summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java2
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java27
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java25
3 files changed, 47 insertions, 7 deletions
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 4f2d9676..e038d930 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -117,7 +117,7 @@ public class DefaultOrg implements Organization {
identities = new Identities(fIdentities);
} else {
if (fIdentities==null) {
- throw new OrganizationException("No Identities");
+ throw new OrganizationException("No Identities: set \"" + AAF_DATA_DIR + '"');
} else {
throw new OrganizationException(fIdentities.getCanonicalPath() + " does not exist.");
}
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
index d4d11bbb..83b66a08 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java
@@ -23,8 +23,10 @@ package org.onap.aaf.cadi.aaf.v2_0;
import java.io.IOException;
import java.security.Principal;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import org.onap.aaf.cadi.AbsUserCache;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.CachedPrincipal;
@@ -42,28 +44,34 @@ import org.onap.aaf.cadi.client.Future;
import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
import org.onap.aaf.cadi.principal.BasicPrincipal;
import org.onap.aaf.cadi.principal.CachedBasicPrincipal;
import org.onap.aaf.cadi.taf.HttpTaf;
import org.onap.aaf.cadi.taf.TafResp;
import org.onap.aaf.cadi.taf.TafResp.RESP;
import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp;
+import org.onap.aaf.cadi.util.CSV;
import org.onap.aaf.misc.env.APIException;
public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf {
private AAFCon<CLIENT> aaf;
private boolean warn;
-
+ private MapBathConverter mapIds;
+
public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) {
super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount);
aaf = con;
warn = turnOnWarning;
+ initMapBathConverter();
}
public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) {
super(other);
aaf = con;
warn = turnOnWarning;
+ initMapBathConverter();
+
}
// Note: Needed for Creation of this Object with Generics
@@ -78,6 +86,19 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning);
}
+ private void initMapBathConverter() {
+ String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null);
+ if(csvFile==null) {
+ mapIds=null;
+ } else {
+ try {
+ mapIds = new MapBathConverter(access, new CSV(csvFile));
+ } catch (IOException | CadiException e) {
+ access.log(e,"Bath Map Conversion is not initialzed (non fatal)");
+ }
+ }
+
+ }
public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) {
//TODO Do we allow just anybody to validate?
@@ -88,6 +109,10 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT
if (warn&&!req.isSecure()) {
aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel");
}
+ if(mapIds != null) {
+ authz = mapIds.convert(access, authz);
+ }
+
try {
final CachedBasicPrincipal bp;
if (req.getUserPrincipal() instanceof CachedBasicPrincipal) {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java
index 7a138e97..93074932 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java
@@ -139,6 +139,7 @@ public class MapBathConverter {
public String convert(Access access, final String bath) {
String rv = map.get(bath);
String cred=null;
+ String tcred=null;
Holder<String> hpass=null;
try {
if(rv==null || !rv.startsWith(BASIC)) {
@@ -154,9 +155,8 @@ public class MapBathConverter {
// for SAFETY REASONS, we WILL NOT allow a non validated cred to
// pass a password from file. Should be caught from Instation, but...
if(rv!=null) {
- if(rv.startsWith(BASIC)) {
- return bath;
- } else {
+ if(!rv.startsWith(BASIC)) {
+ tcred = rv;
rv = BASIC + Symm.base64noSplit.encode(rv+':'+hpass.value);
}
}
@@ -164,7 +164,22 @@ public class MapBathConverter {
} catch (IOException | CadiException e) {
access.log(e,"Invalid Authorization");
}
-
- return rv;
+
+ if(rv==null) {
+ rv=bath;
+ } else {
+ try {
+ if(cred==null) {
+ cred = idFromBasic(bath,null);
+ }
+ if(tcred==null) {
+ tcred = idFromBasic(rv,null);
+ }
+ } catch (IOException | CadiException e) {
+ access.log(Level.ERROR,"Invalid Basic Authentication for conversion");
+ }
+ access.printf(Level.AUDIT, "ID %s converted to %s",cred,tcred);
+ }
+ return rv==null?bath:rv;
}
}