diff options
Diffstat (limited to 'auth/auth-service')
3 files changed, 34 insertions, 20 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java index 3ae2fbfb..40640007 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java @@ -163,9 +163,9 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { try { Object[] atl=new Object[additionalTafLurs.length+2]; atl[0]=new DirectAAFLur(env,question); // Note, this will be assigned by AuthzTransFilter to TrustChecker - atl[1]=new BasicHttpTaf(env, directAAFUserPass, - domain,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)), - false); + atl[1]= new BasicHttpTaf(env, directAAFUserPass, + domain,Long.parseLong(env.getProperty(Config.AAF_CLEAN_INTERVAL, Config.AAF_CLEAN_INTERVAL_DEF)), + false); if(additionalTafLurs.length>0) { System.arraycopy(additionalTafLurs, 0, atl, 2, additionalTafLurs.length); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 519721ce..f3207798 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -532,7 +532,6 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS NSS nss = mapper.newInstance(API.NSS); // Note: "loadNamespace" already validates view of Namespace return mapper.nss(trans, rn.value, nss); - } @ApiDoc( diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java index d31c9d01..390c3089 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Creds.java @@ -42,9 +42,11 @@ import org.onap.aaf.auth.service.Code; import org.onap.aaf.auth.service.facade.AuthzFacade; import org.onap.aaf.auth.service.mapper.Mapper.API; import org.onap.aaf.cadi.CredVal; +import org.onap.aaf.cadi.CredVal.Type; import org.onap.aaf.cadi.Symm; import org.onap.aaf.cadi.principal.BasicPrincipal; import org.onap.aaf.cadi.principal.X509Principal; +import org.onap.aaf.cadi.taf.basic.BasicHttpTaf; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; @@ -90,23 +92,36 @@ public class API_Creds { // have to check Basic Auth here, because it might be CSP. String authz = req.getHeader("Authorization"); if(authz.startsWith("Basic ")) { - String decoded = Symm.base64noSplit.decode(authz.substring(6)); - int colon = decoded.indexOf(':'); - TimeTaken tt = trans.start("Direct Validation", Env.REMOTE); - try { - if(directAAFUserPass.validate( - decoded.substring(0,colon), - CredVal.Type.PASSWORD , - decoded.substring(colon+1).getBytes(),trans)) { - - resp.setStatus(HttpStatus.OK_200); - } else { - // DME2 at this version crashes without some sort of response - resp.getOutputStream().print(""); - resp.setStatus(HttpStatus.FORBIDDEN_403); + BasicHttpTaf bht = ((X509Principal)p).getBasicHttpTaf(); + if(bht!=null) { + BasicPrincipal bp = new BasicPrincipal(authz,""); + CredVal cv = bht.getCredVal(bp.getDomain()); + if(cv!=null) { + if(cv.validate(bp.getName(), Type.PASSWORD, bp.getCred(), null) ) { + resp.setStatus(HttpStatus.OK_200); + } else { + resp.setStatus(HttpStatus.FORBIDDEN_403); + } + } + } else { + String decoded = Symm.base64noSplit.decode(authz.substring(6)); + int colon = decoded.indexOf(':'); + TimeTaken tt = trans.start("Direct Validation", Env.REMOTE); + try { + if(directAAFUserPass.validate( + decoded.substring(0,colon), + CredVal.Type.PASSWORD , + decoded.substring(colon+1).getBytes(),trans)) { + + resp.setStatus(HttpStatus.OK_200); + } else { + // DME2 at this version crashes without some sort of response + resp.getOutputStream().print(""); + resp.setStatus(HttpStatus.FORBIDDEN_403); + } + } finally { + tt.done(); } - } finally { - tt.done(); } } } else if(p == null) { |