, 406, 409
+| Set a Description for a Namespace - Expected=200, Explicit=403, 404, 406
+| Delete a Namespace - Expected=200, Explicit=403, 404, 424
+| Add an Admin to a Namespace - Expected=201, Explicit=403, 404, 406, 409
+| Remove an Admin from a Namespace - Expected=200, Explicit=403, 404
+| Delete an Attribute from a Namespace - Expected=200, Explicit=403, 404
+| Add an Attribute from a Namespace - Expected=201, Explicit=403, 404, 406, 409
+| update an Attribute from a Namespace - Expected=200, Explicit=403, 404
+| Add a Responsible Identity to a Namespace - Expected=201, Explicit=403, 404, 406, 409
+| Remove a Responsible Identity from Namespace - Expected=200, Explicit=403, 404
+| get Ns Key List From Attribute - Expected=200, Explicit=403, 404
+| Return Information about Namespaces - Expected=200, Explicit=404, 406
+| Return Child Namespaces - Expected=200, Explicit=403, 404
+| Get Users By Permission - Expected=200, Explicit=404, 406
+| Get Users By Role - Expected=200, Explicit=403, 404, 406
+| Is given BasicAuth valid? - Expected=200, Explicit=403
+| Is given Credential valid? - Expected=200, Explicit=403
+
diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst
new file mode 100644
index 00000000..c3f74ade
--- /dev/null
+++ b/docs/sections/release-notes.rst
@@ -0,0 +1,72 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+
+Release Notes
+=============
+
+
+
+Version: 2.1.0
+--------------
+
+
+:Release Date: 2018-06-07
+
+
+
+**New Features**
+
+This release fixes the packaging and security issues.
+
+**Bug Fixes**
+ NA
+**Known Issues**
+ NA
+
+**Security Notes**
+
+AAF code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The AAF open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28380057>`_.
+
+Quick Links:
+ - `AAF project page <https://wiki.onap.org/display/DW/Application+Authorization+Framework+Project>`_
+
+ - `Passing Badge information for AAF <https://bestpractices.coreinfrastructure.org/en/projects/1758>`_
+
+ - `Project Vulnerability Review Table for AAF <https://wiki.onap.org/pages/viewpage.action?pageId=28380057>`_
+
+**Upgrade Notes**
+ NA
+
+**Deprecation Notes**
+
+Version: 1.0.1
+
+Release Date: 2017-11-16
+
+
+New Features:
+
+ - Service (primary) – All the Authorization information (more on that in a bit)
+ - Locate – how to find ANY OR ALL AAF instances across any geographic distribution
+ - OAuth 2.0 – new component providing Tokens and Introspection (no time to discuss here)
+ - GUI – Tool to view and manage Authorization Information, and create Credentials
+ - Certman – Certificate Manger, create and renew X509 with Fine-Grained Identity
+ - FS – File Server to provide access to distributable elements (like well known certs)
+ - Hello - Test your client access (certs, OAuth 2.0, etc)
+
+
+
+
+Bug Fixes
+ - `AAF-290 <https://jira.onap.org/browse/AAF-290>`_ Fix aaf trusrstore
+ - `AAF-270 <https://jira.onap.org/browse/AAF-270>`_ AAF fails health check on HEAT deployment
+ - `AAF-286 <https://jira.onap.org/browse/AAF-286>`_ SMS fails health check on OOM deployment
+ - `AAF-273 <https://jira.onap.org/browse/AAF-273>`_ Cassandra pod running over 8G heap - or 10% of ONAP ram (for 135 other pods on 256G 4 node cluster)
+
+
+Known Issues
+ -
+
+Other
+
diff --git a/misc/env/pom.xml b/misc/env/pom.xml
index d1e3ad95..9a725b9f 100644
--- a/misc/env/pom.xml
+++ b/misc/env/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/misc/log4j/pom.xml b/misc/log4j/pom.xml
index 31d8f9f5..ed277b29 100644
--- a/misc/log4j/pom.xml
+++ b/misc/log4j/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java b/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java
index a98ba7c0..c6537deb 100644
--- a/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java
+++ b/misc/log4j/src/main/java/org/onap/aaf/misc/env/log4j/LogFileNamer.java
@@ -59,15 +59,14 @@ public class LogFileNamer {
* @throws IOException
*/
public String setAppender(String appender) throws IOException {
- String filename;
int i = 0;
File f;
- while ((f = new File(filename = String.format(FILE_FORMAT_STR, dir, root, appender, ending, i))).exists()) {
+ while ((f = new File(String.format(FILE_FORMAT_STR, dir, root, appender, ending, i))).exists()) {
++i;
}
- ;
+
f.createNewFile();
- System.setProperty("LOG4J_FILENAME_" + appender, filename);
+ System.setProperty("LOG4J_FILENAME_" + appender, f.getCanonicalPath());
return appender;
}
diff --git a/misc/log4j/src/test/java/org/onap/aaf/misc/env/log4j/JU_LogFileNamerTest.java b/misc/log4j/src/test/java/org/onap/aaf/misc/env/log4j/JU_LogFileNamerTest.java
index 0ee79a5f..b96d6dd0 100644
--- a/misc/log4j/src/test/java/org/onap/aaf/misc/env/log4j/JU_LogFileNamerTest.java
+++ b/misc/log4j/src/test/java/org/onap/aaf/misc/env/log4j/JU_LogFileNamerTest.java
@@ -34,6 +34,7 @@ import org.junit.Before;
import org.junit.Test;
public class JU_LogFileNamerTest {
+ private File dir = new File(".");
private String ending = new SimpleDateFormat("YYYYMMdd").format(new Date());
@@ -43,26 +44,26 @@ public class JU_LogFileNamerTest {
@Test
public void test() throws IOException {
- LogFileNamer logFileNamer = new LogFileNamer(".", "log");
+ LogFileNamer logFileNamer = new LogFileNamer(dir.getCanonicalPath(), "log");
assertEquals(logFileNamer, logFileNamer.noPID());
logFileNamer.setAppender("Append");
- assertEquals(System.getProperty("LOG4J_FILENAME_Append"), "./log-Append" + ending + "_0.log");
+ assertEquals(System.getProperty("LOG4J_FILENAME_Append"), dir.getCanonicalFile()+"/log-Append" + ending + "_0.log");
logFileNamer.setAppender("Append");
- assertEquals(System.getProperty("LOG4J_FILENAME_Append"), "./log-Append" + ending + "_1.log");
+ assertEquals(System.getProperty("LOG4J_FILENAME_Append"), dir.getCanonicalFile()+"/log-Append" + ending + "_1.log");
}
@Test
public void testBlankRoot() throws IOException {
- LogFileNamer logFileNamer = new LogFileNamer(".", "");
+ LogFileNamer logFileNamer = new LogFileNamer(dir.getCanonicalPath(), "");
assertEquals(logFileNamer, logFileNamer.noPID());
logFileNamer.setAppender("Append");
- assertEquals(System.getProperty("LOG4J_FILENAME_Append"), "./Append" + ending + "_0.log");
+ assertEquals(System.getProperty("LOG4J_FILENAME_Append"), dir.getCanonicalPath()+"/Append" + ending + "_0.log");
logFileNamer.setAppender("Append");
- assertEquals(System.getProperty("LOG4J_FILENAME_Append"), "./Append" + ending + "_1.log");
+ assertEquals(System.getProperty("LOG4J_FILENAME_Append"), dir.getCanonicalPath()+"/Append" + ending + "_1.log");
}
@After
diff --git a/misc/pom.xml b/misc/pom.xml
index d35dd721..a4945a67 100644
--- a/misc/pom.xml
+++ b/misc/pom.xml
@@ -25,12 +25,12 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
</parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
<name>AAF Misc Parent</name>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<packaging>pom</packaging>
diff --git a/misc/rosetta/pom.xml b/misc/rosetta/pom.xml
index efd1c2fa..78ee5c9c 100644
--- a/misc/rosetta/pom.xml
+++ b/misc/rosetta/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
@@ -110,7 +110,6 @@
<inherited>true</inherited>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
- <version>2.3.2</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
@@ -135,7 +134,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <version>2.4</version>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<outputDirectory>target</outputDirectory>
@@ -151,7 +149,6 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.10</version>
<configuration>
<excludePackageNames>org.opendaylight.*</excludePackageNames>
</configuration>
@@ -159,7 +156,6 @@
<plugin>
<artifactId>maven-release-plugin</artifactId>
- <version>2.5.2</version>
<configuration>
<goals>-s ${mvn.settings} deploy</goals>
</configuration>
@@ -167,13 +163,11 @@
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.5.5</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
- <version>2.8.1</version>
<configuration>
<skip>false</skip>
</configuration>
@@ -183,13 +177,11 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
- <version>2.10</version>
</plugin>
<!-- Maven surefire plugin for testing -->
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
- <version>2.17</version>
<configuration>
<skipTests>false</skipTests>
<includes>
@@ -205,7 +197,6 @@
<plugin>
<groupId>org.eclipse.m2e</groupId>
<artifactId>lifecycle-mapping</artifactId>
- <version>1.0.0</version>
<configuration>
<lifecycleMappingMetadata>
<pluginExecutions>
@@ -235,7 +226,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -246,7 +236,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml
index 8aa12fa8..083c0dc2 100644
--- a/misc/xgen/pom.xml
+++ b/misc/xgen/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
diff --git a/pom.xml b/pom.xml
index 58871f87..ee90353f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.1.1-SNAPSHOT</version>
<name>AAF Overall Parent</name>
<packaging>pom</packaging>
@@ -64,7 +64,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -75,12 +74,10 @@
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
- <version>3.2</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/version.properties b/version.properties
index 26d89e3e..8e1fcaf6 100644
--- a/version.properties
+++ b/version.properties
@@ -27,10 +27,10 @@
major=2
minor=1
-patch=0
+patch=1
base_version=${major}.${minor}.${patch}
# Release must be completed with git revision # in Jenkins
release_version=${base_version}
-snapshot_version=${base_version}-SNAPSHOT \ No newline at end of file
+snapshot_version=${base_version}-SNAPSHOT