summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/pom.xml24
-rw-r--r--auth/auth-batch/src/assemble/auth-batch.xml13
-rw-r--r--auth/auth-cass/pom.xml18
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java2
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java1
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java12
-rw-r--r--auth/auth-certman/pom.xml2
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java85
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java42
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java45
-rw-r--r--auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java54
-rw-r--r--auth/auth-cmd/pom.xml18
-rw-r--r--auth/auth-cmd/src/assemble/auth-cmd.xml4
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java3
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java13
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java5
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java4
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java2
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java3
-rw-r--r--auth/auth-core/pom.xml18
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java16
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java6
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java25
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java2
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java3
-rw-r--r--auth/auth-deforg/pom.xml18
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java19
-rw-r--r--auth/auth-fs/pom.xml18
-rw-r--r--auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java4
-rw-r--r--auth/auth-gui/pom.xml2
-rw-r--r--auth/auth-hello/pom.xml2
-rw-r--r--auth/auth-locate/pom.xml2
-rw-r--r--auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java2
-rw-r--r--auth/auth-oauth/pom.xml2
-rw-r--r--auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java1
-rw-r--r--auth/auth-service/pom.xml2
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java18
-rw-r--r--auth/docker/Dockerfile.base3
-rw-r--r--auth/docker/agent.sh3
-rw-r--r--auth/docker/d.props.csit2
-rw-r--r--auth/docker/d.props.init2
-rw-r--r--auth/docker/dclean.sh2
-rw-r--r--auth/docker/pom.xml2
-rw-r--r--auth/helm/.gitignore3
-rw-r--r--auth/helm/aaf-hello/values.yaml4
-rw-r--r--auth/helm/aaf/Chart.yaml2
-rw-r--r--auth/helm/aaf/values.yaml2
-rw-r--r--auth/pom.xml18
-rwxr-xr-xauth/sample/bin/client.sh2
-rw-r--r--auth/sample/bin/service.sh2
52 files changed, 365 insertions, 196 deletions
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 802538ab..8f9db7c6 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -45,22 +45,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
@@ -123,12 +107,6 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-auth-deforg</artifactId>
</dependency>
-
- <!--dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency -->
-
</dependencies>
<build>
diff --git a/auth/auth-batch/src/assemble/auth-batch.xml b/auth/auth-batch/src/assemble/auth-batch.xml
index 1ba34da3..25b37b73 100644
--- a/auth/auth-batch/src/assemble/auth-batch.xml
+++ b/auth/auth-batch/src/assemble/auth-batch.xml
@@ -38,7 +38,20 @@
<include>org.onap.aaf.authz:aaf-cadi-core</include>
<include>org.onap.aaf.authz:aaf-misc-env</include>
<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
</includes -->
+ <includes>
+ <include>org.onap.aaf.authz:aaf-auth-batch</include>
+ <include>org.onap.aaf.authz:aaf-auth-core</include>
+ <include>org.onap.aaf.authz:aaf-cadi-core</include>
+ <include>org.onap.aaf.authz:aaf-misc-env</include>
+ <include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
+ <include>com.sun.istack:istack-commons-runtime</include>
+ <include>javax.activation:javax.activation-api</include>
+ </includes>
</dependencySet>
</dependencySets>
</assembly> \ No newline at end of file
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index d8e25cc3..5e86ba60 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -37,22 +37,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
index 75efdfae..31e5069b 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
@@ -129,7 +129,7 @@ public class FileGetter {
public static void main(String[] args) {
PropAccess access = new PropAccess(args);
- access.setProperty(AAF_FILEGETTER,"/Users/jg1555/cred.dat");
+ access.setProperty(AAF_FILEGETTER,"/opt/app/aaf/data/cred.dat");
FileGetter fg = FileGetter.singleton(access);
for(String id : new String[] {"m01891@aaf.att.com","bogus"}) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 0d5c487d..e5cde35c 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -227,7 +227,6 @@ public class Function {
if (rparent.notOK()) {
return Result.err(rparent);
}
- parent = rparent.value.parent;
if (!fromApproval) {
rparent = q.mayUser(trans, user, rparent.value, Access.write);
if (rparent.notOK()) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1809686a..39578f83 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -786,11 +786,17 @@ public class Question {
return Result.err(Status.ERR_BadData,
"[%s] cannot be a delegate for self", dd.user);
}
- if (!isUser && !isGranted(trans, trans.user(), ROOT_NS,DELG,
- org.getDomain(), Question.CREATE)) {
- return Result.err(Status.ERR_Denied,
+ if (!isUser) {
+ String supportedDomain = org.supportedDomain(dd.user);
+ if(supportedDomain==null) {
+ return Result.err(Status.ERR_Denied,
+ "[%s] may not create a delegate for the domain for [%s]",
+ trans.user(), dd.user);
+ } else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) {
+ return Result.err(Status.ERR_Denied,
"[%s] may not create a delegate for [%s]",
trans.user(), dd.user);
+ }
}
break;
case read:
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 69465b7d..64ab8372 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -20,7 +20,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
new file mode 100644
index 00000000..38429ad9
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.api;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException;
+
+/**
+ * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure
+ * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2).
+ */
+public interface CmpClient {
+
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+ * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+ * encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name.
+ * Could be {@code null}.
+ * @param profile Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}.
+ * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date.
+ * @param notAfter An optional validity to set in the created certificate, Certificate not valid after this date.
+ * @return The newly created Certificate.
+ *
+ * @throws CAOfflineException if External CA that is offline
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr,
+ Date notBefore, Date notAfter)
+ throws CAOfflineException, CmpClientException;
+
+ /**
+ * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+ * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+ * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+ * encountered in fetching certificate from CA.
+ *
+ * @param caName Information about the External Root Certificate Authority (CA) performing the event CA Name. Could
+ * be {@code null}.
+ * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+ * @param csr Certificate Signing Request {.cer} file. Must not be {@code null}.
+ * @return The newly created Certificate.
+ *
+ * @throws CAOfflineException if External CA that is offline
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr)
+ throws CAOfflineException, CmpClientException;
+
+ /**
+ * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration
+ * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation to be used, Certificate
+ * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses.
+ *
+ * @param caName CA name. Could be {@code null}.
+ * @param cert Target certificate. Must not be {@code null}.
+ * @param reason Revocation reason.
+ * @param invalidityTime Invalidity time. Could be {@code null}.
+ * @return return Certificate.
+ *
+ * @throws CmpClientException if client error occurs.
+ */
+ Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime)
+ throws CAOfflineException, CmpClientException;
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
new file mode 100644
index 00000000..d1484f30
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA
+ * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The
+ * connection was refused remotely (e.g., no process is listening on the remote address/port).
+ */
+public class CAOfflineException extends Exception {
+
+ private static final long serialVersionUID = 2L;
+
+ /**
+ * Creates a new instance without detail message.
+ */
+ public CAOfflineException() {
+ super();
+ }
+
+ /**
+ * Constructs an instance with the specified detail message.
+ *
+ * @param msg the detail message.
+ */
+ public CAOfflineException(String msg) {
+ super(msg);
+ }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
new file mode 100644
index 00000000..2a17ab10
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code.
+ */
+public class CmpClientException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Creates a new instance with detail message.
+ */
+ public CmpClientException(String message) {
+ super(message);
+ }
+
+ /**
+ * Creates a new instance with detail Throwable cause.
+ */
+ public CmpClientException(Throwable cause) {
+ super(cause);
+ }
+
+ /**
+ * Creates a new instance with detail message and Throwable cause.
+ */
+ public CmpClientException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
new file mode 100644
index 00000000..19cf634c
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient;
+
+/**
+ * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 (
+ * Certificate Request Message Format (CRMF)) standards.
+ */
+public final class CmpClientImpl implements CmpClient {
+
+ @Override
+ public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+ final Certificate csr, final Date notBefore, final Date notAfter)
+ throws CAOfflineException, CmpClientException {
+
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+ final Certificate csr)
+ throws CAOfflineException, CmpClientException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason,
+ final Date invalidityTime)
+ throws CAOfflineException, CmpClientException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+}
+
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index 6de09de5..2e7cb2d9 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -58,22 +58,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-cmd/src/assemble/auth-cmd.xml b/auth/auth-cmd/src/assemble/auth-cmd.xml
index 013010b5..ba312423 100644
--- a/auth/auth-cmd/src/assemble/auth-cmd.xml
+++ b/auth/auth-cmd/src/assemble/auth-cmd.xml
@@ -42,6 +42,10 @@
<include>org.onap.aaf.authz:aaf-misc-env</include>
<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
<include>jline:jline</include>
+ <include>javax.xml.bind:jaxb-api</include>
+ <include>org.glassfish.jaxb:jaxb-runtime</include>
+ <include>com.sun.istack:istack-commons-runtime</include>
+ <include>javax.activation:javax.activation-api</include>
</includes>
</dependencySet>
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
index eb206970..3770a58c 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
@@ -74,7 +74,7 @@ public class Grant extends Cmd {
Future<RolePermRequest> frpr = null;
- String[] roles = args[idx++].split(",");
+ String[] roles = args[idx].split(",");
String strA;
String strB;
for (String role : roles) {
@@ -110,7 +110,6 @@ public class Grant extends Cmd {
pw().println(" Accepted, but requires Approvals before actualizing");
} else {
error(frpr);
- idx=Integer.MAX_VALUE;
}
}
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
index 1a410088..9ef4c00a 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
@@ -132,11 +132,22 @@ public class Cred extends Cmd {
// IMPORTANT! We do this backward, because it is looking for string
// %1 or %13. If we replace %1 first, that messes up %13
+ String var;
for(int i=vars.size()-1;i>0;--i) {
- text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i));
+ var = vars.get(i);
+ if(aafcli.isTest()) {
+ int type = var.indexOf("U/P");
+ if(type>0) {
+ var = var.substring(0,type+4) + " XXXX/XX/XX XX:XX UTC XXXXXXXXXXXXXXXXXX";
+ }
+ }
+ text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var);
}
text = text.replace("%1",vars.get(0));
+ if(aafcli.isTest()) {
+
+ }
pw().println(text);
} else if (fp.code()==406 && option==1) {
pw().println("You cannot delete this Credential");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
index f5cb4499..6e967286 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
@@ -72,7 +72,7 @@ public class Delg extends BaseCmd<User> {
if (option<2 && args.length>idx) {
Date date;
try {
- date = Chrono.dateOnlyFmt.parse(args[idx++]);
+ date = Chrono.dateOnlyFmt.parse(args[idx]);
} catch (ParseException e) {
throw new CadiException(e);
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
index 30c71e55..485e6d18 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
@@ -47,9 +47,8 @@ public class ListActivity extends Cmd {
}
@Override
- public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String user = fullID(args[idx++]);
+ public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {
+ final String user = fullID(args[idx]);
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
index 765bd0aa..17f3002a 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
@@ -50,10 +50,10 @@ public class ListApprovals extends Cmd {
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
+ int idx = _idx;
final String type = args[idx++];
int option = whichOption(options,type);
- String value = args[idx++];
+ String value = args[idx];
final String fullValue;
if (option != 2) {
fullValue = fullID(value);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
index 07a19d36..8502f398 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
@@ -60,7 +60,7 @@ public class ListForCreds extends Cmd {
int idx = idxParam;
final int option = whichOption(options, args[idx++]);
final String which = options[option];
- final String value = args[idx++];
+ final String value = args[idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
index 0ab24900..6b9c83f7 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
@@ -64,7 +64,7 @@ public class ListForPermission extends Cmd {
String type = args[idx++];
String instance = args[idx++];
if ("\\*".equals(instance))instance="*";
- String action = args[idx++];
+ String action = args[idx];
if ("\\*".equals(action))action="*";
try {
Future<Users> fp = client.read(
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
index 6fdf1628..13f0a00d 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
@@ -47,8 +47,7 @@ public class ListForRoles extends Cmd {
@Override
public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
- int idx = _idx;
- final String role = args[idx++];
+ final String role = args[_idx];
return same(new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 91517836..5409a327 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -45,22 +45,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 288d79d3..73093099 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -95,7 +95,16 @@ public interface Organization {
public void addSupportedRealm(String r);
- public String getDomain();
+ /**
+ * If Supported, returns Realm, ex: org.onap
+ * ELSE returns null
+ *
+ * @param user
+ * @return
+ */
+ public String supportedDomain(String user);
+
+ public String getDomain();
/**
* Get Identity information based on userID
@@ -420,6 +429,11 @@ public interface Organization {
@Override
public void addSupportedRealm(String r) {
}
+
+ @Override
+ public String supportedDomain(String r) {
+ return null;
+ }
@Override
public String getDomain() {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
index 867d2984..6d559de5 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
@@ -131,13 +131,13 @@ public class OrganizationFactory {
}
env.init().printf("Instantiated %s with %s%s",orgNS,orgClass,(isDefault?" as default":""));
}
- if (org==null) {
- if (defaultOrg!=null) {
+ if ( (org==null) && (defaultOrg!=null)){
+
org=defaultOrg;
orgs.put(orgNS, org);
}
}
- }
+
return org;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
index bd718e46..bf9f57e3 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
@@ -45,8 +45,7 @@ class Acceptor<TRANS extends Trans> {
}
private boolean eval(HttpCode<TRANS,?> code, String str, List<String> props) {
-// int plus = str.indexOf('+');
-// if (plus<0) {
+
boolean ok = false;
boolean any = false;
for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
@@ -61,23 +60,7 @@ class Acceptor<TRANS extends Trans> {
}
}
}
-// } else { // Handle Accepts with "+" as in application/xaml+xml
-// int prev = str.indexOf('/')+1;
-// String first = str.substring(0,prev);
-// String nstr;
-// while (prev!=0) {
-// nstr = first + (plus<0?str.substring(prev):str.substring(prev,plus));
-//
-// for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
-// if (type.x.equals(nstr)) {
-// acceptable.add(type);
-// return type;
-// }
-// }
-// prev = plus+1;
-// plus=str.indexOf('+', prev);
-// };
-// }
+
return any;
}
@@ -93,9 +76,9 @@ class Acceptor<TRANS extends Trans> {
if (type.y!=null) {
for (Pair<String,Object> prop : type.y.y){
if (tag.equals(prop.x)) {
- if (tag.equals("charset")) {
+ if ( "charset".equals(tag)) {
return prop.x==null?false:prop.y.equals(value.toLowerCase()); // return True if Matched
- } else if (tag.equals("version")) {
+ } else if ("version".equals(tag)) {
return prop.y.equals(new Version(value)); // Note: Version Class knows Minor Version encoding
} else if (tag.equals(Content.Q)) { // replace Q value
try {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
index 761fd8cc..172f386e 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
@@ -41,7 +41,7 @@ class CodeSetter<TRANS extends Trans> {
this.resp = resp;
}
- public boolean matches(Route<TRANS> route) throws IOException, ServletException {
+ public boolean matches(Route<TRANS> route) {
// Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists)
return (code = route.getCode(trans, req, resp))!=null;
}
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
index f8c5ae19..03d6dfe2 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
@@ -21,10 +21,9 @@
package org.onap.aaf.auth.rserv;
-import java.io.IOException;
+
import java.util.List;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
index 353d4b91..e9bee7b8 100644
--- a/auth/auth-deforg/pom.xml
+++ b/auth/auth-deforg/pom.xml
@@ -26,7 +26,7 @@
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
@@ -45,22 +45,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 46d3db9b..70b3324a 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -637,6 +637,25 @@ public class DefaultOrg implements Organization {
}
return false;
}
+
+ @Override
+ public String supportedDomain(String user) {
+ if(user!=null) {
+ int after_at = user.indexOf('@')+1;
+ if(after_at<user.length()) {
+ String ud = FQI.reverseDomain(user);
+ if(ud.startsWith(getDomain())) {
+ return getDomain();
+ }
+ for(String s : supportedRealms) {
+ if(ud.startsWith(s)) {
+ return FQI.reverseDomain(s);
+ }
+ }
+ }
+ }
+ return null;
+ }
@Override
public synchronized void addSupportedRealm(final String r) {
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index 7b871267..87763650 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -57,22 +57,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
index 19a150da..64d93539 100644
--- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
+++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
@@ -44,7 +44,7 @@ import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.register.Registrant;
import org.onap.aaf.cadi.register.RemoteRegistrant;
-import org.onap.aaf.misc.env.APIException;
+
public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
@@ -58,7 +58,7 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> {
// creates StaticSlot, needed for CachingFileAccess, and sets to public Dir
env.staticSlot(CachingFileAccess.CFA_WEB_PATH,"aaf_public_dir");
- CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env);
+ CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<>(env);
route(env,GET,"/:key*", cfa);
final String aaf_locate_url = Config.getAAFLocateUrl(access);
if (aaf_locate_url == null) {
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 6b003051..f93fb7e4 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index 2cb8f571..47285766 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 3ea432b8..8df23909 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
index 962b9859..c77e9a85 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
@@ -59,7 +59,7 @@ public class API_Proxy {
* @param facade
* @throws Exception
*/
- public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade) {
String aafurl = gwAPI.access.getProperty(Config.AAF_URL,null);
if (aafurl!=null) {
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index 5e0c56fb..cc0ed53e 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
index 0126c2e2..a0644fd1 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
@@ -28,6 +28,7 @@ import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.APIException;
+@FunctionalInterface
public interface JSONPermLoader {
public Result<String> loadJSONPerms(AuthzTrans trans, String user, Set<String> scopes) throws APIException, CadiException;
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index 63585f94..9f9ca869 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 2431e0eb..67410305 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -2346,10 +2346,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
switch(action) {
case DELETE:
+ String why;
if(ques.isOwner(trans, user,ns) ||
- ques.isAdmin(trans, user,ns) ||
- ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
- return Result.ok();
+ ques.isAdmin(trans, user,ns) ||
+ ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
+ return Result.ok();
}
break;
case RESET:
@@ -2509,13 +2510,16 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
try {
if (firstID) {
// OK, it's a first ID, and not by NS Owner
- if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
+ String user = trans.user();
+ if(!ques.isOwner(trans,user,cdd.ns)) {
// Admins are not allowed to set first Cred, but Org has already
// said entity MAY create, typically by Permission
// We can't know which reason they are allowed here, so we
// have to assume that any with Special Permission would not be
// an Admin.
- if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
+ String domain = org.supportedDomain(user);
+ if((domain!=null && !ques.isGranted(trans, user, ROOT_NS, "mechid", domain, Question.CREATE)) &&
+ ques.isAdmin(trans, user, cdd.ns)) {
return Result.err(Result.ERR_Denied,
"Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
} else {
@@ -3900,6 +3904,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
final DelegateDAO.Data dd = rd.value;
+
+ if(dd.user.contentEquals(dd.delegate) && !trans.requested(force)) {
+ return Result.err(Status.ERR_InvalidDelegate,dd.user + " cannot delegate to self");
+ }
Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd);
if (access==Access.create && ddr.isOKhasData()) {
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index e7ae6432..4874f1aa 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -19,6 +19,9 @@
#
# Use dbuild.sh input parameter to set registry
FROM ${REGISTRY}/openjdk:8-jre-alpine
+#FROM openjdk:12-jdk-alpine
+#FROM openjdk:13-jdk-alpine
+
MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 575e21f9..f59bd228 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -28,7 +28,8 @@ fi
. ./aaf.props
DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.16}
+VERSION=${VERSION}
+CADI_VERSION=${CADI_VERSION:=${VERSION}}
for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
if [ "$(grep $V ./aaf.props)" = "" ]; then
diff --git a/auth/docker/d.props.csit b/auth/docker/d.props.csit
index cdb6b5a0..27f539bb 100644
--- a/auth/docker/d.props.csit
+++ b/auth/docker/d.props.csit
@@ -28,7 +28,7 @@ ORG=onap
PROJECT=aaf
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init
index 41a30244..8ef2e31a 100644
--- a/auth/docker/d.props.init
+++ b/auth/docker/d.props.init
@@ -23,7 +23,7 @@ PROJECT=aaf
# Note: Override can happen on dbuild.sh Commandline, -r <registry>
DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
CONF_ROOT_DIR=/opt/app/osaaf
# For local builds, set PREFIX=
PREFIX="$DOCKER_REPOSITORY/"
diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
index 4fb4e07a..0e974aa6 100644
--- a/auth/docker/dclean.sh
+++ b/auth/docker/dclean.sh
@@ -23,7 +23,7 @@
DOCKER=${DOCKER:=docker}
if [ "$1" == "" ]; then
- AAF_COMPONENTS="$(cat components) config core agent "
+ AAF_COMPONENTS="$(cat components) config core agent base "
else
AAF_COMPONENTS="$@"
fi
diff --git a/auth/docker/pom.xml b/auth/docker/pom.xml
index b4d3545c..9bfb80c8 100644
--- a/auth/docker/pom.xml
+++ b/auth/docker/pom.xml
@@ -25,7 +25,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
diff --git a/auth/helm/.gitignore b/auth/helm/.gitignore
index 44cae669..e106bce2 100644
--- a/auth/helm/.gitignore
+++ b/auth/helm/.gitignore
@@ -2,3 +2,6 @@ aaf.orig/
pause/
aaf.new/
aaf.props
+.DS_Store
+current
+*.tgz
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index 5a3931c2..130fa74e 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -37,8 +37,8 @@ image:
# repository: localhost:5000/
service:
- agentImage: onap/aaf/aaf_agent:2.1.16-SNAPSHOT
- image: onap/aaf/aaf_hello:2.1.16-SNAPSHOT
+ agentImage: onap/aaf/aaf_agent:2.1.17-SNAPSHOT
+ image: onap/aaf/aaf_hello:2.1.17-SNAPSHOT
app_ns: "org.osaaf.aaf"
fqi: "aaf@aaf.osaaf.org"
fqdn: "aaf-hello"
diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml
index f83041e9..976e2efe 100644
--- a/auth/helm/aaf/Chart.yaml
+++ b/auth/helm/aaf/Chart.yaml
@@ -22,4 +22,4 @@ apiVersion: v1
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.16-SNAPSHOT
+version: 2.1.17-SNAPSHOT
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index b320d9c8..9cfee331 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -104,7 +104,7 @@ image:
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.16-SNAPSHOT
+ version: 2.1.17-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/pom.xml b/auth/pom.xml
index 27abccdb..eb65a5d3 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -26,7 +26,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
@@ -66,22 +66,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index 4768d81c..4132e6ca 100755
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -21,7 +21,7 @@
# This script is run when starting client Container.
# It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
#
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
AAF_INTERFACE_VERSION=2.1
# Extract Name, Domain and NS from FQI
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index bddd42c9..10a3e15e 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -39,7 +39,7 @@ cadi_longitude=${cadi_longitude:-"${LONGITUDE}"}
cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"}
aaf_locate_url=${aaf_locate_url:-"https://${HOSTNAME}:8095"}
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
OSAAF=/opt/app/osaaf
LOCAL=$OSAAF/local