diff options
18 files changed, 216 insertions, 106 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java index 45617f8b..661e40f7 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java @@ -39,7 +39,7 @@ public class ApprovalSet { protected FutureDAO.Data fdd; protected List<ApprovalDAO.Data> ladd; - public ApprovalSet(final GregorianCalendar start, final String target, final DataView dv) throws CadiException { + public ApprovalSet(final GregorianCalendar start, final String target, final DataView dv) { dataview = dv; fdd = new FutureDAO.Data(); fdd.id = Chrono.dateToUUID(System.currentTimeMillis()); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java index bf77b77b..91006c41 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java @@ -123,7 +123,7 @@ public class URApprovalSet extends ApprovalSet { fdd.target_key = key; } - private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) throws CadiException { + private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) { ApprovalDAO.Data add = new ApprovalDAO.Data(); add.id = Chrono.dateToUUID(System.currentTimeMillis()); add.ticket = fdd.id; diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java index 868f9ac2..37501967 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/CredDAO.java @@ -53,7 +53,8 @@ public class CredDAO extends CassDAOImpl<AuthzTrans,CredDAO.Data> { public static final String TABLE = "cred"; public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F public static final int RAW = -1; - public static final int FQI = 0; + public static final int NONE = 0; + public static final int FQI = 10; public static final int BASIC_AUTH = 1; public static final int BASIC_AUTH_SHA256 = 2; public static final int CERT_SHA256_RSA =200; diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java index 8d15c958..b0680621 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java @@ -27,6 +27,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.TreeMap; import java.util.TreeSet; import org.onap.aaf.auth.dao.cass.PermDAO; @@ -44,7 +45,7 @@ import org.onap.aaf.auth.layer.Result; * */ // Package on purpose -class PermLookup { +public class PermLookup { private AuthzTrans trans; private String user; private Question q; @@ -55,7 +56,7 @@ class PermLookup { private PermLookup() {} - static PermLookup get(AuthzTrans trans, Question q, String user) { + public static PermLookup get(AuthzTrans trans, Question q, String user) { PermLookup lp=null; Map<String, PermLookup> permMap = trans.get(Question.PERMS, null); if (permMap == null) { @@ -152,13 +153,32 @@ class PermLookup { List<PermDAO.Data> lpdd = new ArrayList<>(); for (String perm : rss.value) { if (lookup) { + Map<String,PermDAO.Data> mspdd = new TreeMap<>(); Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm); if (ap.isOK()) { Result<List<PermDAO.Data>> rlpd = q.permDAO().read(perm,trans,ap.value); if (rlpd.isOKhasData()) { for (PermDAO.Data pData : rlpd.value) { - lpdd.add(pData); + // ONLY add perms/roles which are related to this lookup + for(String pdr : pData.roles(false)) { + for(RoleDAO.Data r : roles.value) { + if(pdr.equals(r.encode())) { + PermDAO.Data pdd = mspdd.get(pData.fullPerm()); + if(pdd==null) { + pdd = new PermDAO.Data(); + pdd.ns = pData.ns; + pdd.type = pData.type; + pdd.instance = pData.instance; + pdd.action = pData.action; + pdd.description = pData.description; + lpdd.add(pdd); + } + pdd.roles(true).add(pdr); + break; + } + } + } } } } else { diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index ae6f371b..3abad1a5 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -974,6 +974,7 @@ public class Question { return Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0); case CredDAO.BASIC_AUTH: return Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0); + case CredDAO.FQI: default: return Result.ok(false); } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java index 42306c85..add5aed8 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/List.java @@ -166,7 +166,7 @@ public class List extends BaseCmd<NS> { case 0: return "NoCrd"; case 1: return "U/P"; case 2: return "U/P2"; - case 10: return "Cert"; + case 10: return "FQI"; case 200: return "x509"; default: return "n/a"; diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java index f8a633af..2f84f583 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/List.java @@ -104,7 +104,7 @@ public class List extends BaseCmd<Role> { if (roles==null || roles.getRole().isEmpty()) { pw().println("<No Roles Found>"); } else if (aafcli.isDetailed()){ - if (aafcli.isDetailed() && str[0].toLowerCase().contains(LIST_ROLES_BY_NAME)) { + if (str[0].toLowerCase().contains(LIST_ROLES_BY_NAME)) { String description = roles.getRole().get(0).getDescription(); if (description == null) description = ""; reportColHead("%-80s\n","Description: " + description); @@ -123,18 +123,24 @@ public class List extends BaseCmd<Role> { pw().format(roleFormat, "["+ns+"]"+roleName.substring(ns.length()),XXXX_XX_XX); } } else { - UserRole ur = get(roleName,urs); + String fullname; + if(ns==null) { + fullname = roleName; + } else { + fullname = ns+'.'+roleName; + } + UserRole ur = get(fullname,urs); if (ur!=null && now.compare(ur.getExpires().normalize())>0) { if (ns==null) { pw().format(roleExpiredFormat, roleName,Chrono.dateOnlyStamp(ur.getExpires())); } else { - pw().format(roleExpiredFormat, "["+ns+"]"+roleName.substring(ns.length()),Chrono.dateOnlyStamp(ur.getExpires())); + pw().format(roleExpiredFormat, "["+ns+"]."+roleName,Chrono.dateOnlyStamp(ur.getExpires())); } } else { if (ns==null) { pw().format(roleFormat, roleName,ur!=null?Chrono.dateOnlyStamp(ur.getExpires()):""); } else { - pw().format(roleFormat, "["+ns+"]"+roleName.substring(ns.length()),ur!=null?Chrono.dateOnlyStamp(ur.getExpires()):""); + pw().format(roleFormat, "["+ns+"]."+roleName,ur!=null?Chrono.dateOnlyStamp(ur.getExpires()):""); } } } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListByUser.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListByUser.java index bdcf1e50..2471c21a 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListByUser.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListByUser.java @@ -21,6 +21,9 @@ package org.onap.aaf.auth.cmd.role; +import java.util.Map; +import java.util.TreeMap; + import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.cmd.Cmd; import org.onap.aaf.auth.cmd.Param; @@ -30,10 +33,14 @@ import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; +import org.onap.aaf.cadi.util.Split; import org.onap.aaf.misc.env.APIException; +import aaf.v2_0.Perm; import aaf.v2_0.Perms; +import aaf.v2_0.Role; import aaf.v2_0.Roles; +import aaf.v2_0.UserRole; import aaf.v2_0.UserRoles; /** @@ -60,33 +67,63 @@ public class ListByUser extends Cmd { public Integer code(Rcli<?> client) throws CadiException, APIException { Perms perms=null; UserRoles urs=null; - Future<Roles> fr = client.read( - "/authz/roles/user/"+user+(aafcli.isDetailed()?"?ns":""), - getDF(Roles.class) - ); + Roles roles = null; + int code; Future<UserRoles> fur = client.read( "/authz/userRoles/user/"+user, getDF(UserRoles.class) ); - if (fr.get(AAFcli.timeout())) { - if (aafcli.isDetailed()) { - Future<Perms> fp = client.read( - "/authz/perms/user/"+user+(aafcli.isDetailed()?"?ns":""), - getDF(Perms.class) - ); - if (fp.get(AAFcli.timeout())) { - perms = fp.value; + if (fur.get(AAFcli.timeout())) { + urs = fur.value; + code = fur.code(); + } else { + error(fur); + return fur.code(); + } + + if (aafcli.isDetailed()) { + roles = new Roles(); + Future<Perms> fp = client.read( + "/authz/perms/user/"+user+"?ns&force", + getDF(Perms.class) + ); + if (fp.get(AAFcli.timeout())) { + Map<String, Role> rs = new TreeMap<>(); + perms = fp.value; + for( Perm p : perms.getPerm()) { + for(String sr : p.getRoles()) { + Role r = rs.get(sr); + if(r==null) { + r = new Role(); + String[] split = Split.split('|', sr); + if(split.length>1) { + r.setNs(split[0]); + r.setName(split[1]); + } else { + r.setName(sr); + } + rs.put(sr, r); + roles.getRole().add(r); + } + r.getPerms().add(p); + } } - } - if (fur.get(AAFcli.timeout())) { - urs = fur.value; - } - - ((List)parent).report(fr.value,perms,urs,HEADER,user); + } + code = fp.code(); } else { - error(fr); + roles = new Roles(); + java.util.List<Role> lr = roles.getRole(); + Role r; + for(UserRole ur : urs.getUserRole()) { + r = new Role(); + r.setName(ur.getRole()); + lr.add(r); + } } - return fr.code(); + + + ((List)parent).report(roles,perms,urs,HEADER,user); + return code; } }); } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java index a1cb3e7a..1dfcc17f 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java @@ -137,6 +137,8 @@ public class Cred extends Cmd { pw().println(text); } else if (fp.code()==406 && option==1) { pw().println("You cannot delete this Credential"); + } else if (fp.code()==409 && option==0) { + pw().println("You cannot add two Passwords for same day"); } else { pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD); } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java index 12035a16..46d5d052 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ID.java @@ -53,7 +53,7 @@ public class ID extends Cmd { final CredRequest cr = new CredRequest(); cr.setId(args[idx++]); - cr.setType(0); + cr.setType(10); if (args.length>idx) cr.setEntry(args[idx]); @@ -92,9 +92,11 @@ public class ID extends Cmd { pw().print(cr.getId()); pw().println(']'); } else if (fp.code()==202) { - pw().println("ID Action Accepted, but requires Approvals before actualizing"); + pw().println("ID Action Accepted, but requires Approvals before actualizing"); + } else if (fp.code()==409 && option==0) { + pw().println("FQI already exists"); } else if (fp.code()==406 && option==1) { - pw().println("You cannot delete this ID"); + pw().println("FQI does not exist"); } else { pw().println(ATTEMPT_FAILED_SPECIFICS_WITHELD); } diff --git a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_List.java b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_List.java index 61f41585..e4100a02 100644 --- a/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_List.java +++ b/auth/auth-cmd/src/test/java/org/onap/aaf/auth/cmd/test/ns/JU_List.java @@ -136,7 +136,7 @@ public class JU_List { user.setType(2); Assert.assertEquals("U/P2", list.getType(user)); user.setType(10); - Assert.assertEquals("Cert", list.getType(user)); + Assert.assertEquals("FQI", list.getType(user)); user.setType(200); Assert.assertEquals("x509", list.getType(user)); } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 37ca509a..9a6ef7e3 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -70,6 +70,7 @@ import org.onap.aaf.auth.dao.hl.Function; import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP; import org.onap.aaf.auth.dao.hl.Function.Lookup; import org.onap.aaf.auth.dao.hl.Function.OP_STATUS; +import org.onap.aaf.auth.dao.hl.PermLookup; import org.onap.aaf.auth.dao.hl.Question; import org.onap.aaf.auth.dao.hl.Question.Access; import org.onap.aaf.auth.env.AuthzTrans; @@ -1011,8 +1012,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_BadData,v.errs()); } - Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user, - trans.requested(force)); + PermLookup pl = PermLookup.get(trans,ques,user); + Result<List<PermDAO.Data>> rlpd = pl.getPerms(trans.requested(force)); if (rlpd.notOK()) { return Result.err(rlpd); } @@ -1100,7 +1101,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } ////////////// - Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user,trans.requested(force)); + PermLookup pl = PermLookup.get(trans,ques,user); + Result<List<PermDAO.Data>> rlpd = pl.getPerms(trans.requested(force)); if (rlpd.notOK()) { return Result.err(rlpd); } @@ -2428,16 +2430,22 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE // Note: ASPR specifies character differences, but we don't actually store the // password to validate char differences. -// byte[] rawCred = rcred.value.type==CredDAO.RAW?null:; - - rb = ques.userCredCheck(trans, curr, rcred.value.cred.array()); - if (rb.notOK()) { - return Result.err(rb); - } else if (rb.value){ - return Result.err(Status.ERR_Policy, "Credential content cannot be reused."); - } else if (Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) && curr.type==rcred.value.type) { - return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists, use 'reset'"); - } +// byte[] rawCred = rcred.value.type==CredDAO.RAW?null:; return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists"); + if(rcred.value.type==CredDAO.FQI ) { + if(curr.type==CredDAO.FQI) { + return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists"); + } + } else { + + rb = ques.userCredCheck(trans, curr, rcred.value.cred!=null?rcred.value.cred.array():null); + if (rb.notOK()) { + return Result.err(rb); + } else if (rb.value){ + return Result.err(Status.ERR_Policy, "Credential content cannot be reused."); + } else if ((Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) && curr.type==rcred.value.type)) { + return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists"); + } + } } } else { try { @@ -2864,58 +2872,79 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rmc.notOK()) { return Result.err(rmc); } - + + boolean doForce = trans.requested(force); Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id); if (rlcd.notOKorIsEmpty()) { - // Empty Creds should have no user_roles. + // Empty Creds should not have user_roles. Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, cred.value.id); - if (rlurd.isOK()) { + if (rlurd.isOKhasData()) { for (UserRoleDAO.Data data : rlurd.value) { ques.userRoleDAO().delete(trans, data, false); } - } + } return Result.err(Status.ERR_UserNotFound, "Credential does not exist"); } boolean isLastCred = rlcd.value.size()==1; - - int entry = 0; - if (!trans.requested(force)) { - if (rlcd.value.size() > 1) { - CredRequest cr = (CredRequest)from; - String inputOption = cr.getEntry(); - if (inputOption == null) { - List<CredDAO.Data> list = filterList(rlcd.value,CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256,CredDAO.CERT_SHA256_RSA); - String message = selectCredFromList(list, MayChangeCred.DELETE); - Object[] variables = buildVariables(list); - return Result.err(Status.ERR_ChoiceNeeded, message, variables); - } else { - try { - if (inputOption.length()>5) { // should be a date - Date d = Chrono.xmlDatatypeFactory.newXMLGregorianCalendar(inputOption).toGregorianCalendar().getTime(); - entry = 0; - for (CredDAO.Data cd : rlcd.value) { - if (cd.type.equals(cr.getType()) && cd.expires.equals(d)) { - break; - } - ++entry; - } - } else { - entry = Integer.parseInt(inputOption) - 1; - } - } catch (NullPointerException e) { - return Result.err(Status.ERR_BadData, "Invalid Date Format for Entry"); - } catch (NumberFormatException e) { - return Result.err(Status.ERR_BadData, "User chose invalid credential selection"); - } - } - isLastCred = (entry==-1)?true:false; - } else { - isLastCred = true; - } - if (entry < -1 || entry >= rlcd.value.size()) { - return Result.err(Status.ERR_BadData, "User chose invalid credential selection"); - } + int entry = -1; + int fentry = entry; + if(cred.value.type==CredDAO.FQI) { + entry = -1; + for(CredDAO.Data cdd : rlcd.value) { + ++fentry; + if(cdd.type == CredDAO.FQI) { + entry = fentry; + break; + } + } + } else { + if (!doForce) { + if (rlcd.value.size() > 1) { + CredRequest cr = (CredRequest)from; + String inputOption = cr.getEntry(); + if (inputOption == null) { + List<CredDAO.Data> list = filterList(rlcd.value,CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256,CredDAO.CERT_SHA256_RSA); + String message = selectCredFromList(list, MayChangeCred.DELETE); + Object[] variables = buildVariables(list); + return Result.err(Status.ERR_ChoiceNeeded, message, variables); + } else { + try { + if (inputOption.length()>5) { // should be a date + Date d = Chrono.xmlDatatypeFactory.newXMLGregorianCalendar(inputOption).toGregorianCalendar().getTime(); + for (CredDAO.Data cd : rlcd.value) { + ++fentry; + if (cd.type.equals(cr.getType()) && cd.expires.equals(d)) { + entry = fentry; + break; + } + } + } else { + entry = Integer.parseInt(inputOption) - 1; + int count = 0; + for (CredDAO.Data cd : rlcd.value) { + if(cd.type!=CredDAO.BASIC_AUTH && cd.type!=CredDAO.BASIC_AUTH_SHA256 && cd.type!=CredDAO.CERT_SHA256_RSA) { + ++entry; + } + if(++count>entry) { + break; + } + } + } + } catch (NullPointerException e) { + return Result.err(Status.ERR_BadData, "Invalid Date Format for Entry"); + } catch (NumberFormatException e) { + return Result.err(Status.ERR_BadData, "User chose invalid credential selection"); + } + } + isLastCred = (entry==-1)?true:false; + } else { + isLastCred = true; + } + if (entry < -1 || entry >= rlcd.value.size()) { + return Result.err(Status.ERR_BadData, "User chose invalid credential selection"); + } + } } Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false, @@ -2943,7 +2972,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<?>udr = null; if (!trans.requested(force)) { if (entry<0 || entry >= rlcd.value.size()) { - return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id); + if(cred.value.type==CredDAO.FQI) { + return Result.err(Status.ERR_BadData,"FQI does not exist"); + } else { + return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id); + } } udr = ques.credDAO().delete(trans, rlcd.value.get(entry),false); } else { @@ -3015,12 +3048,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Collections.sort(value, (cred1, cred2) -> cred1.type==cred2.type?cred2.expires.compareTo(cred1.expires): cred1.type<cred2.type?-1:1); - String [] vars = new String[value.size()+1]; - vars[0]="Choice"; + String [] vars = new String[value.size()]; CredDAO.Data cdd; + for (int i = 0; i < value.size(); i++) { cdd = value.get(i); - vars[i+1] = cdd.id + TWO_SPACE + cdd.type + TWO_SPACE + (cdd.type<10?TWO_SPACE:"")+ cdd.expires + TWO_SPACE + cdd.tag; + vars[i] = cdd.id + TWO_SPACE + cdd.type + TWO_SPACE + (cdd.type<10?TWO_SPACE:"")+ cdd.expires + TWO_SPACE + cdd.tag; } return vars; } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java index e85e52ec..323c9fe0 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java @@ -171,10 +171,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE String msgId; String[] detail; boolean hidemsg = false; - if (result.variables==null) { + if (result.variables==null || result.variables.length<1) { detail = new String[1]; } else { List<String> dlist = new ArrayList<String>(); + dlist.add(null); String os; for(Object s : result.variables) { if(s!=null && (os=s.toString()).length()>0) { @@ -288,6 +289,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE break; case ERR_ChoiceNeeded: msgId = "SVC1300"; + detail[0] = "Choice Needed"; response.setStatus(/*httpstatus=*/300); break; case ERR_Backend: diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java index 44ad7fcb..56ba5f5f 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java @@ -534,14 +534,12 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo if (ok.length()>0) { return Result.err(Status.ERR_BadData,ok); } - } else { - to.type=0; } if (passwd != null) { to.cred = ByteBuffer.wrap(passwd.getBytes()); to.type = CredDAO.RAW; } else { - to.type = CredDAO.FQI; + to.type = CredDAO.NONE; } } diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java index e48ae169..ace2c73f 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFLurPerm.java @@ -119,7 +119,12 @@ public class AAFLurPerm extends AbsAAFLur<AAFPermission> { @Override public User<AAFPermission> code(Rcli<?> client) throws CadiException, ConnectException, APIException { final long remoteStart = System.nanoTime(); - Future<Perms> fp = client.read("/authz/perms/user/"+name,aaf.permsDF); + StringBuilder sb = new StringBuilder("/authz/perms/user/"); + sb.append(name); + if(details) { + sb.append("?force"); + } + Future<Perms> fp = client.read(sb.toString(),aaf.permsDF); // In the meantime, lookup User, create if necessary User<AAFPermission> user = getUser(principal); diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java index cfecc533..34c55cee 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AbsAAFLur.java @@ -43,6 +43,7 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE public AAFCon<?> aaf; public Lur preemptiveLur=null; // Initial Use is for OAuth2, preemptive Lur private String[] supports; + protected boolean details; public AbsAAFLur(AAFCon<?> con) throws APIException { super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount); @@ -62,7 +63,12 @@ public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PE public void setDebug(String ids) { this.debug = ids==null?null:Split.split(',', ids); } + + public void details(boolean on) { + details = on; + } + public void setPreemptiveLur(Lur preemptive) { this.preemptiveLur = preemptive; } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java index fac6a3f1..994e3250 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java @@ -108,7 +108,6 @@ public class PropAccess implements Access { protected synchronized void init(Properties p) { // Make sure these two are set before any changes in Logging name = "cadi"; - level=DEFAULT.maskOf(); props = new Properties(); // First, load related System Properties @@ -127,16 +126,14 @@ public class PropAccess implements Access { // Preset LogLevel String sLevel = props.getProperty(Config.CADI_LOGLEVEL); - if (sLevel!=null) { - level=Level.valueOf(sLevel).maskOf(); - } - // Third, load any Chained Property Files load(props.getProperty(Config.CADI_PROP_FILES)); if(sLevel==null) { // if LogLev wasn't set before, check again after Chained Load sLevel = props.getProperty(Config.CADI_LOGLEVEL); - if (sLevel!=null) { + if (sLevel==null) { + level=DEFAULT.maskOf(); + } else { level=Level.valueOf(sLevel).maskOf(); } } diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_GetAccess.java b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_GetAccess.java index c87b9c32..8333db53 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_GetAccess.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_GetAccess.java @@ -73,7 +73,7 @@ public class JU_GetAccess { @SuppressWarnings("unused") GetAccess getAccess = new GetAccess(accessGet); String[] lines = outStream.toString().split(System.lineSeparator()); - assertThat(lines.length, is(6)); + assertThat(lines.length, is(5)); output = lines[0].split(" ", 2)[1]; } |