diff options
-rw-r--r-- | auth/auth-cass/src/main/cql/.gitignore | 5 | ||||
-rw-r--r-- | auth/auth-cass/src/main/cql/osaaf.cql | 61 | ||||
-rw-r--r-- | auth/sample/data/identities.dat | 9 | ||||
-rw-r--r-- | cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java | 4 | ||||
-rw-r--r-- | cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java | 19 |
5 files changed, 87 insertions, 11 deletions
diff --git a/auth/auth-cass/src/main/cql/.gitignore b/auth/auth-cass/src/main/cql/.gitignore index 5fd2ede3..ce22752c 100644 --- a/auth/auth-cass/src/main/cql/.gitignore +++ b/auth/auth-cass/src/main/cql/.gitignore @@ -1,4 +1 @@ -/.settings/ -/.project -/target/ -/.classpath +temp.cql diff --git a/auth/auth-cass/src/main/cql/osaaf.cql b/auth/auth-cass/src/main/cql/osaaf.cql index 83c7fdf0..e7385ab6 100644 --- a/auth/auth-cass/src/main/cql/osaaf.cql +++ b/auth/auth-cass/src/main/cql/osaaf.cql @@ -59,3 +59,64 @@ INSERT INTO role(ns, name, perms, description) INSERT INTO user_role(user,role,expires,ns,rname) VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400; + +// ONAP Specific Entities +// ONAP initial env Namespace +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap','ONAP','org',2,2); + +INSERT INTO ns (name,description,parent,scope,type) + VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','read',{ + 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor' + },'Portal Read Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner'); + +INSERT INTO perm(ns, type, instance, action, roles, description) + VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access'); + +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins'); + +// DEMO ID (OPS) +insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// ADMIN +insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); + +// DESIGNER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer'); + +// TESTER +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester'); + +// OPS +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops'); + +// GOVERNOR +INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); +INSERT INTO role(ns, name, perms, description) + VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor'); +INSERT INTO user_role(user,role,expires,ns,rname) + VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor'); + diff --git a/auth/sample/data/identities.dat b/auth/sample/data/identities.dat index dd4dbb1d..3c40e500 100644 --- a/auth/sample/data/identities.dat +++ b/auth/sample/data/identities.dat @@ -40,3 +40,12 @@ sunilu|Sunil Unnava|Sunil|Unnava|6094541858|sunil.unnava@att.com|e|ramkoya dmaapmr|DMaap Message Router|DMaap MR|Message Router||su622b@att.com|a|sunilu oof|OOF|OOF|OOF||sarat@research.att.com|a|saratp saratp|Sarat Puthenpura|Sarat|Puthenpura|9089012067|sarat@research.att.com|e|clefevre +# ONAP default Users +demo|PORTAL DEMO|PORTAL|DEMO|||e|jonathan +jh0003|PORTAL ADMIN|PORTAL|ADMIN|||e|jonathan +cs0008|PORTAL DESIGNER|PORTAL|DESIGNER|||e|jonathan +jm0007|PORTAL TESTER|PORTAL|TESTER|||e|jonathan +op0001|PORTAL OPS|PORTAL|OPS|||e|jonathan +gv0001|PORTAL GOVERNOR|PORTAL|GOVERNOR|||e|jonathan + + diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java index 41f237d6..84d23655 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java @@ -59,6 +59,8 @@ import aaf.v2_0.Perms; * */ public class AAFLurPerm extends AbsAAFLur<AAFPermission> { + private static final String ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR = "org.osaaf.cadi.oauth.OAuth2Lur"; + /** * Need to be able to transmutate a Principal into either ATTUID or MechID, which are the only ones accepted at this * point by AAF. There is no "domain", aka, no "@att.com" in "ab1234@att.com". @@ -90,7 +92,7 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> { Constructor<?> tmconst = tmcls.getConstructor(AAFCon.class,String.class); Object tokMangr = tmconst.newInstance(con,oauth2_url); @SuppressWarnings("unchecked") - Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access,"org.osaaf.cadi.oauth.OAuth2Lur"); + Class<Lur> oa2cls = (Class<Lur>)Config.loadClass(access,ORG_OSAAF_CADI_OAUTH_O_AUTH2_LUR); Constructor<Lur> oa2const = oa2cls.getConstructor(tmcls); Lur oa2 = oa2const.newInstance(tokMangr); setPreemptiveLur(oa2); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index c4634cf4..8525ac59 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -65,6 +65,7 @@ import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf; */ public class Config { + public static final String UTF_8 = "UTF-8"; // Property Names associated with configurations. @@ -142,14 +143,20 @@ public class Config { public static final String AAF_APPPASS = "aaf_password"; public static final String AAF_LUR_CLASS = "aaf_lur_class"; public static final String AAF_TAF_CLASS = "aaf_taf_class"; - public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf"; public static final String AAF_CONNECTOR_CLASS = "aaf_connector_class"; public static final String AAF_LOCATOR_CLASS = "aaf_locator_class"; public static final String AAF_CONN_TIMEOUT = "aaf_conn_timeout"; public static final String AAF_CONN_TIMEOUT_DEF = "3000"; public static final String AAF_CONN_IDLE_TIMEOUT = "aaf_conn_idle_timeout"; // only for Direct Jetty Access. public static final String AAF_CONN_IDLE_TIMEOUT_DEF = "10000"; // only for Direct Jetty Access. - + + // Default Classes: These are for Class loading to avoid direct compile links + public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf"; + public static final String AAF_LOCATOR_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFLocator"; + public static final String CADI_OLUR_CLASS_DEF = "org.onap.aaf.cadi.olur.OLur"; + public static final String CADI_OBASIC_HTTP_TAF_DEF = "org.onap.aaf.cadi.obasic.OBasicHttpTaf"; + public static final String CADI_AAF_CON_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFCon"; + public static final String AAF_CALL_TIMEOUT = "aaf_timeout"; public static final String AAF_CALL_TIMEOUT_DEF = "5000"; public static final String AAF_USER_EXPIRES = "aaf_user_expires"; @@ -223,7 +230,7 @@ public class Config { ///////////////////////////////////////////////////// // Setup AAFCon for any following ///////////////////////////////////////////////////// - Class<?> aafConClass = loadClass(access,"org.onap.aaf.cadi.aaf.v2_0.AAFCon"); + Class<?> aafConClass = loadClass(access,CADI_AAF_CON_DEF); Object aafcon = null; if(con!=null && aafConClass!=null && aafConClass.isAssignableFrom(con.getClass())) { aafcon = con; @@ -312,7 +319,7 @@ public class Config { if(!hasOAuthDirectTAF) { if(basic_realm!=null) { @SuppressWarnings("unchecked") - Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,"org.osaaf.cadi.obasic.OBasicHttpTaf"); + Class<HttpTaf> obasicCls = (Class<HttpTaf>)loadClass(access,CADI_OBASIC_HTTP_TAF_DEF); if(obasicCls!=null) { try { String tokenurl = logProp(access,Config.AAF_OAUTH2_TOKEN_URL, null); @@ -516,7 +523,7 @@ public class Config { String introspect_url = logProp(access,AAF_OAUTH2_INTROSPECT_URL, null); if(token_url!=null && introspect_url !=null) { try { - Class<?> olurCls = loadClass(access, "org.osaaf.cadi.olur.OLur"); + Class<?> olurCls = loadClass(access, CADI_OLUR_CLASS_DEF); if(olurCls!=null) { Constructor<?> olurCnst = olurCls.getConstructor(PropAccess.class,String.class,String.class); Lur olur = (Lur)olurCnst.newInstance(access,token_url,introspect_url); @@ -713,7 +720,7 @@ public class Config { } try { - Class<?> lcls = loadClass(access,"org.onap.aaf.cadi.aaf.v2_0.AAFLocator"); + Class<?> lcls = loadClass(access,AAF_LOCATOR_CLASS_DEF); if(lcls==null) { throw new CadiException("Need to include aaf-cadi-aaf jar for AAFLocator"); } |