summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java20
-rw-r--r--auth/auth-hello/pom.xml4
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java23
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java2
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java2
7 files changed, 27 insertions, 28 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 3634af97..4c03f313 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -50,6 +50,7 @@ import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.CacheInfoDAO;
import org.onap.aaf.auth.dao.cass.CertDAO;
import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.dao.cass.DelegateDAO;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.dao.cass.HistoryDAO;
@@ -61,10 +62,9 @@ import org.onap.aaf.auth.dao.cass.PermDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.Status;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.CredDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
+import org.onap.aaf.auth.env.AuthzTransFilter;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.cadi.Hash;
@@ -780,7 +780,7 @@ public class Question {
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd,dbcred);
+ load(debug, cdd);
}
break;
case CredDAO.BASIC_AUTH_SHA256:
@@ -793,7 +793,7 @@ public class Question {
checkLessThanDays(trans,7,now,cdd);
return Result.ok(cdd.expires);
} else if (debug!=null) {
- load(debug, cdd, dbcred);
+ load(debug, cdd);
}
break;
default:
@@ -809,14 +809,10 @@ public class Question {
}
} // end for each
if(debug==null) {
- debug=new StringBuilder();
+ trans.audit().printf("No cred matches ip=%s, user=%s\n",trans.ip(),user);
} else {
- debug.append(", ");
+ trans.audit().printf("No cred matches ip=%s, user=%s %s\n",trans.ip(),user,debug.toString());
}
-
- debug.append("cred=");
- debug.append(new String(cred));
- trans.audit().printf("No cred matches ip=%s, user=%s, %s\n",trans.ip(),user,trans.encryptor().encrypt(debug.toString()));
if(expired!=null) {
// Note: this is only returned if there are no good Credentials
rv = Result.err(Status.ERR_Security,
@@ -830,13 +826,11 @@ public class Question {
}
- private void load(StringBuilder debug, Data cdd, byte[] dbcred) {
+ private void load(StringBuilder debug, Data cdd) {
debug.append("DB Entry: user=");
debug.append(cdd.id);
debug.append(",type=");
debug.append(cdd.type);
- debug.append(",cred=");
- debug.append(Hash.toHex(dbcred));
debug.append(",expires=");
debug.append(Chrono.dateTime(cdd.expires));
debug.append('\n');
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index ddaebff3..c465f818 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -49,13 +49,11 @@
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-core</artifactId>
- <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
- <version>${project.version}</version>
</dependency>
</dependencies>
@@ -101,7 +99,6 @@
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
- <version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<nexusUrl>${nexusproxy}</nexusUrl>
@@ -112,7 +109,6 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <version>${jacoco.version}</version>
<configuration>
<excludes>
<exclude>**/gen/**</exclude>
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java
index 7eb9fd7b..b68b445c 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java
@@ -52,7 +52,7 @@ public class API_Mgmt {
private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear";
private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip";
private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id";
- private final static String PERM_LOG_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id";
+ private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id";
/**
* Normal Init level APIs
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
index be1e739b..cf5c92d0 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
@@ -154,7 +154,7 @@ public abstract class AbsUserCache<PERM extends Permission> {
}
Miss miss = missMap.get(mkey);
if(miss==null) {
- missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval));
+ missMap.put(mkey, new Miss(bs,clean==null?MIN_INTERVAL:clean.timeInterval,key));
return true;
}
return miss.mayContinue();
@@ -376,12 +376,17 @@ public abstract class AbsUserCache<PERM extends Permission> {
keys.addAll(missMap.keySet());
for(String key : keys) {
Miss m = missMap.get(key);
- if(m!=null && m.timestamp<System.currentTimeMillis()) {
- synchronized(missMap) {
- missMap.remove(key);
+ if(m!=null) {
+ long timeLeft = m.timestamp - System.currentTimeMillis();
+ if(timeLeft<0) {
+ synchronized(missMap) {
+ missMap.remove(key);
+ }
+ access.log(Level.INFO, m.name, " has been removed from Missed Credential Map (" + m.tries + " invalid tries)");
+ ++miss;
+ } else {
+ access.log(Level.INFO, m.name, " remains in Missed Credential Map (" + m.tries + " invalid tries) for " + (timeLeft/1000) + " more seconds");
}
- access.log(Level.INFO, key, "has been removed from Missed Credential Map (" + m.tries + " invalid tries)");
- ++miss;
}
}
}
@@ -419,11 +424,14 @@ public abstract class AbsUserCache<PERM extends Permission> {
private long timetolive;
private long tries;
+
+ private final String name;
- public Miss(byte[] first, long timeInterval) {
+ public Miss(final byte[] first, final long timeInterval, final String name) {
timestamp = System.currentTimeMillis() + timeInterval;
this.timetolive = timeInterval;
tries = 0L;
+ this.name = name;
}
@@ -437,6 +445,7 @@ public abstract class AbsUserCache<PERM extends Permission> {
}
return true;
}
+
}
/**
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index 26ad758f..c4634cf4 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -142,7 +142,7 @@ public class Config {
public static final String AAF_APPPASS = "aaf_password";
public static final String AAF_LUR_CLASS = "aaf_lur_class";
public static final String AAF_TAF_CLASS = "aaf_taf_class";
- public static final String AAF_TAF_CLASS_DEF = "org.osaaf.cadi.aaf.v2_0.AAFTaf";
+ public static final String AAF_TAF_CLASS_DEF = "org.onap.aaf.cadi.aaf.v2_0.AAFTaf";
public static final String AAF_CONNECTOR_CLASS = "aaf_connector_class";
public static final String AAF_LOCATOR_CLASS = "aaf_locator_class";
public static final String AAF_CONN_TIMEOUT = "aaf_conn_timeout";
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java
index 6a49401c..22ba702c 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/principal/BasicPrincipal.java
@@ -121,6 +121,6 @@ public class BasicPrincipal extends BearerPrincipal implements GetCred {
@Override
public String personalName() {
- return null; // personalName not available with Basic Auth
+ return name; // personalName not available with Basic Auth
}
}
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java
index dee7fc21..1fafe2e8 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java
@@ -103,7 +103,7 @@ public class JU_BasicPrincipal {
assertTrue(Math.abs(bp.created() - created) < 10);
assertThat(bp.toString(), is(expected));
assertThat(bp.tag(), is("BAth"));
- assertThat(bp.personalName(), is(nullValue()));
+ assertThat(bp.personalName(), is(bp.getName()));
// This test hits the abstract class BearerPrincipal
assertThat(bp.getBearer(), is(bearer));