diff options
Diffstat (limited to 'auth')
58 files changed, 720 insertions, 250 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java index 3b77a577..0033f8a1 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java @@ -105,8 +105,13 @@ public class PermDAO extends CassDAOImpl<AuthzTrans,PermDAO.Data> { } public String fullPerm() { - StringBuilder sb = new StringBuilder(ns); - sb.append(ns.indexOf('@')<0?'.':':'); + StringBuilder sb = new StringBuilder(); + if(ns==null) { + sb.append("null."); + } else { + sb.append(ns); + sb.append(ns.indexOf('@')<0?'.':':'); + } sb.append(type); sb.append('|'); sb.append(instance); diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 690ffa08..3fde5123 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -1055,8 +1055,8 @@ public class Function { } else if (!fullperm.roles.isEmpty()) { return Result .err(Status.ERR_DependencyExists, - "Permission [%s.%s|%s|%s] cannot be deleted as it is attached to 1 or more roles.", - fullperm.ns, fullperm.type, fullperm.instance, fullperm.action); + "Permission [%s] cannot be deleted as it is attached to 1 or more roles.", + fullperm.fullPerm()); } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 7160edec..d40c2ea0 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -616,7 +616,7 @@ public class Question { public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) { if(pdd.ns.indexOf('@')>-1) { - if(user.equals(pdd.ns)) { + if(user.equals(pdd.ns) || isGranted(trans,user,Define.ROOT_NS(),"access",pdd.instance,READ)) { NsDAO.Data ndd = new NsDAO.Data(); ndd.name = user; ndd.type = NsDAO.USER; diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java index 62e1592f..3c7d873e 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java @@ -65,7 +65,7 @@ public class DirectAAFUserPass implements CredVal { } else { trans = env.newTransNoAvg(); if (state instanceof HttpServletRequest) { - trans.set((HttpServletRequest)state); + trans.set((HttpServletRequest)state,null); transfer=true; } } diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/aaf/test/AbsJUCass.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/aaf/test/AbsJUCass.java index dea2ccdd..bb0fcd43 100644 --- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/aaf/test/AbsJUCass.java +++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/aaf/test/AbsJUCass.java @@ -104,9 +104,6 @@ public class AbsJUCass { // Load special data here - // WebPhone - env.setProperty("java.naming.provider.url","ldap://ldap.webphone.att.com:389"); - env.setProperty("com.sun.jndi.ldap.connect.pool","true"); iterations = 0; diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java index 3727e34d..7dea9f07 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/AAF_CM.java @@ -244,11 +244,10 @@ public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> { try { Log4JLogIt logIt = new Log4JLogIt(args, "cm"); PropAccess propAccess = new PropAccess(logIt,args); - try { - AAF_CM service = new AAF_CM(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.start(); + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_CM(new AuthzEnv(propAccess)),true) + .start(); } catch (Exception e) { propAccess.log(e); } diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java index 18f062d5..1f2ee645 100644 --- a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java +++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/service/CMService.java @@ -193,7 +193,8 @@ public class CMService { } else if (primary == null) { return Result.err(Result.ERR_Denied, "Request not made from matching IP (%s)", trans.ip()); } else { - host = primary.getHostAddress(); + String thost = primary.getHostName(); + host = thost==null?primary.getHostAddress():thost; } ArtiDAO.Data add = null; diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java index ab10e66b..4ef85aa2 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Artifact.java @@ -59,8 +59,9 @@ public class JU_API_Artifact { public static void setUp() { AuthzTrans trans = mock(AuthzTrans.class); req = mock(HttpServletRequest.class); + res = mock(HttpServletResponse.class); trans.setProperty("testTag", "UserValue"); - trans.set(req); + trans.set(req,res); } @Rule diff --git a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java index 49632975..674e4edf 100644 --- a/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java +++ b/auth/auth-certman/src/test/java/org/onap/aaf/auth/cm/api/JU_API_Cert.java @@ -59,8 +59,9 @@ public class JU_API_Cert { public static void setUp() { AuthzTrans trans = mock(AuthzTrans.class); req = mock(HttpServletRequest.class); + res = mock(HttpServletResponse.class); trans.setProperty("testTag", "UserValue"); - trans.set(req); + trans.set(req,res); } @Rule diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Help.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Help.java index 12cf0635..49ffb51b 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Help.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Help.java @@ -31,7 +31,7 @@ public class Help extends Cmd { private List<Cmd> cmds; public Help(AAFcli aafcli, List<Cmd> cmds) { - super(aafcli, "--help", + super(aafcli, "help", new Param("-d (more details)", false), new Param("command",false)); this.cmds = cmds; diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java index 1b1b1831..d4a82d5d 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Version.java @@ -27,17 +27,18 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.misc.env.APIException; public class Version extends Cmd { + private final String version; - - public Version(AAFcli aafcli) { - super(aafcli, "--version"); + public Version(AAFcli aafcli) { + super(aafcli, "version"); + version = aafcli.access.getProperty(Config.AAF_DEPLOYED_VERSION, Config.AAF_DEFAULT_API_VERSION); } @Override protected int _exec(int idx, String... args) throws CadiException, APIException, LocatorException { pw().println("AAF Command Line Tool"); pw().print("Version: "); - pw().println(Config.AAF_DEFAULT_API_VERSION); + pw().println(version); return 200; } } diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersContact.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersContact.java index eadf1c97..d6eb9b30 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersContact.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersContact.java @@ -117,7 +117,7 @@ public class ListUsersContact extends Cmd { indent+=4; detailLine(sb,indent,"Report Users associated with this Namespace's Roles"); sb.append('\n'); - detailLine(sb,indent,"If \"set details=true\" is specified, then all roles are printed "); + detailLine(sb,indent,"If \"details\" is specified, then all roles are printed "); detailLine(sb,indent,"with the associated users and expiration dates"); indent-=4; api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersInRole.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersInRole.java index c0838cb7..b33f506d 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersInRole.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/ListUsersInRole.java @@ -117,7 +117,7 @@ public class ListUsersInRole extends Cmd { indent+=4; detailLine(sb,indent,"Report Users associated with this Namespace's Roles"); sb.append('\n'); - detailLine(sb,indent,"If \"set details=true\" is specified, then all roles are printed "); + detailLine(sb,indent,"If \"details\" is specified, then all roles are printed "); detailLine(sb,indent,"with the associated users and expiration dates"); indent-=4; api(sb,indent,HttpMethods.GET,"authz/nss/<ns>",Nss.class,true); diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java index 0f0c0011..3edc0e59 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java @@ -59,8 +59,12 @@ public class Delete extends Cmd { pk.setInstance(args[idx++]); pk.setAction(args[idx++]); - // Set "Force" if set - setQueryParamsOn(client); + if(pk.getType().contains("@")) { // User Perm deletion... Must remove from hidden role + client.setQueryParams("force"); + } else { + // Set "Force" if set + setQueryParamsOn(client); + } Future<PermRequest> fp = client.delete( "/authz/perm", getDF(PermRequest.class), diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListByUser.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListByUser.java index 325f45db..00972a18 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListByUser.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListByUser.java @@ -57,9 +57,9 @@ public class ListByUser extends Cmd { } if (aafcli.isDetailed()) { if (sb==null) { - sb = new StringBuilder('?'); + sb = new StringBuilder("?"); } else { - sb.append('&'); + sb.append("&"); } sb.append("ns"); } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java index 920f330f..1a1e7f24 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTrans.java @@ -24,6 +24,7 @@ package org.onap.aaf.auth.env; import java.util.Date; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.org.Organization; import org.onap.aaf.cadi.Lur; @@ -41,9 +42,11 @@ public interface AuthzTrans extends TransStore { } } - public abstract AuthzTrans set(HttpServletRequest req); + public abstract AuthzTrans set(HttpServletRequest req, HttpServletResponse resp); public abstract HttpServletRequest hreq(); + + public abstract HttpServletResponse hresp(); public abstract String user(); @@ -81,4 +84,7 @@ public interface AuthzTrans extends TransStore { public abstract String getTag(); + public abstract void clearCache(); + + }
\ No newline at end of file diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java index ec5e70de..bda23e13 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransFilter.java @@ -23,8 +23,8 @@ package org.onap.aaf.auth.env; import java.security.Principal; -import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.rserv.TransFilter; import org.onap.aaf.cadi.CadiException; @@ -63,16 +63,15 @@ public class AuthzTransFilter extends TransFilter<AuthzTrans> { } @Override - protected AuthzTrans newTrans(HttpServletRequest req) { + protected AuthzTrans newTrans(HttpServletRequest req, HttpServletResponse resp) { AuthzTrans at = env.newTrans(); at.setLur(getLur()); - at.set(req); + at.set(req,resp); return at; } @Override - protected TimeTaken start(AuthzTrans trans, ServletRequest request) { - trans.set((HttpServletRequest)request); + protected TimeTaken start(AuthzTrans trans) { return trans.start("Trans " + //(context==null?"n/a":context.toString()) + " IP: " + trans.ip() + " Port: " + trans.port() diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java index a7bb24a5..0af760b8 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransImpl.java @@ -24,6 +24,7 @@ package org.onap.aaf.auth.env; import java.util.Date; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.org.Organization; import org.onap.aaf.auth.org.OrganizationFactory; @@ -37,6 +38,7 @@ public class AuthzTransImpl extends BasicTrans implements AuthzTrans { private static final String N_A = "n/a"; private static final String BLANK = ""; private HttpServletRequest hreq; + private HttpServletResponse hresp; private TaggedPrincipal user; private Lur lur; private Organization org; @@ -54,8 +56,9 @@ public class AuthzTransImpl extends BasicTrans implements AuthzTrans { * @see org.onap.aaf.auth.env.test.AuthTrans#set(javax.servlet.http.HttpServletRequest) */ @Override - public AuthzTrans set(HttpServletRequest req) { + public AuthzTrans set(HttpServletRequest req, HttpServletResponse resp) { hreq = req; + hresp = resp; user = (TaggedPrincipal)req.getUserPrincipal(); for (REQD_TYPE rt : REQD_TYPE.values()) { @@ -70,11 +73,17 @@ public class AuthzTransImpl extends BasicTrans implements AuthzTrans { org=null; return this; } + @Override public HttpServletRequest hreq() { return hreq; } - + + @Override + public HttpServletResponse hresp() { + return hresp; + } + @Override public void setUser(TaggedPrincipal p) { user = p; @@ -174,7 +183,7 @@ public class AuthzTransImpl extends BasicTrans implements AuthzTrans { } return false; } - + /* (non-Javadoc) * @see org.onap.aaf.auth.env.test.AuthzTrans#org() */ @@ -229,4 +238,13 @@ public class AuthzTransImpl extends BasicTrans implements AuthzTrans { public String getTag() { return tag; } + + @Override + public void clearCache() { + if (lur!=null) { + StringBuilder report = new StringBuilder(); + lur.clear(user, report); + info().log(report); + } + } } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransOnlyFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransOnlyFilter.java index b1111638..5545c7da 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransOnlyFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/AuthzTransOnlyFilter.java @@ -21,8 +21,8 @@ package org.onap.aaf.auth.env; -import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.rserv.TransOnlyFilter; import org.onap.aaf.cadi.principal.TaggedPrincipal; @@ -43,13 +43,14 @@ public class AuthzTransOnlyFilter extends TransOnlyFilter<AuthzTrans> { } @Override - protected AuthzTrans newTrans() { - return env.newTrans(); + protected AuthzTrans newTrans(HttpServletRequest req, HttpServletResponse resp) { + AuthzTrans trans = env.newTrans(); + trans.set(req, resp); + return trans; } @Override - protected TimeTaken start(AuthzTrans trans, ServletRequest request) { - trans.set((HttpServletRequest)request); + protected TimeTaken start(AuthzTrans trans) { return trans.start("Trans " + //(context==null?"n/a":context.toString()) + " IP: " + trans.ip() + " Port: " + trans.port() diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java index 54a8f484..f0052e5a 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/env/NullTrans.java @@ -24,6 +24,7 @@ package org.onap.aaf.auth.env; import java.util.Date; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.org.Organization; import org.onap.aaf.cadi.Lur; @@ -130,7 +131,7 @@ public class NullTrans implements AuthzTrans { return null; } @Override - public AuthzTrans set(HttpServletRequest req) { + public AuthzTrans set(HttpServletRequest req, HttpServletResponse resp) { return null; } @@ -138,7 +139,13 @@ public class NullTrans implements AuthzTrans { public HttpServletRequest hreq() { return null; } + + @Override + public HttpServletResponse hresp() { + return null; + } + @Override public String user() { return null; @@ -243,5 +250,8 @@ public class NullTrans implements AuthzTrans { public String getTag() { return null; } + @Override + public void clearCache() { + } } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java index 92c0fc24..81e2e619 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java @@ -86,8 +86,8 @@ public abstract class TransFilter<TRANS extends TransStore> implements Filter { return cadi.getLur(); } - protected abstract TRANS newTrans(HttpServletRequest request); - protected abstract TimeTaken start(TRANS trans, ServletRequest request); + protected abstract TRANS newTrans(HttpServletRequest request,HttpServletResponse response); + protected abstract TimeTaken start(TRANS trans); protected abstract void authenticated(TRANS trans, Principal p); protected abstract void tallyHo(TRANS trans, String target); @@ -96,9 +96,9 @@ public abstract class TransFilter<TRANS extends TransStore> implements Filter { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; - TRANS trans = newTrans(req); + TRANS trans = newTrans(req,res); - TimeTaken overall = start(trans,request); + TimeTaken overall = start(trans); String target = "n/a"; try { request.setAttribute(TRANS_TAG, trans); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransOnlyFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransOnlyFilter.java index c3514b65..ef91e485 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransOnlyFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransOnlyFilter.java @@ -29,6 +29,8 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.cadi.principal.TaggedPrincipal; import org.onap.aaf.misc.env.TimeTaken; @@ -52,16 +54,15 @@ public abstract class TransOnlyFilter<TRANS extends TransStore> implements Filte - protected abstract TRANS newTrans(); - protected abstract TimeTaken start(TRANS trans, ServletRequest request); + protected abstract TRANS newTrans(HttpServletRequest req, HttpServletResponse resp); + protected abstract TimeTaken start(TRANS trans); protected abstract void authenticated(TRANS trans, TaggedPrincipal p); protected abstract void tallyHo(TRANS trans); @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - TRANS trans = newTrans(); - - TimeTaken overall = start(trans,request); + TRANS trans = newTrans((HttpServletRequest)request,(HttpServletResponse)response); + TimeTaken overall = start(trans); try { request.setAttribute(TransFilter.TRANS_TAG, trans); chain.doFilter(request, response); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java index 23240cf1..f5831139 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/AbsServiceStarter.java @@ -43,9 +43,11 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr private boolean do_register; protected AbsService<ENV,TRANS> service; protected String hostname; + protected final boolean secure; - public AbsServiceStarter(final AbsService<ENV,TRANS> service) { + public AbsServiceStarter(final AbsService<ENV,TRANS> service, boolean secure) { + this.secure = secure; this.service = service; try { OrganizationFactory.init(service.env); @@ -96,12 +98,14 @@ public abstract class AbsServiceStarter<ENV extends RosettaEnv, TRANS extends Tr }); if(System.getProperty("ECLIPSE", null)!=null) { Thread.sleep(2000); - System.out.println("Service Started in Eclipse: "); - System.out.print(" Hit <enter> to end\n:"); - try { - System.in.read(); - System.exit(0); - } catch (IOException e) { + if(!app.isCancelled()) { + System.out.println("Service Started in Eclipse: "); + System.out.print(" Hit <enter> to end:\n"); + try { + System.in.read(); + System.exit(0); + } catch (IOException e) { + } } } } diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java index bcc071a2..8d49720b 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java @@ -54,23 +54,11 @@ import org.onap.aaf.misc.rosetta.env.RosettaEnv; public class JettyServiceStarter<ENV extends RosettaEnv, TRANS extends Trans> extends AbsServiceStarter<ENV,TRANS> { - private boolean secure; - public JettyServiceStarter(final AbsService<ENV,TRANS> service) throws OrganizationException { - super(service); - secure = true; + public JettyServiceStarter(final AbsService<ENV,TRANS> service, boolean secure) throws OrganizationException { + super(service, secure); } - /** - * Specifically set this Service starter to Insecure (HTTP) Mode. - * @return - */ - public JettyServiceStarter<ENV,TRANS> insecure() { - secure = false; - return this; - } - - @Override public void _propertyAdjustment() { // System.setProperty("com.sun.management.jmxremote.port", "8081"); diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransImpl.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransImpl.java index f4481ed4..af92e372 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransImpl.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransImpl.java @@ -66,11 +66,12 @@ public class JU_AuthzTransImpl { public void setUp(){ authzTransImpl = new AuthzTransImpl(authzEnvMock); req = mock(HttpServletRequest.class); - authzTransImpl.set(req); + res = mock(HttpServletResponse.class); + authzTransImpl.set(req,res); when(req.getParameter("request")).thenReturn("NotNull"); - authzTransImpl.set(req); + authzTransImpl.set(req,res); when(req.getParameter("request")).thenReturn(""); - authzTransImpl.set(req); + authzTransImpl.set(req,res); } @Test diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransOnlyFilter.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransOnlyFilter.java index 091a3aa6..346ca48f 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransOnlyFilter.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_AuthzTransOnlyFilter.java @@ -76,10 +76,7 @@ public class JU_AuthzTransOnlyFilter { public void testStart() throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException { AuthzTransOnlyFilter aTF = new AuthzTransOnlyFilter(authzEnvMock); Class c = aTF.getClass(); - Class[] cArg = new Class[2]; - cArg[0] = AuthzTrans.class; - cArg[1] = ServletRequest.class; //Steps to test a protected method - Method startMethod = c.getDeclaredMethod("start", cArg); + Method startMethod = c.getDeclaredMethod("start", new Class[] {AuthzTrans.class}); startMethod.setAccessible(true); //startMethod.invoke(aTF, authzTransMock, servletRequestMock); } diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_NullTrans.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_NullTrans.java index f67716fa..9c7212c2 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_NullTrans.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/env/test/JU_NullTrans.java @@ -27,6 +27,7 @@ import static org.mockito.Mockito.mock; import java.security.Principal; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.junit.Assert; import org.junit.Before; @@ -157,7 +158,8 @@ public class JU_NullTrans { @Test public void testSet() { HttpServletRequest req = mock(HttpServletRequest.class); - AuthzTrans set = nullTrans.set(req); + HttpServletResponse res = mock(HttpServletResponse.class); + AuthzTrans set = nullTrans.set(req,res); Assert.assertNull(set); } diff --git a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java index 9b49216d..4972b572 100644 --- a/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java +++ b/auth/auth-core/src/test/java/org/onap/aaf/auth/server/test/JU_AbsServiceStarter.java @@ -49,8 +49,8 @@ public class JU_AbsServiceStarter { private class AbsServiceStarterStub extends AbsServiceStarter { - public AbsServiceStarterStub(AbsService service) { - super(service); + public AbsServiceStarterStub(AbsService service, boolean secure) { + super(service,secure); // TODO Auto-generated constructor stub } @@ -110,7 +110,7 @@ public class JU_AbsServiceStarter { prop.setLogLevel(Level.DEBUG); absServiceStub = new AbsServiceStub(prop, bEnv); - absServiceStarterStub = new AbsServiceStarterStub(absServiceStub); + absServiceStarterStub = new AbsServiceStarterStub(absServiceStub,true); } // @Test diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java index b56fc03e..67952001 100644 --- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java +++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java @@ -106,10 +106,13 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { try { Log4JLogIt logIt = new Log4JLogIt(args, "fs"); PropAccess propAccess = new PropAccess(logIt,args); - - AAF_FS service = new AAF_FS(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.insecure().start(); + try { + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_FS(new AuthzEnv(propAccess)),false) + .start(); + } catch (Exception e) { + propAccess.log(e); + } } catch (Exception e) { e.printStackTrace(); } diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java index 7859b7cc..f2d7522e 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java @@ -24,15 +24,17 @@ package org.onap.aaf.auth.cui; import java.io.PrintWriter; +import java.util.regex.Pattern; import javax.servlet.ServletInputStream; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.env.AuthzTrans; -import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.auth.gui.AAF_GUI; +import org.onap.aaf.auth.gui.Page; import org.onap.aaf.auth.rserv.HttpCode; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.http.HTransferSS; @@ -43,6 +45,7 @@ import org.onap.aaf.misc.env.TimeTaken; public class CUI extends HttpCode<AuthzTrans, Void> { private final AAF_GUI gui; + private final static Pattern userPerm = Pattern.compile("perm (create|delete).*@.*:id.*aaf.gui.*"); public CUI(AAF_GUI gui) { @@ -84,6 +87,13 @@ public class CUI extends HttpCode<AuthzTrans, Void> { } try { aafcli.eval(cmdStr); + if(userPerm.matcher(cmdStr).matches()) { + trans.clearCache(); + Cookie cookie = new Cookie(Page.AAF_THEME,trans.getProperty(Page.AAF_THEME)); + cookie.setMaxAge(-1); + cookie.setComment("Remove AAF GUI Theme"); + trans.hresp().addCookie(cookie); + } pw.flush(); } catch (Exception e) { pw.flush(); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java index c33f3d69..17916c24 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/AAF_GUI.java @@ -26,6 +26,9 @@ import static org.onap.aaf.auth.rserv.HttpMethods.POST; import static org.onap.aaf.auth.rserv.HttpMethods.PUT; import javax.servlet.Filter; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.aaf.auth.cmd.Cmd; import org.onap.aaf.auth.cui.CUI; @@ -40,6 +43,7 @@ import org.onap.aaf.auth.gui.pages.CMArtiChangeAction; import org.onap.aaf.auth.gui.pages.CMArtiChangeForm; import org.onap.aaf.auth.gui.pages.CMArtifactShow; import org.onap.aaf.auth.gui.pages.CredDetail; +import org.onap.aaf.auth.gui.pages.CredHistory; import org.onap.aaf.auth.gui.pages.Home; import org.onap.aaf.auth.gui.pages.LoginLanding; import org.onap.aaf.auth.gui.pages.LoginLandingAction; @@ -66,6 +70,7 @@ import org.onap.aaf.auth.gui.pages.UserRoleExtend; import org.onap.aaf.auth.gui.pages.UserRoleRemove; import org.onap.aaf.auth.gui.pages.WebCommand; import org.onap.aaf.auth.rserv.CachingFileAccess; +import org.onap.aaf.auth.rserv.HttpCode; import org.onap.aaf.auth.server.AbsService; import org.onap.aaf.auth.server.JettyServiceStarter; import org.onap.aaf.auth.server.Log4JLogIt; @@ -114,19 +119,19 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E protected final String deployedVersion; private StaticSlot sThemeWebPath; private StaticSlot sDefaultTheme; -// public final String theme; public AAF_GUI(final AuthzEnv env) throws Exception { super(env.access(), env); sDefaultTheme = env.staticSlot(AAF_GUI_THEME); - env.put(sDefaultTheme, env.getProperty(AAF_GUI_THEME,"onap")); + String defTheme = env.getProperty(AAF_GUI_THEME,"onap"); + env.put(sDefaultTheme, defTheme); sThemeWebPath = env.staticSlot(CachingFileAccess.CFA_WEB_PATH); if(env.get(sThemeWebPath)==null) { env.put(sThemeWebPath,"theme"); } - + slot_httpServletRequest = env.slot(HTTP_SERVLET_REQUEST); deployedVersion = app_version; @@ -157,8 +162,9 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E // MyNameSpace final Page myNamespaces = new Display(this, GET, new NssShow(this, start)).page(); Page nsDetail = new Display(this, GET, new NsDetail(this, start, myNamespaces)).page(); - new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail)); + new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail)); Page crdDetail = new Display(this, GET, new CredDetail(this, start, myNamespaces, nsDetail)).page(); + new Display(this, GET, new CredHistory(this,start,myNamespaces,nsDetail,crdDetail)); Page artiShow = new Display(this, GET, new CMArtifactShow(this, start, myNamespaces, nsDetail, crdDetail)).page(); Page artiCForm = new Display(this, GET, new CMArtiChangeForm(this, start, myNamespaces, nsDetail, crdDetail,artiShow)).page(); new Display(this, POST, new CMArtiChangeAction(this, start,artiShow,artiCForm)); @@ -204,6 +210,23 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E // Command line Mechanism route(env, PUT, "/gui/cui", new CUI(this),"text/plain;charset=utf-8","*/*"); + route(env, GET, "/gui/clear", new HttpCode<AuthzTrans, Void>(null, "Clear"){ + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + trans.clearCache(); + Cookie cookies[] = req.getCookies(); + if(cookies!=null) { + for(Cookie c : cookies) { + if(c.getName().startsWith("aaf.gui.")) { + c.setMaxAge(0); + resp.addCookie(c); + } + } + } + resp.sendRedirect("/gui/home"); + } + }, "text/plain;charset=utf-8","*/*"); + /////////////////////// // WebContent Handler /////////////////////// @@ -262,9 +285,13 @@ public class AAF_GUI extends AbsService<AuthzEnv, AuthzTrans> implements State<E Log4JLogIt logIt = new Log4JLogIt(args, "gui"); PropAccess propAccess = new PropAccess(logIt,args); - AAF_GUI service = new AAF_GUI(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.start(); + try { + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_GUI(new AuthzEnv(propAccess)),true) + .start(); + } catch (Exception e) { + propAccess.log(e); + } } catch (Exception e) { e.printStackTrace(); } diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java index 5b6eb016..18ec9f68 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Page.java @@ -46,7 +46,6 @@ import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.gui.pages.Home; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.client.Holder; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.principal.TaggedPrincipal; import org.onap.aaf.misc.env.APIException; @@ -70,6 +69,7 @@ import org.onap.aaf.misc.xgen.html.Imports; * */ public class Page extends HTMLCacheGen { + public static final String AAF_THEME = "aaf_theme"; public static final String AAFURL_TOOLS = "aaf_url.tools"; public static final String AAF_URL_TOOL_DOT = "aaf_url.tool."; public static final String AAF_URL_CUIGUI = "aaf_url.cuigui"; // link to help @@ -151,7 +151,8 @@ public class Page extends HTMLCacheGen { private static class PageCode implements Code<HTMLGen> { - private static final String AAF_GUI_TITLE = "aaf_gui_title"; + private static final String AAF_GUI_THEME = "aaf.gui.theme"; + private static final String AAF_GUI_TITLE = "aaf_gui_title"; private final ContentCode[] content; private final Slot browserSlot; @@ -167,6 +168,7 @@ public class Page extends HTMLCacheGen { browserSlot = env.slot(BROWSER_TYPE); sTheme = env.staticSlot(AAF_GUI.AAF_GUI_THEME); this.env = env; + getThemeFiles(env,""); // } private static synchronized List<String> getThemeFiles(Env env, String theme) { @@ -185,11 +187,11 @@ public class Page extends HTMLCacheGen { themeProps = new TreeMap<>(); props = null; } else { - props = themeProps.get(theme); + props = themeProps.get(t.getName()); } if(props==null) { props = new Properties(); - themeProps.put(theme, props); + themeProps.put(t.getName(), props); } try { @@ -215,13 +217,10 @@ public class Page extends HTMLCacheGen { return themes.get(theme); } - protected Imports getImports(Env env, Holder<String> theme, String defaultTheme, int backdots, BROWSER browser) { - List<String> ls = getThemeFiles(env,theme.get()); + protected Imports getImports(Env env, String theme, int backdots, BROWSER browser) { + List<String> ls = getThemeFiles(env,theme); Imports imp = new Imports(backdots); - if(ls==null) { - theme.set(defaultTheme); - } - String prefix = "theme/" + theme.get() + '/'; + String prefix = "theme/" + theme + '/'; for(String f : ls) { if(f.endsWith(".js")) { imp.js(prefix + f); @@ -262,7 +261,6 @@ public class Page extends HTMLCacheGen { hgen.html(); final String title = env.getProperty(AAF_GUI_TITLE,"Authentication/Authorization Framework"); final String defaultTheme = env.get(sTheme,"onap"); - final Holder<String> hTheme = new Holder<>(defaultTheme); Mark head = hgen.head(); hgen.leaf(TITLE).text(title).end(); @@ -270,15 +268,37 @@ public class Page extends HTMLCacheGen { @Override public void code(AAF_GUI state, AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { BROWSER browser = browser(trans,browserSlot); + String theme = null; Cookie[] cookies = trans.hreq().getCookies(); if(cookies!=null) { for(Cookie c : cookies) { - if("aaf_theme".equals(c.getName())) { - hTheme.set(c.getValue()); + if(AAF_GUI_THEME.equals(c.getName())) { + theme=c.getValue(); + if(!(themes.containsKey(theme))) { + theme = defaultTheme; + } + break; } } } - hgen.imports(getImports(env,hTheme,defaultTheme,backdots,browser)); + + if(theme==null) { + for(String t : themes.keySet()) { + if(!t.equals(defaultTheme) && trans.fish(new AAFPermission(null,trans.user()+":id", AAF_GUI_THEME, t))) { + theme=t; + break; + } + } + if(theme==null) { + theme = defaultTheme; + } + Cookie cookie = new Cookie(AAF_GUI_THEME,theme); + cookie.setMaxAge(604_800); // one week + trans.hresp().addCookie(cookie); + } + trans.setProperty(Page.AAF_THEME, theme); + + hgen.imports(getImports(env,theme,backdots,browser)); switch(browser) { case ie: case ieOld: @@ -350,7 +370,8 @@ public class Page extends HTMLCacheGen { } hgen.end(header); - + + hgen.divID("pageContent"); Mark inner = hgen.divID("inner"); // Content for (int i=cIdx;i<content.length;++i) { @@ -361,39 +382,65 @@ public class Page extends HTMLCacheGen { } hgen.end(inner); + + cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI,AuthzTrans>() { + @Override + public void code(AAF_GUI state, AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException { + String theme = trans.getProperty(Page.AAF_THEME); + Properties props; + if(theme==null) { + props = null; + } else { + props = themeProps==null?null:themeProps.get(theme); + } + + if(props!=null && "TRUE".equalsIgnoreCase(props.getProperty("enable_nav_btn"))) { + xgen.leaf("button", "id=navBtn").end(); + } + } + }); + // Adding "nav Hamburger button" // Navigation - Using older Nav to work with decrepit IE versions - Mark nav = hgen.divID("nav"); cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI,AuthzTrans>() { @Override public void code(AAF_GUI state, AuthzTrans trans,Cache<HTMLGen> cache, HTMLGen xgen) throws APIException, IOException { - Properties props = themeProps==null?null:themeProps.get(hTheme.get()); - if(props!=null && "TRUE".equalsIgnoreCase(props.getProperty("main_menu_in_nav"))) { - xgen.incr("h2").text("Navigation").end(); - Mark mark = new Mark(); - boolean selected = isSelected(trans.path(),Home.HREF); - //trans.path().endsWith("home"); - xgen.incr(mark,HTMLGen.UL) - .incr(HTMLGen.LI,selected?"class=selected":"") - .incr(HTMLGen.A, "href=home") - .text("Home") - .end(2); - boolean noSelection = !selected; - for(String[] mi : Home.MENU_ITEMS) { - //selected = trans.path().endsWith(mi[0]); - if(noSelection) { - selected = isSelected(trans.path(),mi[2]); - noSelection = !selected; - } else { - selected = false; - } - xgen.incr(HTMLGen.LI,selected?"class=selected":"") - .incr(HTMLGen.A, "href="+mi[0]) - .text(mi[1]) - .end(2); - } - xgen.end(mark); + String theme = trans.getProperty(Page.AAF_THEME); + Properties props; + if(theme==null) { + props = null; + } else { + props = themeProps==null?null:themeProps.get(theme); + } + + if(props!=null) { + if("TRUE".equalsIgnoreCase(props.getProperty("main_menu_in_nav"))) { + xgen.incr("h2").text("Navigation").end(); + Mark mark = new Mark(); + boolean selected = isSelected(trans.path(),Home.HREF); + //trans.path().endsWith("home"); + xgen.incr(mark,HTMLGen.UL) + .incr(HTMLGen.LI,selected?"class=selected":"") + .incr(HTMLGen.A, "href=home") + .text("Home") + .end(2); + boolean noSelection = !selected; + for(String[] mi : Home.MENU_ITEMS) { + //selected = trans.path().endsWith(mi[0]); + if(noSelection) { + selected = isSelected(trans.path(),mi[2]); + noSelection = !selected; + } else { + selected = false; + } + xgen.incr(HTMLGen.LI,selected?"class=selected":"") + .incr(HTMLGen.A, "href="+mi[0]) + .text(mi[1]) + .end(2); + } + xgen.end(mark); + } } } diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java index d32c7dc3..1e06b109 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CMArtiChangeAction.java @@ -82,32 +82,36 @@ trans.info().log("Step 1"); arti.getSans().add(s); } } - // Disallow IP entries, except by special Permission - if (!trans.fish(getPerm(ca,"ip"))) { - boolean ok=true; - if (IPValidator.ip(machine)) { - ok=false; - } - if (ok) { - for (String s: arti.getSans()) { - if (IPValidator.ip(s)) { - ok=false; - break; - } - } - } - if (!ok) { - hgen.p("Policy Failure: IPs in certificates are only allowed by Exception."); - return; - } - } - // Disallow Domain based Definitions without exception - if (machine.startsWith("*")) { // Domain set - if (!trans.fish(getPerm(ca, "domain"))) { - hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception."); - return; - } + // These checks to not apply to deletions + if(!CMArtiChangeForm.DELETE.equals(trans.get(sCmd, ""))) { + // Disallow IP entries, except by special Permission + if (!trans.fish(getPerm(ca,"ip"))) { + boolean ok=true; + if (IPValidator.ip(machine)) { + ok=false; + } + if (ok) { + for (String s: arti.getSans()) { + if (IPValidator.ip(s)) { + ok=false; + break; + } + } + } + if (!ok) { + hgen.p("Policy Failure: IPs in certificates are only allowed by Exception."); + return; + } + } + + // Disallow Domain based Definitions without exception + if (machine.startsWith("*")) { // Domain set + if (!trans.fish(getPerm(ca, "domain"))) { + hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception."); + return; + } + } } arti.setMechid((String)trans.get(sID,null)); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredDetail.java index 00e58c87..70d86933 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredDetail.java @@ -214,6 +214,7 @@ public class CredDetail extends Page { StringWriter buttons = new StringWriter(); HTMLGen hgen = cd.clone(buttons); hgen.leaf("button","onclick=divVisibility('"+key+"');","class=button").text("Expand").end(); + hgen.leaf(HTMLGen.A,"class=button","class=greenbutton","href="+CredHistory.HREF+"?user="+ulm.getKey()).text("History").end(); StringWriter creds = new StringWriter(); hgen = cd.clone(creds); @@ -302,8 +303,9 @@ public class CredDetail extends Page { Chrono.niceDateStamp(oldest), Chrono.niceDateStamp(newest))) .end(uRow); - + } + } hgen.end(utable); } @@ -316,6 +318,7 @@ public class CredDetail extends Page { new TextCell(creds.toString(),STYLE_WIDTH_70) }); } + for (String missing : lns) { StringWriter buttons = new StringWriter(); HTMLGen hgen = cd.clone(buttons); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredHistory.java new file mode 100644 index 00000000..7e3962ec --- /dev/null +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/CredHistory.java @@ -0,0 +1,224 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.gui.pages; + + +import java.io.IOException; +import java.net.ConnectException; +import java.util.ArrayList; +import java.util.Calendar; +import java.util.Comparator; +import java.util.List; + +import org.onap.aaf.auth.env.AuthzEnv; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.gui.AAF_GUI; +import org.onap.aaf.auth.gui.BreadCrumbs; +import org.onap.aaf.auth.gui.NamedCode; +import org.onap.aaf.auth.gui.Page; +import org.onap.aaf.auth.gui.Table; +import org.onap.aaf.auth.gui.Table.Cells; +import org.onap.aaf.auth.gui.table.AbsCell; +import org.onap.aaf.auth.gui.table.TableData; +import org.onap.aaf.auth.gui.table.TextCell; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; +import org.onap.aaf.cadi.client.Retryable; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.Env; +import org.onap.aaf.misc.env.Slot; +import org.onap.aaf.misc.env.TimeTaken; +import org.onap.aaf.misc.xgen.Cache; +import org.onap.aaf.misc.xgen.DynamicCode; +import org.onap.aaf.misc.xgen.html.HTMLGen; + +import aaf.v2_0.History; +import aaf.v2_0.History.Item; + + +public class CredHistory extends Page { + static final String NAME="CredHistory"; + static final String HREF = "/gui/credHistory"; + static final String FIELDS[] = {"user","dates"}; + + + public CredHistory(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException { + super(gui.env,NAME,HREF, FIELDS, + new BreadCrumbs(breadcrumbs), + new Table<AAF_GUI,AuthzTrans>("History", gui.env.newTransNoAvg(),new Model(gui.env),"class=std"), + new NamedCode(true, "content") { + @Override + public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { + final Slot user = gui.env.slot(NAME+".user"); + cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() { + @Override + public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { + String obUser = trans.get(user, null); + + // Use Javascript to make the table title more descriptive + hgen.js() + .text("var caption = document.querySelector(\".title\");") + .text("caption.innerHTML='History for User [ " + obUser + " ]';") + .done(); + + // Use Javascript to change Link Target to our last visited Detail page + String lastPage = CredDetail.HREF + "?role=" + obUser; + hgen.js() + .text("alterLink('roledetail', '"+lastPage + "');") + .done(); + + hgen.br(); + hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end() + .divID("advanced_search", "style=display:none"); + hgen.incr("table"); + + addDateRow(hgen,"Start Date"); + addDateRow(hgen,"End Date"); + hgen.incr("tr").incr("td"); + hgen.tagOnly("input", "type=button","value=Get History", + "onclick=datesURL('"+HREF+"?user=" + obUser+"');","class=greenbutton"); + hgen.end().end(); + hgen.end(); + hgen.end(); + } + }); + } + } + + ); + + } + + private static void addDateRow(HTMLGen hgen, String s) { + hgen + .incr("tr") + .incr("td") + .incr("label", "for=month", "required").text(s+"*").end() + .end() + .incr("td") + .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required") + .incr("option", "value=").text("Month").end(); + for(NsHistory.Month m : NsHistory.Month.values()) { + if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) { + hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end(); + } else { + hgen.incr("option", "value="+(m.ordinal()+1)).text(m.name()).end(); + } + } + hgen.end() + .end() + .incr("td") + .tagOnly("input","type=number","id=year"+s.substring(0, s.indexOf(' ')),"required", + "value="+Calendar.getInstance().get(Calendar.YEAR), "min=1900", + "max="+Calendar.getInstance().get(Calendar.YEAR), + "placeholder=Year").end() + .end(); + } + + + /** + * Implement the Table Content for History + * + * @author Jonathan + * + */ + private static class Model extends TableData<AAF_GUI,AuthzTrans> { + private static final String[] headers = new String[] {"Date","User","Memo"}; + private Slot user; + private Slot dates; + + public Model(AuthzEnv env) { + user = env.slot(NAME+".user"); + dates = env.slot(NAME+".dates"); + } + + @Override + public String[] headers() { + return headers; + } + + @Override + public Cells get(final AuthzTrans trans, final AAF_GUI gui) { + final String oName = trans.get(user,null); + final String oDates = trans.get(dates,null); + + Cells rv = Cells.EMPTY; + if (oName!=null) { + + try { + rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() { + @Override + public Cells code(Rcli<?> client) throws CadiException, ConnectException, APIException { + ArrayList<AbsCell[]> rv = new ArrayList<>(); + TimeTaken tt = trans.start("AAF Get History for credential ["+oName+"]",Env.REMOTE); + String msg = null; + try { + if (oDates != null) { + client.setQueryParams("yyyymm="+oDates); + } + Future<History> fh = client.read("/authz/hist/subject/"+oName + "/cred",gui.getDF(History.class)); + if (fh.get(AAF_GUI.TIMEOUT)) { + tt.done(); + tt = trans.start("Load History Data", Env.SUB); + List<Item> histItems = fh.value.getItem(); + + java.util.Collections.sort(histItems, new Comparator<Item>() { + @Override + public int compare(Item o1, Item o2) { + return o2.getTimestamp().compare(o1.getTimestamp()); + } + }); + + for (Item i : histItems) { + String user = i.getUser(); + AbsCell userCell = new TextCell(user); + + String memo = i.getMemo().replace("<script>", "<script>").replace("</script>", "</script>"); + rv.add(new AbsCell[] { + new TextCell(i.getTimestamp().toGregorianCalendar().getTime().toString()), + userCell, + new TextCell(memo) + }); + } + } else { + if (fh.code()==403) { + rv.add(new AbsCell[] {new TextCell("You may not view History of Credentiol[" + oName + "]", "colspan = 3", "class=center")}); + } else { + rv.add(new AbsCell[] {new TextCell("*** Data Unavailable ***", "colspan = 3", "class=center")}); + } + } + } finally { + tt.done(); + } + return new Cells(rv,msg); + } + }); + } catch (Exception e) { + trans.error().log(e); + } + } + return rv; + } + } + +} diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/Home.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/Home.java index 6fc4b5c1..463ee11a 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/Home.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/Home.java @@ -50,7 +50,8 @@ public class Home extends Page { // {"onboard","Onboarding"}, {"passwd","Password Management","/gui/passwd"}, {"cui","Command Prompt","/gui/cui"}, - {"api","AAF API","/gui/api"} + {"api","AAF API","/gui/api"}, + {"clear","Clear Preferences","/gui/clear"} }; public Home(final AAF_GUI gui) throws APIException, IOException { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java index 16a6c940..6b1c6120 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsDetail.java @@ -168,7 +168,7 @@ public class NsDetail extends Page { } String historyLink = NsHistory.HREF + "?name=" + nsName; - rv.add(new AbsCell[] {new RefCell("See History",historyLink,false)}); + rv.add(new AbsCell[] {new RefCell("See History",historyLink,false,"class=greenbutton")}); } finally { tt.done(); } diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java index bca6c92c..dc9119bf 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/NsHistory.java @@ -58,7 +58,6 @@ public class NsHistory extends Page { static final String NAME="NsHistory"; static final String HREF = "/gui/nsHistory"; static final String FIELDS[] = {"name","dates"}; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER }; @@ -88,7 +87,7 @@ public class NsHistory extends Page { .done(); hgen.br(); - hgen.leaf("a","href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end() + hgen.leaf("a","href=#advanced_search","onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end() .divID("advanced_search", "style=display:none"); hgen.incr("table"); @@ -96,7 +95,7 @@ public class NsHistory extends Page { addDateRow(hgen,"End Date"); hgen.incr("tr").incr("td"); hgen.tagOnly("input", "type=button","value=Get History", - "onclick=datesURL('"+HREF+"?name=" + obName+"');"); + "onclick=datesURL('"+HREF+"?name=" + obName+"');","class=greenbutton"); hgen.end().end(); hgen.end(); hgen.end(); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java index 41711db2..ae5fe375 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java @@ -60,8 +60,7 @@ import aaf.v2_0.Approvals; public class PendingRequestsShow extends Page { public static final String HREF = "/gui/myrequests"; public static final String NAME = "MyRequests"; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static final String[] FIELDS = new String[] {"as_user"}; // as_user Checked in Display + private static final String[] FIELDS = new String[] {"as_user"}; // as_user Checked in Display private static final String AS_USER=NAME+".as_user"; public PendingRequestsShow(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermDetail.java index 7d31d0e4..7bf6447d 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermDetail.java @@ -135,7 +135,7 @@ public class PermDetail extends Page { String historyLink = PermHistory.HREF + "?type=" + pType + "&instance=" + pInstance + "&action=" + pAction; - rv.add(new AbsCell[] {new RefCell("See History",historyLink,false)}); + rv.add(new AbsCell[] {new RefCell("See History",historyLink,false,"class=greenbutton")}); } else { rv.add(new AbsCell[] {new TextCell( fp.code()==HttpStatus.NOT_FOUND_404? diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java index bbaf419f..4c3bd32e 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PermHistory.java @@ -60,9 +60,6 @@ public class PermHistory extends Page { static final String NAME="PermHistory"; static final String HREF = "/gui/permHistory"; static final String FIELDS[] = {"type","instance","action","dates"}; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, - AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER }; public PermHistory(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException { super(gui.env,NAME,HREF, FIELDS, @@ -96,7 +93,7 @@ public class PermHistory extends Page { .done(); hgen.br(); - hgen.leaf("a", "href=#advanced_search", "onclick=divVisibility('advanced_search');").text("Advanced Search").end() + hgen.leaf("a", "href=#advanced_search", "onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end() .divID("advanced_search", "style=display:none"); hgen.incr("table"); @@ -106,7 +103,7 @@ public class PermHistory extends Page { hgen.tagOnly("input", "type=button","value=Get History", "onclick=datesURL('"+HREF+"?type=" + type + "&instance=" + instance - + "&action=" + action+"');"); + + "&action=" + action+"');","class=greenbutton"); hgen.end().end(); hgen.end(); hgen.end(); @@ -128,7 +125,7 @@ public class PermHistory extends Page { .incr("td") .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required") .incr("option", "value=").text("Month").end(); - for (Month m : Month.values()) { + for (NsHistory.Month m : NsHistory.Month.values()) { if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) { hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end(); } else { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java index bfc258bc..f69f4871 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleDetail.java @@ -266,7 +266,7 @@ public class RoleDetail extends Page { // History rv.add(new AbsCell[] { - new RefCell("See History",RoleHistory.HREF + "?role=" + pRole,false) + new RefCell("See History",RoleHistory.HREF + "?role=" + pRole,false,"class=greenbutton") }); } else { rv.add(new AbsCell[]{ diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java index fdf6f9e3..a9f0eeb0 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RoleHistory.java @@ -60,9 +60,7 @@ public class RoleHistory extends Page { static final String NAME="RoleHistory"; static final String HREF = "/gui/roleHistory"; static final String FIELDS[] = {"role","dates"}; - static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; - static enum Month { JANUARY, FEBRUARY, MARCH, APRIL, MAY, JUNE, JULY, - AUGUST, SEPTEMBER, OCTOBER, NOVEMBER, DECEMBER }; + public RoleHistory(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException { super(gui.env,NAME,HREF, FIELDS, @@ -90,7 +88,7 @@ public class RoleHistory extends Page { .done(); hgen.br(); - hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');").text("Advanced Search").end() + hgen.leaf("a", "href=#advanced_search","onclick=divVisibility('advanced_search');","class=greenbutton").text("Advanced Search").end() .divID("advanced_search", "style=display:none"); hgen.incr("table"); @@ -98,7 +96,7 @@ public class RoleHistory extends Page { addDateRow(hgen,"End Date"); hgen.incr("tr").incr("td"); hgen.tagOnly("input", "type=button","value=Get History", - "onclick=datesURL('"+HREF+"?role=" + obRole+"');"); + "onclick=datesURL('"+HREF+"?role=" + obRole+"');","class=greenbutton"); hgen.end().end(); hgen.end(); hgen.end(); @@ -120,7 +118,7 @@ public class RoleHistory extends Page { .incr("td") .incr("select", "name=month"+s.substring(0, s.indexOf(' ')), "id=month"+s.substring(0, s.indexOf(' ')), "required") .incr("option", "value=").text("Month").end(); - for (Month m : Month.values()) { + for (NsHistory.Month m : NsHistory.Month.values()) { if (Calendar.getInstance().get(Calendar.MONTH) == m.ordinal()) { hgen.incr("option", "selected", "value="+(m.ordinal()+1)).text(m.name()).end(); } else { diff --git a/auth/auth-gui/theme/onap/aaf5.css b/auth/auth-gui/theme/onap/aaf5.css index 67f03b27..ca9b3a77 100644 --- a/auth/auth-gui/theme/onap/aaf5.css +++ b/auth/auth-gui/theme/onap/aaf5.css @@ -350,7 +350,7 @@ div.detail caption { color: white; font-family: "Lucida Console", Monaco, monospace; overflow-y: scroll; - height: 300px; + height: 600px; min-width: 600px; padding: 5px; resize: vertical; diff --git a/auth/auth-gui/theme/onap/console.js b/auth/auth-gui/theme/onap/console.js index f65c17b4..fe4f6494 100644 --- a/auth/auth-gui/theme/onap/console.js +++ b/auth/auth-gui/theme/onap/console.js @@ -29,7 +29,7 @@ function getCommand() { cmds = document.querySelector("#command_field").value.split(" "); var cleanCmd = ""; if (document.querySelector("#details_img").getAttribute("class") == "selected") - cleanCmd += "set details=true "; + cleanCmd += "details "; for (var i = 0; i < cmds.length;i++) { var trimmed = cmds[i].trim(); if (trimmed != "") @@ -286,7 +286,7 @@ function maximizeConsole(img) { content.removeAttribute("class"); footer.style.display=""; console_area.style.resize="vertical"; - console_area.style.height="300px"; + console_area.style.height="600px"; } selectOption(img,0); } diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java index 6aee85d3..d88ed097 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/AAF_Hello.java @@ -122,9 +122,13 @@ public class AAF_Hello extends AbsService<AuthzEnv,AuthzTrans> { Log4JLogIt logIt = new Log4JLogIt(args, "hello"); PropAccess propAccess = new PropAccess(logIt,args); - AAF_Hello service = new AAF_Hello(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.start(); + try { + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_Hello(new AuthzEnv(propAccess)),true) + .start(); + } catch (Exception e) { + propAccess.log(e); + } } catch (Exception e) { e.printStackTrace(); } diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java index 26bdb695..26d0cc37 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/AAF_Locate.java @@ -241,9 +241,13 @@ public class AAF_Locate extends AbsService<AuthzEnv, AuthzTrans> { Log4JLogIt logIt = new Log4JLogIt(args, "locate"); PropAccess propAccess = new PropAccess(logIt,args); - AAF_Locate service = new AAF_Locate(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.start(); + try { + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_Locate(new AuthzEnv(propAccess)),true) + .start(); + } catch (Exception e) { + propAccess.log(e); + } } catch (Exception e) { e.printStackTrace(); } diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java index b6e4dfa8..829335c0 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/service/LocateServiceImpl.java @@ -22,7 +22,6 @@ package org.onap.aaf.auth.locate.service; import java.util.List; -import java.util.UUID; import org.onap.aaf.auth.dao.cass.ConfigDAO; import org.onap.aaf.auth.dao.cass.ConfigDAO.Data; @@ -72,27 +71,31 @@ public class LocateServiceImpl<IN,OUT,ERROR> return Result.err(Result.ERR_BadData,v.errs()); } int count = 0; + StringBuilder denied = null; for (MgmtEndpoint me : meps.getMgmtEndpoint()) { if (permToRegister) { int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName() - AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getName(),"write"); - if (trans.fish(p)) { - LocateDAO.Data data = mapper.locateData(me); - locateDAO.update(trans, data, true); - ++count; - } else { - return Result.err(Result.ERR_Denied,"May not register service (needs " + p.getKey() + ')'); + AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write"); + if (!trans.fish(p)) { + if(denied==null) { + denied = new StringBuilder("May not register service(s):"); + } + + denied.append("\n\t"); + denied.append(p.getKey()); + denied.append(')'); + continue; } - } else { //TODO if (MechID is part of Namespace) { - LocateDAO.Data data = mapper.locateData(me); - locateDAO.update(trans, data, true); - ++count; } + LocateDAO.Data data = mapper.locateData(me); + locateDAO.update(trans, data, true); + ++count; } if (count>0) { return Result.ok(); } else { - return Result.err(Result.ERR_NotFound, "No endpoints found"); + return denied==null?Result.err(Result.ERR_NotFound, "No endpoints found") + :Result.err(Result.ERR_Security,denied.toString()); } } @@ -106,22 +109,31 @@ public class LocateServiceImpl<IN,OUT,ERROR> return Result.err(Result.ERR_BadData,v.errs()); } int count = 0; + StringBuilder denied = null; for (MgmtEndpoint me : meps.getMgmtEndpoint()) { - int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName() - AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write"); - if (trans.fish(p)) { - LocateDAO.Data data = mapper.locateData(me); - data.port_key = UUID.randomUUID(); - locateDAO.delete(trans, data, false); - ++count; - } else { - return Result.err(Result.ERR_Denied,"May not register service (needs " + p.getKey() + ')'); - } + if (permToRegister) { + int dot = me.getName().lastIndexOf('.'); // Note: Validator checks for NS for getName() + AAFPermission p = new AAFPermission(me.getName().substring(0,dot),"locator",me.getHostname(),"write"); + if (!trans.fish(p)) { + if(denied==null) { + denied = new StringBuilder("May not deregister service(s):"); + } + + denied.append("\n\t"); + denied.append(p.getKey()); + denied.append(')'); + continue; + } + } + LocateDAO.Data data = mapper.locateData(me); + locateDAO.delete(trans, data, true); + ++count; } if (count>0) { return Result.ok(); } else { - return Result.err(Result.ERR_NotFound, "No endpoints found"); + return denied==null?Result.err(Result.ERR_NotFound, "No endpoints found") + :Result.err(Result.ERR_Security,denied.toString()); } } diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java index d5a6615f..7f38b65a 100644 --- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java +++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/AAF_OAuth.java @@ -192,9 +192,13 @@ public class AAF_OAuth extends AbsService<AuthzEnv,AuthzTrans> { Log4JLogIt logIt = new Log4JLogIt(args, "oauth"); PropAccess propAccess = new PropAccess(logIt,args); - AAF_OAuth service = new AAF_OAuth(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.start(); + try { + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_OAuth(new AuthzEnv(propAccess)),true) + .start(); + } catch (Exception e) { + propAccess.log(e); + } } catch (Exception e) { e.printStackTrace(); } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java index 6a63907d..333c0fc1 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AAF_Service.java @@ -239,9 +239,13 @@ public class AAF_Service extends AbsService<AuthzEnv,AuthzTrans> { Log4JLogIt logIt = new Log4JLogIt(args, "authz"); PropAccess propAccess = new PropAccess(logIt,args); - AbsService<AuthzEnv, AuthzTrans> service = new AAF_Service(new AuthzEnv(propAccess)); - JettyServiceStarter<AuthzEnv,AuthzTrans> jss = new JettyServiceStarter<AuthzEnv,AuthzTrans>(service); - jss.start(); + try { + new JettyServiceStarter<AuthzEnv,AuthzTrans>( + new AAF_Service(new AuthzEnv(propAccess)),true) + .start(); + } catch (Exception e) { + propAccess.log(e); + } } catch (Exception e) { e.printStackTrace(); } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 41c433f4..1d201f9a 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -86,6 +86,7 @@ import org.onap.aaf.auth.service.mapper.Mapper.API; import org.onap.aaf.auth.service.validation.ServiceValidator; import org.onap.aaf.auth.validation.Validator; import org.onap.aaf.cadi.principal.BasicPrincipal; +import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.util.Chrono; @@ -2311,17 +2312,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<?> mayChange() { // User can change himself (but not create) - if (trans.user().equals(cred.id)) { - return Result.ok(); - } if (nsd==null) { nsd = ques.validNSOfDomain(trans, cred.id); } // Get the Namespace if (nsd.isOK()) { - if (ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) { - return Result.ok(); - } String user[] = Split.split('.',trans.user()); if (user.length>2) { String company = user[user.length-1] + '.' + user[user.length-2]; @@ -3589,7 +3584,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return Result.ok(users); } - /*********************************** +/*********************************** * HISTORY ***********************************/ @Override @@ -3682,8 +3677,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE @Override public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); - if (v.nullOrBlank("NS",ns) - .err()) { + if (v.nullOrBlank("NS",ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3703,6 +3697,22 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return mapper.history(trans, resp.value,sort); } + @Override + public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, final int sort) { + NsDAO.Data ndd = new NsDAO.Data(); + ndd.name = FQI.reverseDomain(subject); + Result<Data> rnd = ques.mayUser(trans, trans.user(), ndd, Access.read); + if (rnd.notOK()) { + return Result.err(rnd); + } + + Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, subject, target, yyyymm); + if (resp.notOK()) { + return Result.err(resp); + } + return mapper.history(trans, resp.value,sort); + } + /*********************************** * DELEGATE ***********************************/ diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java index a89f64ed..61dbbd95 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzService.java @@ -636,6 +636,16 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT */ public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String subj, int[] yyyymm, int sort); + /** + * + * @param trans + * @param target + * @param yyyymm + * @param sort + * @return + */ + public Result<HISTORY> getHistoryBySubject(AuthzTrans trans, String subject, String target, int[] yyyymm, int sort); + /*********************************** * DELEGATE ***********************************/ @@ -753,7 +763,4 @@ public interface AuthzService<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DELGS,CERT */ public void dbReset(AuthzTrans trans); - - - } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java index 2c868d3d..ce730cec 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_History.java @@ -170,6 +170,33 @@ public class API_History { } } }); + + /** + * Get History by Subject + */ + authzAPI.route(GET,"/authz/hist/subject/:type/:subject",API.HISTORY,new Code(facade,"Get History by Perm Type", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + int[] years; + int descend; + try { + years = getYears(req); + descend = decending(req); + } catch (Exception e) { + context.error(trans, resp, Result.err(Status.ERR_BadData, e.getMessage())); + return; + } + + Result<Void> r = context.getHistoryBySubject(trans, resp, pathParam(req,":type"), pathParam(req,":subject"),years,descend); + switch(r.status) { + case OK: + resp.setStatus(HttpStatus.OK_200); + break; + default: + context.error(trans,resp,r); + } + } + }); } // Check if Ascending diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java index 463de35f..80e02264 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacade.java @@ -235,13 +235,15 @@ public interface AuthzFacade { */ public abstract Result<Void> getHistoryByUser(AuthzTrans trans, HttpServletResponse resp, String user, int[] yyyymm, final int sort); - public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort); + public abstract Result<Void> getHistoryByRole(AuthzTrans trans, HttpServletResponse resp, String role, int[] yyyymm, final int sort); - public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort); + public abstract Result<Void> getHistoryByPerm(AuthzTrans trans, HttpServletResponse resp, String perm, int[] yyyymm, final int sort); - public abstract Result<Void> getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String subject, int[] yyyymm, final int sort); + public abstract Result<Void> getHistoryByNS(AuthzTrans trans, HttpServletResponse resp, String ns, int[] yyyymm, final int sort); - /* + public abstract Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String type, String subject, int[] yyyymm, int sort); + + /* * Cache */ public abstract Result<Void> cacheClear(AuthzTrans trans, String pathParam); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java index 02fa842f..253f91da 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java @@ -2274,6 +2274,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE public static final String GET_HISTORY_ROLE = "getHistoryByRole"; public static final String GET_HISTORY_PERM = "getHistoryByPerm"; public static final String GET_HISTORY_NS = "getHistoryByNS"; + public static final String GET_HISTORY_SUBJECT = "getHistoryBySubject"; /* (non-Javadoc) * @see com.att.authz.facade.AuthzFacade#getHistoryByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -2447,6 +2448,50 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } } + /* (non-Javadoc) + * @see com.att.authz.facade.AuthzFacade#getHistoryByUser(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public Result<Void> getHistoryBySubject(AuthzTrans trans, HttpServletResponse resp, String subject, String target, int[] yyyymm, final int sort) { + StringBuilder sb = new StringBuilder(); + sb.append(GET_HISTORY_SUBJECT); + sb.append(' '); + sb.append(subject); + sb.append(" for "); + boolean first = true; + for (int i : yyyymm) { + if (first) { + first = false; + } else { + sb.append(','); + } + sb.append(i); + } + TimeTaken tt = trans.start(sb.toString(), Env.SUB|Env.ALWAYS); + + try { + Result<HISTORY> rh = service.getHistoryBySubject(trans,subject,target,yyyymm,sort); + switch(rh.status) { + case OK: + RosettaData<HISTORY> data = historyDF.newData(trans).load(rh.value); + if (Question.willSpecialLog(trans, trans.user())) { + Question.logEncryptTrace(trans,data.asString()); + } + + data.to(resp.getOutputStream()); + setContentType(resp,historyDF.getOutType()); + return Result.ok(); + default: + return Result.err(rh); + } + } catch (Exception e) { + trans.error().log(e,IN,GET_HISTORY_USER); + return Result.err(e); + } finally { + tt.done(); + } + } + public final static String CACHE_CLEAR = "cacheClear "; // public final static String CACHE_VALIDATE = "validateCache"; diff --git a/auth/helm/aaf-hello/aaf.sh b/auth/helm/aaf-hello/aaf.sh index 5bb83515..b1c8e639 100644 --- a/auth/helm/aaf-hello/aaf.sh +++ b/auth/helm/aaf-hello/aaf.sh @@ -1,4 +1,4 @@ -. ../../docker/d.props +. ../../docker/aaf.props IMAGE=onap/aaf/aaf_agent:$VERSION kubectl -n onap run -it --rm aaf-agent-$USER --image=$IMAGE --overrides=' diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml index 8d43070e..3a0a377c 100644 --- a/auth/helm/aaf-hello/values.yaml +++ b/auth/helm/aaf-hello/values.yaml @@ -54,7 +54,7 @@ image: # When using Docker Repo, add, and include trailing "/" # repository: nexus3.onap.org:10003/ # repository: localhost:5000/ - version: 2.1.12-SNAPSHOT + version: 2.1.14-SNAPSHOT resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/auth/sample/cass_data/config.dat b/auth/sample/cass_data/config.dat index 83976192..cf70164b 100644 --- a/auth/sample/cass_data/config.dat +++ b/auth/sample/cass_data/config.dat @@ -1,9 +1,12 @@ -aaf|aaf_env|DEV -aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect -aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token -aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1 -aaf|cadi_protocols|TLSv1.1,TLSv1.2 -aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US -aaf|cm_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 -aaf|fs_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1 -aaf|gui_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1 +aaf,aaf_cm_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
+aaf,aaf_env,DEV
+aaf,aaf_fs_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1
+aaf,aaf_gui_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1
+aaf,aaf_locate_url,https://aaf.dev.att.com:8095
+aaf,aaf_oauth2_introspect_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect
+aaf,aaf_oauth2_token_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token
+aaf,aaf_oauth_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1
+aaf,aaf_root_ns,com.att.aaf
+aaf,aaf_url,https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
+aaf,cadi_protocols,"TLSv1.1,TLSv1.2"
+aaf,cadi_x509_issuers,"CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US"
|