summaryrefslogtreecommitdiffstats
path: root/cadi/core/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'cadi/core/src/main')
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java5
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java204
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java2
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java5
4 files changed, 112 insertions, 104 deletions
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
index cf5c92d0..c65a9b22 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java
@@ -60,7 +60,6 @@ public abstract class AbsUserCache<PERM extends Permission> {
private Clean clean;
protected Access access;
-// private final static Permission teaser = new LocalPermission("***NoPERM****");
protected AbsUserCache(Access access, long cleanInterval, int highCount, int usageCount) {
this.access = access;
@@ -322,7 +321,6 @@ public abstract class AbsUserCache<PERM extends Permission> {
for(User<PERM> user : al) {
++total;
if(user.count>usageTriggerCount) {
- // access.log(Level.AUDIT, "Checking Thread", new Date(now));
boolean touched = false, removed=false;
if(user.principal instanceof CachedPrincipal) {
CachedPrincipal cp = (CachedPrincipal)user.principal;
@@ -333,7 +331,6 @@ public abstract class AbsUserCache<PERM extends Permission> {
break;
case REVALIDATED:
user.resetCount();
- // access.log(Level.AUDIT, "CACHE revalidated credentials");
touched = true;
break;
default:
@@ -346,9 +343,7 @@ public abstract class AbsUserCache<PERM extends Permission> {
}
}
- // access.log(Level.AUDIT, "User Perm Expires", new Date(user.permExpires));
if(!removed && lur!=null && user.permExpires<= now ) {
- // access.log(Level.AUDIT, "Reloading");
if(lur.reload(user).equals(Resp.REVALIDATED)) {
user.renewPerm();
access.log(Level.DEBUG, "Reloaded Perms for",user);
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
index c1a27fa7..0f9adb94 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -38,10 +38,9 @@ import org.onap.aaf.cadi.User;
import org.onap.aaf.cadi.Access.Level;
import org.onap.aaf.cadi.config.Config;
-
/**
* An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms.
- *
+ *
* @author Jonathan
*
*/
@@ -50,120 +49,69 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
public static final String COLON = "\\s*:\\s*";
public static final String COMMA = "\\s*,\\s*";
public static final String PERCENT = "\\s*%\\s*";
-
+
// Use to quickly determine whether any given group is supported by this LUR
private final Set<String> supportingGroups;
- private String supportedRealm;
-
+ private String supportedRealm;
+
/**
* Construct by building structure, see "build"
- *
+ *
* Reconstruct with "build"
- *
- * @param userProperty
- * @param groupProperty
+ *
+ * @param userProperties
+ * @param groupProperties
* @param decryptor
* @throws IOException
*/
- public LocalLur(Access access, String userProperty, String groupProperty) throws IOException {
+ public LocalLur(Access access, String userProperties, String groupProperties) throws IOException {
super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire
supportedRealm = access.getProperty(Config.BASIC_REALM, "localized");
- supportingGroups = new TreeSet<String>();
-
- if(userProperty!=null) {
- // For each User name...
- for(String user : userProperty.trim().split(SEMI)) {
- String[] us = user.split(COLON,2);
- String[] userpass = us[0].split(PERCENT,2);
- String u;
- User<LocalPermission> usr;
- if(userpass.length>1) {
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());
- }
-
- u = userpass[0];
- byte[] pass = access.decrypt(userpass[1], true).getBytes();
- usr = new User<LocalPermission>(new ConfigPrincipal(u, pass));
- } else {
- u = us[0];
- usr = new User<LocalPermission>(new ConfigPrincipal(u, (byte[])null));
- }
- addUser(usr);
- access.log(Level.INIT, "Local User:",usr.principal);
-
- if(us.length>1) {
- Map<String, Permission> newMap = usr.newMap();
- for(String group : us[1].split(COMMA)) {
- supportingGroups.add(group);
- usr.add(newMap,new LocalPermission(group));
- }
- usr.setMap(newMap);
- }
- }
+ supportingGroups = new TreeSet<>();
+
+ if (userProperties != null) {
+ parseUserProperties(userProperties);
}
- if(groupProperty!=null) {
- // For each Group name...
- for(String group : groupProperty.trim().split(SEMI)) {
- String[] gs = group.split(COLON,2);
- if(gs.length>1) {
- supportingGroups.add(gs[0]);
- LocalPermission p = new LocalPermission(gs[0]);
- // Add all users (known by comma separators)
-
- for(String grpMem : gs[1].split(COMMA)) {
- // look for password, if so, put in passMap
- String[] userpass = grpMem.split(PERCENT,2);
- if(userpass.length>0 && userpass[0].indexOf('@')<0) {
- userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm());
- }
- User<LocalPermission> usr = null;
- if(userpass.length>1) {
- byte[] pass = access.decrypt(userpass[1], true).getBytes();
- usr = getUser(userpass[0],pass);
- if(usr==null)addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],pass)));
- else usr.principal=new ConfigPrincipal(userpass[0],pass);
- } else {
- addUser(usr=new User<LocalPermission>(new ConfigPrincipal(userpass[0],(byte[])null)));
- }
- usr.add(p);
- access.log(Level.INIT, "Local User:",usr.principal);
- }
- }
- }
+
+ if (groupProperties != null) {
+ parseGroupProperties(groupProperties);
}
}
-
+
public boolean validate(String user, CredVal.Type type, byte[] cred, Object state) {
- User<LocalPermission> usr = getUser(user,cred);
- switch(type) {
- case PASSWORD:
- // covers null as well as bad pass
- if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) {
- return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred());
- }
- break;
+ if (cred == null) {
+ return false;
+ }
+ User<LocalPermission> usr = getUser(user, cred);
+ if (usr == null) {
+ return false;
+ }
+ // covers null as well as bad pass
+ if ((type == Type.PASSWORD) && (usr.principal instanceof ConfigPrincipal)) {;
+ return Hash.isEqual(cred, ((ConfigPrincipal)usr.principal).getCred());
}
return false;
}
// @Override
public boolean fish(Principal bait, Permission pond) {
- if(pond == null) {
+ if (pond == null) {
return false;
}
- if(handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
- User<LocalPermission> user = getUser(bait);
- return user==null?false:user.contains((LocalPermission)pond);
+ if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions
+ User<LocalPermission> user = getUser(bait);
+ if (user != null) {
+ return user.contains((LocalPermission)pond);
}
+ }
return false;
}
// We do not want to expose the actual Group, so make a copy.
public void fishAll(Principal bait, List<Permission> perms) {
- if(handles(bait)) {
+ if (handles(bait)) {
User<LocalPermission> user = getUser(bait);
- if(user!=null) {
+ if (user != null) {
user.copyPermsTo(perms);
}
}
@@ -174,13 +122,12 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
*/
@Override
public boolean handles(Principal principal) {
- return principal!=null && principal.getName().endsWith(supportedRealm);
+ if (principal == null) {
+ return false;
+ }
+ return principal.getName().endsWith(supportedRealm);
}
-// public boolean supports(String userName) {
-// return userName!=null && userName.endsWith(supportedRealm);
-// }
-//
public boolean handlesExclusively(Permission pond) {
return supportingGroups.contains(pond.getKey());
}
@@ -192,5 +139,74 @@ public final class LocalLur extends AbsUserCache<LocalPermission> implements Lur
public Permission createPerm(String p) {
return new LocalPermission(p);
}
+
+ private void parseUserProperties(String userProperties) throws IOException {
+ // For each User name...
+ for (String userProperty : userProperties.trim().split(SEMI)) {
+ String[] userInfo = userProperty.split(COLON, 2);
+ String[] userPass = userInfo[0].split(PERCENT, 2);
+ String userName = userPass[0];
+
+ byte[] password = null;
+ if (userPass.length > 1) {
+ password = access.decrypt(userPass[1], true).getBytes();
+ if (userName.indexOf('@') < 0) {
+ userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());
+ }
+ }
+ User<LocalPermission> usr;
+ usr = new User<>(new ConfigPrincipal(userName, password));
+ addUser(usr);
+ access.log(Level.INIT, "Local User:", usr.principal);
+
+ if (userInfo.length > 1) {
+ Map<String, Permission> newMap = usr.newMap();
+ for (String group : userInfo[1].split(COMMA)) {
+ supportingGroups.add(group);
+ usr.add(newMap, new LocalPermission(group));
+ }
+ usr.setMap(newMap);
+ }
+ }
+ }
+
+
+ private void parseGroupProperties(String groupProperties) throws IOException {
+ // For each Group name...
+ for (String group : groupProperties.trim().split(SEMI)) {
+ String[] groups = group.split(COLON, 2);
+ if (groups.length <= 1) {
+ continue;
+ }
+ supportingGroups.add(groups[0]);
+ LocalPermission p = new LocalPermission(groups[0]);
+
+ // Add all users (known by comma separators)
+ for (String groupMember : groups[1].split(COMMA)) {
+ // look for password, if so, put in passMap
+ String[] userPass = groupMember.split(PERCENT, 2);
+ String userName = userPass[0];
+ if (userName.indexOf('@') < 0) {
+ userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm());
+ }
+
+ User<LocalPermission> usr = null;
+ byte[] password = null;
+ if (userPass.length > 1) {
+ password = access.decrypt(userPass[1], true).getBytes();
+ }
+ usr = getUser(userName, password);
+ if (usr == null) {
+ usr = new User<>(new ConfigPrincipal(userName, password));
+ addUser(usr);
+ }
+ else {
+ usr.principal = new ConfigPrincipal(userName, password);
+ }
+ usr.add(p);
+ access.log(Level.INIT, "Local User:", usr.principal);
+ }
+ }
+ }
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java
index a2fc730e..c216fb57 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java
@@ -62,7 +62,7 @@ public abstract class AbsTafResp implements TafResp {
* Respond in the affirmative if the TAF was able to Authenticate
*/
public boolean isValid() {
- return principal!=null;
+ return principal != null;
}
/**
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java
index 9e36c11f..017337b1 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java
@@ -21,7 +21,6 @@
package org.onap.aaf.cadi.wsse;
-import java.io.IOException;
import java.io.InputStream;
import javax.xml.stream.XMLStreamException;
@@ -46,7 +45,6 @@ public class WSSEParser {
private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
private Match<BasicCred> parseTree;
- //private XMLInputFactory inputFactory;
public WSSEParser() {
// soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username]
@@ -72,10 +70,9 @@ public class WSSEParser {
).stopAfter() // Stop Processing when Header Ends
).exclusive()// Envelope must match Header, and no other. FYI, Body comes after Header short circuits (see above), so it's ok
).exclusive(); // root must be Envelope
- //inputFactory = XMLInputFactory.newInstance();
}
- public XMLStreamException parse(BasicCred bc, InputStream is) throws IOException {
+ public XMLStreamException parse(BasicCred bc, InputStream is) {
try {
parseTree.onMatch(bc, new XReader(is));
return null;