summaryrefslogtreecommitdiffstats
path: root/authz-gw
diff options
context:
space:
mode:
Diffstat (limited to 'authz-gw')
-rw-r--r--authz-gw/pom.xml185
-rw-r--r--authz-gw/src/main/config/authGW.props33
-rw-r--r--authz-gw/src/main/config/log4j.properties79
-rw-r--r--authz-gw/src/main/config/lrm-authz-gw.xml82
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java248
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java45
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java363
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java99
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java87
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java156
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java75
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java74
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java48
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java258
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java40
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java33
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java69
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java29
-rw-r--r--authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java40
-rw-r--r--authz-gw/src/main/xsd/gw_1_0.xsd103
-rw-r--r--authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java51
21 files changed, 2197 insertions, 0 deletions
diff --git a/authz-gw/pom.xml b/authz-gw/pom.xml
new file mode 100644
index 00000000..6b085f7c
--- /dev/null
+++ b/authz-gw/pom.xml
@@ -0,0 +1,185 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>parent</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>authz-gw</artifactId>
+ <name>Authz Gate/Wall</name>
+ <description>GW API</description>
+ <url>https://github.com/att/AAF</url>
+ <licenses>
+ <license>
+ <name>BSD License</name>
+ <url> </url>
+ </license>
+ </licenses>
+ <developers>
+ <developer>
+ <name>Jonathan Gathman</name>
+ <email></email>
+ <organization>ATT</organization>
+ <organizationUrl></organizationUrl>
+ </developer>
+ </developers>
+
+ <properties>
+ <maven.test.failure.ignore>true</maven.test.failure.ignore>
+ <project.swmVersion>30</project.swmVersion>
+ <project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion>
+ <nexusproxy>https://nexus.onap.org</nexusproxy>
+ <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>
+ <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>
+ <stagingNexusPath>/content/repositories/staging/</stagingNexusPath>
+ <sitePath>/content/sites/site/${project.groupId}/${project.artifactId}/${project.version}</sitePath>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>authz-core</artifactId>
+
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.onap.aaf.cadi</groupId>
+ <artifactId>cadi-aaf</artifactId>
+ </dependency>
+
+
+
+ </dependencies>
+
+ <build>
+ <plugins>
+ <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>jaxb2-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <includes>
+ <include>**/*.class</include>
+ </includes>
+ </configuration>
+ <version>2.3.1</version>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-source-plugin</artifactId>
+ <version>2.2.1</version>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>jar-no-fork</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+<plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.7</version>
+ <extensions>true</extensions>
+ <configuration>
+ <nexusUrl>${nexusproxy}</nexusUrl>
+ <stagingProfileId>176c31dfe190a</stagingProfileId>
+ <serverId>ecomp-staging</serverId>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+<distributionManagement>
+ <repository>
+ <id>ecomp-releases</id>
+ <name>AAF Release Repository</name>
+ <url>${nexusproxy}${releaseNexusPath}</url>
+ </repository>
+ <snapshotRepository>
+ <id>ecomp-snapshots</id>
+ <name>AAF Snapshot Repository</name>
+ <url>${nexusproxy}${snapshotNexusPath}</url>
+ </snapshotRepository>
+ <site>
+ <id>ecomp-site</id>
+ <url>dav:${nexusproxy}${sitePath}</url>
+ </site>
+ </distributionManagement>
+<pluginRepositories>
+ <pluginRepository>
+ <id>onap-plugin-snapshots</id>
+ <url>https://nexus.onap.org/content/repositories/snapshots/</url>
+ </pluginRepository>
+ </pluginRepositories>
+
+ <repositories>
+ <repository>
+ <id>central</id>
+ <name>Maven 2 repository 2</name>
+ <url>http://repo2.maven.org/maven2/</url>
+ </repository>
+ <repository>
+ <id>onap-jar-snapshots</id>
+ <url>https://nexus.onap.org/content/repositories/snapshots</url>
+ </repository>
+ <repository>
+ <id>spring-repo</id>
+ <name>Spring repo</name>
+ <url>https://artifacts.alfresco.com/nexus/content/repositories/public/</url>
+ </repository>
+ <repository>
+ <id>repository.jboss.org-public</id>
+ <name>JBoss.org Maven repository</name>
+ <url>https://repository.jboss.org/nexus/content/groups/public</url>
+ </repository>
+ </repositories>
+</project>
diff --git a/authz-gw/src/main/config/authGW.props b/authz-gw/src/main/config/authGW.props
new file mode 100644
index 00000000..294db359
--- /dev/null
+++ b/authz-gw/src/main/config/authGW.props
@@ -0,0 +1,33 @@
+##
+## AUTHZ GateWall (authz-gw) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+AFT_ENV_CONTEXT=_ENV_CONTEXT_
+
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+
+##DME2 related parameters
+DMEServiceName=service=com.att.authz.authz-gw/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_GW_PORT_RANGE_
+
+# Turn on both AAF TAF & LUR 2.0
+aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+
+# CSP
+csp_domain=PROD
+
+# GUI Login Page
+cadi_loginpage_url=https://DME2RESOLVE/service=com.att.authz.authz-gui/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_/login
+
+
diff --git a/authz-gw/src/main/config/log4j.properties b/authz-gw/src/main/config/log4j.properties
new file mode 100644
index 00000000..fb5f22cb
--- /dev/null
+++ b/authz-gw/src/main/config/log4j.properties
@@ -0,0 +1,79 @@
+#-------------------------------------------------------------------------------
+# ============LICENSE_START====================================================
+# * org.onap.aaf
+# * ===========================================================================
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# * ===========================================================================
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# * ============LICENSE_END====================================================
+# *
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# *
+#-------------------------------------------------------------------------------
+###############################################################################
+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+###############################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}
+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd
+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_
+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_
+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.INIT.layout.ConversionPattern=%d %p [%c] %m %n
+
+log4j.appender.GW=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.GW.File=_LOG_DIR_/${LOG4J_FILENAME_gw}
+log4j.appender.GW.DatePattern='.'yyyy-MM-dd
+#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_
+#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_
+log4j.appender.GW.layout=org.apache.log4j.PatternLayout
+log4j.appender.GW.layout.ConversionPattern=%d %p [%c] %m %n
+
+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}
+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd
+#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_
+#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_
+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout
+log4j.appender.AUDIT.layout.ConversionPattern=%d %p [%c] %m %n
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n
+
+# General Apache libraries
+log4j.rootLogger=WARN
+log4j.logger.org.apache=WARN,INIT
+log4j.logger.dme2=WARN,INIT
+log4j.logger.init=INFO,INIT
+log4j.logger.gw=_LOG4J_LEVEL_,GW
+log4j.logger.audit=INFO,AUDIT
+
diff --git a/authz-gw/src/main/config/lrm-authz-gw.xml b/authz-gw/src/main/config/lrm-authz-gw.xml
new file mode 100644
index 00000000..f48470d5
--- /dev/null
+++ b/authz-gw/src/main/config/lrm-authz-gw.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
+-->
+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">
+ <ns2:ManagedResource>
+ <ResourceDescriptor>
+ <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>
+ <ResourceVersion>
+ <Major>_MAJOR_VER_</Major>
+ <Minor>_MINOR_VER_</Minor>
+ <Patch>_PATCH_VER_</Patch>
+ </ResourceVersion>
+ <RouteOffer>_ROUTE_OFFER_</RouteOffer>
+ </ResourceDescriptor>
+ <ResourceType>Java</ResourceType>
+ <ResourcePath>com.att.authz.gw.GwAPI</ResourcePath>
+ <ResourceProps>
+ <Tag>process.workdir</Tag>
+ <Value>_ROOT_DIR_</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.version</Tag>
+ <Value>1.8</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.args</Tag>
+ <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20 -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.classpath</Tag>
+ <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.heap.min</Tag>
+ <Value>512m</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>jvm.heap.max</Tag>
+ <Value>2048m</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>start.class</Tag>
+ <Value>com.att.authz.gw.GwAPI</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>stdout.redirect</Tag>
+ <Value>_ROOT_DIR_/logs/SystemOut.log</Value>
+ </ResourceProps>
+ <ResourceProps>
+ <Tag>stderr.redirect</Tag>
+ <Value>_ROOT_DIR_/logs/SystemErr.log</Value>
+ </ResourceProps>
+ <ResourceOSID>aft</ResourceOSID>
+ <ResourceStartType>AUTO</ResourceStartType>
+ <ResourceStartPriority>4</ResourceStartPriority>
+ <ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>
+ <ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount>
+ <ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>
+ <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>
+ <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>
+ </ns2:ManagedResource>
+</ns2:ManagedResourceList>
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java
new file mode 100644
index 00000000..5872e7d3
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java
@@ -0,0 +1,248 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw;
+
+import java.net.HttpURLConnection;
+import java.util.ArrayList;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.gw.api.API_AAFAccess;
+import org.onap.aaf.authz.gw.api.API_Api;
+import org.onap.aaf.authz.gw.api.API_Find;
+import org.onap.aaf.authz.gw.api.API_Proxy;
+import org.onap.aaf.authz.gw.api.API_TGuard;
+import org.onap.aaf.authz.gw.facade.GwFacade_1_0;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.server.AbsServer;
+import org.onap.aaf.cache.Cache;
+import org.onap.aaf.cache.Cache.Dated;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.api.DME2Exception;
+
+import com.att.aft.dme2.api.DME2Manager;
+import com.att.aft.dme2.api.DME2Server;
+import com.att.aft.dme2.api.DME2ServerProperties;
+import com.att.aft.dme2.api.DME2ServiceHolder;
+import com.att.aft.dme2.api.util.DME2FilterHolder;
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;
+import com.att.aft.dme2.api.util.DME2ServletHolder;
+import org.onap.aaf.cadi.CadiException;
+//import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.inno.env.APIException;
+
+public class GwAPI extends AbsServer {
+ private static final String USER_PERMS = "userPerms";
+ private GwFacade_1_0 facade; // this is the default Facade
+ private GwFacade_1_0 facade_1_0_XML;
+ public Map<String, Dated> cacheUser;
+ public final String aafurl;
+ public final AAFAuthn<HttpURLConnection> aafAuthn;
+ public final AAFLurPerm aafLurPerm;
+ public DME2Manager dme2Man;
+
+
+ /**
+ * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
+ *
+ * @param env
+ * @param si
+ * @param dm
+ * @param decryptor
+ * @throws APIException
+ */
+ public GwAPI(AuthzEnv env) throws Exception {
+ super(env,"AAF GW");
+ aafurl = env.getProperty(Config.AAF_URL);
+
+ // Setup Logging
+ //env.setLog4JNames("log4j.properties","authz","gw","audit","init","trace");
+
+ aafLurPerm = aafCon.newLur();
+ // Note: If you need both Authn and Authz construct the following:
+ aafAuthn = aafCon.newAuthn(aafLurPerm);
+
+ // Initialize Facade for all uses
+ //AuthzTrans trans = env.newTrans();
+
+ // facade = GwFacadeFactory.v1_0(env,trans,Data.TYPE.JSON); // Default Facade
+ // facade_1_0_XML = GwFacadeFactory.v1_0(env,trans,Data.TYPE.XML);
+
+ synchronized(env) {
+ if(cacheUser == null) {
+ cacheUser = Cache.obtain(USER_PERMS);
+ //Cache.startCleansing(env, USER_PERMS);
+ Cache.addShutdownHook(); // Setup Shutdown Hook to close cache
+ }
+ }
+
+ ////////////////////////////////////////////////////////////////////////////
+ // Time Critical
+ // These will always be evaluated first
+ ////////////////////////////////////////////////////////////////////////
+ API_AAFAccess.init(this,facade);
+ API_Find.init(this, facade);
+ API_TGuard.init(this, facade);
+ API_Proxy.init(this, facade);
+
+ ////////////////////////////////////////////////////////////////////////
+ // Management APIs
+ ////////////////////////////////////////////////////////////////////////
+ // There are several APIs around each concept, and it gets a bit too
+ // long in this class to create. The initialization of these Management
+ // APIs have therefore been pushed to StandAlone Classes with static
+ // init functions
+ API_Api.init(this, facade);
+
+ ////////////////////////////////////////////////////////////////////////
+ // Default Function
+ ////////////////////////////////////////////////////////////////////////
+ API_AAFAccess.initDefault(this,facade);
+
+ }
+
+ /**
+ * Setup XML and JSON implementations for each supported Version type
+ *
+ * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
+ * to do Versions and Content switches
+ *
+ */
+ public void route(HttpMethods meth, String path, API api, GwCode code) throws Exception {
+ String version = "1.0";
+ // Get Correct API Class from Mapper
+ Class<?> respCls = facade.mapper().getClass(api);
+ if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
+ // setup Application API HTML ContentTypes for JSON and Route
+ String application = applicationJSON(respCls, version);
+ //route(env,meth,path,code,application,"application/json;version="+version,"*/*");
+
+ // setup Application API HTML ContentTypes for XML and Route
+ application = applicationXML(respCls, version);
+ //route(env,meth,path,code.clone(facade_1_0_XML,false),application,"text/xml;version="+version);
+
+ // Add other Supported APIs here as created
+ }
+
+ public void routeAll(HttpMethods meth, String path, API api, GwCode code) throws Exception {
+ //route(env,meth,path,code,""); // this will always match
+ }
+
+
+ /**
+ * Start up AuthzAPI as DME2 Service
+ * @param env
+ * @param props
+ * @throws DME2Exception
+ * @throws CadiException
+ */
+ public void startDME2(Properties props) throws DME2Exception, CadiException {
+
+ dme2Man = new DME2Manager("GatewayDME2Manager",props);
+
+ DME2ServiceHolder svcHolder;
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();
+ svcHolder = new DME2ServiceHolder();
+ String serviceName = env.getProperty("DMEServiceName",null);
+ if(serviceName!=null) {
+ svcHolder.setServiceURI(serviceName);
+ svcHolder.setManager(dme2Man);
+ svcHolder.setContext("/");
+
+
+
+ DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[] {"/dme2","/api"});
+ srvHolder.setContextPath("/*");
+ slist.add(srvHolder);
+
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(
+ RequestDispatcherType.REQUEST,
+ RequestDispatcherType.FORWARD,
+ RequestDispatcherType.ASYNC
+ );
+
+ ///////////////////////
+ // Apply Filters
+ ///////////////////////
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();
+
+ // Leave Login page un secured
+ // AuthzTransOnlyFilter atof = new AuthzTransOnlyFilter(env);
+ // flist.add(new DME2FilterHolder(atof,"/login", edlist));
+
+ // Secure all other interactions with AuthzTransFilter
+// flist.add(new DME2FilterHolder(
+// new AuthzTransFilter(env, aafCon, new AAFTrustChecker(
+// env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN),
+// Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust"
+// )),
+// "/*", edlist));
+//
+
+ svcHolder.setFilters(flist);
+ svcHolder.setServletHolders(slist);
+
+ DME2Server dme2svr = dme2Man.getServer();
+// dme2svr.setGracefulShutdownTimeMs(1000);
+
+ // env.init().log("Starting GW Jetty/DME2 server...");
+ dme2svr.start();
+ DME2ServerProperties dsprops = dme2svr.getServerProperties();
+ try {
+// if(env.getProperty("NO_REGISTER",null)!=null)
+ dme2Man.bindService(svcHolder);
+// env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());
+
+ while(true) { // Per DME2 Examples...
+ Thread.sleep(5000);
+ }
+ } catch(InterruptedException e) {
+ // env.init().log("AAF Jetty Server interrupted!");
+ } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process
+ // env.init().log(e,"DME2 Initialization Error");
+ dme2svr.stop();
+ System.exit(1);
+ }
+ } else {
+ //env.init().log("Properties must contain DMEServiceName");
+ }
+ }
+
+ public static void main(String[] args) {
+ setup(GwAPI.class,"authGW.props");
+ }
+
+// public void route(PropAccess env, HttpMethods get, String string, GwCode gwCode, String string2, String string3,
+// String string4) {
+// // TODO Auto-generated method stub
+//
+// }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java
new file mode 100644
index 00000000..a9e6eb21
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.cssa.rserv.HttpCode;
+
+public abstract class GwCode extends HttpCode<AuthzTrans, GwFacade> implements Cloneable {
+ public boolean useJSON;
+
+ public GwCode(GwFacade facade, String description, boolean useJSON, String ... roles) {
+ super(facade, description, roles);
+ this.useJSON = useJSON;
+ }
+
+ public <D extends GwCode> D clone(GwFacade facade, boolean useJSON) throws Exception {
+ @SuppressWarnings("unchecked")
+ D d = (D)clone();
+ d.useJSON = useJSON;
+ d.context = facade;
+ return d;
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java
new file mode 100644
index 00000000..202ec58e
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java
@@ -0,0 +1,363 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.security.Principal;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cache.Cache.Dated;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.Locator.Item;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.cadi.dme2.DME2Locator;
+import org.onap.aaf.cadi.principal.BasicPrincipal;
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Env;
+import org.onap.aaf.inno.env.TimeTaken;
+
+public class API_AAFAccess {
+ private static final String AUTHZ_DME2_GUI = "com.att.authz.authz-gui";
+ static final String AFT_ENVIRONMENT="AFT_ENVIRONMENT";
+ static final String AFT_ENV_CONTEXT="AFT_ENV_CONTEXT";
+ static final String AFTUAT="AFTUAT";
+
+ private static final String PROD = "PROD";
+ private static final String IST = "IST"; // main NONPROD system
+ private static final String PERF = "PERF";
+ private static final String TEST = "TEST";
+ private static final String DEV = "DEV";
+
+// private static String service, version, envContext;
+ private static String routeOffer;
+
+ private static final String GET_PERMS_BY_USER = "Get Perms by User";
+ private static final String USER_HAS_PERM ="User Has Perm";
+// private static final String USER_IN_ROLE ="User Has Role";
+ private static final String BASIC_AUTH ="AAF Basic Auth";
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);
+ if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");
+
+ int equals, count=0;
+ for(int slash = gwAPI.aafurl.indexOf('/');slash>0;++count) {
+ equals = gwAPI.aafurl.indexOf('=',slash)+1;
+ slash = gwAPI.aafurl.indexOf('/',slash+1);
+ switch(count) {
+ case 2:
+// service = gwAPI.aafurl.substring(equals, slash);
+ break;
+ case 3:
+// version = gwAPI.aafurl.substring(equals, slash);
+ break;
+ case 4:
+// envContext = gwAPI.aafurl.substring(equals, slash);
+ break;
+ case 5:
+ routeOffer = gwAPI.aafurl.substring(equals);
+ break;
+ }
+ }
+ if(count<6) throw new MalformedURLException(gwAPI.aafurl);
+
+ gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new GwCode(facade,GET_PERMS_BY_USER, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
+ try {
+ final String accept = req.getHeader("ACCEPT");
+ final String user = pathParam(req,":user");
+ if(!user.contains("@")) {
+ context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
+ return;
+ }
+ String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
+ TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
+ Dated d;
+ try {
+ d = gwAPI.cacheUser.get(key);
+ } finally {
+ tt2.done();
+ }
+
+ if(d==null || d.data.isEmpty()) {
+ tt2 = trans.start("AAF Service Call",Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<String> fp = client.read("/authz/perms/user/"+user,accept);
+ if(fp.get(5000)) {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));
+ resp.setStatus(HttpStatus.OK_200);
+ ServletOutputStream sos;
+ try {
+ sos = resp.getOutputStream();
+ sos.print(fp.value);
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
+ } else {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));
+ context.error(trans,resp,fp.code(),fp.body());
+ }
+ return null;
+ }
+ });
+ } finally {
+ tt2.done();
+ }
+ } else {
+ User u = (User)d.data.get(0);
+ resp.setStatus(u.code);
+ ServletOutputStream sos = resp.getOutputStream();
+ sos.print(u.resp);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new GwCode(facade,BASIC_AUTH, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Principal p = trans.getUserPrincipal();
+ if(p == null) {
+ trans.error().log("Transaction not Authenticated... no Principal");
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ } else if (p instanceof BasicPrincipal) {
+ // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok
+ // otherwise, it wouldn't have gotten here.
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");
+ // For Auth Security questions, we don't give any info to client on why failed
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ }
+ }
+ },"text/plain","*/*","*");
+
+ /**
+ * Query User Has Perm
+ */
+ gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new GwCode(facade,USER_HAS_PERM, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ resp.getOutputStream().print(
+ gwAPI.aafLurPerm.fish(pathParam(req,":user"), new AAFPermission(
+ pathParam(req,":type"),
+ pathParam(req,":instance"),
+ pathParam(req,":action"))));
+ resp.setStatus(HttpStatus.OK_200);
+ } catch(Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ if(AFTUAT.equals(aftenv)) {
+ gwAPI.route(HttpMethods.GET,"/ist/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access UAT GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try{
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), IST, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/test/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access TEST GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try{
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), TEST, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/perf/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access PERF GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try{
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PERF, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/dev/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access DEV GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), DEV, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ } else {
+ gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access PROD GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PROD, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ }
+
+ }
+
+ public static void initDefault(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);
+ if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");
+
+ String aftctx = gwAPI.env.getProperty(AFT_ENV_CONTEXT);
+ if(aftctx==null) throw new Exception(AFT_ENV_CONTEXT + " must be set");
+
+ /**
+ * "login" url
+ */
+ gwAPI.route(HttpMethods.GET,"/login",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer),
+ "login");
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ /**
+ * Default URL
+ */
+ gwAPI.route(HttpMethods.GET,"/",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer),
+ "gui/home");
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ }
+
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, GwFacade context, Locator loc, String path) throws IOException {
+ try {
+ if(loc.hasItems()) {
+ Item item = loc.best();
+ URI uri = (URI) loc.get(item);
+ StringBuilder redirectURL = new StringBuilder(uri.toString());
+ redirectURL.append('/');
+ redirectURL.append(path);
+ String str = req.getQueryString();
+ if(str!=null) {
+ redirectURL.append('?');
+ redirectURL.append(str);
+ }
+ trans.info().log("Redirect to",redirectURL);
+ resp.sendRedirect(redirectURL.toString());
+ } else {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));
+ }
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));
+ }
+ }
+
+ private static class User {
+ public final int code;
+ public final String resp;
+
+ public User(int code, String resp) {
+ this.code = code;
+ this.resp = resp;
+ }
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java
new file mode 100644
index 00000000..0a828f92
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java
@@ -0,0 +1,99 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import static org.onap.aaf.authz.layer.Result.OK;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import org.onap.aaf.cadi.Symm;
+
+/**
+ * API Apis
+ *
+ */
+public class API_Api {
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ ////////
+ // Overall APIs
+ ///////
+ gwAPI.route(HttpMethods.GET,"/api",API.VOID,new GwCode(facade,"Document API", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r = context.getAPI(trans,resp,gwAPI);
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+
+ }
+ });
+
+ ////////
+ // Overall Examples
+ ///////
+ gwAPI.route(HttpMethods.GET,"/api/example/*",API.VOID,new GwCode(facade,"Document API", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String pathInfo = req.getPathInfo();
+ int question = pathInfo.lastIndexOf('?');
+
+ pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/"
+ String nameOrContextType=Symm.base64noSplit.decode(pathInfo);
+// String param = req.getParameter("optional");
+ Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType,
+ question>=0 && "optional=true".equalsIgnoreCase(req.getPathInfo().substring(question+1))
+ );
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+
+ }
+ });
+
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java
new file mode 100644
index 00000000..63595f0e
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java
@@ -0,0 +1,87 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import java.net.URI;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.Locator.Item;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.dme2.DME2Locator;
+
+/**
+ * API Apis.. using Redirect for mechanism
+ *
+ *
+ */
+public class API_Find {
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ ////////
+ // Overall APIs
+ ///////
+ gwAPI.route(HttpMethods.GET,"/dme2/:service/:version/:envContext/:routeOffer/:path*",API.VOID,new GwCode(facade,"Document API", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ //TODO cache this...
+ try {
+ Locator loc = new DME2Locator(gwAPI.env, gwAPI.dme2Man,
+ pathParam(req,":service"),
+ pathParam(req,":version"),
+ pathParam(req,":envContext"),
+ pathParam(req,":routeOffer")
+ );
+ if(loc.hasItems()) {
+ Item item = loc.best();
+ URI uri = (URI) loc.get(item);
+ String redirectURL = uri.toString() + '/' + pathParam(req,":path");
+ trans.warn().log("Redirect to",redirectURL);
+ resp.sendRedirect(redirectURL);
+ } else {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));
+ }
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));
+ }
+ }
+ });
+
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java
new file mode 100644
index 00000000..90d754ec
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java
@@ -0,0 +1,156 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import java.net.ConnectException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Env;
+import org.onap.aaf.inno.env.TimeTaken;
+
+/**
+ * API Apis.. using Redirect for mechanism
+ *
+ *
+ */
+public class API_Proxy {
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+
+ String aafurl = gwAPI.env.getProperty(Config.AAF_URL);
+ if(aafurl==null) {
+ } else {
+
+ ////////
+ // Transferring APIs
+ ///////
+ gwAPI.routeAll(HttpMethods.GET,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy GET", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.routeAll(HttpMethods.POST,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy POST", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.CREATED_201);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.routeAll(HttpMethods.PUT,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy PUT", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.routeAll(HttpMethods.DELETE,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy DELETE", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+ }
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java
new file mode 100644
index 00000000..876782fa
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java
@@ -0,0 +1,75 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import static org.onap.aaf.authz.layer.Result.OK;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+
+/**
+ * API Apis
+ *
+ */
+public class API_TGuard {
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ String aftenv = gwAPI.env.getProperty(API_AAFAccess.AFT_ENVIRONMENT);
+ if(aftenv==null) throw new Exception(API_AAFAccess.AFT_ENVIRONMENT + " must be set");
+
+ ////////
+ // Do not deploy these to PROD
+ ///////
+ if(API_AAFAccess.AFTUAT.equals(aftenv)) {
+ gwAPI.route(HttpMethods.GET,"/tguard/:path*",API.VOID,new GwCode(facade,"TGuard Test", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r = context.getAPI(trans,resp,gwAPI);
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+ }
+ });
+ }
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java
new file mode 100644
index 00000000..e5f3919d
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java
@@ -0,0 +1,74 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.RServlet;
+
+
+/**
+ *
+ *
+ */
+public interface GwFacade {
+
+///////////////////// STANDARD ELEMENTS //////////////////
+ /**
+ * @param trans
+ * @param response
+ * @param result
+ */
+ void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);
+
+ /**
+ *
+ * @param trans
+ * @param response
+ * @param status
+ */
+ void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... detail);
+
+
+ /**
+ *
+ * @param trans
+ * @param resp
+ * @param rservlet
+ * @return
+ */
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet);
+
+ /**
+ *
+ * @param trans
+ * @param resp
+ * @param typeCode
+ * @param optional
+ * @return
+ */
+ public abstract Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional);
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java
new file mode 100644
index 00000000..30f9ce2a
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.mapper.Mapper_1_0;
+import org.onap.aaf.authz.gw.service.GwServiceImpl;
+
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Data;
+
+import gw.v1_0.Error;
+import gw.v1_0.InRequest;
+import gw.v1_0.Out;
+
+
+public class GwFacadeFactory {
+ public static GwFacade_1_0 v1_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type) throws APIException {
+ return new GwFacade_1_0(env,
+ new GwServiceImpl<
+ InRequest,
+ Out,
+ Error>(trans,new Mapper_1_0()),
+ type);
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java
new file mode 100644
index 00000000..fa610669
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java
@@ -0,0 +1,258 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+
+import static org.onap.aaf.authz.layer.Result.ERR_ActionNotCompleted;
+import static org.onap.aaf.authz.layer.Result.ERR_BadData;
+import static org.onap.aaf.authz.layer.Result.ERR_ConflictAlreadyExists;
+import static org.onap.aaf.authz.layer.Result.ERR_Denied;
+import static org.onap.aaf.authz.layer.Result.ERR_NotFound;
+import static org.onap.aaf.authz.layer.Result.ERR_NotImplemented;
+import static org.onap.aaf.authz.layer.Result.ERR_Policy;
+import static org.onap.aaf.authz.layer.Result.ERR_Security;
+
+import java.lang.reflect.Method;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.mapper.Mapper;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.gw.service.GwService;
+import org.onap.aaf.authz.gw.service.GwServiceImpl;
+import org.onap.aaf.authz.layer.FacadeImpl;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.RServlet;
+import org.onap.aaf.cssa.rserv.RouteReport;
+import org.onap.aaf.cssa.rserv.doc.ApiDoc;
+
+import org.onap.aaf.cadi.aaf.client.Examples;
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Data;
+import org.onap.aaf.inno.env.Data.TYPE;
+import org.onap.aaf.inno.env.Env;
+import org.onap.aaf.inno.env.TimeTaken;
+import org.onap.aaf.rosetta.env.RosettaDF;
+
+import gw.v1_0.Api;
+
+/**
+ * AuthzFacade
+ *
+ * This Service Facade encapsulates the essence of the API Service can do, and provides
+ * a single created object for elements such as RosettaDF.
+ *
+ * The Responsibilities of this class are to:
+ * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)
+ * 2) Validate incoming data (if applicable)
+ * 3) Convert the Service response into the right Format, and mark the Content Type
+ * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.
+ * 4) Log Service info, warnings and exceptions as necessary
+ * 5) When asked by the API layer, this will create and write Error content to the OutputStream
+ *
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be
+ * clearly coordinated with the API Documentation
+ *
+ *
+ */
+public abstract class GwFacadeImpl<IN,OUT,ERROR> extends FacadeImpl implements GwFacade
+ {
+ private GwService<IN,OUT,ERROR> service;
+
+ private final RosettaDF<ERROR> errDF;
+ private final RosettaDF<Api> apiDF;
+
+ public GwFacadeImpl(AuthzEnv env, GwService<IN,OUT,ERROR> service, Data.TYPE dataType) throws APIException {
+ this.service = service;
+ (errDF = env.newDataFactory(mapper().getClass(API.ERROR))).in(dataType).out(dataType);
+ (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType);
+ }
+
+ public Mapper<IN,OUT,ERROR> mapper() {
+ return service.mapper();
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int)
+ *
+ * Note: Conforms to AT&T TSS RESTful Error Structure
+ */
+ @Override
+ public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {
+ String msg = result.details==null?"":result.details.trim();
+ String[] detail;
+ if(result.variables==null) {
+ detail = new String[1];
+ } else {
+ int l = result.variables.length;
+ detail=new String[l+1];
+ System.arraycopy(result.variables, 0, detail, 1, l);
+ }
+ error(trans, response, result.status,msg,detail);
+ }
+
+ @Override
+ public void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... _detail) {
+ String[] detail = _detail;
+ if(detail.length==0) {
+ detail=new String[1];
+ }
+ String msgId;
+ switch(status) {
+ case 202:
+ case ERR_ActionNotCompleted:
+ msgId = "SVC1202";
+ detail[0] = "Accepted, Action not complete";
+ response.setStatus(/*httpstatus=*/202);
+ break;
+
+ case 403:
+ case ERR_Policy:
+ case ERR_Security:
+ case ERR_Denied:
+ msgId = "SVC1403";
+ detail[0] = "Forbidden";
+ response.setStatus(/*httpstatus=*/403);
+ break;
+
+ case 404:
+ case ERR_NotFound:
+ msgId = "SVC1404";
+ detail[0] = "Not Found";
+ response.setStatus(/*httpstatus=*/404);
+ break;
+
+ case 406:
+ case ERR_BadData:
+ msgId="SVC1406";
+ detail[0] = "Not Acceptable";
+ response.setStatus(/*httpstatus=*/406);
+ break;
+
+ case 409:
+ case ERR_ConflictAlreadyExists:
+ msgId = "SVC1409";
+ detail[0] = "Conflict Already Exists";
+ response.setStatus(/*httpstatus=*/409);
+ break;
+
+ case 501:
+ case ERR_NotImplemented:
+ msgId = "SVC1501";
+ detail[0] = "Not Implemented";
+ response.setStatus(/*httpstatus=*/501);
+ break;
+
+
+ default:
+ msgId = "SVC1500";
+ detail[0] = "General Service Error";
+ response.setStatus(/*httpstatus=*/500);
+ break;
+ }
+
+ try {
+ StringBuilder holder = new StringBuilder();
+ errDF.newData(trans).load(
+ mapper().errorFromMessage(holder,msgId,msg,detail)).to(response.getOutputStream());
+ trans.checkpoint(
+ "ErrResp [" +
+ msgId +
+ "] " +
+ holder.toString(),
+ Env.ALWAYS);
+ } catch (Exception e) {
+ trans.error().log(e,"unable to send response for",msg);
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#getAPI(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse)
+ */
+ public final static String API_REPORT = "apiReport";
+ @Override
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet) {
+ TimeTaken tt = trans.start(API_REPORT, Env.SUB);
+ try {
+ Api api = new Api();
+ Api.Route ar;
+ Method[] meths = GwServiceImpl.class.getDeclaredMethods();
+ for(RouteReport rr : rservlet.routeReport()) {
+ api.getRoute().add(ar = new Api.Route());
+ ar.setMeth(rr.meth.name());
+ ar.setPath(rr.path);
+ ar.setDesc(rr.desc);
+ ar.getContentType().addAll(rr.contextTypes);
+ for(Method m : meths) {
+ ApiDoc ad;
+ if((ad = m.getAnnotation(ApiDoc.class))!=null &&
+ rr.meth.equals(ad.method()) &&
+ rr.path.equals(ad.path())) {
+ for(String param : ad.params()) {
+ ar.getParam().add(param);
+ }
+ for(String text : ad.text()) {
+ ar.getComments().add(text);
+ }
+ ar.setExpected(ad.expectedCode());
+ for(int ec : ad.errorCodes()) {
+ ar.getExplicitErr().add(ec);
+ }
+ }
+ }
+ }
+ apiDF.newData(trans).load(api).to(resp.getOutputStream());
+ setContentType(resp,apiDF.getOutType());
+ return Result.ok();
+
+ } catch (Exception e) {
+ trans.error().log(e,IN,API_REPORT);
+ return Result.err(e);
+ } finally {
+ tt.done();
+ }
+ }
+
+ public final static String API_EXAMPLE = "apiExample";
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#getAPIExample(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
+ */
+ @Override
+ public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) {
+ TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);
+ try {
+ String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional);
+ resp.getOutputStream().print(content);
+ setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);
+ return Result.ok();
+ } catch (Exception e) {
+ trans.error().log(e,IN,API_EXAMPLE);
+ return Result.err(Result.ERR_NotImplemented,e.getMessage());
+ } finally {
+ tt.done();
+ }
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java
new file mode 100644
index 00000000..188144ce
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java
@@ -0,0 +1,40 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.gw.service.GwService;
+
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Data;
+
+import gw.v1_0.Error;
+import gw.v1_0.InRequest;
+import gw.v1_0.Out;
+
+public class GwFacade_1_0 extends GwFacadeImpl<InRequest,Out,Error>
+{
+ public GwFacade_1_0(AuthzEnv env, GwService<InRequest,Out,Error> service, Data.TYPE type) throws APIException {
+ super(env, service, type);
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java
new file mode 100644
index 00000000..230e1b3a
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java
@@ -0,0 +1,33 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.mapper;
+
+public interface Mapper<IN,OUT,ERROR>
+{
+ public enum API{IN_REQ,OUT,ERROR,VOID};
+ public Class<?> getClass(API api);
+ public<A> A newInstance(API api);
+
+ public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java
new file mode 100644
index 00000000..ba87631e
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java
@@ -0,0 +1,69 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.mapper;
+
+import org.onap.aaf.cadi.util.Vars;
+
+import gw.v1_0.Error;
+import gw.v1_0.InRequest;
+import gw.v1_0.Out;
+
+public class Mapper_1_0 implements Mapper<InRequest,Out,Error> {
+
+ @Override
+ public Class<?> getClass(API api) {
+ switch(api) {
+ case IN_REQ: return InRequest.class;
+ case OUT: return Out.class;
+ case ERROR: return Error.class;
+ case VOID: return Void.class;
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <A> A newInstance(API api) {
+ switch(api) {
+ case IN_REQ: return (A) new InRequest();
+ case OUT: return (A) new Out();
+ case ERROR: return (A)new Error();
+ case VOID: return null;
+ }
+ return null;
+ }
+
+ ////////////// Mapping Functions /////////////
+ @Override
+ public gw.v1_0.Error errorFromMessage(StringBuilder holder, String msgID, String text,String... var) {
+ Error err = new Error();
+ err.setMessageId(msgID);
+ // AT&T Restful Error Format requires numbers "%" placements
+ err.setText(Vars.convert(holder, text, var));
+ for(String s : var) {
+ err.getVariables().add(s);
+ }
+ return err;
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java
new file mode 100644
index 00000000..c4f240e5
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java
@@ -0,0 +1,29 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.service;
+
+import org.onap.aaf.authz.gw.mapper.Mapper;
+
+public interface GwService<IN,OUT,ERROR> {
+ public Mapper<IN,OUT,ERROR> mapper();
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java
new file mode 100644
index 00000000..90039252
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java
@@ -0,0 +1,40 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.service;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.mapper.Mapper;
+
+public class GwServiceImpl<IN,OUT,ERROR>
+ implements GwService<IN,OUT,ERROR> {
+
+ private Mapper<IN,OUT,ERROR> mapper;
+
+ public GwServiceImpl(AuthzTrans trans, Mapper<IN,OUT,ERROR> mapper) {
+ this.mapper = mapper;
+ }
+
+ public Mapper<IN,OUT,ERROR> mapper() {return mapper;}
+
+//////////////// APIs ///////////////////
+};
diff --git a/authz-gw/src/main/xsd/gw_1_0.xsd b/authz-gw/src/main/xsd/gw_1_0.xsd
new file mode 100644
index 00000000..d5716dd9
--- /dev/null
+++ b/authz-gw/src/main/xsd/gw_1_0.xsd
@@ -0,0 +1,103 @@
+<!-- Used by gw (ATT 2015) -->
+<xs:schema
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:gw="urn:gw:v1_0"
+ targetNamespace="urn:gw:v1_0"
+ elementFormDefault="qualified">
+
+
+<!--
+ Requests
+ -->
+ <xs:complexType name="Request">
+ <xs:sequence>
+ </xs:sequence>
+ </xs:complexType>
+
+<!--
+ In
+-->
+ <xs:element name="inRequest">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="gw:Request">
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ <xs:element name="action" type="xs:string"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+
+
+<!--
+ Out
+-->
+ <xs:element name="out">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="name" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!-- **************** STANDARD ELEMENTS ******************* -->
+<!--
+ Errors
+ Note: This Error Structure has been made to conform to the AT&T TSS Policies
+ -->
+ <xs:element name="error">
+ <xs:complexType>
+ <xs:sequence>
+ <!--
+ Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+ either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+ Exception numbers may be in the range of 0001 to 9999 where :
+ * 0001 to 0199 are reserved for common exception messages
+ * 0200 to 0999 are reserved for Parlay Web Services specification use
+ * 1000-9999 are available for exceptions
+ -->
+ <xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ Message text, with replacement
+ variables marked with %n, where n is
+ an index into the list of <variables>
+ elements, starting at 1
+ -->
+ <xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+ <!--
+ List of zero or more strings that
+ represent the contents of the variables
+ used by the message text. -->
+ <xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+<!--
+ API
+-->
+ <xs:element name="api">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+ <xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema> \ No newline at end of file
diff --git a/authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java b/authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java
new file mode 100644
index 00000000..a820008a
--- /dev/null
+++ b/authz-gw/src/test/java/org/onap/aaf/authz/gw/JU_GwAPI.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw;
+
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+
+public class JU_GwAPI {
+
+ @Test
+ public void test() {
+ fail("Not yet implemented");
+ }
+
+ @Test
+ public void testRoute() {
+ fail("Not yet implemented");
+ }
+
+ @Test
+ public void testRouteAll() {
+ fail("Not yet implemented");
+ }
+
+ @Test
+ public void testStartDME2() {
+ fail("Not yet implemented");
+ }
+
+}