diff options
Diffstat (limited to 'auth/auth-service')
38 files changed, 1284 insertions, 1284 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java index bdba4696..ba4df19b 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -79,13 +79,13 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { private DirectAAFUserPass directAAFUserPass; private final Cluster cluster; //private final OAuthService oauthService; - + /** * Construct AuthzAPI with all the Context Supporting Routes that Authz needs - * + * * @param env - * @param decryptor - * @throws APIException + * @param decryptor + * @throws APIException */ public AAF_Service( final AuthzEnv env) throws Exception { super(env.access(), env); @@ -99,12 +99,12 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { // Start Background Processing question = new Question(trans, cluster, CassAccess.KEYSPACE); question.startTimers(env); - + DirectCertIdentity.set(question.certDAO()); // Have AAFLocator object Create DirectLocators for Location needs AbsAAFLocator.setCreator(new DirectLocatorCreator(env, question.locateDAO)); - + // Initialize Organizations... otherwise, first pass may miss int org_size = ORGANIZATION.length(); for (String n : env.existingStaticSlotNames()) { @@ -112,16 +112,16 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { OrganizationFactory.obtain(env, n.substring(org_size)); } } - + // For direct Introspection needs. //oauthService = new OAuthService(trans, question); - + facade = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.JSON,question); facade_XML = AuthzFacadeFactory.v2_0(env,trans,Data.TYPE.XML,question); directAAFUserPass = new DirectAAFUserPass(trans.env(),question); - + // Print results and cleanup StringBuilder sb = new StringBuilder(); trans.auditTrail(0, sb); @@ -157,9 +157,9 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { // init functions API_Mgmt.init(this, facade); API_Api.init(this, facade); - + } - + @Override public Filter[] _filters(Object ... additionalTafLurs) throws CadiException, LocatorException { final String domain = FQI.reverseDomain(access.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF)); @@ -173,7 +173,7 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { if (additionalTafLurs.length>0) { System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length); } - + return new Filter[] { new AuthzTransFilter(env,aafCon(), new AAFTrustChecker((Env)env), @@ -193,8 +193,8 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { new DirectRegistrar(access,question.locateDAO, actualPort) }; } - - @Override + + @Override public void postStartup(final String hostname, final int port) throws APIException { try { CacheInfoDAO.startUpdate(env, aafCon().hman(), aafCon().securityInfo().defSS,hostname,port); @@ -213,16 +213,16 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { super.destroy(); } - + /** * Setup XML and JSON implementations for each supported Version type - * + * * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties * to do Versions and Content switches - * + * */ public void route(HttpMethods meth, String path, API api, Code code) throws Exception { - Class<?> respCls = facade.mapper().getClass(api); + Class<?> respCls = facade.mapper().getClass(api); if (respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name()); String application = applicationJSON(respCls, Config.AAF_DEFAULT_API_VERSION); @@ -238,7 +238,7 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { try { Log4JLogIt logIt = new Log4JLogIt(args, "authz"); PropAccess propAccess = new PropAccess(logIt,args); - + try { new JettyServiceStarter<AuthzEnv,AuthzTrans>( new AAF_Service(new AuthzEnv(propAccess)),true) diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 3b010821..2431e0eb 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -99,8 +99,8 @@ import org.onap.aaf.misc.env.util.Split; import aaf.v2_0.CredRequest; /** - * AuthzCassServiceImpl implements AuthzCassService for - * + * AuthzCassServiceImpl implements AuthzCassService for + * * @author Jonathan * * @param <NSS> @@ -116,12 +116,12 @@ import aaf.v2_0.CredRequest; */ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> implements AuthzService <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> { - + private static final String TWO_SPACE = " "; private Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper; @Override public Mapper <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() {return mapper;} - + private static final String ASTERIX = "*"; private static final String CACHE = "cache"; private static final String ROOT_NS = Define.ROOT_NS(); @@ -129,28 +129,28 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE private final Question ques; private final Function func; - + public AuthzCassServiceImpl(AuthzTrans trans, Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper,Question question) { this.ques = question; func = new Function(trans, question); this.mapper = mapper; - + } /*********************************** - * NAMESPACE + * NAMESPACE ***********************************/ /** * createNS - * @throws DAOException + * @throws DAOException * @see org.onap.aaf.auth.service.AuthzService#createNS(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String, java.lang.String) */ - @ApiDoc( - method = POST, + @ApiDoc( + method = POST, path = "/authz/ns", params = {}, expectedCode = 201, - errorCodes = { 403,404,406,409 }, + errorCodes = { 403,404,406,409 }, text = { "Namespace consists of: ", "<ul><li>name - What you want to call this Namespace</li>", "<li>responsible(s) - Person(s) who receive Notifications and approves Requests ", @@ -168,7 +168,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public Result<Void> createNS(final AuthzTrans trans, REQUEST from, NsType type) { final Result<Namespace> rnamespace = mapper.ns(trans, from); final ServiceValidator v = new ServiceValidator(); - if (v.ns(rnamespace).err()) { + if (v.ns(rnamespace).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final Namespace namespace = rnamespace.value; @@ -176,13 +176,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (parentNs.notOK()) { return Result.err(parentNs); } - + // Note: Data validate occurs in func.createNS if (namespace.name.lastIndexOf('.')<0) { // Root Namespace... Function will check if allowed return func.createNS(trans, namespace, false); } - - Result<FutureDAO.Data> fd = mapper.future(trans, NsDAO.TABLE,from,namespace,true, + + Result<FutureDAO.Data> fd = mapper.future(trans, NsDAO.TABLE,from,namespace,true, new Mapper.Memo() { @Override public String get() { @@ -204,7 +204,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<String> rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, FUTURE_OP.C); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "NS [%s] is saved for future processing",namespace.name); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -213,16 +213,16 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(fd); } } - + @ApiDoc( - method = POST, + method = POST, path = "/authz/ns/:ns/admin/:id", params = { "ns|string|true", - "id|string|true" + "id|string|true" }, expectedCode = 201, - errorCodes = { 403,404,406,409 }, - text = { "Add an Identity :id to the list of Admins for the Namespace :ns", + errorCodes = { 403,404,406,409 }, + text = { "Add an Identity :id to the list of Admins for the Namespace :ns", "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" } ) @Override @@ -231,13 +231,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = DELETE, + method = DELETE, path = "/authz/ns/:ns/admin/:id", params = { "ns|string|true", - "id|string|true" + "id|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, + errorCodes = { 403,404 }, text = { "Remove an Identity :id from the list of Admins for the Namespace :ns", "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" } ) @@ -247,13 +247,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = POST, + method = POST, path = "/authz/ns/:ns/responsible/:id", params = { "ns|string|true", - "id|string|true" + "id|string|true" }, expectedCode = 201, - errorCodes = { 403,404,406,409 }, + errorCodes = { 403,404,406,409 }, text = { "Add an Identity :id to the list of Responsibles for the Namespace :ns", "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" } ) @@ -263,13 +263,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = DELETE, + method = DELETE, path = "/authz/ns/:ns/responsible/:id", params = { "ns|string|true", - "id|string|true" + "id|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, + errorCodes = { 403,404 }, text = { "Remove an Identity :id to the list of Responsibles for the Namespace :ns", "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)", "Note: A namespace must have at least 1 responsible party" @@ -284,14 +284,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE * @see org.onap.aaf.auth.service.AuthzService#applyModel(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object) */ @ApiDoc( - method = POST, + method = POST, path = "/authz/ns/:ns/attrib/:key/:value", params = { "ns|string|true", "key|string|true", "value|string|true"}, expectedCode = 201, - errorCodes = { 403,404,406,409 }, - text = { + errorCodes = { 403,404,406,409 }, + text = { "Create an attribute in the Namespace", "You must be given direct permission for key by AAF" } @@ -319,9 +319,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (nsd.attrib.get(key)!=null) { return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key); } - + // Check if User may put - if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, + if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) { return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key); } @@ -335,14 +335,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @ApiDoc( - method = GET, + method = GET, path = "/authz/ns/attrib/:key", params = { "key|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, - text = { + errorCodes = { 403,404 }, + text = { "Read Attributes for Namespace" } ) @@ -355,7 +355,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } // May Read - if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, + if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, ":"+trans.org().getDomain()+".*:"+key, Question.READ)) { return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key); } @@ -369,13 +369,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @ApiDoc( - method = PUT, + method = PUT, path = "/authz/ns/:ns/attrib/:key/:value", params = { "ns|string|true", "key|string|true"}, expectedCode = 200, - errorCodes = { 403,404 }, - text = { + errorCodes = { 403,404 }, + text = { "Update Value on an existing attribute in the Namespace", "You must be given direct permission for key by AAF" } @@ -403,9 +403,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (nsd.attrib.get(key)==null) { return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key); } - + // Check if User may put - if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, + if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) { return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key); } @@ -414,20 +414,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE nsd.attrib.put(key, value); ques.nsDAO().invalidate(trans, nsd); return ques.nsDAO().update(trans,nsd); - + } finally { tt.done(); } } @ApiDoc( - method = DELETE, + method = DELETE, path = "/authz/ns/:ns/attrib/:key", params = { "ns|string|true", "key|string|true"}, expectedCode = 200, - errorCodes = { 403,404 }, - text = { + errorCodes = { 403,404 }, + text = { "Delete an attribute in the Namespace", "You must be given direct permission for key by AAF" } @@ -454,7 +454,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (nsd.attrib.get(key)==null) { return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key); } - + // Check if User may del if (!ques.isGranted(trans, trans.user(), ROOT_NS, "attrib", ":" + ROOT_COMPANY + ".*:"+key, Access.write.name())) { return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key); @@ -471,12 +471,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = GET, + method = GET, path = "/authz/nss/:id", params = { "id|string|true" }, expectedCode = 200, - errorCodes = { 404,406 }, - text = { + errorCodes = { 404,406 }, + text = { "Lists the Owner(s), Admin(s), Description, and Attributes of Namespace :id", } ) @@ -486,7 +486,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("NS", ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<List<NsDAO.Data>> rlnd = ques.nsDAO().read(trans, ns); if (rlnd.isOK()) { if (rlnd.isEmpty()) { @@ -494,10 +494,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } - - + + Namespace namespace = new Namespace(rnd.value); Result<List<String>> rd = func.getOwners(trans, namespace.name, includeExpired); if (rd.isOK()) { @@ -507,7 +507,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rd.isOK()) { namespace.admin = rd.value; } - + NSS nss = mapper.newInstance(API.NSS); return mapper.nss(trans, namespace, nss); } else { @@ -516,13 +516,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = GET, + method = GET, path = "/authz/nss/admin/:id", params = { "id|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Namespaces where Identity :id is an Admin", - "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" + errorCodes = { 403,404 }, + text = { "Lists all Namespaces where Identity :id is an Admin", + "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" } ) @Override @@ -531,13 +531,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData, v.errs()); } - + Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".admin", full); if (rn.notOK()) { return Result.err(rn); } if (rn.isEmpty()) { - return Result.err(Status.ERR_NotFound, "[%s] is not an admin for any namespaces",user); + return Result.err(Status.ERR_NotFound, "[%s] is not an admin for any namespaces",user); } NSS nss = mapper.newInstance(API.NSS); // Note: "loadNamespace" already validates view of Namespace @@ -545,13 +545,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = GET, + method = GET, path = "/authz/nss/either/:id", params = { "id|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Namespaces where Identity :id is either an Admin or an Owner", - "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" + errorCodes = { 403,404 }, + text = { "Lists all Namespaces where Identity :id is either an Admin or an Owner", + "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" } ) @Override @@ -560,13 +560,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData, v.errs()); } - + Result<Collection<Namespace>> rn = loadNamepace(trans, user, null, full); if (rn.notOK()) { return Result.err(rn); } if (rn.isEmpty()) { - return Result.err(Status.ERR_NotFound, "[%s] is not an admin or owner for any namespaces",user); + return Result.err(Status.ERR_NotFound, "[%s] is not an admin or owner for any namespaces",user); } NSS nss = mapper.newInstance(API.NSS); // Note: "loadNamespace" already validates view of Namespace @@ -595,7 +595,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rls.isOK()) { namespace.admin=rls.value; } - + rls = func.getOwners(trans, namespace.name, false); if (rls.isOK()) { namespace.owner=rls.value; @@ -619,7 +619,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } if (endsWith==null || urdd.role.endsWith(endsWith)) { lm.put(namespace.name,namespace); - } else { + } else { other.put(namespace.name,namespace); } } @@ -636,12 +636,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } @ApiDoc( - method = GET, + method = GET, path = "/authz/nss/responsible/:id", params = { "id|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Namespaces where Identity :id is a Responsible Party", + errorCodes = { 403,404 }, + text = { "Lists all Namespaces where Identity :id is a Responsible Party", "Note: :id must be fully qualified (i.e. ab1234@people.osaaf.org)" } ) @@ -656,20 +656,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(rn); } if (rn.isEmpty()) { - return Result.err(Status.ERR_NotFound, "[%s] is not an owner for any namespaces",user); + return Result.err(Status.ERR_NotFound, "[%s] is not an owner for any namespaces",user); } NSS nss = mapper.newInstance(API.NSS); // Note: "loadNamespace" prevalidates return mapper.nss(trans, rn.value, nss); } - + @ApiDoc( - method = GET, + method = GET, path = "/authz/nss/children/:id", params = { "id|string|true" }, expectedCode = 200, - errorCodes = { 403,404 }, - text = { "Lists all Child Namespaces of Namespace :id", + errorCodes = { 403,404 }, + text = { "Lists all Child Namespaces of Namespace :id", "Note: This is not a cached read" } ) @@ -679,14 +679,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("NS", parent).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<NsDAO.Data> rnd = ques.deriveNs(trans, parent); if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } Set<Namespace> lm = new HashSet<>(); @@ -701,7 +701,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rls.isOK()) { namespace.admin=rls.value; } - + rls = func.getOwners(trans, namespace.name, false); if (rls.isOK()) { namespace.owner=rls.value; @@ -718,11 +718,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @ApiDoc( - method = PUT, + method = PUT, path = "/authz/ns", params = {}, expectedCode = 200, - errorCodes = { 403,404,406 }, + errorCodes = { 403,404,406 }, text = { "Replace the Current Description of a Namespace with a new one" } ) @@ -739,11 +739,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Namespace namespace = nsd.value; Result<List<NsDAO.Data>> rlnd = ques.nsDAO().read(trans, namespace.name); - + if (rlnd.notOKorIsEmpty()) { return Result.err(Status.ERR_NotFound, "Namespace [%s] does not exist",namespace.name); } - + if (ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.write).notOK()) { return Result.err(Status.ERR_Denied, "You do not have approval to change %s",namespace.name); } @@ -755,18 +755,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(rdr); } } - + /** * deleteNS - * @throws DAOException + * @throws DAOException * @see org.onap.aaf.auth.service.AuthzService#deleteNS(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String, java.lang.String) */ @ApiDoc( - method = DELETE, + method = DELETE, path = "/authz/ns/:ns", params = { "ns|string|true" }, expectedCode = 200, - errorCodes = { 403,404,424 }, + errorCodes = { 403,404,424 }, text = { "Delete the Namespace :ns. Namespaces cannot normally be deleted when there ", "are still credentials associated with them, but they can be deleted by setting ", "the \"force\" property. To do this: Add 'force=true' as a query parameter", @@ -783,19 +783,19 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE /*********************************** - * PERM + * PERM ***********************************/ /* * (non-Javadoc) * @see org.onap.aaf.auth.service.AuthzService#createOrUpdatePerm(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.Object, boolean, java.lang.String, java.lang.String, java.lang.String, java.util.List, java.util.List) */ - @ApiDoc( - method = POST, + @ApiDoc( + method = POST, path = "/authz/perm", params = {}, expectedCode = 201, - errorCodes = {403,404,406,409}, + errorCodes = {403,404,406,409}, text = { "Permission consists of:", "<ul><li>type - a Namespace qualified identifier specifying what kind of resource " + "is being protected</li>", @@ -806,7 +806,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } ) @Override - public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) { + public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) { final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq); final ServiceValidator v = new ServiceValidator(); @@ -824,7 +824,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(rlpdd); } if(!rlpdd.isEmpty()) { - return Result.err(Result.ERR_ConflictAlreadyExists,"Permission already exists"); + return Result.err(Result.ERR_ConflictAlreadyExists,"Permission already exists"); } RoleDAO.Data rdd = new RoleDAO.Data(); @@ -836,7 +836,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if(rpdd.notOK()) { return Result.err(rpdd); } - + CachedRoleDAO roleDAO = ques.roleDAO(); Result<List<RoleDAO.Data>> rlrdd = roleDAO.read(trans, rdd); if(rlrdd.notOK()) { @@ -846,14 +846,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE rdd = rlrdd.value.get(0); } } - + String eperm = pdd.encode(); rdd.perms(true).add(eperm); Result<Void> rv = roleDAO.update(trans, rdd); if(rv.notOK()) { return rv; } - + CachedUserRoleDAO urDAO = ques.userRoleDAO(); UserRoleDAO.Data urdd = new UserRoleDAO.Data(); urdd.user = trans.user(); @@ -883,14 +883,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_ConflictAlreadyExists, "Permission Type exists as a Namespace"); } - + Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, newPd.value,false, new Mapper.Memo() { @Override public String get() { - return "Create Permission [" + - newPd.value.fullType() + '|' + - newPd.value.instance + '|' + + return "Create Permission [" + + newPd.value.fullType() + '|' + + newPd.value.instance + '|' + newPd.value.action + ']'; } }, @@ -904,14 +904,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return nsd; } }); - + Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, newPd.value.ns); if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans,fd.value, + Result<String> rfc = func.createFuture(trans,fd.value, newPd.value.fullType() + '|' + newPd.value.instance + '|' + newPd.value.action, trans.user(), nsr.value.get(0), @@ -933,12 +933,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authz/perms/:type", params = {"type|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List All Permissions that match the :type element of the key" } ) @Override @@ -956,7 +956,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE // We don't have instance & action for mayUserView... do we want to loop through all returned here as well as in mapper? // Result<NsDAO.Data> r; // if ((r = ques.mayUserViewPerm(trans, trans.user(), permType)).notOK())return Result.err(r); - + PERMS perms = mapper.newInstance(API.PERMS); if (!rlpd.isEmpty()) { // Note: Mapper will restrict what can be viewed @@ -964,15 +964,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } return Result.ok(perms); } - - @ApiDoc( - method = GET, + + @ApiDoc( + method = GET, path = "/authz/perms/:type/:instance/:action", params = {"type|string|true", "instance|string|true", "action|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List Permissions that match key; :type, :instance and :action" } ) @Override @@ -983,7 +983,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE || v.nullOrBlank("PermAction", action).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<List<PermDAO.Data>> rlpd = ques.getPermsByName(trans, type, instance, action); if (rlpd.notOK()) { return Result.err(rlpd); @@ -997,12 +997,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.ok(perms); } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authz/perms/user/:user", params = {"user|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List All Permissions that match user :user", "<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>"} ) @@ -1018,25 +1018,25 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rlpd.notOK()) { return Result.err(rlpd); } - + PERMS perms = mapper.newInstance(API.PERMS); - + if (rlpd.isEmpty()) { return Result.ok(perms); } // Note: Mapper will restrict what can be viewed // if user is the same as that which is looked up, no filtering is required - return mapper.perms(trans, rlpd.value, - perms, + return mapper.perms(trans, rlpd.value, + perms, !user.equals(trans.user())); } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authz/perms/user/:user/scope/:scope", params = {"user|string|true","scope|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List All Permissions that match user :user, filtered by NS (Scope)", "<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>", "<p>'scope' must be expressed as NSs separated by ':'</p>" @@ -1053,26 +1053,26 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rlpd.notOK()) { return Result.err(rlpd); } - + PERMS perms = mapper.newInstance(API.PERMS); - + if (rlpd.isEmpty()) { return Result.ok(perms); } // Note: Mapper will restrict what can be viewed // if user is the same as that which is looked up, no filtering is required - return mapper.perms(trans, rlpd.value, - perms, + return mapper.perms(trans, rlpd.value, + perms, scopes, !user.equals(trans.user())); } - @ApiDoc( - method = POST, + @ApiDoc( + method = POST, path = "/authz/perms/user/:user", params = {"user|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List All Permissions that match user :user", "<p>'user' must be expressed as full identity (ex: id@full.domain.com)</p>", "", @@ -1100,15 +1100,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + ////////////// PermLookup pl = PermLookup.get(trans,ques,user); Result<List<PermDAO.Data>> rlpd = pl.getPerms(trans.requested(force)); if (rlpd.notOK()) { return Result.err(rlpd); } - - /*//TODO + + /*//TODO 1) See if allowed to query 2) See if User is allowed */ @@ -1150,25 +1150,25 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE out.add(pdd); } } - } - + } + perms = mapper.newInstance(API.PERMS); if (rlpd.isEmpty()) { return Result.ok(perms); } // Note: Mapper will restrict what can be viewed // if user is the same as that which is looked up, no filtering is required - return mapper.perms(trans, rlpd.value, - perms, + return mapper.perms(trans, rlpd.value, + perms, !user.equals(trans.user())); } - - @ApiDoc( - method = GET, + + @ApiDoc( + method = GET, path = "/authz/perms/role/:role", params = {"role|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List All Permissions that are granted to :role" } ) @Override @@ -1198,12 +1198,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.ok(perms); } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authz/perms/ns/:ns", params = {"ns|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "List All Permissions that are in Namespace :ns" } ) @Override @@ -1220,9 +1220,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } - + Result<List<PermDAO.Data>> rlpd = ques.permDAO().readNS(trans, ns); if (rlpd.notOK()) { return Result.err(rlpd); @@ -1235,15 +1235,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } return Result.ok(perms); } - - @ApiDoc( - method = PUT, + + @ApiDoc( + method = PUT, path = "/authz/perm/:type/:instance/:action", params = {"type|string|true", "instance|string|true", "action|string|true"}, expectedCode = 200, - errorCodes = { 404,406, 409 }, + errorCodes = { 404,406, 409 }, text = { "Rename the Permission referenced by :type :instance :action, and " + "rename (copy/delete) to the Permission described in PermRequest" } ) @@ -1259,54 +1259,54 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_Denied, "You do not have approval to change Permission [%s.%s|%s|%s]", newPd.value.ns,newPd.value.type,newPd.value.instance,newPd.value.action); } - + Result<NsSplit> nss = ques.deriveNsSplit(trans, origType); - Result<List<PermDAO.Data>> origRlpd = ques.permDAO().read(trans, nss.value.ns, nss.value.name, origInstance, origAction); - + Result<List<PermDAO.Data>> origRlpd = ques.permDAO().read(trans, nss.value.ns, nss.value.name, origInstance, origAction); + if (origRlpd.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, + return Result.err(Status.ERR_PermissionNotFound, "Permission [%s|%s|%s] does not exist", origType,origInstance,origAction); } - + PermDAO.Data origPd = origRlpd.value.get(0); if (!origPd.ns.equals(newPd.value.ns)) { return Result.err(Status.ERR_Denied, "Cannot change namespace with rename command. " + "<new type> must start with [" + origPd.ns + "]"); } - - if ( origPd.type.equals(newPd.value.type) && - origPd.action.equals(newPd.value.action) && + + if ( origPd.type.equals(newPd.value.type) && + origPd.action.equals(newPd.value.action) && origPd.instance.equals(newPd.value.instance) ) { return Result.err(Status.ERR_ConflictAlreadyExists, "New Permission must be different than original permission"); } - + Set<String> origRoles = origPd.roles(false); if (!origRoles.isEmpty()) { Set<String> roles = newPd.value.roles(true); for (String role : origPd.roles) { - roles.add(role); + roles.add(role); } - } - + } + newPd.value.description = origPd.description; - + Result<Void> rv = null; - + rv = func.createPerm(trans, newPd.value, false); if (rv.isOK()) { rv = func.deletePerm(trans, origPd, true, false); } return rv; } - - @ApiDoc( - method = PUT, + + @ApiDoc( + method = PUT, path = "/authz/perm", params = {}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "Add Description Data to Perm" } ) @Override @@ -1344,7 +1344,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + @ApiDoc( method = PUT, path = "/authz/role/perm", @@ -1372,18 +1372,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } // Read full set to get CURRENT values - Result<List<PermDAO.Data>> rcurr = ques.permDAO().read(trans, - updt.value.ns, - updt.value.type, - updt.value.instance, + Result<List<PermDAO.Data>> rcurr = ques.permDAO().read(trans, + updt.value.ns, + updt.value.type, + updt.value.instance, updt.value.action); - + if (rcurr.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, + return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist", updt.value.ns,updt.value.type,updt.value.instance,updt.value.action); } - + // Create a set of Update Roles, which are in Internal Format Set<String> updtRoles = new HashSet<>(); Result<NsSplit> nss; @@ -1397,11 +1397,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rv = null; - + for (PermDAO.Data curr : rcurr.value) { Set<String> currRoles = curr.roles(false); - // must add roles to this perm, and add this perm to each role - // in the update, but not in the current + // must add roles to this perm, and add this perm to each role + // in the update, but not in the current for (String role : updtRoles) { if (!currRoles.contains(role)) { Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role); @@ -1437,17 +1437,17 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } } - } - } - return rv==null?Result.ok():rv; + } + } + return rv==null?Result.ok():rv; } - - @ApiDoc( + + @ApiDoc( method = DELETE, path = "/authz/perm", params = {}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "Delete the Permission referenced by PermKey.", "You cannot normally delete a permission which is still granted to roles,", "however the \"force\" property allows you to do just that. To do this: Add", @@ -1469,7 +1469,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist", perm.ns,perm.type,perm.instance,perm.action ); } - + Result<FutureDAO.Data> fd = mapper.future(trans,PermDAO.TABLE,from,perm,false, new Mapper.Memo() { @Override @@ -1487,36 +1487,36 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return nsd; } }); - + switch(fd.status) { case OK: Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, perm.ns); if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } - - Result<String> rfc = func.createFuture(trans, fd.value, + + Result<String> rfc = func.createFuture(trans, fd.value, perm.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode()); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: return func.deletePerm(trans,perm,trans.requested(force), false); default: return Result.err(fd); - } - } - - @ApiDoc( + } + } + + @ApiDoc( method = DELETE, path = "/authz/perm/:name/:type/:action", params = {"type|string|true", "instance|string|true", "action|string|true"}, expectedCode = 200, - errorCodes = { 404,406 }, + errorCodes = { 404,406 }, text = { "Delete the Permission referenced by :type :instance :action", "You cannot normally delete a permission which is still granted to roles,", "however the \"force\" property allows you to do just that. To do this: Add", @@ -1532,7 +1532,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE .err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<PermDAO.Data> pd = ques.permFrom(trans, type, instance, action); if (pd.isOK()) { return func.deletePerm(trans, pd.value, trans.requested(force), false); @@ -1542,7 +1542,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } /*********************************** - * ROLE + * ROLE ***********************************/ @ApiDoc( method = POST, @@ -1586,8 +1586,8 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE new Mapper.Memo() { @Override public String get() { - return "Create Role [" + - rd.value.fullName() + + return "Create Role [" + + rd.value.fullName() + ']'; } }, @@ -1601,7 +1601,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return nsd; } }); - + Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, rd.value.ns); if (nsr.notOKorIsEmpty()) { return Result.err(nsr); @@ -1609,13 +1609,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans, fd.value, + Result<String> rfc = func.createFuture(trans, fd.value, role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.C); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Role [%s.%s] is saved for future processing", rd.value.ns, rd.value.name); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -1636,7 +1636,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @ApiDoc( method = GET, path = "/authz/roles/:role", - params = {"role|string|true"}, + params = {"role|string|true"}, expectedCode = 200, errorCodes = {404,406}, text = { "List Roles that match :role", @@ -1649,7 +1649,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("Role", role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + // Determine if User can ask this question Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role); if (rrdd.isOKhasData()) { @@ -1660,7 +1660,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } else { return Result.err(rrdd); } - + // Look up data int query = role.indexOf('?'); Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query)); @@ -1722,7 +1722,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE params = {"ns|string|true"}, expectedCode = 200, errorCodes = {404,406}, - text = { "List all Roles for the Namespace :ns", + text = { "List all Roles for the Namespace :ns", "Note: You must have permission to see any given role" } ) @@ -1733,15 +1733,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("NS", ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + // check if user is allowed to view NS - Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns); + Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns); if (rnsd.notOK()) { - return Result.err(rnsd); + return Result.err(rnsd); } rnsd = ques.mayUser(trans, trans.user(), rnsd.value, Access.read); if (rnsd.notOK()) { - return Result.err(rnsd); + return Result.err(rnsd); } TimeTaken tt = trans.start("MAP Roles by NS to Roles", Env.SUB); @@ -1773,7 +1773,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE params = {"name|string|true"}, expectedCode = 200, errorCodes = {404,406}, - text = { "List all Roles for only the Name of Role (without Namespace)", + text = { "List all Roles for only the Name of Role (without Namespace)", "Note: You must have permission to see any given role" } ) @@ -1783,7 +1783,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("Name", name).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + // User Mapper to make sure user is allowed to view NS TimeTaken tt = trans.start("MAP Roles by Name to Roles", Env.SUB); @@ -1834,7 +1834,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE .err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + TimeTaken tt = trans.start("Map Perm Roles Roles", Env.SUB); try { ROLES roles = mapper.newInstance(API.ROLES); @@ -1846,7 +1846,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if ((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) { return Result.err(res); } - + Result<List<PermDAO.Data>> pdlr = ques.permDAO().read(trans, pdd); if (pdlr.isOK())for (PermDAO.Data pd : pdlr.value) { Result<List<RoleDAO.Data>> rlrd; @@ -1910,7 +1910,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + @ApiDoc( method = POST, path = "/authz/role/perm", @@ -1918,7 +1918,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE expectedCode = 201, errorCodes = {403,404,406,409}, text = { "Grant a Permission to a Role", - "Permission consists of:", + "Permission consists of:", "<ul><li>type - a Namespace qualified identifier specifying what kind of resource " + "is being protected</li>", "<li>instance - a key, possibly multi-dimensional, that identifies a specific " @@ -1942,7 +1942,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rrd.notOKorIsEmpty()) { return Result.err(rrd); } - + // Validate Role and Perm values final ServiceValidator v = new ServiceValidator(); if (v.perm(rpd.value) @@ -1955,9 +1955,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rlrd.notOKorIsEmpty()) { return Result.err(Status.ERR_RoleNotFound, "Role [%s] does not exist", rrd.value.fullName()); } - + // Check Status of Data in DB (does it exist) - Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, rpd.value.ns, + Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, rpd.value.ns, rpd.value.type, rpd.value.instance, rpd.value.action); PermDAO.Data createPerm = null; // if not null, create first if (rlpd.notOKorIsEmpty()) { // Permission doesn't exist @@ -1966,7 +1966,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE createPerm = rpd.value; createPerm.roles.clear(); } else { - return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist", + return Result.err(Status.ERR_PermissionNotFound,"Permission [%s.%s|%s|%s] does not exist", rpd.value.ns,rpd.value.type,rpd.value.instance,rpd.value.action); } } else { @@ -1979,7 +1979,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, rpd.value,true, // Allow grants to create Approvals new Mapper.Memo() { @Override @@ -2007,7 +2007,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans,fd.value, + Result<String> rfc = func.createFuture(trans,fd.value, rpd.value.fullPerm(), trans.user(), nsr.value.get(0), @@ -2018,7 +2018,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE rpd.value.type, rpd.value.instance, rpd.value.action); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -2033,7 +2033,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE default: return Result.err(fd); } - + } /** @@ -2071,17 +2071,17 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return delPermFromRole(trans, updt.value,rrd.value, rreq); } - - private Result<Void> delPermFromRole(final AuthzTrans trans, PermDAO.Data pdd, RoleDAO.Data rdd, REQUEST rreq) { - Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, pdd.ns, pdd.type, + + private Result<Void> delPermFromRole(final AuthzTrans trans, PermDAO.Data pdd, RoleDAO.Data rdd, REQUEST rreq) { + Result<List<PermDAO.Data>> rlpd = ques.permDAO().read(trans, pdd.ns, pdd.type, pdd.instance, pdd.action); - + if (rlpd.notOKorIsEmpty()) { - return Result.err(Status.ERR_PermissionNotFound, + return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist", pdd.ns,pdd.type,pdd.instance,pdd.action); } - + Result<FutureDAO.Data> fd = mapper.future(trans, PermDAO.TABLE, rreq, pdd,true, // allow ungrants requests new Mapper.Memo() { @Override @@ -2106,7 +2106,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans,fd.value, + Result<String> rfc = func.createFuture(trans,fd.value, pdd.fullPerm(), trans.user(), nsr.value.get(0), @@ -2127,7 +2127,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(fd); } } - + /* @ApiDoc( method = DELETE, @@ -2148,7 +2148,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rpns.notOKorIsEmpty()) { return Result.err(rpns); } - + final Validator v = new ServiceValidator(); if (v.role(role) .permType(rpns.value.name,rpns.value.parent) @@ -2157,26 +2157,26 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE .err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<Data> rrns = ques.deriveNs(trans, role); if (rrns.notOKorIsEmpty()) { return Result.err(rrns); } - + final Result<List<RoleDAO.Data>> rrd = ques.roleDAO().read(trans, rrns.value.parent, rrns.value.name); if (rrd.notOKorIsEmpty()) { return Result.err(rrd); } - + final Result<List<PermDAO.Data>> rpd = ques.permDAO().read(trans, rpns.value.parent, rpns.value.name, instance, action); if (rpd.notOKorIsEmpty()) { return Result.err(rpd); } - + return delPermFromRole(trans,rpd.value.get(0), rrd.value.get(0), mapper.ungrantRequest(trans, role, type, instance, action)); } - + @ApiDoc( method = DELETE, path = "/authz/role/:role", @@ -2191,7 +2191,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role); if (rrdd.isOKhasData()) { final ServiceValidator v = new ServiceValidator(); - if (v.nullOrBlank(rrdd.value).err()) { + if (v.nullOrBlank(rrdd.value).err()) { return Result.err(Status.ERR_BadData,v.errs()); } return func.deleteRole(trans, rrdd.value, false, false); @@ -2241,21 +2241,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return nsd; } }); - + switch(fd.status) { case OK: Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, rd.value.ns); if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } - - Result<String> rfc = func.createFuture(trans, fd.value, + + Result<String> rfc = func.createFuture(trans, fd.value, role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Role Deletion [%s.%s] is saved for future processing", rd.value.ns, rd.value.name); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -2267,14 +2267,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } /*********************************** - * CRED + * CRED ***********************************/ private class MayCreateCred implements MayChange { private Result<NsDAO.Data> nsd; private AuthzTrans trans; private CredDAO.Data cred; private Executor exec; - + public MayCreateCred(AuthzTrans trans, CredDAO.Data cred, Executor exec) { this.trans = trans; this.cred = cred; @@ -2291,7 +2291,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { // Check Org Policy if (trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) { - return Result.ok(); + return Result.ok(); } else { Result<?> rmc = ques.mayUser(trans, trans.user(), nsd.value, Access.write); if (rmc.isOKhasData()) { @@ -2365,13 +2365,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } private final long DAY_IN_MILLIS = 24*3600*1000L; - - @ApiDoc( - method = POST, + + @ApiDoc( + method = POST, path = "/authn/cred", params = {}, expectedCode = 201, - errorCodes = {403,404,406,409}, + errorCodes = {403,404,406,409}, text = { "A credential consists of:", "<ul><li>id - the ID to create within AAF. The domain is in reverse", "order of Namespace (i.e. Users of Namespace com.att.myapp would be", @@ -2385,18 +2385,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public Result<Void> createUserCred(final AuthzTrans trans, REQUEST from) { final String cmdDescription = ("Create User Credential"); TimeTaken tt = trans.start(cmdDescription, Env.SUB); - + try { Result<CredDAO.Data> rcred = mapper.cred(trans, from, true); if (rcred.isOKhasData()) { rcred = ques.userCredSetup(trans, rcred.value); - + final ServiceValidator v = new ServiceValidator(); - - if (v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations + + if (v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations return Result.err(Status.ERR_BadData,v.errs()); } - + // 2016-4 Jonathan, New Behavior - If MechID is not registered with Org, deny creation Identity mechID = null; @@ -2406,7 +2406,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } catch (Exception e1) { trans.error().log(e1,rcred.value.id,"cannot be validated at this time"); } - if (mechID==null || !mechID.isFound()) { + if (mechID==null || !mechID.isFound()) { return Result.err(Status.ERR_Policy,"MechIDs must be registered with %s before provisioning in AAF",org.getName()); } @@ -2414,11 +2414,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (nsr.notOKorIsEmpty()) { return Result.err(Status.ERR_NsNotFound,"Cannot provision %s on non-existent Namespace %s",mechID.id(),rcred.value.ns); } - + boolean firstID = false; MayChange mc; - + CassExecutor exec = new CassExecutor(trans, func); Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, rcred.value.id); if (rlcd.isOKhasData()) { @@ -2430,21 +2430,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE // May not use the same password in the list // Note: ASPR specifies character differences, but we don't actually store the // password to validate char differences. - + // byte[] rawCred = rcred.value.type==CredDAO.RAW?null:; return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists"); if(rcred.value.type==CredDAO.FQI ) { if(curr.type==CredDAO.FQI) { return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists"); } } else { - + rb = ques.userCredCheck(trans, curr, rcred.value.cred!=null?rcred.value.cred.array():null); if (rb.notOK()) { return Result.err(rb); } else if (rb.value){ return Result.err(Status.ERR_Policy, "Credential content cannot be reused."); - } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) - && curr.type==rcred.value.type + } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) + && curr.type==rcred.value.type ) { // Allow if expiring differential is greater than 1 day (for TEMP) // Unless expiring in 1 day @@ -2453,7 +2453,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } } - } + } } else { try { // 2016-04-12 Jonathan If Caller is the Sponsor and is also an Owner of NS, allow without special Perm @@ -2469,32 +2469,32 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE String reason; // We can say "ID does not exist" here if ((reason=org.validate(trans, Policy.CREATE_MECHID, exec, theMechID,trans.user(),otherMechIDs.toString()))!=null) { - return Result.err(Status.ERR_Denied, reason); + return Result.err(Status.ERR_Denied, reason); } firstID=true; } catch (Exception e) { return Result.err(e); } } - + mc = new MayCreateCred(trans, rcred.value, exec); - + final CredDAO.Data cdd = rcred.value; Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from, rcred.value,false, // may want to enable in future. new Mapper.Memo() { @Override public String get() { - return cmdDescription + " [" + - cdd.id + '|' - + cdd.type + '|' + return cmdDescription + " [" + + cdd.id + '|' + + cdd.type + '|' + cdd.expires + ']'; } }, mc); - + switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans, fd.value, + Result<String> rfc = func.createFuture(trans, fd.value, rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires, trans.user(), nsr.value.get(0), FUTURE_OP.C); if (rfc.isOK()) { @@ -2502,7 +2502,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE rcred.value.id, Integer.toString(rcred.value.type), rcred.value.expires.toString()); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -2512,11 +2512,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if(!ques.isOwner(trans,trans.user(),cdd.ns)) { // Admins are not allowed to set first Cred, but Org has already // said entity MAY create, typically by Permission - // We can't know which reason they are allowed here, so we - // have to assume that any with Special Permission would not be + // We can't know which reason they are allowed here, so we + // have to assume that any with Special Permission would not be // an Admin. if(ques.isAdmin(trans, trans.user(), cdd.ns)) { - return Result.err(Result.ERR_Denied, + return Result.err(Result.ERR_Denied, "Only Owners may create first passwords in their Namespace. Admins may modify after one exists" ); } else { // Allow IDs that AREN'T part of NS with Org Onboarding Permission (see Org object) to create Temp Passwords. @@ -2527,7 +2527,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } catch (Exception e) { trans.error().log(e, "While setting expiration to TempPassword"); } - + Result<?>udr = ques.credDAO().create(trans, rcred.value); if (udr.isOK()) { return Result.ok(); @@ -2545,12 +2545,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authn/creds/ns/:ns", params = {"ns|string|true"}, expectedCode = 200, - errorCodes = {403,404,406}, + errorCodes = {403,404,406}, text = { "Return all IDs in Namespace :ns" } ) @@ -2560,42 +2560,42 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.ns(ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + // check if user is allowed to view NS Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } - + TimeTaken tt = trans.start("MAP Creds by NS to Creds", Env.SUB); - try { + try { USERS users = mapper.newInstance(API.USERS); Result<List<CredDAO.Data>> rlcd = ques.credDAO().readNS(trans, ns); - + if (rlcd.isOK()) { if (!rlcd.isEmpty()) { return mapper.cred(rlcd.value, users); } - return Result.ok(users); + return Result.ok(users); } else { return Result.err(rlcd); } } finally { tt.done(); } - + } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authn/creds/id/:ns", params = {"id|string|true"}, expectedCode = 200, - errorCodes = {403,404,406}, + errorCodes = {403,404,406}, text = { "Return all IDs in for ID" ,"(because IDs are multiple, due to multiple Expiration Dates)" } @@ -2606,59 +2606,59 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("ID",id).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + String ns = Question.domain2ns(id); // check if user is allowed to view NS Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } - + TimeTaken tt = trans.start("MAP Creds by ID to Creds", Env.SUB); - try { + try { USERS users = mapper.newInstance(API.USERS); Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, id); - + if (rlcd.isOK()) { if (!rlcd.isEmpty()) { return mapper.cred(rlcd.value, users); } - return Result.ok(users); + return Result.ok(users); } else { return Result.err(rlcd); } } finally { tt.done(); } - + } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authn/certs/id/:id", params = {"id|string|true"}, expectedCode = 200, - errorCodes = {403,404,406}, + errorCodes = {403,404,406}, text = { "Return Cert Info for ID" } ) @Override public Result<CERTS> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, String id) { TimeTaken tt = trans.start("Get Cert Info by ID", Env.SUB); - try { + try { CERTS certs = mapper.newInstance(API.CERTS); Result<List<CertDAO.Data>> rlcd = ques.certDAO().readID(trans, id); - + if (rlcd.isOK()) { if (!rlcd.isEmpty()) { return mapper.cert(rlcd.value, certs); } - return Result.ok(certs); - } else { + return Result.ok(certs); + } else { return Result.err(rlcd); } } finally { @@ -2667,12 +2667,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } - @ApiDoc( - method = PUT, + @ApiDoc( + method = PUT, path = "/authn/cred", params = {}, expectedCode = 200, - errorCodes = {300,403,404,406}, + errorCodes = {300,403,404,406}, text = { "Reset a Credential Password. If multiple credentials exist for this", "ID, you will need to specify which entry you are resetting in the", "CredRequest object" @@ -2686,54 +2686,54 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<CredDAO.Data> rcred = mapper.cred(trans, from, true); if (rcred.isOKhasData()) { rcred = ques.userCredSetup(trans, rcred.value); - + final ServiceValidator v = new ServiceValidator(); - - if (v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations + + if (v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations return Result.err(Status.ERR_BadData,v.errs()); } Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, rcred.value.id); if (rlcd.notOKorIsEmpty()) { return Result.err(Status.ERR_UserNotFound, "Credential does not exist"); - } - + } + MayChange mc = new MayChangeCred(trans, rcred.value,MayChangeCred.RESET); - Result<?> rmc = mc.mayChange(); + Result<?> rmc = mc.mayChange(); if (rmc.notOK()) { return Result.err(rmc); } - + List<CredDAO.Data> lcdd = filterList(rlcd.value,CredDAO.BASIC_AUTH, CredDAO.BASIC_AUTH_SHA256); - + Result<Integer> ri = selectEntryIfMultiple((CredRequest)from, lcdd, MayChangeCred.RESET); if (ri.notOK()) { return Result.err(ri); } int entry = ri.value; - - + + final CredDAO.Data cred = rcred.value; - + Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from, rcred.value,false, new Mapper.Memo() { @Override public String get() { - return cmdDescription + " [" + - cred.id + '|' - + cred.type + '|' + return cmdDescription + " [" + + cred.id + '|' + + cred.type + '|' + cred.expires + ']'; } }, mc); - + Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, rcred.value.ns); if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } - + switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans, fd.value, + Result<String> rfc = func.createFuture(trans, fd.value, rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires, trans.user(), nsr.value.get(0), FUTURE_OP.U); if (rfc.isOK()) { @@ -2741,7 +2741,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE rcred.value.id, Integer.toString(rcred.value.type), rcred.value.expires.toString()); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -2754,15 +2754,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } else { exp = Expiration.TempPassword; } - + Organization org = trans.org(); CredDAO.Data current = rlcd.value.get(entry); // If user resets password in same day, we will have a primary key conflict, so subtract 1 day - if (current.expires.equals(rcred.value.expires) + if (current.expires.equals(rcred.value.expires) && rlcd.value.get(entry).type==rcred.value.type) { GregorianCalendar gc = org.expiration(null, exp,rcred.value.id); gc = Chrono.firstMomentOfDay(gc); - gc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay()); + gc.set(GregorianCalendar.HOUR_OF_DAY, org.startOfDay()); rcred.value.expires = new Date(gc.getTimeInMillis() - DAY_IN_MILLIS); } else { rcred.value.expires = org.expiration(null,exp).getTime(); @@ -2775,7 +2775,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (udr.isOK()) { return Result.ok(); } - + return Result.err(udr); default: return Result.err(fd); @@ -2788,12 +2788,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - @ApiDoc( - method = PUT, + @ApiDoc( + method = PUT, path = "/authn/cred/:days", params = {"days|string|true"}, expectedCode = 200, - errorCodes = {300,403,404,406}, + errorCodes = {300,403,404,406}, text = { "Extend a Credential Expiration Date. The intention of this API is", "to avoid an outage in PROD due to a Credential expiring before it", "can be configured correctly. Measures are being put in place ", @@ -2807,12 +2807,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<CredDAO.Data> cred = mapper.cred(trans, from, false); Organization org = trans.org(); final ServiceValidator v = new ServiceValidator(); - if (v.notOK(cred).err() || + if (v.notOK(cred).err() || v.nullOrBlank(cred.value.id, "Invalid ID").err() || v.user(org,cred.value.id).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + try { String reason; if ((reason=org.validate(trans, Policy.MAY_EXTEND_CRED_EXPIRES, new CassExecutor(trans,func)))!=null) { @@ -2823,13 +2823,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE trans.error().log(e, msg="Could not contact Organization for User Validation"); return Result.err(Status.ERR_Denied, msg); } - + // Get the list of Cred Entries Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id); if (rlcd.notOKorIsEmpty()) { return Result.err(Status.ERR_UserNotFound, "Credential does not exist"); } - + // Only Passwords can be extended List<CredDAO.Data> lcdd = filterList(rlcd.value,CredDAO.BASIC_AUTH, CredDAO.BASIC_AUTH_SHA256); @@ -2854,7 +2854,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if(cd.expires.before(found.expires)) { return Result.err(Result.ERR_BadData,String.format("Credential's expiration date is more than %s days in the future",days)); } - + cred = ques.credDAO().create(trans, cd); if (cred.isOK()) { return Result.ok(); @@ -2863,14 +2863,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } finally { tt.done(); } - } + } - @ApiDoc( - method = DELETE, + @ApiDoc( + method = DELETE, path = "/authn/cred", params = {}, expectedCode = 200, - errorCodes = {300,403,404,406}, + errorCodes = {300,403,404,406}, text = { "Delete a Credential. If multiple credentials exist for this", "ID, you will need to specify which entry you are deleting in the", "CredRequest object." @@ -2885,11 +2885,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } MayChange mc = new MayChangeCred(trans,cred.value,MayChangeCred.DELETE); - Result<?> rmc = mc.mayChange(); + Result<?> rmc = mc.mayChange(); if (rmc.notOK()) { return Result.err(rmc); } - + boolean doForce = trans.requested(force); Result<List<CredDAO.Data>> rlcd = ques.credDAO().readID(trans, cred.value.id); if (rlcd.notOKorIsEmpty()) { @@ -2903,7 +2903,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_UserNotFound, "Credential does not exist"); } boolean isLastCred = rlcd.value.size()==1; - + int entry; CredRequest cr = (CredRequest)from; if(isLastCred) { @@ -2921,7 +2921,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE ++fentry; if(cdd.type == CredDAO.FQI) { entry = fentry; - break; + break; } } } else { @@ -2972,26 +2972,26 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } } - + Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false, () -> "Delete Credential [" + cred.value.id + ']', mc); - + Result<List<NsDAO.Data>> nsr = ques.nsDAO().read(trans, cred.value.ns); if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } - + switch(fd.status) { case OK: Result<String> rfc = func.createFuture(trans, fd.value, cred.value.id, trans.user(), nsr.value.get(0), FUTURE_OP.D); - + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -3031,7 +3031,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE default: return Result.err(fd); } - + } /* @@ -3105,21 +3105,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE private String[] buildVariables(List<CredDAO.Data> value) { String [] vars = new String[value.size()]; CredDAO.Data cdd; - + for (int i = 0; i < value.size(); i++) { cdd = value.get(i); vars[i] = cdd.id + TWO_SPACE + Define.getCredType(cdd.type) + TWO_SPACE + Chrono.niceUTCStamp(cdd.expires) + TWO_SPACE + cdd.tag; } return vars; } - + private String selectCredFromList(List<CredDAO.Data> value, String action) { StringBuilder errMessage = new StringBuilder(); String userPrompt = MayChangeCred.DELETE.equals(action)? "Select which cred to delete (set force=true to delete all):": "Select which cred to " + action + ':'; int numSpaces = value.get(0).id.length() - "Id".length(); - + errMessage.append(userPrompt + '\n'); errMessage.append(" ID"); for (int i = 0; i < numSpaces; i++) { @@ -3135,7 +3135,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE errMessage.append("Run same command again with chosen entry as last parameter"); } return errMessage.toString(); - + } @Override @@ -3162,12 +3162,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - @ApiDoc( - method = POST, + @ApiDoc( + method = POST, path = "/authn/validate", params = {}, expectedCode = 200, - errorCodes = { 403 }, + errorCodes = { 403 }, text = { "Validate a Credential given a Credential Structure. This is a more comprehensive validation, can " + "do more than BasicAuth as Credential types exp" } ) @@ -3192,13 +3192,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_Denied,"Bad Basic Auth"); } -@ApiDoc( - method = GET, +@ApiDoc( + method = GET, path = "/authn/basicAuth", params = {}, expectedCode = 200, - errorCodes = { 403 }, - text = { "!!!! DEPRECATED without X509 Authentication STOP USING THIS API BY DECEMBER 2017, or use Certificates !!!!\n" + errorCodes = { 403 }, + text = { "!!!! DEPRECATED without X509 Authentication STOP USING THIS API BY DECEMBER 2017, or use Certificates !!!!\n" + "Use /authn/validate instead\n" + "Note: Validate a Password using BasicAuth Base64 encoded Header. This HTTP/S call is intended as a fast" + " User/Password lookup for Security Frameworks, and responds 200 if it passes BasicAuth " @@ -3209,14 +3209,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } /*********************************** - * USER-ROLE + * USER-ROLE ***********************************/ - @ApiDoc( - method = POST, + @ApiDoc( + method = POST, path = "/authz/userRole", params = {}, expectedCode = 201, - errorCodes = {403,404,406,409}, + errorCodes = {403,404,406,409}, text = { "Create a UserRole relationship (add User to Role)", "A UserRole is an object Representation of membership of a Role for limited time.", "If a shorter amount of time for Role ownership is required, use the 'End' field.", @@ -3233,7 +3233,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(urr); } final UserRoleDAO.Data userRole = urr.value; - + final ServiceValidator v = new ServiceValidator(); if (v.user_role(trans.user(),userRole).err() || v.user(trans.org(), userRole.user).err()) { @@ -3241,7 +3241,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } - + // Check if user can change first Result<FutureDAO.Data> fd = mapper.future(trans,UserRoleDAO.TABLE,from,urr.value,true, // may request Approvals () -> "Add User [" + userRole.user + "] to Role [" + @@ -3261,7 +3261,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return nsd; } }); - + NsDAO.Data ndd; if(userRole.role.startsWith(userRole.user)) { userRole.ns=userRole.user; @@ -3277,14 +3277,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname, + Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname, userRole.user, ndd, FUTURE_OP.C); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "UserRole [%s - %s.%s] is saved for future processing", userRole.user, userRole.ns, userRole.rname); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -3296,7 +3296,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + /** * getUserRolesByRole */ @@ -3315,7 +3315,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("Role",role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<RoleDAO.Data> rrdd; rrdd = RoleDAO.Data.decode(trans,ques,role); if (rrdd.notOK()) { @@ -3326,11 +3326,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (ns.notOK()) { return Result.err(ns); } - - // boolean filter = true; + + // boolean filter = true; // if (ns.value.isAdmin(trans.user()) || ns.value.isResponsible(trans.user())) // filter = false; - + // Get list of roles per user, then add to Roles as we go HashSet<UserRoleDAO.Data> userSet = new HashSet<>(); Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByRole(trans, role); @@ -3339,7 +3339,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE userSet.add(data); } } - + @SuppressWarnings("unchecked") USERROLES users = (USERROLES) mapper.newInstance(API.USER_ROLES); // Checked for permission @@ -3364,18 +3364,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.nullOrBlank("User",user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + // Get list of roles per user, then add to Roles as we go Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByUser(trans, user); - if (rlurd.notOK()) { + if (rlurd.notOK()) { return Result.err(rlurd); } - + /* Check for - * 1) is User + * 1) is User * 2) is User's Supervisor * 3) Has special global access =read permission - * + * * If none of the 3, then filter results to NSs in which Calling User has Ns.access * read */ boolean mustFilter; @@ -3401,11 +3401,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE mustFilter = true; } } - + List<UserRoleDAO.Data> content; if (mustFilter) { content = new ArrayList<>(rlurd.value.size()); // avoid multi-memory redos - + for (UserRoleDAO.Data data : rlurd.value) { ndd.name=data.ns; Result<Data> mur = ques.mayUser(trans, callingUser, ndd, Access.read); @@ -3413,7 +3413,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE content.add(data); } } - + } else { content = rlurd.value; } @@ -3426,9 +3426,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.ok(users); } - - - + + + @ApiDoc( method = GET, path = "/authz/userRole/extend/:user/:role", @@ -3450,18 +3450,18 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE .err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role); if (rrdd.notOK()) { return Result.err(rrdd); } - + Result<NsDAO.Data> rcr = ques.mayUser(trans, trans.user(), rrdd.value, Access.write); boolean mayNotChange; if ((mayNotChange = rcr.notOK()) && !trans.requested(future)) { return Result.err(rcr); } - + Result<List<UserRoleDAO.Data>> rr = ques.userRoleDAO().read(trans, user,role); if (rr.notOK()) { return Result.err(rr); @@ -3481,7 +3481,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(e); } - Result<String> rfc = func.createFuture(trans, fto, + Result<String> rfc = func.createFuture(trans, fto, userRole.user+'|'+userRole.role, userRole.user, rcr.value, FUTURE_OP.U); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing", @@ -3497,14 +3497,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Result.ERR_NotFound,"This user and role doesn't exist"); } - @ApiDoc( - method = DELETE, + @ApiDoc( + method = DELETE, path = "/authz/userRole/:user/:role", params = { "user|string|true", "role|string|true" }, expectedCode = 200, - errorCodes = {403,404,406}, + errorCodes = {403,404,406}, text = { "Remove Role :role from User :user." } ) @@ -3521,7 +3521,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rrdd.notOK()) { return Result.err(rrdd); } - + RoleDAO.Data rdd = rrdd.value; Result<NsDAO.Data> rns = ques.mayUser(trans, trans.user(), rdd, Access.write); @@ -3529,7 +3529,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rns.isOKhasData() && Question.OWNER.equals(rdd.name) && ques.countOwner(trans,rdd.ns)<=1) { return Result.err(Status.ERR_Denied,"You may not delete the last Owner of " + rdd.ns ); } - + if (mayNotChange=rns.notOK()) { if (!trans.requested(future)) { return Result.err(rns); @@ -3551,13 +3551,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE fto.start = now.getTime(); fto.expires = trans.org().expiration(now, Expiration.Future).getTime(); - Result<String> rfc = func.createFuture(trans, fto, + Result<String> rfc = func.createFuture(trans, fto, userRole.user+'|'+userRole.role, userRole.user, rns.value, FUTURE_OP.D); if (rfc.isOK()) { - return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing", + return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing", userRole.user, userRole.role); - } else { + } else { return Result.err(rfc); } } else { @@ -3565,13 +3565,13 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authz/userRole/:user/:role", params = {"user|string|true", "role|string|true"}, expectedCode = 200, - errorCodes = {403,404,406}, + errorCodes = {403,404,406}, text = { "Returns the User (with Expiration date from listed User/Role) if it exists" } ) @@ -3584,7 +3584,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE // Result<NsDAO.Data> ns = ques.deriveNs(trans, role); // if (ns.notOK()) return Result.err(ns); -// +// // Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write); // May calling user see by virtue of the Role Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role); @@ -3593,9 +3593,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } - + HashSet<UserRoleDAO.Data> userSet = new HashSet<>(); Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readUserInRole(trans, user, role); if (rlurd.isOK()) { @@ -3603,20 +3603,20 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE userSet.add(data); } } - + @SuppressWarnings("unchecked") USERS users = (USERS) mapper.newInstance(API.USERS); mapper.users(trans, userSet, users); return Result.ok(users); } - @ApiDoc( - method = GET, + @ApiDoc( + method = GET, path = "/authz/users/role/:role", params = {"user|string|true", "role|string|true"}, expectedCode = 200, - errorCodes = {403,404,406}, + errorCodes = {403,404,406}, text = { "Returns the User (with Expiration date from listed User/Role) if it exists" } ) @@ -3629,14 +3629,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE // Result<NsDAO.Data> ns = ques.deriveNs(trans, role); // if (ns.notOK()) return Result.err(ns); -// +// // Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write); // May calling user see by virtue of the Role Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role); if (rrdd.notOK()) { return Result.err(rrdd); } - + boolean contactOnly = false; // Allow the request of any valid user to find the contact of the NS (Owner) Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read); @@ -3647,10 +3647,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(rnd); } } - + HashSet<UserRoleDAO.Data> userSet = new HashSet<>(); Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO().readByRole(trans, role); - if (rlurd.isOK()) { + if (rlurd.isOK()) { for (UserRoleDAO.Data data : rlurd.value) { if (contactOnly) { //scrub data // Can't change actual object, or will mess up the cache. @@ -3665,7 +3665,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } } - + @SuppressWarnings("unchecked") USERS users = (USERS) mapper.newInstance(API.USERS); mapper.users(trans, userSet, users); @@ -3692,7 +3692,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE final Validator v = new ServiceValidator(); if (v.nullOrBlank("Type",type) .nullOrBlank("Instance",instance) - .nullOrBlank("Action",action) + .nullOrBlank("Action",action) .err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3701,25 +3701,25 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (nss.notOK()) { return Result.err(nss); } - + Result<List<NsDAO.Data>> nsd = ques.nsDAO().read(trans, nss.value.ns); if (nsd.notOK()) { return Result.err(nsd); } - + boolean allInstance = ASTERIX.equals(instance); boolean allAction = ASTERIX.equals(action); - // Get list of roles per Permission, + // Get list of roles per Permission, // Then loop through Roles to get Users // Note: Use Sets to avoid processing or responding with Duplicates Set<String> roleUsed = new HashSet<>(); Set<UserRoleDAO.Data> userSet = new HashSet<>(); - + if (!nss.isEmpty()) { Result<List<PermDAO.Data>> rlp = ques.permDAO().readByType(trans, nss.value.ns, nss.value.name); if (rlp.isOKhasData()) { for (PermDAO.Data pd : rlp.value) { - if ((allInstance || pd.instance.equals(instance)) && + if ((allInstance || pd.instance.equals(instance)) && (allAction || pd.action.equals(action))) { if (ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) { for (String role : pd.roles) { @@ -3745,10 +3745,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } /*********************************** - * HISTORY - ***********************************/ + * HISTORY + ***********************************/ @Override - public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) { + public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); if (v.nullOrBlank("User",user).err()) { return Result.err(Status.ERR_BadData,v.errs()); @@ -3797,12 +3797,12 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rrdd.notOK()) { return Result.err(rrdd); } - + Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value, Access.read); if (rnd.notOK()) { return Result.err(rnd); } - Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, role, "role", yyyymm); + Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, role, "role", yyyymm); if (resp.notOK()) { return Result.err(resp); } @@ -3828,11 +3828,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm); } - + if (resp.notOK()) { return Result.err(resp); } @@ -3842,7 +3842,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); - if (v.nullOrBlank("NS",ns).err()) { + if (v.nullOrBlank("NS",ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3852,7 +3852,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, ns, "ns", yyyymm); @@ -3868,7 +3868,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE ndd.name = FQI.reverseDomain(subject); Result<Data> rnd = ques.mayUser(trans, trans.user(), ndd, Access.read); if (rnd.notOK()) { - return Result.err(rnd); + return Result.err(rnd); } Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, subject, target, yyyymm); @@ -3879,7 +3879,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } /*********************************** - * DELEGATE + * DELEGATE ***********************************/ @Override public Result<Void> createDelegate(final AuthzTrans trans, REQUEST base) { @@ -3895,23 +3895,23 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE private Result<Void> createOrUpdateDelegate(final AuthzTrans trans, REQUEST base, final Access access) { final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base); final ServiceValidator v = new ServiceValidator(); - if (v.delegate(trans.org(),rd).err()) { + if (v.delegate(trans.org(),rd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final DelegateDAO.Data dd = rd.value; - + Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd); if (access==Access.create && ddr.isOKhasData()) { return Result.err(Status.ERR_ConflictAlreadyExists, "[%s] already delegates to [%s]", dd.user, ddr.value.get(0).delegate); - } else if (access!=Access.create && ddr.notOKorIsEmpty()) { + } else if (access!=Access.create && ddr.notOKorIsEmpty()) { return Result.err(Status.ERR_NotFound, "[%s] does not have a Delegate Record to [%s].",dd.user,access.name()); } Result<Void> rv = ques.mayUser(trans, dd, access); if (rv.notOK()) { return rv; } - + Result<FutureDAO.Data> fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false, () -> { StringBuilder sb = new StringBuilder(); @@ -3928,15 +3928,15 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE () -> { return Result.ok(); // Validate in code above }); - + switch(fd.status) { case OK: - Result<String> rfc = func.createFuture(trans, fd.value, + Result<String> rfc = func.createFuture(trans, fd.value, dd.user, trans.user(),null, access==Access.create?FUTURE_OP.C:FUTURE_OP.U); - if (rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Delegate for [%s]", dd.user); - } else { + } else { return Result.err(rfc); } case Status.ACC_Now: @@ -3962,7 +3962,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (v.notOK(rd).nullOrBlank("User", rd.value.user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + Result<List<DelegateDAO.Data>> ddl; if ((ddl=ques.delegateDAO().read(trans, rd.value)).notOKorIsEmpty()) { return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate"); @@ -3972,7 +3972,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rv.notOK()) { return rv; } - + return ques.delegateDAO().delete(trans, dd, false); } @@ -3993,10 +3993,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rv.notOK()) { return rv; } - + return ques.delegateDAO().delete(trans, dd, false); } - + @Override public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); @@ -4011,7 +4011,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (rv.notOK()) { return Result.err(rv); } - + TimeTaken tt = trans.start("Get delegates for a user", Env.SUB); Result<List<DelegateDAO.Data>> dbDelgs = ques.delegateDAO().read(trans, user); @@ -4023,7 +4023,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } finally { tt.done(); - } + } } @Override @@ -4051,11 +4051,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } finally { tt.done(); - } + } } /*********************************** - * APPROVAL + * APPROVAL ***********************************/ private static final String APPR_FMT = "actor=%s, action=%s, operation=\"%s\", requestor=%s, delegator=%s"; @Override @@ -4070,7 +4070,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } int numProcessed = 0; String user = trans.user(); - + Result<List<ApprovalDAO.Data>> curr; Lookup<List<ApprovalDAO.Data>> apprByTicket=null; for (ApprovalDAO.Data updt : rlad.value) { @@ -4093,14 +4093,14 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Map<String, Result<List<DelegateDAO.Data>>> delegateCache = new HashMap<>(); Map<UUID, FutureDAO.Data> futureCache = new HashMap<>(); FutureDAO.Data hasDeleted = new FutureDAO.Data(); - + for (ApprovalDAO.Data cd : curr.value) { if ("pending".equals(cd.status)) { // Check for right record. Need ID, or (Ticket&Trans.User==Appr) // If Default ID boolean delegatedAction = ques.isDelegated(trans, user, cd.approver, delegateCache); String delegator = cd.approver; - if (updt.id!=null || + if (updt.id!=null || (updt.ticket!=null && user.equals(cd.approver)) || (updt.ticket!=null && delegatedAction)) { if (updt.ticket.equals(cd.ticket)) { @@ -4178,7 +4178,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(Status.ERR_ActionNotCompleted,numProcessed + " out of " + numApprs + " completed"); } - + private static class Changed { private boolean hasChanged = false; @@ -4202,7 +4202,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); - if (v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -4217,7 +4217,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket) { final Validator v = new ServiceValidator(); - if (v.nullOrBlank("Ticket", ticket).err()) { + if (v.nullOrBlank("Ticket", ticket).err()) { return Result.err(Status.ERR_BadData,v.errs()); } UUID uuid; @@ -4226,7 +4226,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } catch (IllegalArgumentException e) { return Result.err(Status.ERR_BadData,e.getMessage()); } - + Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO().readByTicket(trans, uuid); if (rapd.isOK()) { return mapper.approvals(rapd.value); @@ -4234,23 +4234,23 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(rapd); } } - + @Override public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver) { final Validator v = new ServiceValidator(); if (v.nullOrBlank("Approver", approver).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - + List<ApprovalDAO.Data> listRapds = new ArrayList<>(); - + Result<List<ApprovalDAO.Data>> myRapd = ques.approvalDAO().readByApprover(trans, approver); if (myRapd.notOK()) { return Result.err(myRapd); } - + listRapds.addAll(myRapd.value); - + Result<List<DelegateDAO.Data>> delegatedFor = ques.delegateDAO().readByDelegate(trans, approver); if (delegatedFor.isOK()) { for (DelegateDAO.Data dd : delegatedFor.value) { @@ -4258,7 +4258,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE String delegator = dd.user; Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO().readByApprover(trans, delegator); if (rapd.isOK()) { - for (ApprovalDAO.Data d : rapd.value) { + for (ApprovalDAO.Data d : rapd.value) { if (!d.user.equals(trans.user())) { listRapds.add(d); } @@ -4267,10 +4267,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } } - + return mapper.approvals(listRapds); } - + /* (non-Javadoc) * @see org.onap.aaf.auth.service.AuthzService#clearCache(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String) */ diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java index f9f23f46..4a756f26 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,31 +33,31 @@ import org.onap.aaf.auth.service.mapper.Mapper; public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> { public Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper(); - + /*********************************** - * NAMESPACE + * NAMESPACE ***********************************/ /** - * + * * @param trans * @param user * @param ns * @return - * @throws DAOException - * @throws + * @throws DAOException + * @throws */ public Result<Void> createNS(AuthzTrans trans, REQUEST request, NsType type); /** - * + * * @param trans * @param ns * @return */ public Result<Void> addAdminNS(AuthzTrans trans, String ns, String id); - + /** - * + * * @param trans * @param ns * @return @@ -65,7 +65,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> delAdminNS(AuthzTrans trans, String ns, String id); /** - * + * * @param trans * @param ns * @param id @@ -74,7 +74,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> addResponsibleNS(AuthzTrans trans, String ns, String id); /** - * + * * @param trans * @param ns * @param id @@ -83,7 +83,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> delResponsibleNS(AuthzTrans trans, String ns, String id); /** - * + * * @param trans * @param ns * @param key @@ -93,7 +93,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> createNsAttrib(AuthzTrans trans, String ns, String key, String value); /** - * + * * @param trans * @param ns * @param key @@ -103,7 +103,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<?> updateNsAttrib(AuthzTrans trans, String ns, String key, String value); /** - * + * * @param trans * @param ns * @param key @@ -112,7 +112,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> deleteNsAttrib(AuthzTrans trans, String ns, String key); /** - * + * * @param trans * @param ns * @param key @@ -122,23 +122,23 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT /** - * + * * @param trans * @param ns * @return */ public Result<NSS> getNSbyName(AuthzTrans trans, String ns, boolean full); - + /** - * + * * @param trans * @param user * @return */ public Result<NSS> getNSbyAdmin(AuthzTrans trans, String user, boolean full); - + /** - * + * * @param trans * @param user * @return @@ -146,7 +146,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<NSS> getNSbyResponsible(AuthzTrans trans, String user, boolean full); /** - * + * * @param trans * @param user * @return @@ -154,7 +154,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<NSS> getNSbyEither(AuthzTrans trans, String user, boolean full); /** - * + * * @param trans * @param parent * @return @@ -162,15 +162,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<NSS> getNSsChildren(AuthzTrans trans, String parent); /** - * + * * @param trans * @param req * @return */ public Result<Void> updateNsDescription(AuthzTrans trans, REQUEST req); - + /** - * + * * @param trans * @param ns * @param user @@ -180,29 +180,29 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> deleteNS(AuthzTrans trans, String ns); /*********************************** - * PERM + * PERM ***********************************/ /** - * + * * @param trans * @param rreq * @return - * @throws DAOException + * @throws DAOException * @throws MappingException */ public Result<Void> createPerm(AuthzTrans trans, REQUEST rreq); - + /** - * + * * @param trans * @param childPerm * @return - * @throws DAOException + * @throws DAOException */ public Result<PERMS> getPermsByType(AuthzTrans trans, String perm); - + /** - * + * * @param trans * @param type * @param instance @@ -216,14 +216,14 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT * Gets all the permissions for a user across all the roles it is assigned to * @param userName * @return - * @throws Exception + * @throws Exception * @throws Exception */ public Result<PERMS> getPermsByUser(AuthzTrans trans, String userName); /** * Gets all the permissions for a user across all the roles it is assigned to, filtered by NS (Scope) - * + * * @param trans * @param user * @param scopes @@ -234,30 +234,30 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT /** * Gets all the permissions for a user across all the roles it is assigned to - * + * * Add AAF Perms representing the "MayUser" calls if * 1) Allowed * 2) User has equivalent permission - * + * * @param userName * @return - * @throws Exception + * @throws Exception * @throws Exception */ public Result<PERMS> getPermsByUser(AuthzTrans trans, PERMS perms, String userName); /** - * + * * Gets all the permissions for a user across all the roles it is assigned to - * + * * @param roleName * @return * @throws Exception */ public Result<PERMS> getPermsByRole(AuthzTrans trans, String roleName); - + /** - * + * * @param trans * @param ns * @return @@ -266,7 +266,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT /** * rename permission - * + * * @param trans * @param rreq * @param isRename @@ -276,25 +276,25 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT * @return */ public Result<Void> renamePerm(AuthzTrans trans, REQUEST rreq, String origType, String origInstance, String origAction); - + /** - * + * * @param trans * @param req * @return */ public Result<Void> updatePermDescription(AuthzTrans trans, REQUEST req); - + /** - * + * * @param trans * @param from * @return */ public Result<Void> resetPermRoles(AuthzTrans trans, REQUEST from); - + /** - * + * * @param trans * @param from * @return @@ -303,7 +303,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> deletePerm(AuthzTrans trans, REQUEST from); /** - * + * * @param trans * @param user * @param perm @@ -315,22 +315,22 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT Result<Void> deletePerm(AuthzTrans trans, String perm, String type, String action); /*********************************** - * ROLE + * ROLE ***********************************/ /** - * + * * @param trans * @param user * @param role * @param approvers * @return - * @throws DAOException + * @throws DAOException * @throws Exception */ public Result<Void> createRole(AuthzTrans trans, REQUEST req); /** - * + * * @param trans * @param role * @return @@ -338,16 +338,16 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<ROLES> getRolesByName(AuthzTrans trans, String role); /** - * + * * @param trans * @param user * @return - * @throws DAOException + * @throws DAOException */ public Result<ROLES> getRolesByUser(AuthzTrans trans, String user); /** - * + * * @param trans * @param user * @return @@ -355,7 +355,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<ROLES> getRolesByNS(AuthzTrans trans, String user); /** - * + * * @param trans * @param name * @return @@ -363,7 +363,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<ROLES> getRolesByNameOnly(AuthzTrans trans, String name); /** - * + * * @param trans * @param type * @param instance @@ -373,25 +373,25 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action); /** - * + * * @param trans * @param req * @return */ public Result<Void> updateRoleDescription(AuthzTrans trans, REQUEST req); - + /** - * + * * @param trans * @param rreq * @return * @throws DAOException */ public Result<Void> addPermToRole(AuthzTrans trans, REQUEST rreq); - - + + /** - * + * * @param trans * @param rreq * @return @@ -411,18 +411,18 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> delPermFromRole(AuthzTrans trans, String role, String type, String instance, String action); /** - * + * * @param trans * @param user * @param role * @return - * @throws DAOException - * @throws MappingException + * @throws DAOException + * @throws MappingException */ public Result<Void> deleteRole(AuthzTrans trans, String role); /** - * + * * @param trans * @param req * @return @@ -430,11 +430,11 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> deleteRole(AuthzTrans trans, REQUEST req); /*********************************** - * CRED + * CRED ***********************************/ /** - * + * * @param trans * @param from * @return @@ -442,7 +442,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT Result<Void> createUserCred(AuthzTrans trans, REQUEST from); /** - * + * * @param trans * @param from * @return @@ -450,7 +450,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT Result<Void> resetUserCred(AuthzTrans trans, REQUEST from); /** - * + * * @param trans * @param from * @param days @@ -459,15 +459,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT Result<Void> extendUserCred(AuthzTrans trans, REQUEST from, String days); /** - * + * * @param trans * @param ns * @return */ public Result<USERS> getCredsByNS(AuthzTrans trans, String ns); - + /** - * + * * @param trans * @param id * @return @@ -475,7 +475,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<USERS> getCredsByID(AuthzTrans trans, String id); /** - * + * * @param trans * @param req * @param id @@ -484,15 +484,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<CERTS> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, String id); /** - * + * * @param trans * @param credReq * @return */ public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST credReq); - + /** - * + * * @param trans * @param user * @return @@ -501,15 +501,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Date> doesCredentialMatch(AuthzTrans trans, REQUEST credReq); /** - * + * * @param trans * @param basicAuth * @return */ public Result<Date> validateBasicAuth(AuthzTrans trans, String basicAuth); - + /** - * + * * @param trans * @param role * @return @@ -517,7 +517,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<USERS> getUsersByRole(AuthzTrans trans, String role); /** - * + * * @param trans * @param role * @return @@ -525,7 +525,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<USERS> getUserInRole(AuthzTrans trans, String user, String role); /** - * + * * @param trans * @param type * @param instance @@ -533,15 +533,15 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT * @return */ public Result<USERS> getUsersByPermission(AuthzTrans trans,String type, String instance, String action); - - + + /*********************************** - * USER-ROLE + * USER-ROLE ***********************************/ /** - * + * * @param trans * @param user * @param request @@ -551,7 +551,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> createUserRole(AuthzTrans trans, REQUEST request); /** - * + * * @param trans * @param role * @return @@ -559,7 +559,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<USERROLES> getUserRolesByRole(AuthzTrans trans, String role); /** - * + * * @param trans * @param role * @return @@ -570,9 +570,9 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT * Note: Removed "resetRolesForUsers" because it was too dangerous, and * removed "resetUsersForRoles" because it was being misused. */ - + /** - * + * * @param trans * @param user * @param role @@ -582,23 +582,23 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT String role); /** - * + * * @param trans * @param user * @param usr * @param role * @return - * @throws DAOException + * @throws DAOException */ public Result<Void> deleteUserRole(AuthzTrans trans, String usr, String role); /*********************************** - * HISTORY - ***********************************/ + * HISTORY + ***********************************/ /** - * + * * @param trans * @param user * @param yyyymm @@ -607,7 +607,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<HISTORY> getHistoryByUser(AuthzTrans trans, String user, int[] yyyymm, int sort); /** - * + * * @param trans * @param subj * @param yyyymm @@ -617,7 +617,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<HISTORY> getHistoryByRole(AuthzTrans trans, String subj, int[] yyyymm, int sort); /** - * + * * @param trans * @param subj * @param yyyymm @@ -627,7 +627,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<HISTORY> getHistoryByPerm(AuthzTrans trans, String subj, int[] yyyymm, int sort); /** - * + * * @param trans * @param subj * @param yyyymm @@ -637,7 +637,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String subj, int[] yyyymm, int sort); /** - * + * * @param trans * @param target * @param yyyymm @@ -647,28 +647,28 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, int sort); /*********************************** - * DELEGATE + * DELEGATE ***********************************/ /** - * + * * @param trans * @param delegates * @return * @throws Exception */ public Result<Void> createDelegate(AuthzTrans trans, REQUEST reqDelegate); - + /** - * + * * @param trans * @param delegates * @return * @throws Exception */ public Result<Void> updateDelegate(AuthzTrans trans, REQUEST reqDelegate); - + /** - * + * * @param trans * @param userName * @param delegate @@ -676,9 +676,9 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT * @throws Exception */ public Result<Void> deleteDelegate(AuthzTrans trans, REQUEST reqDelegate); - + /** - * + * * @param trans * @param userName * @return @@ -686,17 +686,17 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> deleteDelegate(AuthzTrans trans, String userName); /** - * + * * @param trans * @param user * @return * @throws Exception */ public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user); - + /** - * + * * @param trans * @param delegate * @return @@ -704,10 +704,10 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<DELGS> getDelegatesByDelegate(AuthzTrans trans, String delegate); /*********************************** - * APPROVAL + * APPROVAL ***********************************/ /** - * + * * @param trans * @param user * @param approver @@ -717,7 +717,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> updateApproval(AuthzTrans trans, APPROVALS approvals); /** - * + * * @param trans * @param user * @return @@ -725,7 +725,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user); /** - * + * * @param trans * @param ticket * @return @@ -733,7 +733,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket); /** - * + * * @param trans * @param approver * @return @@ -741,7 +741,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver); /** - * + * * @param trans * @param cname * @return @@ -749,7 +749,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> cacheClear(AuthzTrans trans, String cname); /** - * + * * @param trans * @param cname * @param segment @@ -758,7 +758,7 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT public Result<Void> cacheClear(AuthzTrans trans, String cname, int[] segment); /** - * + * * @param trans */ public void dbReset(AuthzTrans trans); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java index ac799f4e..e2cf5e5a 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/Code.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -32,7 +32,7 @@ public abstract class Code extends HttpCode<AuthzTrans, AuthzFacade> implements super(facade, description, roles); this.useJSON = useJSON; } - + public <D extends Code> D clone(AuthzFacade facade, boolean useJSON) throws Exception { @SuppressWarnings("unchecked") D d = (D)clone(); @@ -40,5 +40,5 @@ public abstract class Code extends HttpCode<AuthzTrans, AuthzFacade> implements d.context = facade; return d; } - + }
\ No newline at end of file diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java index a1ceb75a..7279a14e 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/MayChange.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,7 +24,7 @@ package org.onap.aaf.auth.service; import org.onap.aaf.auth.layer.Result; /** - * There are several ways to determine if + * There are several ways to determine if * @author Jonathan * */ diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java index 70d131a5..4410d7b7 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Api.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -42,10 +42,10 @@ import org.onap.aaf.cadi.Symm; public class API_Api { // Hide Public Constructor private API_Api() {} - + /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -74,7 +74,7 @@ public class API_Api { public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { String pathInfo = req.getPathInfo(); int question = pathInfo.lastIndexOf('?'); - + pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/" String nameOrContextType=Symm.base64noSplit.decode(pathInfo); Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType, diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java index 7c74be1b..77c460ce 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Approval.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -38,7 +38,7 @@ import org.onap.aaf.auth.service.mapper.Mapper.API; public class API_Approval { // Hide Public Constructor private API_Approval() {} - + public static void init(AAF_Service authzAPI, AuthzFacade facade) throws Exception { /** @@ -50,11 +50,11 @@ public class API_Approval { public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getApprovalsByUser(trans, resp, pathParam(req,"user")); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); - } - } + } + } }); /** @@ -68,8 +68,8 @@ public class API_Approval { resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); - } - } + } + } }); /** @@ -83,8 +83,8 @@ public class API_Approval { resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); - } - } + } + } }); @@ -99,8 +99,8 @@ public class API_Approval { resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); - } - } + } + } }); } } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java index fbc1baa2..c23471a0 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -61,25 +61,25 @@ public class API_Creds { // needed to validate Creds even when already Authenticated x509 /** * TIME SENSITIVE APIs - * + * * These will be first in the list - * + * * @param env * @param authzAPI * @param facade - * @param directAAFUserPass + * @param directAAFUserPass * @throws Exception */ public static void timeSensitiveInit(Env env, AAF_Service authzAPI, AuthzFacade facade, final DirectAAFUserPass directAAFUserPass) throws Exception { /** * Basic Auth, quick Validation - * + * * Responds OK or NotAuthorized */ authzAPI.route(env, HttpMethods.GET, "/authn/basicAuth", new Code(facade,"Is given BasicAuth valid?",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { @@ -92,7 +92,7 @@ public class API_Creds { // have to check Basic Auth here, because it might be CSP. String authz = req.getHeader("Authorization"); if (authz.startsWith("Basic ")) { - BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf(); + BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf(); if (bht!=null) { BasicPrincipal bp = new BasicPrincipal(authz,""); CredVal cv = bht.getCredVal(bp.getDomain()); @@ -109,8 +109,8 @@ public class API_Creds { TimeTaken tt = trans.start("Direct Validation", Env.REMOTE); try { if (directAAFUserPass.validate( - decoded.substring(0,colon), - CredVal.Type.PASSWORD , + decoded.substring(0,colon), + CredVal.Type.PASSWORD , decoded.substring(colon+1).getBytes(),trans)) { resp.setStatus(HttpStatus.OK_200); } else { @@ -133,58 +133,58 @@ public class API_Creds { } } },"text/plain","*/*","*"); - - /** + + /** * returns whether a given Credential is valid */ authzAPI.route(POST, "/authn/validate", API.CRED_REQ, new Code(facade,"Is given Credential valid?",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { // will be a valid Entity. Do we need to add permission - //if(trans.fish("ns","password","request")) or the like + //if(trans.fish("ns","password","request")) or the like Result<Date> r = context.doesCredentialMatch(trans, req, resp); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden // Can't do "401", because that is on the call itself - // 403 Implies you MAY NOT Ask. + // 403 Implies you MAY NOT Ask. resp.setStatus(HttpStatus.NOT_ACCEPTABLE_406); } } - }); + }); - /** + /** * returns whether a given Credential is valid */ authzAPI.route(GET, "/authn/cert/id/:id", API.CERTS, new Code(facade,"Get Cert Info by ID",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getCertInfoByID(trans, req, resp, pathParam(req,":id") ); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { // For Security, we don't give any info out on why failed, other than forbidden resp.setStatus(HttpStatus.FORBIDDEN_403); } } - }); + }); } - + /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -195,7 +195,7 @@ public class API_Creds { */ authzAPI.route(POST,"/authn/cred",API.CRED_REQ,new Code(facade,"Add a New ID/Credential", true) { @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.createUserCred(trans, req); if (r.isOK()) { resp.setStatus(HttpStatus.CREATED_201); @@ -204,40 +204,40 @@ public class API_Creds { } } }); - - /** + + /** * gets all credentials by Namespace */ authzAPI.route(GET, "/authn/creds/ns/:ns", API.USERS, new Code(facade,"Get Creds for a Namespace",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getCredsByNS(trans, resp, pathParam(req, "ns")); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); } } }); - - /** + + /** * gets all credentials by ID */ authzAPI.route(GET, "/authn/creds/id/:id", API.USERS, new Code(facade,"Get Creds by ID",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getCredsByID(trans, resp, pathParam(req, "id")); if (r.isOK()) { - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); } else { context.error(trans,resp,r); } @@ -252,7 +252,7 @@ public class API_Creds { authzAPI.route(PUT,"/authn/cred",API.CRED_REQ,new Code(facade,"Update an ID/Credential", true) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.changeUserCred(trans, req); if (r.isOK()) { resp.setStatus(HttpStatus.OK_200); @@ -266,7 +266,7 @@ public class API_Creds { * Extend ID/Credential * This behavior will accelerate getting out of P1 outages due to ignoring renewal requests, or * other expiration issues. - * + * * Scenario is that people who are solving Password problems at night, are not necessarily those who * know what the passwords are supposed to be. Also, changing Password, without changing Configurations * using that password only exacerbates the P1 Issue. diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java index ec1824b1..6ad62f28 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Delegate.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -50,14 +50,14 @@ public class API_Delegate { Result<Void> r = context.createDelegate(trans, req, resp); switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; default: context.error(trans,resp,r); - } - } + } + } }); - + /** * Update a delegate */ @@ -68,14 +68,14 @@ public class API_Delegate { Result<Void> r = context.updateDelegate(trans, req, resp); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); - } - } + } + } }); - + /** * DELETE delegates for a user */ @@ -86,14 +86,14 @@ public class API_Delegate { Result<Void> r = context.deleteDelegate(trans, req, resp); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); - } - } + } + } }); - + /** * DELETE a delegate */ @@ -104,14 +104,14 @@ public class API_Delegate { Result<Void> r = context.deleteDelegate(trans, pathParam(req, "user_name")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); - } - } + } + } }); - + /** * Read who is delegating for User */ @@ -122,12 +122,12 @@ public class API_Delegate { Result<Void> r = context.getDelegatesByUser(trans, pathParam(req, "user"), resp); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); - } - } + } + } }); /** @@ -140,12 +140,12 @@ public class API_Delegate { Result<Void> r = context.getDelegatesByDelegate(trans, pathParam(req, "delegate"), resp); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); - } - } + } + } }); } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java index ce730cec..341719c3 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -44,20 +44,20 @@ import org.onap.aaf.auth.service.mapper.Mapper.API; /** * Pull certain types of History Info - * - * Specify yyyymm as + * + * Specify yyyymm as * single - 201504 * commas 201503,201504 * ranges 201501-201504 * combinations 201301,201401,201501-201504 - * + * * @author Jonathan * */ public class API_History { /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -82,7 +82,7 @@ public class API_History { Result<Void> r = context.getHistoryByUser(trans, resp, pathParam(req,":user"),years,descend); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -105,11 +105,11 @@ public class API_History { context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage())); return; } - + Result<Void> r = context.getHistoryByNS(trans, resp, pathParam(req,":ns"),years,descend); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -136,7 +136,7 @@ public class API_History { Result<Void> r = context.getHistoryByRole(trans, resp, pathParam(req,":role"),years,descend); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -159,20 +159,20 @@ public class API_History { context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage())); return; } - + Result<Void> r = context.getHistoryByPerm(trans, resp, pathParam(req,":type"),years,descend); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** - * Get History by Subject + * Get History by Subject */ authzAPI.route(GET,"/authz/hist/subject/:type/:subject",API.HISTORY,new Code(facade,"Get History by Perm Type", true) { @Override @@ -186,11 +186,11 @@ public class API_History { context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage())); return; } - + Result<Void> r = context.getHistoryBySubject(trans, resp, pathParam(req,":type"), pathParam(req,":subject"),years,descend); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -205,9 +205,9 @@ public class API_History { if ("true".equalsIgnoreCase(req.getParameter("asc")))return 1; return 0; } - + // Get Common "yyyymm" parameter, or none - + private static int[] getYears(HttpServletRequest req) throws NumberFormatException { // Sonar says threading issues. SimpleDateFormat FMT = new SimpleDateFormat("yyyyMM"); @@ -237,8 +237,8 @@ public class API_History { GregorianCalendar gc = new GregorianCalendar(); gc.set(GregorianCalendar.MONTH, Integer.parseInt(range[1].substring(4,6))-1); gc.set(GregorianCalendar.YEAR, Integer.parseInt(range[1].substring(0,4))); - int end = getNum(FMT.format(gc.getTime())); - + int end = getNum(FMT.format(gc.getTime())); + gc.set(GregorianCalendar.MONTH, Integer.parseInt(range[0].substring(4,6))-1); gc.set(GregorianCalendar.YEAR, Integer.parseInt(range[0].substring(0,4))); for (int i=getNum(FMT.format(gc.getTime()));i<=end;gc.add(GregorianCalendar.MONTH, 1),i=getNum(FMT.format(gc.getTime()))) { @@ -258,7 +258,7 @@ public class API_History { } return ym; } - + private static int getNum(String n) { if (n==null || n.length()!=6) throw new NumberFormatException(n + " is not in YYYYMM format"); return Integer.parseInt(n); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java index d99e1ada..d79ab589 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -56,7 +56,7 @@ public class API_Mgmt { /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -73,14 +73,14 @@ public class API_Mgmt { switch(r.status) { case OK: trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** * Clear Cache */ @@ -94,7 +94,7 @@ public class API_Mgmt { case OK: trans.audit().log("Cache " + area + " has been cleared by "+trans.user()); trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -127,7 +127,7 @@ public class API_Mgmt { }); /** - * Deny an IP + * Deny an IP */ authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) { @Override @@ -140,17 +140,17 @@ public class API_Mgmt { resp.setStatus(HttpStatus.CREATED_201); } else { - context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, + context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, ip + " is already being denied")); } } else { trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, + context.error(trans,resp,Result.err(Status.ERR_Denied, trans.getUserPrincipal().getName() + " is not allowed to set IP Denial")); } } }); - + /** * Stop Denying an IP */ @@ -164,19 +164,19 @@ public class API_Mgmt { trans.checkpoint(SUCCESS,Trans.ALWAYS); resp.setStatus(HttpStatus.OK_200); } else { - context.error(trans,resp,Result.err(Status.ERR_NotFound, + context.error(trans,resp,Result.err(Status.ERR_NotFound, ip + " is not on the denial list")); } } else { trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, + context.error(trans,resp,Result.err(Status.ERR_Denied, trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial")); } } }); /** - * Deny an ID + * Deny an ID */ authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) { @Override @@ -188,17 +188,17 @@ public class API_Mgmt { trans.checkpoint(SUCCESS,Trans.ALWAYS); resp.setStatus(HttpStatus.CREATED_201); } else { - context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, + context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, id + " is already being denied")); } } else { trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, + context.error(trans,resp,Result.err(Status.ERR_Denied, trans.getUserPrincipal().getName() + " is not allowed to set ID Denial")); } } }); - + /** * Stop Denying an ID */ @@ -212,19 +212,19 @@ public class API_Mgmt { trans.checkpoint(SUCCESS,Trans.ALWAYS); resp.setStatus(HttpStatus.OK_200); } else { - context.error(trans,resp,Result.err(Status.ERR_NotFound, + context.error(trans,resp,Result.err(Status.ERR_NotFound, id + " is not on the denial list")); } } else { trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, + context.error(trans,resp,Result.err(Status.ERR_Denied, trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial")); } } }); /** - * Deny an ID + * Deny an ID */ authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) { @Override @@ -236,17 +236,17 @@ public class API_Mgmt { trans.checkpoint(SUCCESS,Trans.ALWAYS); resp.setStatus(HttpStatus.CREATED_201); } else { - context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, + context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, id + " is already being special Logged")); } } else { trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, + context.error(trans,resp,Result.err(Status.ERR_Denied, trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging")); } } }); - + /** * Stop Denying an ID */ @@ -260,12 +260,12 @@ public class API_Mgmt { trans.checkpoint(SUCCESS,Trans.ALWAYS); resp.setStatus(HttpStatus.OK_200); } else { - context.error(trans,resp,Result.err(Status.ERR_NotFound, + context.error(trans,resp,Result.err(Status.ERR_NotFound, id + " is not on the special Logging list")); } } else { trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, + context.error(trans,resp,Result.err(Status.ERR_Denied, trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging")); } } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java index 45bc9d0f..0f73a03a 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Multi.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -39,20 +39,20 @@ import org.onap.aaf.auth.service.mapper.Mapper.API; public class API_Multi { public static void init(AAF_Service authzAPI, AuthzFacade facade) throws Exception { - + authzAPI.route(POST,"/authz/multi",API.VOID, new Code(facade,"Multiple Request API",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.addResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; case Status.ACC_Future: - resp.setStatus(HttpStatus.ACCEPTED_202); + resp.setStatus(HttpStatus.ACCEPTED_202); break; default: context.error(trans,resp,r); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java index b06e3651..420beed5 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_NS.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -47,24 +47,24 @@ public class API_NS { public static void init(AAF_Service authzAPI, AuthzFacade facade) throws Exception { /** * puts a new Namespace in Authz DB - * + * * TESTCASES: TC_NS1, TC_NSdelete1 */ authzAPI.route(POST,"/authz/ns",API.NS_REQ, new Code(facade,"Create a Namespace",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { NsType nst = NsType.fromString(req.getParameter("type")); Result<Void> r = context.requestNS(trans, req, resp,nst); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; case Status.ACC_Future: - resp.setStatus(HttpStatus.ACCEPTED_202); + resp.setStatus(HttpStatus.ACCEPTED_202); break; default: context.error(trans,resp,r); @@ -72,22 +72,22 @@ public class API_NS { } } ); - + /** * removes a Namespace from Authz DB - * + * * TESTCASES: TC_NS1, TC_NSdelete1 */ authzAPI.route(DELETE,"/authz/ns/:ns",API.VOID, new Code(facade,"Delete a Namespace",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.deleteNS(trans, req, resp, pathParam(req,":ns")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -98,22 +98,22 @@ public class API_NS { /** * Add an Admin in NS in Authz DB - * + * * TESTCASES: TC_NS1 */ authzAPI.route(POST,"/authz/ns/:ns/admin/:id",API.VOID, new Code(facade,"Add an Admin to a Namespace",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.addAdminToNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; case Status.ACC_Future: - resp.setStatus(HttpStatus.ACCEPTED_202); + resp.setStatus(HttpStatus.ACCEPTED_202); break; default: context.error(trans,resp,r); @@ -121,22 +121,22 @@ public class API_NS { } } ); - + /** * Removes an Admin from Namespace in Authz DB - * + * * TESTCASES: TC_NS1 */ authzAPI.route(DELETE,"/authz/ns/:ns/admin/:id",API.VOID, new Code(facade,"Remove an Admin from a Namespace",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.delAdminFromNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -147,22 +147,22 @@ public class API_NS { /** * Add an Admin in NS in Authz DB - * + * * TESTCASES: TC_NS1 */ authzAPI.route(POST,"/authz/ns/:ns/responsible/:id",API.VOID, new Code(facade,"Add a Responsible Identity to a Namespace",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.addResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; case Status.ACC_Future: - resp.setStatus(HttpStatus.ACCEPTED_202); + resp.setStatus(HttpStatus.ACCEPTED_202); break; default: context.error(trans,resp,r); @@ -173,39 +173,39 @@ public class API_NS { /** - * + * */ authzAPI.route(GET,"/authz/nss/:id",API.NSS, new Code(facade,"Return Information about Namespaces", true) { @Override public void handle( - AuthzTrans trans, - HttpServletRequest req, + AuthzTrans trans, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getNSsByName(trans, resp, pathParam(req,":id"),TRUE.equals(req.getParameter(FULL))); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } } - ); - + ); + /** * Get all Namespaces where user is an admin */ authzAPI.route(GET,"/authz/nss/admin/:user",API.NSS, new Code(facade,"Return Namespaces where User is an Admin", true) { @Override public void handle( - AuthzTrans trans, - HttpServletRequest req, + AuthzTrans trans, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getNSsByAdmin(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL))); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -213,20 +213,20 @@ public class API_NS { } } ); - + /** * Get all Namespaces where user is a responsible party */ authzAPI.route(GET,"/authz/nss/responsible/:user",API.NSS, new Code(facade,"Return Namespaces where User is Responsible", true) { @Override public void handle( - AuthzTrans trans, - HttpServletRequest req, + AuthzTrans trans, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getNSsByResponsible(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL))); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -241,13 +241,13 @@ public class API_NS { authzAPI.route(GET,"/authz/nss/either/:user",API.NSS, new Code(facade,"Return Namespaces where User Admin or Owner", true) { @Override public void handle( - AuthzTrans trans, - HttpServletRequest req, + AuthzTrans trans, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getNSsByEither(trans, resp, pathParam(req,":user"),TRUE.equals(req.getParameter(FULL))); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -262,13 +262,13 @@ public class API_NS { authzAPI.route(GET,"/authz/nss/children/:id",API.NSS, new Code(facade,"Return Child Namespaces", true) { @Override public void handle( - AuthzTrans trans, - HttpServletRequest req, + AuthzTrans trans, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getNSsChildren(trans, resp, pathParam(req,":id")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -283,36 +283,36 @@ public class API_NS { authzAPI.route(PUT,"/authz/ns",API.NS_REQ,new Code(facade,"Set a Description for a Namespace",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.updateNsDescription(trans, req, resp); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - }); - + }); + /** * Removes an Owner from Namespace in Authz DB - * + * * TESTCASES: TC_NS1 */ authzAPI.route(DELETE,"/authz/ns/:ns/responsible/:id",API.VOID, new Code(facade,"Remove a Responsible Identity from Namespace",true) { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.delResponsibilityForNS(trans, resp, pathParam(req,":ns"), pathParam(req,":id")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -324,13 +324,13 @@ public class API_NS { authzAPI.route(POST,"/authz/ns/:ns/attrib/:key/:value",API.VOID, new Code(facade,"Add an Attribute from a Namespace",true) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result<Void> r = context.createAttribForNS(trans, resp, - pathParam(req,":ns"), + Result<Void> r = context.createAttribForNS(trans, resp, + pathParam(req,":ns"), pathParam(req,":key"), pathParam(req,":value")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; default: context.error(trans,resp,r); @@ -345,7 +345,7 @@ public class API_NS { Result<Void> r = context.readNsByAttrib(trans, resp, pathParam(req,":key")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -357,13 +357,13 @@ public class API_NS { authzAPI.route(PUT,"/authz/ns/:ns/attrib/:key/:value",API.VOID, new Code(facade,"update an Attribute from a Namespace",true) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result<Void> r = context.updAttribForNS(trans, resp, - pathParam(req,":ns"), + Result<Void> r = context.updAttribForNS(trans, resp, + pathParam(req,":ns"), pathParam(req,":key"), pathParam(req,":value")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -371,16 +371,16 @@ public class API_NS { } } ); - + authzAPI.route(DELETE,"/authz/ns/:ns/attrib/:key",API.VOID, new Code(facade,"delete an Attribute from a Namespace",true) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result<Void> r = context.delAttribForNS(trans, resp, - pathParam(req,":ns"), + Result<Void> r = context.delAttribForNS(trans, resp, + pathParam(req,":ns"), pathParam(req,":key")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -390,6 +390,6 @@ public class API_NS { ); } - - + + } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java index 04654d47..d65304ca 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Perms.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -44,15 +44,15 @@ import org.onap.aaf.misc.env.util.Split; public class API_Perms { public static void timeSensitiveInit(AAF_Service authzAPI, AuthzFacade facade) throws Exception { - /** + /** * gets all permissions by user name */ authzAPI.route(GET, "/authz/perms/user/:user", API.PERMS, new Code(facade,"Get Permissions by User",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + String scopes = req.getParameter("scopes"); Result<Void> r; if (scopes==null) { @@ -61,8 +61,8 @@ public class API_Perms { r = context.getPermsByUserScope(trans, resp, pathParam(req, "user"),Split.split(':', scopes)); } switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -70,20 +70,20 @@ public class API_Perms { } }); - - /** + + /** * gets all permissions by user name */ authzAPI.route(POST, "/authz/perms/user/:user", API.PERMS, new Code(facade,"Get Permissions by User, Query AAF Perms",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getPermsByUserWithAAFQuery(trans, req, resp, pathParam(req, "user")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -101,14 +101,14 @@ public class API_Perms { */ authzAPI.route(POST,"/authz/perm",API.PERM_REQ,new Code(facade,"Create a Permission",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.createPerm(trans, req, resp); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.CREATED_201); + case OK: + resp.setStatus(HttpStatus.CREATED_201); break; default: context.error(trans,resp,r); @@ -116,22 +116,22 @@ public class API_Perms { } }); - /** + /** * get details of Permission */ authzAPI.route(GET, "/authz/perms/:type/:instance/:action", API.PERMS, new Code(facade,"Get Permissions by Key",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - - Result<Void> r = context.getPermsByName(trans, resp, + + Result<Void> r = context.getPermsByName(trans, resp, pathParam(req, "type"), URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8), pathParam(req, "action")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -139,20 +139,20 @@ public class API_Perms { } }); - - /** + + /** * get children of Permission */ authzAPI.route(GET, "/authz/perms/:type", API.PERMS, new Code(facade,"Get Permissions by Type",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getPermsByType(trans, resp, pathParam(req, "type")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -161,20 +161,20 @@ public class API_Perms { }); - + /** * gets all permissions by role name */ authzAPI.route(GET,"/authz/perms/role/:role",API.PERMS,new Code(facade,"Get Permissions by Role",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getPermsForRole(trans, resp, pathParam(req, "role")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -187,78 +187,78 @@ public class API_Perms { */ authzAPI.route(GET,"/authz/perms/ns/:ns",API.PERMS,new Code(facade,"Get PermsByNS",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getPermsByNS(trans, resp, pathParam(req, "ns")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** * Set a perm's description */ authzAPI.route(PUT,"/authz/perm",API.PERM_REQ,new Code(facade,"Set Description for Permission",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.updatePermDescription(trans, req, resp); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - }); - + }); + /** * Update a permission with a rename */ authzAPI.route(PUT,"/authz/perm/:type/:instance/:action",API.PERM_REQ,new Code(facade,"Update a Permission",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - - Result<Void> r = context.renamePerm(trans, req, resp, - pathParam(req, "type"), - URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8), + + Result<Void> r = context.renamePerm(trans, req, resp, + pathParam(req, "type"), + URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8), pathParam(req, "action")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - }); - + }); + /** * Delete a Permission */ authzAPI.route(DELETE,"/authz/perm",API.PERM_REQ,new Code(facade,"Delete a Permission",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.deletePerm(trans,req, resp); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -266,25 +266,25 @@ public class API_Perms { } }); - - + + /** * Delete a Permission */ authzAPI.route(DELETE,"/authz/perm/:name/:type/:action",API.PERM_KEY,new Code(facade,"Delete a Permission",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.deletePerm(trans, resp, pathParam(req, ":name"), pathParam(req, ":type"), pathParam(req, ":action")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java index 6088dd36..038e6fb8 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Roles.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -51,16 +51,16 @@ public class API_Roles { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.createRole(trans, req, resp); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; case Status.ACC_Future: - resp.setStatus(HttpStatus.ACCEPTED_202); + resp.setStatus(HttpStatus.ACCEPTED_202); break; default: context.error(trans,resp,r); @@ -69,19 +69,19 @@ public class API_Roles { } ); - /** + /** * get Role by name */ authzAPI.route(GET, "/authz/roles/:role", API.ROLES, new Code(facade,"GetRolesByFullName",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getRolesByName(trans, resp, pathParam(req, "role")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -91,19 +91,19 @@ public class API_Roles { }); - /** + /** * gets all Roles by user name */ authzAPI.route(GET, "/authz/roles/user/:name", API.ROLES, new Code(facade,"GetRolesByUser",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getRolesByUser(trans, resp, pathParam(req, "name")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -112,19 +112,19 @@ public class API_Roles { }); - /** + /** * gets all Roles by Namespace */ authzAPI.route(GET, "/authz/roles/ns/:ns", API.ROLES, new Code(facade,"GetRolesByNS",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.getRolesByNS(trans, resp, pathParam(req, "ns")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -132,25 +132,25 @@ public class API_Roles { } }); - /** + /** * gets all Roles by Name without the Namespace */ authzAPI.route(GET, "/authz/roles/name/:name", API.ROLES, new Code(facade,"GetRolesByNameOnly",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.getRolesByNameOnly(trans, resp, pathParam(req, ":name")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** * Deletes a Role from Authz DB by Object */ @@ -158,24 +158,24 @@ public class API_Roles { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.deleteRole(trans, req, resp); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - + } ); - - + + /** * Deletes a Role from Authz DB by Key */ @@ -183,22 +183,22 @@ public class API_Roles { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.deleteRole(trans, resp, pathParam(req,":role")); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - + } ); - + /** * Add a Permission to a Role (Grant) @@ -207,14 +207,14 @@ public class API_Roles { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.addPermToRole(trans, req, resp); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; default: context.error(trans,resp,r); @@ -222,72 +222,72 @@ public class API_Roles { } } ); - + /** * Get all Roles by Permission */ authzAPI.route(GET,"/authz/roles/perm/:type/:instance/:action",API.ROLES,new Code(facade,"GetRolesByPerm",true) { public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - - Result<Void> r = context.getRolesByPerm(trans, resp, + + Result<Void> r = context.getRolesByPerm(trans, resp, pathParam(req, "type"), URLDecoder.decode(pathParam(req, "instance"),Config.UTF_8), pathParam(req, "action")); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** * Set a role's description */ authzAPI.route(PUT,"/authz/role",API.ROLE_REQ,new Code(facade,"Set Description for role",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.updateRoleDescription(trans, req, resp); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - }); - + }); + /** * Set a permission's roles to roles given */ authzAPI.route(PUT,"/authz/role/perm",API.ROLE_PERM_REQ,new Code(facade,"Set a Permission's Roles",true) { @Override public void handle( - AuthzTrans trans, + AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - + Result<Void> r = context.resetPermRoles(trans, req, resp); switch(r.status) { - case OK: - resp.setStatus(HttpStatus.OK_200); + case OK: + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } - }); - + }); + /** * Delete a Permission from a Role * With multiple perms @@ -296,13 +296,13 @@ public class API_Roles { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { Result<Void> r = context.delPermFromRole(trans, req, resp); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -318,17 +318,17 @@ public class API_Roles { @Override public void handle( AuthzTrans trans, - HttpServletRequest req, + HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result<Void> r = context.delPermFromRole(trans, resp, + Result<Void> r = context.delPermFromRole(trans, resp, pathParam(req,":role"), pathParam(req,":type"), pathParam(req,":instance"), pathParam(req,":action")); - + switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java index d5ce00c3..526766eb 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_User.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -46,7 +46,7 @@ import org.onap.aaf.cadi.config.Config; public class API_User { /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -58,8 +58,8 @@ public class API_User { authzAPI.route(GET,"/authz/users/perm/:type/:instance/:action",API.USERS,new Code(facade,"Get Users By Permission", true) { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { -// trans.checkpoint(pathParam(req,"type") + " " -// + pathParam(req,"instance") + " " +// trans.checkpoint(pathParam(req,"type") + " " +// + pathParam(req,"instance") + " " // + pathParam(req,"action")); // Result<Void> r = context.getUsersByPermission(trans, resp, @@ -68,7 +68,7 @@ public class API_User { pathParam(req, ":action")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -86,14 +86,14 @@ public class API_User { Result<Void> r = context.getUsersByRole(trans, resp, pathParam(req, ":role")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** * Get User Role if exists * @deprecated @@ -104,7 +104,7 @@ public class API_User { Result<Void> r = context.getUserInRole(trans, resp, pathParam(req,":user"),pathParam(req,":role")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -121,16 +121,16 @@ public class API_User { Result<Void> r = context.getUserInRole(trans, resp, pathParam(req,":user"),pathParam(req,":role")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + } - + } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java index 15d2302f..f4bea1d9 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_UserRole.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -46,7 +46,7 @@ import org.onap.aaf.auth.service.mapper.Mapper.API; public class API_UserRole { /** * Normal Init level APIs - * + * * @param authzAPI * @param facade * @throws Exception @@ -61,15 +61,15 @@ public class API_UserRole { Result<Void> r = context.requestUserRole(trans, req, resp); switch(r.status) { case OK: - resp.setStatus(HttpStatus.CREATED_201); + resp.setStatus(HttpStatus.CREATED_201); break; default: context.error(trans,resp,r); } } }); - - + + /** * Get UserRoles by Role */ @@ -79,14 +79,14 @@ public class API_UserRole { Result<Void> r = context.getUserRolesByRole(trans, resp, pathParam(req,":role")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } } }); - + /** * Get UserRoles by User */ @@ -96,7 +96,7 @@ public class API_UserRole { Result<Void> r = context.getUserRolesByUser(trans, resp, pathParam(req,":user")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); @@ -117,8 +117,8 @@ public class API_UserRole { context.error(trans,resp,removeAPI); } }); - - + + /** * Update users attached to role in path */ @@ -132,8 +132,8 @@ public class API_UserRole { /* * END REMOVE Dangerous API */ - - + + /** * Extend Expiration Date (according to Organizational rules) */ @@ -143,17 +143,17 @@ public class API_UserRole { Result<Void> r = context.extendUserRoleExpiration(trans,resp,pathParam(req,":user"),pathParam(req,":role")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); } - + } - + }); - - + + /** * Create a new ID/Credential */ @@ -163,7 +163,7 @@ public class API_UserRole { Result<Void> r = context.deleteUserRole(trans, resp, pathParam(req,":user"),pathParam(req,":role")); switch(r.status) { case OK: - resp.setStatus(HttpStatus.OK_200); + resp.setStatus(HttpStatus.OK_200); break; default: context.error(trans,resp,r); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java index f9ea39d6..4630ba81 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,12 +35,12 @@ import org.onap.aaf.auth.rserv.RServlet; * AuthzFacade * This layer is responsible for covering the Incoming Messages, be they XML, JSON or just entries on the URL, * and converting them to data that can be called on the Service Layer. - * + * * Upon response, this layer, because it knew the incoming Data Formats (i.e. XML/JSON), the HTTP call types * are set on "ContentType" on Response. - * + * * Finally, we wrap the call in Time Stamps with explanation of what is happing for Audit trails. - * + * * @author Jonathan * */ @@ -52,13 +52,13 @@ public interface AuthzFacade { * Namespaces */ public abstract Result<Void> requestNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, NsType type); - + public abstract Result<Void> getNSsByName(AuthzTrans trans, HttpServletResponse resp, String ns, boolean full); - + public abstract Result<Void> getNSsByAdmin(AuthzTrans trans, HttpServletResponse resp, String user, boolean full); - + public abstract Result<Void> getNSsByResponsible(AuthzTrans trans, HttpServletResponse resp, String user, boolean full); - + public abstract Result<Void> getNSsByEither(AuthzTrans trans, HttpServletResponse resp, String user, boolean full); public abstract Result<Void> getNSsChildren(AuthzTrans trans, HttpServletResponse resp, String pathParam); @@ -70,7 +70,7 @@ public interface AuthzFacade { public abstract Result<Void> addResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id); public abstract Result<Void> delResponsibilityForNS(AuthzTrans trans, HttpServletResponse resp, String ns, String id); - + public abstract Result<Void> updateNsDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); public abstract Result<Void> deleteNS(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String ns); @@ -87,40 +87,40 @@ public interface AuthzFacade { /* * Permissions */ - public abstract Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - - public abstract Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp, + public abstract Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); + + public abstract Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action); public abstract Result<Void> getPermsByUser(AuthzTrans trans, HttpServletResponse response, String user); public abstract Result<Void> getPermsByUserScope(AuthzTrans trans, HttpServletResponse resp, String user, String[] scopes); - + public abstract Result<Void> getPermsByUserWithAAFQuery(AuthzTrans trans, HttpServletRequest request, HttpServletResponse response, String user); - + public abstract Result<Void> getPermsByType(AuthzTrans trans, HttpServletResponse resp, String type); public abstract Result<Void> getPermsForRole(AuthzTrans trans, HttpServletResponse response, String roleName); public abstract Result<Void> getPermsByNS(AuthzTrans trans, HttpServletResponse response, String ns); - + public abstract Result<Void> renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String type, String instance, String action); - + public abstract Result<Void> updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletResponse resp, + public abstract Result<Void> deletePerm(AuthzTrans trans, HttpServletResponse resp, String perm, String type, String action); /* * Roles */ public abstract Result<Void> createRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse response); - + public abstract Result<Void> getRolesByName(AuthzTrans trans,HttpServletResponse resp, String name); public abstract Result<Void> getRolesByNS(AuthzTrans trans, HttpServletResponse resp, String ns); @@ -132,12 +132,12 @@ public interface AuthzFacade { public abstract Result<Void> getRolesByPerm(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action); public abstract Result<Void> updateRoleDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> addPermToRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> delPermFromRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp); - public abstract Result<Void> delPermFromRole(AuthzTrans trans, HttpServletResponse resp, + public abstract Result<Void> delPermFromRole(AuthzTrans trans, HttpServletResponse resp, String role, String type, String instance, String action); public abstract Result<Void> deleteRole(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); @@ -147,10 +147,10 @@ public interface AuthzFacade { /* * Users */ - + public abstract Result<Void> getUsersByRole(AuthzTrans trans, HttpServletResponse resp, String role); - - public abstract Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, + + public abstract Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action); @@ -159,13 +159,13 @@ public interface AuthzFacade { * Delegates */ public abstract Result<Void> createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> deleteDelegate(AuthzTrans trans, String user); - + public abstract Result<Void> getDelegatesByUser(AuthzTrans trans, String userName, HttpServletResponse resp); public abstract Result<Void> getDelegatesByDelegate(AuthzTrans trans, String userName, HttpServletResponse resp); @@ -202,11 +202,11 @@ public interface AuthzFacade { * UserRole */ public abstract Result<Void> requestUserRole(AuthzTrans trans,HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role); - + public abstract Result<Void> getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role); - + public abstract Result<Void> getUserRolesByUser(AuthzTrans trans, HttpServletResponse resp, String user); public abstract Result<Void> deleteUserRole(AuthzTrans trans, HttpServletResponse resp, String user, String role); @@ -214,19 +214,19 @@ public interface AuthzFacade { /* * resetUsersForRoles and resetRolesForUsers is too dangerous and not helpful. */ - + public abstract Result<Void> extendUserRoleExpiration(AuthzTrans trans, HttpServletResponse resp, String user, String role); /* - * Approval + * Approval */ public abstract Result<Void> updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp); - + public abstract Result<Void> getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user); - + public abstract Result<Void> getApprovalsByTicket(AuthzTrans trans, HttpServletResponse resp, String ticket); - + public abstract Result<Void> getApprovalsByApprover(AuthzTrans trans, HttpServletResponse resp, String approver); @@ -234,7 +234,7 @@ public interface AuthzFacade { * History */ public abstract Result<Void> getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort); - + public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String role, int[] yyyymm, final int sort); public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String perm, int[] yyyymm, final int sort); @@ -244,12 +244,12 @@ public interface AuthzFacade { public abstract Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String type, String subject, int[] yyyymm, int sort); /* - * Cache + * Cache */ public abstract Result<Void> cacheClear(AuthzTrans trans, String pathParam); public abstract Result<Void> cacheClear(AuthzTrans trans, String string,String segments); - + public abstract void dbReset(AuthzTrans trans); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java index 1d7f31e5..0554a025 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeFactory.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -50,6 +50,6 @@ public class AuthzFacadeFactory { (trans,new Mapper_2_0(question),question), type); } - + } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java index 10138d2c..60b76ea2 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -80,7 +80,7 @@ import aaf.v2_0.Api; /** * AuthzFacade - * + * * This Service Facade encapsulates the essence of the API Service can do, and provides * a single created object for elements such as RosettaDF. * @@ -91,14 +91,14 @@ import aaf.v2_0.Api; * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request. * 4) Log Service info, warnings and exceptions as necessary * 5) When asked by the API layer, this will create and write Error content to the OutputStream - * - * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be + * + * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be * clearly coordinated with the API Documentation - * + * * @author Pavani & Jonathan * */ -public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> extends FacadeImpl implements AuthzFacade +public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> extends FacadeImpl implements AuthzFacade { private static final String FORBIDDEN = "Forbidden"; private static final String NOT_FOUND = "Not Found"; @@ -155,14 +155,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE (errDF = env.newDataFactory(service.mapper().getClass(API.ERROR))).in(dataType).out(dataType); (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType); } - + public Mapper<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERTS,KEYS,REQUEST,HISTORY,ERR,APPROVALS> mapper() { return service.mapper(); } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, int) - * + * * Note: Conforms to AT&T TSS RESTful Error Structure */ @Override @@ -186,7 +186,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE dlist.toArray(detail); } //int httpstatus; - + switch(result.status) { case ERR_ActionNotCompleted: msgId = "SVC1202"; @@ -216,7 +216,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE detail[0] = msg; response.setStatus(/*httpstatus=*/403); break; - + case ERR_NsNotFound: msgId = "SVC2404"; detail[0] = NOT_FOUND; @@ -263,25 +263,25 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE detail[0] = NOT_ACCEPTABLE; response.setStatus(/*httpstatus=*/406); break; - + case ERR_ConflictAlreadyExists: msgId = "SVC1409"; detail[0] = "Conflict Already Exists"; response.setStatus(/*httpstatus=*/409); break; - + case ERR_DependencyExists: msgId = "SVC1424"; detail[0] = "Failed Dependency"; response.setStatus(/*httpstatus=*/424); break; - + case ERR_NotImplemented: msgId = "SVC1501"; - detail[0] = "Not Implemented"; + detail[0] = "Not Implemented"; response.setStatus(/*httpstatus=*/501); break; - + case Status.ACC_Future: msgId = "SVC1202"; detail[0] = "Accepted for Future, pending Approvals"; @@ -292,14 +292,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE detail[0] = "Choice Needed"; response.setStatus(/*httpstatus=*/300); break; - case ERR_Backend: + case ERR_Backend: msgId = "SVC2500"; detail[0] = GENERAL_SERVICE_ERROR; response.setStatus(/*httpstatus=*/500); hidemsg = true; break; - default: + default: msgId = "SVC1500"; detail[0] = GENERAL_SERVICE_ERROR; response.setStatus(/*httpstatus=*/500); @@ -311,7 +311,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE StringBuilder holder = new StringBuilder(); ERR em = service.mapper().errorFromMessage(holder,msgId,msg,detail); trans.checkpoint( - "ErrResp [" + + "ErrResp [" + msgId + "] " + holder.toString(), @@ -325,7 +325,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE trans.error().log(e,"unable to send response for",msg); } } - + /////////////////////////// // Namespace /////////////////////////// @@ -341,7 +341,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public static final String GET_NS_CHILDREN = "getNamespaceChildren"; public static final String UPDATE_NS_DESC = "updateNamespaceDescription"; public static final String DELETE_NS = "deleteNamespace"; - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#createNS(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -361,10 +361,10 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE trans.error().log("Invalid Input",IN,CREATE_NS); return Result.err(Status.ERR_BadData,"Invalid Input"); } - + Result<Void> rp = service.createNS(trans,request,type); switch(rp.status) { - case OK: + case OK: setContentType(resp,nsRequestDF.getOutType()); return Result.ok(); default: @@ -387,7 +387,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.addAdminNS(trans,ns,id); switch(rp.status) { - case OK: + case OK: //TODO Perms?? setContentType(resp,nsRequestDF.getOutType()); resp.getOutputStream().println(); @@ -412,7 +412,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.delAdminNS(trans, ns, id); switch(rp.status) { - case OK: + case OK: setContentType(resp,nsRequestDF.getOutType()); return Result.ok(); default: @@ -435,7 +435,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.addResponsibleNS(trans,ns,id); switch(rp.status) { - case OK: + case OK: setContentType(resp,nsRequestDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -459,7 +459,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.delResponsibleNS(trans, ns, id); switch(rp.status) { - case OK: + case OK: setContentType(resp,nsRequestDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -483,7 +483,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<NSS> rp = service.getNSbyName(trans, ns, full ); switch(rp.status) { - case OK: + case OK: RosettaData<NSS> data = nssDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -501,7 +501,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + // TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getNSsByAdmin(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) @@ -512,7 +512,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<NSS> rp = service.getNSbyAdmin(trans, user, full); switch(rp.status) { - case OK: + case OK: RosettaData<NSS> data = nssDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -530,7 +530,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + // TODO: uncomment when on cassandra 2.1.2 for MyNamespace GUI page /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getNSsByResponsible(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) @@ -541,7 +541,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<NSS> rp = service.getNSbyResponsible(trans, user, full); switch(rp.status) { - case OK: + case OK: RosettaData<NSS> data = nssDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -569,9 +569,9 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE TimeTaken tt = trans.start(GET_NS_BY_EITHER + ' ' + user, Env.SUB|Env.ALWAYS); try { Result<NSS> rp = service.getNSbyEither(trans, user, full); - + switch(rp.status) { - case OK: + case OK: RosettaData<NSS> data = nssDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -600,7 +600,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<NSS> rp = service.getNSsChildren(trans, parent); switch(rp.status) { - case OK: + case OK: RosettaData<NSS> data = nssDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -637,7 +637,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.updateNsDescription(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,nsRequestDF.getOutType()); return Result.ok(); default: @@ -650,7 +650,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + /* * (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#requestNS(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -661,7 +661,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.deleteNS(trans,ns); switch(rp.status) { - case OK: + case OK: setContentType(resp,nsRequestDF.getOutType()); return Result.ok(); default: @@ -679,7 +679,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE private final static String NS_UPDATE_ATTRIB = "nsUpdateAttrib"; private final static String READ_NS_BY_ATTRIB = "readNsByAttrib"; private final static String NS_DELETE_ATTRIB = "nsDeleteAttrib"; - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#createAttribForNS(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String) */ @@ -689,7 +689,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<?> rp = service.createNsAttrib(trans,ns,key,value); switch(rp.status) { - case OK: + case OK: setContentType(resp, keysDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -713,7 +713,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<KEYS> rp = service.readNsByAttrib(trans, key); switch(rp.status) { - case OK: + case OK: RosettaData<KEYS> data = keysDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -741,7 +741,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<?> rp = service.updateNsAttrib(trans,ns,key,value); switch(rp.status) { - case OK: + case OK: setContentType(resp, keysDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -766,7 +766,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<?> rp = service.deleteNsAttrib(trans,ns,key); switch(rp.status) { - case OK: + case OK: setContentType(resp, keysDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -796,14 +796,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public static final String UPDATE_PERM_DESC = "updatePermissionDescription"; public static final String SET_PERMISSION_ROLES_TO = "setPermissionRolesTo"; public static final String DELETE_PERMISSION = "deletePermission"; - + /* * (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#createOrUpdatePerm(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String, java.lang.String, java.lang.String) */ @Override public Result<Void> createPerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { - TimeTaken tt = trans.start( CREATE_PERMISSION, Env.SUB|Env.ALWAYS); + TimeTaken tt = trans.start( CREATE_PERMISSION, Env.SUB|Env.ALWAYS); try { REQUEST rreq; try { @@ -811,15 +811,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } - rreq = data.asObject(); + rreq = data.asObject(); } catch (APIException e) { trans.error().log("Invalid Input",IN,CREATE_PERMISSION); return Result.err(Status.ERR_BadData,"Invalid Input"); } - + Result<Void> rp = service.createPerm(trans,rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -832,7 +832,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getChildPerms(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) */ @@ -840,7 +840,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public Result<Void> getPermsByType(AuthzTrans trans, HttpServletResponse resp, String perm) { TimeTaken tt = trans.start(GET_PERMS_BY_TYPE + ' ' + perm, Env.SUB|Env.ALWAYS); try { - + Result<PERMS> rp = service.getPermsByType(trans, perm); switch(rp.status) { case OK: @@ -862,15 +862,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override - public Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp, + public Result<Void> getPermsByName(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action) { - + TimeTaken tt = trans.start(GET_PERMS_BY_NAME + ' ' + type + '|' + instance + '|' + action, Env.SUB|Env.ALWAYS); try { - + Result<PERMS> rp = service.getPermsByName(trans, type, instance, action); switch(rp.status) { case OK: @@ -902,7 +902,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<PERMS> rp = service.getPermsByUser(trans, user); switch(rp.status) { - case OK: + case OK: RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -921,7 +921,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getPermissionByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) */ @@ -931,7 +931,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<PERMS> rp = service.getPermsByUserScope(trans, user, scopes); switch(rp.status) { - case OK: + case OK: RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -952,7 +952,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getPermissionByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) */ @@ -966,7 +966,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } - perms = data.asObject(); + perms = data.asObject(); } catch (APIException e) { trans.error().log("Invalid Input",IN,GET_PERMISSIONS_BY_USER_WITH_QUERY); return Result.err(Status.ERR_BadData,"Invalid Input"); @@ -974,7 +974,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<PERMS> rp = service.getPermsByUser(trans, perms, user); switch(rp.status) { - case OK: + case OK: RosettaData<PERMS> data = permsDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -994,7 +994,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getPermissionsForRole(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) */ @@ -1023,7 +1023,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> getPermsByNS(AuthzTrans trans,HttpServletResponse resp,String ns) { TimeTaken tt = trans.start(GET_PERMISSIONS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS); @@ -1058,7 +1058,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public Result<Void> renamePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String origType, String origInstance, String origAction) { String cmdDescription = UPDATE_PERMISSION; - TimeTaken tt = trans.start( cmdDescription + ' ' + origType + ' ' + origInstance + ' ' + origAction, Env.SUB|Env.ALWAYS); + TimeTaken tt = trans.start( cmdDescription + ' ' + origType + ' ' + origInstance + ' ' + origAction, Env.SUB|Env.ALWAYS); try { REQUEST rreq; try { @@ -1066,15 +1066,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } - rreq = data.asObject(); + rreq = data.asObject(); } catch (APIException e) { trans.error().log("Invalid Input",IN,cmdDescription); return Result.err(Status.ERR_BadData,"Invalid Input"); } - + Result<Void> rp = service.renamePerm(trans,rreq, origType, origInstance, origAction); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1087,7 +1087,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> updatePermDescription(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(UPDATE_PERM_DESC, Env.SUB|Env.ALWAYS); @@ -1106,7 +1106,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.updatePermDescription(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,permRequestDF.getOutType()); return Result.ok(); default: @@ -1119,8 +1119,8 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - - + + @Override public Result<Void> resetPermRoles(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(SET_PERMISSION_ROLES_TO, Env.SUB|Env.ALWAYS); @@ -1136,11 +1136,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE trans.error().log("Invalid Input",IN, SET_PERMISSION_ROLES_TO); return Result.err(Status.ERR_BadData,"Invalid Input"); } - + Result<Void> rp = service.resetPermRoles(trans, rreq); - + switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1153,7 +1153,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> deletePerm(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(DELETE_PERMISSION, Env.SUB|Env.ALWAYS); @@ -1173,7 +1173,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<Void> rp = service.deletePerm(trans,rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1193,7 +1193,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.deletePerm(trans,type,instance,action); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1213,7 +1213,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public static final String GET_ROLES_BY_NAME_ONLY = "getRolesByNameOnly"; public static final String GET_ROLES_BY_NAME = "getRolesByName"; public static final String GET_ROLES_BY_PERM = "getRolesByPerm"; - public static final String UPDATE_ROLE_DESC = "updateRoleDescription"; + public static final String UPDATE_ROLE_DESC = "updateRoleDescription"; public static final String ADD_PERM_TO_ROLE = "addPermissionToRole"; public static final String DELETE_PERM_FROM_ROLE = "deletePermissionFromRole"; public static final String UPDATE_MGTPERM_ROLE = "updateMgtPermRole"; @@ -1238,7 +1238,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.createRole(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,roleRequestDF.getOutType()); return Result.ok(); default: @@ -1261,7 +1261,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<ROLES> rp = service.getRolesByName(trans, role); switch(rp.status) { - case OK: + case OK: RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1290,7 +1290,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<ROLES> rp = service.getRolesByUser(trans, user); switch(rp.status) { - case OK: + case OK: RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1319,7 +1319,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<ROLES> rp = service.getRolesByNS(trans, ns); switch(rp.status) { - case OK: + case OK: if (!rp.isEmpty()) { RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { @@ -1353,7 +1353,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<ROLES> rp = service.getRolesByNameOnly(trans, nameOnly); switch(rp.status) { - case OK: + case OK: if (!rp.isEmpty()) { RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { @@ -1386,7 +1386,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<ROLES> rp = service.getRolesByPerm(trans, type,instance,action); switch(rp.status) { - case OK: + case OK: RosettaData<ROLES> data = roleDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1428,7 +1428,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.updateRoleDescription(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,roleRequestDF.getOutType()); return Result.ok(); default: @@ -1460,7 +1460,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.addPermToRole(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -1493,7 +1493,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.delPermFromRole(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -1518,7 +1518,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.delPermFromRole(trans, role, type, instance, action); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); resp.getOutputStream().println(); return Result.ok(); @@ -1539,7 +1539,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.deleteRole(trans, role); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1571,7 +1571,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE Result<Void> rp = service.deleteRole(trans, rreq); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1599,7 +1599,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override /** * Create Credential - * + * */ public Result<Void> createUserCred(AuthzTrans trans, HttpServletRequest req) { TimeTaken tt = trans.start(CREATE_CRED, Env.SUB|Env.ALWAYS); @@ -1668,11 +1668,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<Void> getCredsByNS(AuthzTrans trans, HttpServletResponse resp, String ns) { TimeTaken tt = trans.start(GET_CREDS_BY_NS + ' ' + ns, Env.SUB|Env.ALWAYS); - + try { Result<USERS> ru = service.getCredsByNS(trans,ns); switch(ru.status) { - case OK: + case OK: RosettaData<USERS> data = usersDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans,trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1689,21 +1689,21 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } finally { tt.done(); } - + } - - + + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getCredsByID(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String) */ @Override public Result<Void> getCredsByID(AuthzTrans trans, HttpServletResponse resp, String id) { TimeTaken tt = trans.start(GET_CREDS_BY_ID + ' ' + id, Env.SUB|Env.ALWAYS); - + try { Result<USERS> ru = service.getCredsByID(trans,id); switch(ru.status) { - case OK: + case OK: RosettaData<USERS> data = usersDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1720,7 +1720,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } finally { tt.done(); } - + } @Override @@ -1741,10 +1741,10 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(e); } finally { tt.done(); - } + } } - - + + @Override public Result<Date> doesCredentialMatch(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(DOES_CRED_MATCH, Env.SUB|Env.ALWAYS); @@ -1763,7 +1763,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.err(e); } finally { tt.done(); - } + } } @@ -1792,11 +1792,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<Void> getCertInfoByID(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, String id) { TimeTaken tt = trans.start(GET_CERT_BY_ID, Env.SUB|Env.ALWAYS); - try { + try { Result<CERTS> rci = service.getCertInfoByID(trans,req,id); - + switch(rci.status) { - case OK: + case OK: if (Question.willSpecialLog(trans, trans.user())) { RosettaData<CERTS> data = certsDF.newData(trans).load(rci.value); Question.logEncryptTrace(trans,data.asString()); @@ -1822,11 +1822,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public static final String DELETE_DELEGATE = "deleteDelegate"; public static final String GET_DELEGATE_USER = "getDelegatesByUser"; public static final String GET_DELEGATE_DELG = "getDelegatesByDelegate"; - + @Override public Result<Void> createDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(CREATE_DELEGATE, Env.SUB|Env.ALWAYS); - try { + try { Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream()); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1840,11 +1840,11 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> updateDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(UPDATE_DELEGATE, Env.SUB|Env.ALWAYS); - try { + try { Data<REQUEST> data = delgRequestDF.newData().load(req.getInputStream()); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1858,7 +1858,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> deleteDelegate(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(DELETE_DELEGATE, Env.SUB|Env.ALWAYS); @@ -1876,7 +1876,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> deleteDelegate(AuthzTrans trans, String userName) { TimeTaken tt = trans.start(DELETE_DELEGATE + ' ' + userName, Env.SUB|Env.ALWAYS); @@ -1889,15 +1889,15 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> getDelegatesByUser(AuthzTrans trans, String user, HttpServletResponse resp) { TimeTaken tt = trans.start(GET_DELEGATE_USER, Env.SUB|Env.ALWAYS); try { Result<DELGS> rd = service.getDelegatesByUser(trans, user); - + switch(rd.status) { - case OK: + case OK: RosettaData<DELGS> data = delgDF.newData(trans).load(rd.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1922,7 +1922,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<DELGS> rd = service.getDelegatesByDelegate(trans, delegate); switch(rd.status) { - case OK: + case OK: RosettaData<DELGS> data = delgDF.newData(trans).load(rd.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -1964,10 +1964,10 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } catch (APIException e) { return Result.err(Status.ERR_BadData,"Invalid Input"); } - + Result<Void> rp = service.createUserRole(trans,request); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -1980,14 +1980,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> getUserInRole(AuthzTrans trans, HttpServletResponse resp, String user, String role) { TimeTaken tt = trans.start(GET_USERROLES + ' ' + user + '|' + role, Env.SUB|Env.ALWAYS); try { Result<USERS> ru = service.getUserInRole(trans,user,role); switch(ru.status) { - case OK: + case OK: RosettaData<USERS> data = usersDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2015,7 +2015,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<USERROLES> ru = service.getUserRolesByUser(trans,user); switch(ru.status) { - case OK: + case OK: RosettaData<USERROLES> data = userrolesDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2036,14 +2036,14 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + @Override public Result<Void> getUserRolesByRole(AuthzTrans trans, HttpServletResponse resp, String role) { TimeTaken tt = trans.start(GET_USERROLES_BY_ROLE + ' ' + role, Env.SUB|Env.ALWAYS); try { Result<USERROLES> ru = service.getUserRolesByRole(trans,role); switch(ru.status) { - case OK: + case OK: RosettaData<USERROLES> data = userrolesDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2064,7 +2064,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#extendUserRoleExpiration(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String) @@ -2088,7 +2088,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<Void> rp = service.deleteUserRole(trans,user,role); switch(rp.status) { - case OK: + case OK: setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -2106,7 +2106,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE private static final String GET_APPROVALS_BY_USER = "getApprovalsByUser."; private static final String GET_APPROVALS_BY_TICKET = "getApprovalsByTicket."; private static final String GET_APPROVALS_BY_APPROVER = "getApprovalsByApprover."; - + @Override public Result<Void> updateApproval(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) { TimeTaken tt = trans.start(UPDATE_APPROVAL, Env.SUB|Env.ALWAYS); @@ -2117,9 +2117,9 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } Result<Void> rp = service.updateApproval(trans, data.asObject()); - + switch(rp.status) { - case OK: + case OK: setContentType(resp,approvalDF.getOutType()); return Result.ok(); default: @@ -2132,20 +2132,20 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + @Override public Result<Void> getApprovalsByUser(AuthzTrans trans, HttpServletResponse resp, String user) { TimeTaken tt = trans.start(GET_APPROVALS_BY_USER + ' ' + user, Env.SUB|Env.ALWAYS); try { Result<APPROVALS> rp = service.getApprovalsByUser(trans, user); switch(rp.status) { - case OK: + case OK: RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); } data.to(resp.getOutputStream()); - + setContentType(resp,permsDF.getOutType()); return Result.ok(); default: @@ -2165,7 +2165,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<APPROVALS> rp = service.getApprovalsByApprover(trans, approver); switch(rp.status) { - case OK: + case OK: RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2191,7 +2191,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<APPROVALS> rp = service.getApprovalsByTicket(trans, ticket); switch(rp.status) { - case OK: + case OK: RosettaData<APPROVALS> data = approvalDF.newData(trans).load(rp.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2212,7 +2212,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } - + public static final String GET_USERS_PERMISSION = "getUsersByPermission"; public static final String GET_USERS_ROLE = "getUsersByRole"; @@ -2225,7 +2225,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<USERS> ru = service.getUsersByRole(trans,role); switch(ru.status) { - case OK: + case OK: RosettaData<USERS> data = usersDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2249,13 +2249,13 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE * @see com.att.authz.facade.AuthzFacade#getUsersByPermission(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String, java.lang.String, java.lang.String) */ @Override - public Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, + public Result<Void> getUsersByPermission(AuthzTrans trans, HttpServletResponse resp, String type, String instance, String action) { TimeTaken tt = trans.start(GET_USERS_PERMISSION + ' ' + type + ' ' + instance + ' ' +action, Env.SUB|Env.ALWAYS); try { Result<USERS> ru = service.getUsersByPermission(trans,type,instance,action); switch(ru.status) { - case OK: + case OK: RosettaData<USERS> data = usersDF.newData(trans).load(ru.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2275,7 +2275,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - + public static final String GET_HISTORY_USER = "getHistoryByUser"; public static final String GET_HISTORY_ROLE = "getHistoryByRole"; public static final String GET_HISTORY_PERM = "getHistoryByPerm"; @@ -2305,7 +2305,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<HISTORY> rh = service.getHistoryByUser(trans,user,yyyymm,sort); switch(rh.status) { - case OK: + case OK: RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2348,7 +2348,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<HISTORY> rh = service.getHistoryByRole(trans,role,yyyymm,sort); switch(rh.status) { - case OK: + case OK: RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2391,7 +2391,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<HISTORY> rh = service.getHistoryByNS(trans,ns,yyyymm,sort); switch(rh.status) { - case OK: + case OK: RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2434,7 +2434,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<HISTORY> rh = service.getHistoryByPerm(trans,perm,yyyymm,sort); switch(rh.status) { - case OK: + case OK: RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2478,7 +2478,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { Result<HISTORY> rh = service.getHistoryBySubject(trans,subject,target,yyyymm,sort); switch(rh.status) { - case OK: + case OK: RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value); if (Question.willSpecialLog(trans, trans.user())) { Question.logEncryptTrace(trans,data.asString()); @@ -2498,9 +2498,9 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } - public final static String CACHE_CLEAR = "cacheClear "; + public final static String CACHE_CLEAR = "cacheClear "; // public final static String CACHE_VALIDATE = "validateCache"; - + /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#cacheClear(org.onap.aaf.auth.env.test.AuthzTrans, java.lang.String) */ @@ -2601,7 +2601,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE tt.done(); } } - + public final static String API_EXAMPLE = "apiExample"; @@ -2612,7 +2612,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) { TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB); try { - String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); + String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); resp.getOutputStream().print(content); setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON); return Result.ok(); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java index 0e67ac49..d5e1c305 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade_2_0.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java index c66525da..549e6ed8 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -55,7 +55,7 @@ public interface Mapper< ERROR, APPROVALS> { - enum API{NSS,NS_REQ, + enum API{NSS,NS_REQ, PERMS,PERM_KEY,PERM_REQ, ROLES,ROLE,ROLE_REQ,ROLE_PERM_REQ, USERS,USER_ROLE_REQ,USER_ROLES, @@ -83,12 +83,12 @@ public interface Mapper< public Result<APPROVALS> approvals(List<ApprovalDAO.Data> lAppr); public Result<List<ApprovalDAO.Data>> approvals(APPROVALS apprs); public Result<List<PermDAO.Data>> perms(AuthzTrans trans, PERMS perms); - + public Result<UserRoleDAO.Data> userRole(AuthzTrans trans, REQUEST from); public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, REQUEST from); public REQUEST ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action); public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, REQUEST from); - + /* * Check Requests of varying sorts for Future fields set */ @@ -108,9 +108,9 @@ public interface Mapper< public Result<KEYS> keys(Collection<String> from); public Result<HISTORY> history(AuthzTrans trans, List<HistoryDAO.Data> history, final int sort); - + public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail); - + /* * A Memo Creator... Use to avoid creating superfluous Strings until needed. */ diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java index 26216c65..7abbcf6f 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/mapper/Mapper_2_0.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -103,7 +103,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo public Mapper_2_0(Question q) { this.q = q; } - + /* (non-Javadoc) * @see org.onap.aaf.auth.service.mapper.Mapper#ns(java.lang.Object, org.onap.aaf.auth.service.mapper.Mapper.Holder) */ @@ -116,7 +116,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo namespace.owner = from.getResponsible(); namespace.description = from.getDescription(); trans.checkpoint(namespace.name, Env.ALWAYS); - + NsType nt = NsType.fromString(from.getType()); if (nt.equals(NsType.UNKNOWN)) { String ns = namespace.name; @@ -133,7 +133,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } } namespace.type = nt.type; - + return Result.ok(namespace); } @@ -215,7 +215,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } finally { tt.done(); } - + tt = trans.start("Sort Perms", Env.SUB); try { Collections.sort(perms, new Comparator<Perm>() { @@ -230,14 +230,14 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return instanceCompare; } return typeCompare; - } + } }); } finally { tt.done(); } return Result.ok(to); } - + @Override public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, String[] nss, boolean filter) { List<Perm> perms = to.getPerm(); @@ -268,7 +268,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } finally { tt.done(); } - + tt = trans.start("Sort Perms", Env.SUB); try { Collections.sort(perms, new Comparator<Perm>() { @@ -283,7 +283,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return instanceCompare; } return typeCompare; - } + } }); } finally { tt.done(); @@ -297,7 +297,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo for (Perm p : perms.getPerm()) { Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType()); PermDAO.Data pd = new PermDAO.Data(); - if (nss.isOK()) { + if (nss.isOK()) { pd.ns=nss.value.ns; pd.type = nss.value.name; pd.instance = p.getInstance(); @@ -313,12 +313,12 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.ok(lpd); } - + @Override public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) { return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction()); } - + @Override public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) { RolePermRequest from = (RolePermRequest)req; @@ -326,19 +326,19 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo if (perm==null)return Result.err(Status.ERR_NotFound, "Permission not found"); Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType()); PermDAO.Data pd = new PermDAO.Data(); - if (nss.isOK()) { + if (nss.isOK()) { pd.ns=nss.value.ns; pd.type = nss.value.name; pd.instance = from.getPerm().getInstance(); pd.action = from.getPerm().getAction(); trans.checkpoint(pd.fullPerm(), Env.ALWAYS); - + String[] roles = {}; - + if (from.getRole() != null) { roles = from.getRole().split(","); } - for (String role : roles) { + for (String role : roles) { pd.roles(true).add(role); } return Result.ok(pd); @@ -346,13 +346,13 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.err(nss); } } - + @Override public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) { RolePermRequest from = (RolePermRequest)req; Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole()); RoleDAO.Data rd = new RoleDAO.Data(); - if (nss.isOK()) { + if (nss.isOK()) { rd.ns = nss.value.ns; rd.name = nss.value.name; trans.checkpoint(rd.fullName(), Env.ALWAYS); @@ -361,7 +361,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.err(nss); } } - + @Override public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) { PermRequest from = (PermRequest)req; @@ -380,7 +380,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.ok(pd); } else { Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType()); - if (nss.isOK()) { + if (nss.isOK()) { pd.ns=nss.value.ns; pd.type = nss.value.name; pd.instance = from.getInstance(); @@ -393,7 +393,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } } } - + @Override public Request ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action) { RolePermRequest rpr = new RolePermRequest(); @@ -402,7 +402,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo pkey.setInstance(instance); pkey.setAction(action); rpr.setPerm(pkey); - + rpr.setRole(role); return rpr; } @@ -429,7 +429,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo */ @Override public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) { - final boolean needNS = trans.requested(REQD_TYPE.ns); + final boolean needNS = trans.requested(REQD_TYPE.ns); for (RoleDAO.Data frole : from) { // Only Add Data to view if User is allowed to see this Role if (!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) { @@ -443,7 +443,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo Result<String[]> rpa = PermDAO.Data.decodeToArray(trans,q,p); if (rpa.notOK()) return Result.err(rpa); - + String[] pa = rpa.value; Pkey pKey = new Pkey(); pKey.setType(pa[0]+'.'+pa[1]); @@ -460,7 +460,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo /* * (non-Javadoc) * @see org.onap.aaf.auth.service.mapper.Mapper#users(java.util.Collection, java.lang.Object) - * + * * Note: Prevalidate all data for permission to view */ @Override @@ -480,7 +480,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo /* * (non-Javadoc) * @see org.onap.aaf.auth.service.mapper.Mapper#users(java.util.Collection, java.lang.Object) - * + * * Note: Prevalidate all data for permission to view */ @Override @@ -537,12 +537,12 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } if (passwd != null) { to.cred = ByteBuffer.wrap(passwd.getBytes()); - to.type = CredDAO.RAW; + to.type = CredDAO.RAW; } else { to.type = CredDAO.NONE; } } - + // Note: Ensure requested EndDate created will match Organization Password Rules // P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service) to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId()); @@ -550,7 +550,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.ok(to); } - + @Override public Result<Users> cred(List<CredDAO.Data> from, Users to) { List<User> cu = to.getUser(); @@ -564,7 +564,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } return Result.ok(to); } - + @Override public Result<Certs> cert(List<CertDAO.Data> from, Certs to) { List<Cert> lc = to.getCert(); @@ -572,7 +572,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo Cert cert = new Cert(); cert.setId(fcred.id); cert.setX500(fcred.x500); - /**TODO - change Interface + /**TODO - change Interface * @deprecated */ cert.setFingerprint(fcred.serial.toByteArray()); lc.add(cert); @@ -583,15 +583,15 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo /** * Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester * is allowed to change this value directly - * + * * Returning Result.OK means it should be done in the future. * Returning Result.ACC_Now means to act on table change now. */ @Override - public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from, + public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from, Bytification content, boolean enableApproval, Memo memo, MayChange mc) { Result<?> rMayChange; - boolean needsAppr = enableApproval?trans.requested(REQD_TYPE.future):false; + boolean needsAppr = enableApproval?trans.requested(REQD_TYPE.future):false; if (!needsAppr && (needsAppr = (rMayChange=mc.mayChange()).notOK())) { if (enableApproval) { if (!trans.requested(AuthzTrans.REQD_TYPE.future)) { @@ -601,16 +601,16 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo return Result.err(rMayChange); } } - GregorianCalendar now = new GregorianCalendar(); + GregorianCalendar now = new GregorianCalendar(); GregorianCalendar start = from.getStart()==null?now:from.getStart().toGregorianCalendar(); - + GregorianCalendar expires = trans.org().expiration(start, Expiration.Future); XMLGregorianCalendar xgc; if ((xgc=from.getEnd())!=null) { GregorianCalendar fgc = xgc.toGregorianCalendar(); expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration } - + //TODO needs two answers from this. What's the NSS, and may Change. FutureDAO.Data fto; if (start.after(now) || needsAppr ) { @@ -669,7 +669,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo item.setUser(data.user); items.add(item); } - + if (sort != 0) { TimeTaken tt = trans.start("Sort ", Env.SUB); try { @@ -697,7 +697,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } return err; } - + @Override public Class<?> getClass(API api) { switch(api) { @@ -753,17 +753,17 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo case ERROR: return (A)new Error(); case API: return (A)new Api(); case VOID: return null; - + case APPROVALS: return (A) new Approvals(); case DELG_REQ: return (A) new DelgRequest(); } return null; } - + @SuppressWarnings("unchecked") /** * Get Typed Marshaler as they are defined - * + * * @param api * @return */ @@ -799,7 +799,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo } return Result.ok(apprs); } - + @Override public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) { List<ApprovalDAO.Data> lappr = new ArrayList<>(); @@ -815,7 +815,7 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo ad.status=a.getStatus(); ad.operation=a.getOperation(); ad.memo=a.getMemo(); - + XMLGregorianCalendar xgc = a.getUpdated(); if (xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime(); lappr.add(ad); @@ -859,15 +859,15 @@ public class Mapper_2_0 implements Mapper<Nss, Perms, Pkey, Roles, Users, UserRo /* * We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever * the date is created from. - */ + */ private Date getExpires(Organization org, Expiration exp, Request base, String id) { XMLGregorianCalendar end = base.getEnd(); GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar(); GregorianCalendar orggc; - orggc = org.expiration(gc,exp,id); + orggc = org.expiration(gc,exp,id); // We'll choose the lesser of dates to ensure Policy Compliance... - + GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc; // Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired. endgc = Chrono.firstMomentOfDay(endgc); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java index 56785fee..1c0c4aab 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,9 +36,9 @@ import org.onap.aaf.auth.validation.Validator; /** * Validator * Consistently apply content rules for content (incoming) - * - * Note: We restrict content for usability in URLs (because RESTful service), and avoid - * issues with Regular Expressions, and other enabling technologies. + * + * Note: We restrict content for usability in URLs (because RESTful service), and avoid + * issues with Regular Expressions, and other enabling technologies. * @author Jonathan * */ @@ -57,13 +57,13 @@ public class ServiceValidator extends Validator { if (pd==null) { msg("Perm Data is null."); } else { - if(!pd.ns.contains("@")) { + if(!pd.ns.contains("@")) { ns(pd.ns); } permType(pd.type,pd.ns); permInstance(pd.instance); permAction(pd.action); - if (pd.roles!=null) { + if (pd.roles!=null) { for (String role : pd.roles) { role(role); } @@ -86,7 +86,7 @@ public class ServiceValidator extends Validator { } return this; } - + public ServiceValidator role(RoleDAO.Data pd) { if (pd==null) { msg("Role Data is null."); @@ -151,14 +151,14 @@ public class ServiceValidator extends Validator { if (idx>0) { str = str.substring(0,idx); } - + if (org.supportsRealm(cd.id)) { String resp = org.isValidID(trans, str); if (isNew && (resp!=null && resp.length()>0)) { msg(cd.id,str); } } - + if (cd.type==null) { msg("Credential Type must be set"); } else { @@ -193,17 +193,17 @@ public class ServiceValidator extends Validator { ns(ns.name); for (String s : ns.admin) { if (nob(s,ID_CHARS)) { - msg("Admin [" + s + "] is invalid."); + msg("Admin [" + s + "] is invalid."); } - + } for (String s : ns.owner) { if (nob(s,ID_CHARS)) { - msg("Responsible [" + s + "] is invalid."); + msg("Responsible [" + s + "] is invalid."); } - + } - + if (ns.attrib!=null) { for (Pair<String, String> at : ns.attrib) { if (nob(at.x,NAME_CHARS)) { @@ -221,14 +221,14 @@ public class ServiceValidator extends Validator { public ServiceValidator user_role(String user, UserRoleDAO.Data urdd) { role(user,urdd.role); - if(!urdd.role.startsWith(user)) { + if(!urdd.role.startsWith(user)) { nullOrBlank("UserRole.ns",urdd.ns); nullOrBlank("UserRole.rname",urdd.rname); } return this; } - + public ServiceValidator user_role(UserRoleDAO.Data urdd) { if (urdd==null) { msg("UserRole is null"); diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java index a6b1f395..32e2414f 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Approval.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java index 724e5b5a..4f000e62 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Creds.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -52,13 +52,13 @@ public class JU_API_Creds { @SuppressWarnings("static-access") @Test - public void testInit(){ + public void testInit(){ try { api_Creds.init(authzAPI, facade); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); - } + } } @SuppressWarnings("static-access") diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java index 69db8664..5a430c65 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Delegate.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java index ea48c8e4..8a85b5d8 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_History.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java index fd27e663..6df1bd61 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_NS.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java index 9868cfe8..7b52b760 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Perms.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java index 6e2f469b..0597da24 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_Roles.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java index 679665e2..78d85a1e 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_User.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java index 95b26fc1..7330960e 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/api/test/JU_API_UserRole.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java index 91c0e140..460113b6 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/facade/JU_AuthzFacadeImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java index fd664d6c..f562280b 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/mapper/JU_Mapper_2_0.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java index 9a804c98..e992337b 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -75,7 +75,7 @@ import aaf.v2_0.Users; @RunWith(MockitoJUnitRunner.class) public abstract class JU_BaseServiceImpl { - protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> + protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> acsi; protected Mapper_2_0 mapper; @@ -88,7 +88,7 @@ public abstract class JU_BaseServiceImpl { // NOTE: Annotation format (@Mock and @Spy) do NOT seem to always work as a Base Class, // so we construct manually. // -// Mock Objects +// Mock Objects protected HistoryDAO historyDAO = mock(HistoryDAO.class); protected CacheInfoDAO cacheInfoDAO = mock(CacheInfoDAO.class); protected CachedNSDAO nsDAO = mock(CachedNSDAO.class); @@ -102,32 +102,32 @@ public abstract class JU_BaseServiceImpl { protected DelegateDAO delegateDAO = mock(DelegateDAO.class); protected ApprovalDAO approvalDAO = mock(ApprovalDAO.class); - // Spy Objects + // Spy Objects @Spy protected static PropAccess access = new PropAccess(); @Spy protected static AuthzEnv env = new AuthzEnv(access); @Spy protected static AuthzTrans trans = env.newTransNoAvg(); - + // @Spy doesn't seem to work on Question. @Spy protected Question question = spy(new Question(trans, historyDAO,cacheInfoDAO,nsDAO,permDAO, roleDAO,userRoleDAO,credDAO,certDAO, locateDAO,futureDAO,delegateDAO,approvalDAO)); - + public void setUp() throws Exception { when(trans.org()).thenReturn(org); when(org.getDomain()).thenReturn("org.onap"); Define.set(access); access.setProperty(Config.CADI_LATITUDE, "38.0"); access.setProperty(Config.CADI_LONGITUDE, "-72.0"); - + mapper = new Mapper_2_0(question); acsi = new AuthzCassServiceImpl<>(trans, mapper, question); } - + ////////// // Common Data Objects ///////// @@ -144,7 +144,7 @@ public abstract class JU_BaseServiceImpl { rv.add(ndd); return rv; } - + /** * Setup Role Data for Mock Usages * @param trans @@ -163,7 +163,7 @@ public abstract class JU_BaseServiceImpl { } when(question.userRoleDAO().read(trans, user, ns+'.'+role)).thenReturn(result); } - + protected UserRoleDAO.Data urData(String user, String ns, String rname, int days) { UserRoleDAO.Data urdd = new UserRoleDAO.Data(); urdd.user = user; @@ -182,7 +182,7 @@ public abstract class JU_BaseServiceImpl { list.add(t); return list; } - + protected <T> List<T> emptyList(Class<T> cls) { return new ArrayList<>(); } diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java index 2bb907ac..9cd5ecdf 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -49,9 +49,9 @@ import junit.framework.Assert; @RunWith(MockitoJUnitRunner.class) public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl { - @Mock - private Result<CredDAO.Data> rcdd; - + @Mock + private Result<CredDAO.Data> rcdd; + @Before public void setUp() throws Exception { super.setUp(); @@ -110,7 +110,7 @@ public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl { when(orgIdentity.isFound()).thenReturn(true); String ns = "org.onap.sample"; when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns))); - + CredDAO.Data cdd = credDataFound(cr,100); when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(cdd)); when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(listOf(cdd))); @@ -126,7 +126,7 @@ public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl { cr.setType(CredDAO.RAW); return cr; } - + private CredDAO.Data credDataFound(CredRequest cr, int days) { CredDAO.Data cdd = new CredDAO.Data(); cdd.id = cr.getId(); @@ -144,5 +144,5 @@ public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl { cdd.expires = gc.getTime(); return cdd; } - + }
\ No newline at end of file diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java index 53ba519c..c4829ff1 100644 --- a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java +++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/validation/test/JU_ServiceValidator.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -54,7 +54,7 @@ public class JU_ServiceValidator { assertTrue(validator.errs().equals("ERR_Security\n")); } - + @Test public void permInstance() { assertFalse(validator.permInstance("hello").err()); |