diff options
Diffstat (limited to 'cadi/shiro')
8 files changed, 0 insertions, 797 deletions
diff --git a/cadi/shiro/.gitignore b/cadi/shiro/.gitignore deleted file mode 100644 index 6028f0a5..00000000 --- a/cadi/shiro/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -/.classpath -/.settings/ -/target/ -/.project diff --git a/cadi/shiro/pom.xml b/cadi/shiro/pom.xml deleted file mode 100644 index 316cd08a..00000000 --- a/cadi/shiro/pom.xml +++ /dev/null @@ -1,204 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * ---> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <parent> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>cadiparent</artifactId> - <version>2.1.2-SNAPSHOT</version> - <relativePath>..</relativePath> - </parent> - - <modelVersion>4.0.0</modelVersion> - <name>AAF CADI Shiro Plugin</name> - <packaging>jar</packaging> - <artifactId>aaf-cadi-shiro</artifactId> - - <properties> - <!-- SONAR --> - <sonar.skip>true</sonar.skip> - <jacoco.version>0.7.7.201606060606</jacoco.version> - <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> - <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> - <!-- Default Sonar configuration --> - <sonar.jacoco.reportPaths>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPaths> - <sonar.jacoco.itReportPaths>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPaths> - <!-- Note: This list should match jacoco-maven-plugin's exclusion list below --> - <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> - <nexusproxy>https://nexus.onap.org</nexusproxy> - <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath> - <releaseNexusPath>/content/repositories/releases/</releaseNexusPath> - <stagingNexusPath>/content/repositories/staging/</stagingNexusPath> - <sitePath>/content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version}</sitePath> - </properties> - - <developers> - <developer> - <name>Jonathan Gathman</name> - <email>jonathan.gathman@att.com</email> - <organization>ATT</organization> - <roles> - <role>Architect</role> - <role>Lead Developer</role> - </roles> - </developer> - <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Sai Gandham</name> - <email>sai.gandham@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - </developers> - - <dependencies> - <dependency> - <groupId>org.onap.aaf.authz</groupId> - <artifactId>aaf-cadi-aaf</artifactId> - </dependency> - <!--<dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-core</artifactId> - <version>1.4.0</version> - </dependency> --> - - <dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-core</artifactId> - <version>1.3.2</version> - </dependency> - - </dependencies> - <build> - <plugins> - <plugin> - <groupId>org.sonatype.plugins</groupId> - <artifactId>nexus-staging-maven-plugin</artifactId> - <extensions>true</extensions> - <configuration> - <nexusUrl>${nexusproxy}</nexusUrl> - <stagingProfileId>176c31dfe190a</stagingProfileId> - <serverId>ecomp-staging</serverId> - </configuration> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-deploy-plugin</artifactId> - <configuration> - <skip>false</skip> - </configuration> - </plugin> - <plugin> - <groupId>org.jacoco</groupId> - <artifactId>jacoco-maven-plugin</artifactId> - <configuration> - <excludes> - <exclude>**/gen/**</exclude> - <exclude>**/generated-sources/**</exclude> - <exclude>**/yang-gen/**</exclude> - <exclude>**/pax/**</exclude> - </excludes> - </configuration> - <executions> - <execution> - <id>pre-unit-test</id> - <goals> - <goal>prepare-agent</goal> - </goals> - <configuration> - <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile> - <propertyName>surefireArgLine</propertyName> - </configuration> - </execution> - <execution> - <id>post-unit-test</id> - <phase>test</phase> - <goals> - <goal>report</goal> - </goals> - <configuration> - <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile> - <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> - </configuration> - </execution> - <execution> - <id>pre-integration-test</id> - <phase>pre-integration-test</phase> - <goals> - <goal>prepare-agent</goal> - </goals> - <configuration> - <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile> - <propertyName>failsafeArgLine</propertyName> - </configuration> - </execution> - <execution> - <id>post-integration-test</id> - <phase>post-integration-test</phase> - <goals> - <goal>report</goal> - </goals> - <configuration> - <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile> - <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - - </build> - - <distributionManagement> - <repository> - <id>ecomp-releases</id> - <name>AAF Release Repository</name> - <url>${nexusproxy}${releaseNexusPath}</url> - </repository> - <snapshotRepository> - <id>ecomp-snapshots</id> - <name>AAF Snapshot Repository</name> - <url>${nexusproxy}${snapshotNexusPath}</url> - </snapshotRepository> - <site> - <id>ecomp-site</id> - <url>dav:${nexusproxy}${sitePath}</url> - </site> - </distributionManagement> -</project> diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java deleted file mode 100644 index a1d304bd..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ /dev/null @@ -1,90 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; - -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.subject.PrincipalCollection; -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.Hash; -import org.onap.aaf.cadi.Access.Level; - -public class AAFAuthenticationInfo implements AuthenticationInfo { - private static final long serialVersionUID = -1502704556864321020L; - // We assume that Shiro is doing Memory Only, and this salt is not needed cross process - private final static int salt = new SecureRandom().nextInt(); - - private final AAFPrincipalCollection apc; - private final byte[] hash; - private Access access; - - public AAFAuthenticationInfo(Access access, String username, String password) { - this.access = access; - apc = new AAFPrincipalCollection(username); - hash = getSaltedCred(password); - } - @Override - public byte[] getCredentials() { - access.log(Level.DEBUG, "AAFAuthenticationInfo.getCredentials"); - return hash; - } - - @Override - public PrincipalCollection getPrincipals() { - access.log(Level.DEBUG, "AAFAuthenticationInfo.getPrincipals"); - return apc; - } - - public boolean matches(AuthenticationToken atoken) { - if(atoken instanceof UsernamePasswordToken) { - UsernamePasswordToken upt = (UsernamePasswordToken)atoken; - if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { - byte[] newhash = getSaltedCred(new String(upt.getPassword())); - if(newhash.length==hash.length) { - for(int i=0;i<hash.length;++i) { - if(hash[i]!=newhash[i]) { - return false; - } - } - return true; - } - } - } - return false; - } - - private byte[] getSaltedCred(String password) { - byte[] pbytes = password.getBytes(); - ByteBuffer bb = ByteBuffer.allocate(pbytes.length+Integer.SIZE/8); - bb.asIntBuffer().put(salt); - bb.put(password.getBytes()); - try { - return Hash.hashSHA256(bb.array()); - } catch (NoSuchAlgorithmException e) { - return new byte[0]; // should never get here - } - } -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java deleted file mode 100644 index bfdc6bf1..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ /dev/null @@ -1,94 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.security.Principal; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.Permission; -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.Access.Level; - -/** - * We treat "roles" and "permissions" in a similar way for first pass. - * - * @author JonathanGathman - * - */ -public class AAFAuthorizationInfo implements AuthorizationInfo { - private static final long serialVersionUID = -4805388954462426018L; - private Access access; - private Principal bait; - private List<org.onap.aaf.cadi.Permission> pond; - private ArrayList<String> sPerms; - private ArrayList<Permission> oPerms; - - public AAFAuthorizationInfo(Access access, Principal bait, List<org.onap.aaf.cadi.Permission> pond) { - this.access = access; - this.bait = bait; - this.pond = pond; - sPerms=null; - oPerms=null; - } - - public Principal principal() { - return bait; - } - - @Override - public Collection<Permission> getObjectPermissions() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); - synchronized(bait) { - if(oPerms == null) { - oPerms = new ArrayList<Permission>(); - for(final org.onap.aaf.cadi.Permission p : pond) { - oPerms.add(new AAFShiroPermission(p)); - } - } - } - return oPerms; - } - - @Override - public Collection<String> getRoles() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); - // Until we decide to make Roles available, tie into String based permissions. - return getStringPermissions(); - } - - @Override - public Collection<String> getStringPermissions() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); - synchronized(bait) { - if(sPerms == null) { - sPerms = new ArrayList<String>(); - for(org.onap.aaf.cadi.Permission p : pond) { - sPerms.add(p.getKey()); - } - } - } - return sPerms; - } - -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java deleted file mode 100644 index 145968de..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java +++ /dev/null @@ -1,125 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.security.Principal; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import org.apache.shiro.subject.PrincipalCollection; - -public class AAFPrincipalCollection implements PrincipalCollection { - private static final long serialVersionUID = 558246013419818831L; - private static final Set<String> realmSet; - private final Principal principal; - private List<Principal> list=null; - private Set<Principal> set=null; - - static { - realmSet = new HashSet<String>(); - realmSet.add(AAFRealm.AAF_REALM); - } - - public AAFPrincipalCollection(Principal p) { - principal = p; - } - - public AAFPrincipalCollection(final String principalName) { - principal = new Principal() { - private final String name = principalName; - @Override - public String getName() { - return name; - } - }; - } - - @Override - public Iterator<Principal> iterator() { - return null; - } - - @Override - public List<Principal> asList() { - if(list==null) { - list = new ArrayList<Principal>(); - } - list.add(principal); - return list; - } - - @Override - public Set<Principal> asSet() { - if(set==null) { - set = new HashSet<Principal>(); - } - set.add(principal); - return set; - } - - @SuppressWarnings("unchecked") - @Override - public <T> Collection<T> byType(Class<T> cls) { - Collection<T> coll = new ArrayList<T>(); - if(cls.isAssignableFrom(Principal.class)) { - coll.add((T)principal); - } - return coll; - } - - @Override - public Collection<Principal> fromRealm(String realm) { - if(AAFRealm.AAF_REALM.equals(realm)) { - return asList(); - } else { - return new ArrayList<Principal>(); - } - } - - @Override - public Principal getPrimaryPrincipal() { - return principal; - } - - @Override - public Set<String> getRealmNames() { - return realmSet; - } - - @Override - public boolean isEmpty() { - return principal==null; - } - - @SuppressWarnings("unchecked") - @Override - public <T> T oneByType(Class<T> cls) { - if(cls.isAssignableFrom(Principal.class)) { - return (T)principal; - } - return null; - } - -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java deleted file mode 100644 index 006547a9..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ /dev/null @@ -1,142 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.io.IOException; -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; - -import org.apache.shiro.authc.AuthenticationException; -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.realm.AuthorizingRealm; -import org.apache.shiro.subject.PrincipalCollection; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.LocatorException; -import org.onap.aaf.cadi.Permission; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; -import org.onap.aaf.cadi.aaf.v2_0.AAFCon; -import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.misc.env.APIException; - -public class AAFRealm extends AuthorizingRealm { - public static final String AAF_REALM = "AAFRealm"; - - private PropAccess access; - private AAFCon<?> acon; - private AAFAuthn<?> authn; - private HashSet<Class<? extends AuthenticationToken>> supports; - private AAFLurPerm authz; - - - /** - * - * There appears to be no configuration objects or references available for CADI to start with. - * - */ - public AAFRealm () { - access = new PropAccess(); // pick up cadi_prop_files from VM_Args - String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); - if(cadi_prop_files==null) { - String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - access.log(Level.INIT,msg); - throw new RuntimeException(msg); - } else { - try { - acon = AAFCon.newInstance(access); - authn = acon.newAuthn(); - authz = acon.newLur(authn); - } catch (APIException | CadiException | LocatorException e) { - String msg = "Cannot initiate AAFRealm"; - access.log(Level.INIT,msg,e.getMessage()); - throw new RuntimeException(msg,e); - } - } - supports = new HashSet<Class<? extends AuthenticationToken>>(); - supports.add(UsernamePasswordToken.class); - } - - @Override - protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token); - - final UsernamePasswordToken upt = (UsernamePasswordToken)token; - String password=new String(upt.getPassword()); - String err; - try { - err = authn.validate(upt.getUsername(),password); - } catch (IOException|CadiException e) { - err = "Credential cannot be validated"; - access.log(e, err); - } - - if(err != null) { - access.log(Level.DEBUG, err); - throw new AuthenticationException(err); - } - - return new AAFAuthenticationInfo( - access, - upt.getUsername(), - password - ); - } - - @Override - protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { - if(ai instanceof AAFAuthenticationInfo) { - if(!((AAFAuthenticationInfo)ai).matches(atoken)) { - throw new AuthenticationException("Credentials do not match"); - } - } else { - throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo"); - } - } - - - @Override - protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo"); - Principal bait = (Principal)principals.getPrimaryPrincipal(); - List<Permission> pond = new ArrayList<Permission>(); - authz.fishAll(bait,pond); - - return new AAFAuthorizationInfo(access,bait,pond); - - } - - @Override - public boolean supports(AuthenticationToken token) { - return supports.contains(token.getClass()); - } - - @Override - public String getName() { - return AAF_REALM; - } - -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java deleted file mode 100644 index a348a045..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import org.apache.shiro.authz.Permission; - -public class AAFShiroPermission implements Permission { - private org.onap.aaf.cadi.Permission perm; - public AAFShiroPermission(org.onap.aaf.cadi.Permission perm) { - this.perm = perm; - } - @Override - public boolean implies(Permission sp) { - if(sp instanceof AAFShiroPermission) { - if(perm.match(((AAFShiroPermission)sp).perm)){ - return true; - } - } - return false; - } - - @Override - public String toString() { - return perm.toString(); - } - -} diff --git a/cadi/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/cadi/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java deleted file mode 100644 index add449c9..00000000 --- a/cadi/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java +++ /dev/null @@ -1,93 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro.test; - -import java.util.ArrayList; - -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.Permission; -import org.apache.shiro.subject.PrincipalCollection; -import org.junit.Test; -import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.shiro.AAFRealm; -import org.onap.aaf.cadi.shiro.AAFShiroPermission; - -import junit.framework.Assert; - -public class JU_AAFRealm { - - // TODO: Ian - fix this test - // @Test - // public void test() { - // // NOTE This is a live test. This JUnit needs to be built with "Mock" - // try { - // System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/etc/org.osaaf.common.props"); - // TestAAFRealm ar = new TestAAFRealm(); - - // UsernamePasswordToken upt = new UsernamePasswordToken("jonathan@people.osaaf.org", "new2You!"); - // AuthenticationInfo ani = ar.authn(upt); - - // AuthorizationInfo azi = ar.authz(ani.getPrincipals()); - // // Change this to something YOU have, Sai... - - // testAPerm(true,azi,"org.access","something","*"); - // testAPerm(false,azi,"org.accessX","something","*"); - // } catch (Throwable t) { - // t.printStackTrace(); - // Assert.fail(); - // } - // } - - private void testAPerm(boolean expect,AuthorizationInfo azi, String type, String instance, String action) { - - AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(type,instance,action,new ArrayList<String>())); - - boolean any = false; - for(Permission p : azi.getObjectPermissions()) { - if(p.implies(testPerm)) { - any = true; - } - } - if(expect) { - Assert.assertTrue(any); - } else { - Assert.assertFalse(any); - } - - - } - - /** - * Note, have to create a derived class, because "doGet"... are protected - */ - private class TestAAFRealm extends AAFRealm { - public AuthenticationInfo authn(UsernamePasswordToken upt) { - return doGetAuthenticationInfo(upt); - } - public AuthorizationInfo authz(PrincipalCollection pc) { - return doGetAuthorizationInfo(pc); - } - - } -} |