diff options
Diffstat (limited to 'cadi')
-rw-r--r-- | cadi/cass/.gitignore | 4 | ||||
-rw-r--r-- | cadi/cass/etc/cadi.properties | 45 | ||||
-rw-r--r-- | cadi/cass/pom.xml | 210 | ||||
-rw-r--r-- | cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticatedUser.java | 109 | ||||
-rw-r--r-- | cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java | 176 | ||||
-rw-r--r-- | cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthorizer.java | 224 | ||||
-rw-r--r-- | cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFBase.java | 193 | ||||
-rw-r--r-- | cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticatedUserTest.java | 90 | ||||
-rw-r--r-- | cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticator.java | 111 | ||||
-rw-r--r-- | cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_CASS.java | 114 | ||||
-rw-r--r-- | cadi/pom.xml | 1 |
11 files changed, 0 insertions, 1277 deletions
diff --git a/cadi/cass/.gitignore b/cadi/cass/.gitignore deleted file mode 100644 index 6028f0a5..00000000 --- a/cadi/cass/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -/.classpath -/.settings/ -/target/ -/.project diff --git a/cadi/cass/etc/cadi.properties b/cadi/cass/etc/cadi.properties deleted file mode 100644 index 767fe5c2..00000000 --- a/cadi/cass/etc/cadi.properties +++ /dev/null @@ -1,45 +0,0 @@ -## -## AUTHZ API (authz-service) Properties -## - -## DISCOVERY (DME2) Parameters on the Command Line -AFT_LATITUDE=38.627345 -AFT_LONGITUDE=-90.193774 -AFT_ENVIRONMENT=AFTUAT - -# CADI -cadi_keyfile=/opt/app/aaf/common/com.att.aaf.keyfile -cadi_loglevel=WARN - -# CASSANDRA Required for APP -cass_group_name=com.att.aaf - -# CASSANDRA Optional -cass_cluster_name=mithril - -# AAF Required for APP -aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE -DME2_EP_REGISTRY_CLASS=DME2FS -AFT_DME2_EP_REGISTRY_FS_DIR=/Volumes/Data/src/authz/dme2reg - -aaf_default_realm=aaf.localized -aaf_id=m12345@aaf.att.com -aaf_password=enc:DuADW3_Y26NdHgDvN7Prt7vtDwYJM3Kvw9AOQ30lPV1 -cadi_loglevel=DEBUG - -# AAF Optional -# Connection Time Out (milliseconds) -aaf_conn_timeout=10000 -# User Cache Expiration (milliseconds) -aaf_user_expires=600000 -# High count... Rough top number of objects held in Cache per cycle. If high is reached, more are -# recycled next time. -aaf_high_count=1000 - -## -## Localized Passwords -## -basic_realm=aaf.localized -local_users=m01891@aaf.localized%DuADW3_Y26NdHgDvN7Prt7vtDwYJM3Kvw9AOQ30lPV1:/mithril/authz;\ - m12345@aaf.localized%DuADW3_Y26NdHgDvN7Prt7vtDwYJM3Kvw9AOQ30lPV1:/mithril/authz;\ - root@aaf.localized%DuADW3_Y26NdHgDvN7Prt7vtDwYJM3Kvw9AOQ30lPV1:/mithril diff --git a/cadi/cass/pom.xml b/cadi/cass/pom.xml deleted file mode 100644 index bbe9b19b..00000000 --- a/cadi/cass/pom.xml +++ /dev/null @@ -1,210 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * ---> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <parent> - <groupId>org.onap.aaf.authz.cadi</groupId> - <artifactId>parent</artifactId> - <version>2.1.0-SNAPSHOT</version> - <relativePath>..</relativePath> - </parent> - - <modelVersion>4.0.0</modelVersion> - <artifactId>aaf-cadi-cass</artifactId> - <name>AAF CADI Cassandra Library</name> - <packaging>jar</packaging> - - <properties> - <!-- SONAR --> - <sonar.skip>true</sonar.skip> - <jacoco.version>0.7.7.201606060606</jacoco.version> - <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> - <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> - <!-- Default Sonar configuration --> - <sonar.jacoco.reportPaths>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPaths> - <sonar.jacoco.itReportPaths>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPaths> - <!-- Note: This list should match jacoco-maven-plugin's exclusion list below --> - <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> - <nexusproxy>https://nexus.onap.org</nexusproxy> - <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath> - <releaseNexusPath>/content/repositories/releases/</releaseNexusPath> - <stagingNexusPath>/content/repositories/staging/</stagingNexusPath> - <sitePath>/content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version}</sitePath> - </properties> - - <developers> - <developer> - <name>Jonathan Gathman</name> - <email>jonathan.gathman@att.com</email> - <organization>ATT</organization> - <roles> - <role>Architect</role> - <role>Lead Developer</role> - </roles> - </developer> - <developer> - <name>Gabe Maurer</name> - <email>gabe.maurer@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Ian Howell</name> - <email>ian.howell@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - <developer> - <name>Sai Gandham</name> - <email>sai.gandham@att.com</email> - <organization>ATT</organization> - <roles> - <role>Developer</role> - </roles> - </developer> - </developers> - - <dependencies> - <dependency> - <groupId>org.onap.aaf.authz.cadi</groupId> - <artifactId>aaf-cadi-core</artifactId> - </dependency> - - <dependency> - <groupId>org.onap.aaf.authz.cadi</groupId> - <artifactId>aaf-cadi-aaf</artifactId> - </dependency> - - <dependency> - <groupId>org.apache.cassandra</groupId> - <artifactId>cassandra-all</artifactId> - <version>2.1.14</version> - <scope>compile</scope> - <exclusions> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - </exclusions> - </dependency> - - </dependencies> - <build> - <plugins> - <plugin> - <groupId>org.sonatype.plugins</groupId> - <artifactId>nexus-staging-maven-plugin</artifactId> - <version>1.6.7</version> - <extensions>true</extensions> - <configuration> - <nexusUrl>${nexusproxy}</nexusUrl> - <stagingProfileId>176c31dfe190a</stagingProfileId> - <serverId>ecomp-staging</serverId> - </configuration> - </plugin> - <plugin> - <groupId>org.jacoco</groupId> - <artifactId>jacoco-maven-plugin</artifactId> - <version>${jacoco.version}</version> - <configuration> - <excludes> - <exclude>**/gen/**</exclude> - <exclude>**/generated-sources/**</exclude> - <exclude>**/yang-gen/**</exclude> - <exclude>**/pax/**</exclude> - </excludes> - </configuration> - <executions> - <execution> - <id>pre-unit-test</id> - <goals> - <goal>prepare-agent</goal> - </goals> - <configuration> - <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile> - <propertyName>surefireArgLine</propertyName> - </configuration> - </execution> - <execution> - <id>post-unit-test</id> - <phase>test</phase> - <goals> - <goal>report</goal> - </goals> - <configuration> - <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile> - <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> - </configuration> - </execution> - <execution> - <id>pre-integration-test</id> - <phase>pre-integration-test</phase> - <goals> - <goal>prepare-agent</goal> - </goals> - <configuration> - <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile> - <propertyName>failsafeArgLine</propertyName> - </configuration> - </execution> - <execution> - <id>post-integration-test</id> - <phase>post-integration-test</phase> - <goals> - <goal>report</goal> - </goals> - <configuration> - <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile> - <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - - </build> - - <distributionManagement> - <repository> - <id>ecomp-releases</id> - <name>AAF Release Repository</name> - <url>${nexusproxy}${releaseNexusPath}</url> - </repository> - <snapshotRepository> - <id>ecomp-snapshots</id> - <name>AAF Snapshot Repository</name> - <url>${nexusproxy}${snapshotNexusPath}</url> - </snapshotRepository> - <site> - <id>ecomp-site</id> - <url>dav:${nexusproxy}${sitePath}</url> - </site> - </distributionManagement> -</project> diff --git a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticatedUser.java b/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticatedUser.java deleted file mode 100644 index 3f08b1e9..00000000 --- a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticatedUser.java +++ /dev/null @@ -1,109 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package com.att.aaf.cadi.cass; - -import java.security.Principal; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.onap.aaf.cadi.Access; - -public class AAFAuthenticatedUser extends AuthenticatedUser implements Principal { - private boolean anonymous = false, supr=false, local=false; - private String fullName; -// private Access access; - - public AAFAuthenticatedUser(Access access, String name) { - super(name); -// this.access = access; - int endIndex = name.indexOf("@"); - if(endIndex >= 0) { - fullName = name; - } else { - fullName = name + '@' + AAFBase.default_realm; - } - } - - public String getFullName() { - return fullName; - } - - public String getName() { - return fullName; - } - - /* (non-Javadoc) - * @see org.apache.cassandra.auth.AuthenticatedUser#isAnonymous() - */ - @Override - public boolean isAnonymous() { - return anonymous; - } - - public void setAnonymous(boolean anon) { - anonymous = anon; - } - - public boolean getAnonymous() { - return anonymous; - } - - /* (non-Javadoc) - * @see org.apache.cassandra.auth.AuthenticatedUser#isSuper() - */ - @Override - public boolean isSuper() { - return supr; - } - - public void setSuper(boolean supr) { - this.supr = supr; - } - - public boolean getSuper() { - return supr; - } - - /** - * We check Local so we can compare with the right Lur. This is AAF Plugin only. - * @return - */ - public boolean isLocal() { - return local; - } - - public void setLocal(boolean val) { - local = val; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof AAFAuthenticatedUser)) return false; - return ((AuthenticatedUser)o).getName().equals(this.getName()); - } - - @Override - public int hashCode() { - //access.log(Level.DEBUG, "AAFAuthentication hashcode ",getName().hashCode()); - return getName().hashCode(); - } -} diff --git a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java b/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java deleted file mode 100644 index 7362b13e..00000000 --- a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthenticator.java +++ /dev/null @@ -1,176 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package com.att.aaf.cadi.cass; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.util.Arrays; -import java.util.HashMap; -import java.util.Map; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.auth.ISaslAwareAuthenticator; -import org.apache.cassandra.exceptions.AuthenticationException; -import org.apache.cassandra.exceptions.InvalidRequestException; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.onap.aaf.cadi.Symm; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.CredVal.Type; -import org.onap.aaf.cadi.config.Config; - -public class AAFAuthenticator extends AAFBase implements ISaslAwareAuthenticator { - - public boolean requireAuthentication() { - return true; - } - - /** - * Invoked to authenticate an user - */ - public AuthenticatedUser authenticate(Map<String, String> credentials) throws AuthenticationException { - String username = (String)credentials.get("username"); - if (username == null) { - throw new AuthenticationException("'username' is missing"); - } - - AAFAuthenticatedUser aau = new AAFAuthenticatedUser(access,username); - String fullName=aau.getFullName(); - access.log(Level.DEBUG, "Authenticating", aau.getName(),"(", fullName,")"); - - String password = (String)credentials.get("password"); - if (password == null) { - throw new AuthenticationException("'password' is missing"); - } else if(password.startsWith("bsf:")) { - try { - password = Symm.base64noSplit.depass(password); - } catch (IOException e) { - throw new AuthenticationException("AAF bnf: Password cannot be decoded"); - } - } else if(password.startsWith("enc:")) { - try { - password = access.decrypt(password, true); - } catch (IOException e) { - throw new AuthenticationException("AAF Encrypted Password cannot be decrypted"); - } - } - - if(localLur!=null) { - access.log(Level.DEBUG, "Validating",fullName, "with LocalTaf", password); - if(localLur.validate(fullName, Type.PASSWORD, password.getBytes(),null)) { - aau.setAnonymous(true); - aau.setLocal(true); - access.log(Level.DEBUG, fullName, "is authenticated locally"); - return aau; - } - } - - String aafResponse; - try { - access.log(Level.DEBUG, "Validating",fullName, "with AAF");//, password); - aafResponse = aafAuthn.validate(fullName, password,null); - if(aafResponse != null) { // Reason for failing. - access.log(Level.AUDIT, "AAF reports ",fullName,":",aafResponse); - throw new AuthenticationException(aafResponse); - } - access.log(Level.AUDIT, fullName, "is authenticated"); //,password); - // This tells Cassandra to skip checking it's own tables for User Entries. - aau.setAnonymous(true); - } catch (AuthenticationException ex) { - throw ex; - } catch(Exception ex) { - access.log(ex,"Exception validating user"); - throw new AuthenticationException("Exception validating user"); - } - - return aau; - } - - public void create(String username, Map<IAuthenticator.Option, Object> options) throws InvalidRequestException, RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to create user"); - } - - public void alter(String username, Map<IAuthenticator.Option, Object> options) throws RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to alter user"); - } - - public void drop(String username) throws RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to delete user"); - } - - public SaslAuthenticator newAuthenticator() { - return new ISaslAwareAuthenticator.SaslAuthenticator() { - private boolean complete = false; - private Map<String, String> credentials; - - public byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationException { - this.credentials = decodeCredentials(clientResponse); - this.complete = true; - return null; - } - - public boolean isComplete() { - return this.complete; - } - - public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException { - return AAFAuthenticator.this.authenticate(this.credentials); - } - - private Map<String, String> decodeCredentials(byte[] bytes) throws AuthenticationException { - access.log(Level.DEBUG,"Decoding credentials from client token"); - byte[] user = null; - byte[] pass = null; - int end = bytes.length; - for (int i = bytes.length - 1; i >= 0; i--) { - if (bytes[i] != 0) { - continue; - } - if (pass == null) { - pass = Arrays.copyOfRange(bytes, i + 1, end); - } else if (user == null) { - user = Arrays.copyOfRange(bytes, i + 1, end); - } - end = i; - } - - if (user == null) { - throw new AuthenticationException("Authentication ID must not be null"); - } - // SONAR thinks this code won't be hit, and keeps calling it a "Blocker" (???) so we delete -// if (pass == null) { -// throw new AuthenticationException("Password must not be null"); -// } - Map<String,String> credentials = new HashMap<String,String>(); - try { - credentials.put(IAuthenticator.USERNAME_KEY, new String(user, Config.UTF_8)); - credentials.put(IAuthenticator.PASSWORD_KEY, new String(pass, Config.UTF_8)); - } catch (UnsupportedEncodingException e) { - throw new AuthenticationException(e.getMessage()); - } - return credentials; - } - }; - } - -} - diff --git a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthorizer.java b/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthorizer.java deleted file mode 100644 index 7353ee33..00000000 --- a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFAuthorizer.java +++ /dev/null @@ -1,224 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package com.att.aaf.cadi.cass; - -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Set; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IAuthorizer; -import org.apache.cassandra.auth.IResource; -import org.apache.cassandra.auth.Permission; -import org.apache.cassandra.auth.PermissionDetails; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.apache.cassandra.exceptions.RequestValidationException; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur; -import org.onap.aaf.cadi.lur.LocalPermission; - -public class AAFAuthorizer extends AAFBase implements IAuthorizer { - // Returns every permission on the resource granted to the user. - public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { - String uname, rname; - access.log(Level.DEBUG,"Authorizing",uname=user.getName(),"for",rname=resource.getName()); - - Set<Permission> permissions; - - if(user instanceof AAFAuthenticatedUser) { - AAFAuthenticatedUser aafUser = (AAFAuthenticatedUser) user; - aafUser.setAnonymous(false); - - if(aafUser.isLocal()) { - permissions = checkPermissions(aafUser, new LocalPermission( - rname.replaceFirst("data", cluster_name) - )); - } else { - permissions = checkPermissions( - aafUser, - perm_type, - ':'+rname.replaceFirst("data", cluster_name).replace('/', ':')); - } - } else { - permissions = Permission.NONE; - } - - access.log(Level.INFO,"Permissions on",rname,"for",uname,':', permissions); - - return permissions; - } - - /** - * Check only for Localized IDs (see cadi.properties) - * @param aau - * @param perm - * @return - */ - private Set<Permission> checkPermissions(AAFAuthenticatedUser aau, LocalPermission perm) { - if(localLur.fish(aau, perm)) { -// aau.setSuper(true); - return Permission.ALL; - } else { - return Permission.NONE; - } - } - - /** - * Check remoted AAF Permissions - * @param aau - * @param type - * @param instance - * @return - */ - private Set<Permission> checkPermissions(AAFAuthenticatedUser aau, String type, String instance) { - // Can perform ALL actions - PermHolder ph = new PermHolder(aau); - aafLur.fishOneOf(aau,ph,type,instance,actions); - return ph.permissions; - } - - private class PermHolder { - private AAFAuthenticatedUser aau; - public PermHolder(AAFAuthenticatedUser aau) { - this.aau = aau; - } - public Set<Permission> permissions = Permission.NONE; - public void mutable() { - if(permissions==Permission.NONE) { - permissions = new HashSet<Permission>(); - } - } - }; - - /** - * This specialty List avoid extra Object Creation, and allows the Lur to do a Vistor on all appropriate Perms - */ - private static final ArrayList<AbsAAFLur.Action<PermHolder>> actions = new ArrayList<AbsAAFLur.Action<PermHolder>>(); - static { - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "*"; - } - - public boolean exec(PermHolder a) { - a.aau.setSuper(true); - a.permissions = Permission.ALL; - return true; - } - }); - - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "SELECT"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.SELECT); - return false; - } - }); - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "MODIFY"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.MODIFY); - return false; - } - }); - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "CREATE"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.CREATE); - return false; - } - }); - - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "ALTER"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.ALTER); - return false; - } - }); - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "DROP"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.DROP); - return false; - } - }); - actions.add(new AbsAAFLur.Action<PermHolder>() { - public String getName() { - return "AUTHORIZE"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.AUTHORIZE); - return false; - } - }); - - - }; - - - public void grant(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String to) throws RequestExecutionException { - access.log(Level.INFO, "Use AAF CLI to grant permission(s) to user/role"); - } - - public void revoke(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String from) throws RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role"); - } - - public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of) throws RequestValidationException, RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to find the list of permissions"); - return null; - } - - // Called prior to deleting the user with DROP USER query. Internal hook, so no permission checks are needed here. - public void revokeAll(String droppedUser) { - access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role"); - } - - // Called after a resource is removed (DROP KEYSPACE, DROP TABLE, etc.). - public void revokeAll(IResource droppedResource) { - access.log(Level.INFO,"Use AAF CLI to delete the unused permission", droppedResource.getName()); - } - -} diff --git a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFBase.java b/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFBase.java deleted file mode 100644 index 932feb93..00000000 --- a/cadi/cass/src/main/java/com/att/aaf/cadi/cass/AAFBase.java +++ /dev/null @@ -1,193 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package com.att.aaf.cadi.cass; - -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.net.URL; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; - -import org.apache.cassandra.auth.DataResource; -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.exceptions.ConfigurationException; -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.Lur; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; -import org.onap.aaf.cadi.aaf.v2_0.AAFCon; -import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.config.SecurityInfoC; -import org.onap.aaf.cadi.lur.EpiLur; -import org.onap.aaf.cadi.lur.LocalLur; - -public abstract class AAFBase { - protected static final Set<IAuthenticator.Option> options; - protected static final Set<DataResource> dataResource; - - static { - options = new HashSet<IAuthenticator.Option>(); - options.add(IAuthenticator.Option.PASSWORD); - - dataResource = new HashSet<DataResource>(); - dataResource.add(DataResource.columnFamily("system_auth", "credentials")); - } - - protected static Access access; - protected static LocalLur localLur; - protected static AAFCon<?> aafcon; - protected static AAFAuthn<?> aafAuthn; - protected static AbsAAFLur<AAFPermission> aafLur; - protected static String default_realm; - protected static String cluster_name; - protected static String perm_type; - private static boolean props_ok = false; - - /** - * If you use your own Access Class, this must be called before - * "setup()" is invoked by Cassandra. - * - * Otherwise, it will default to reading Properties CADI style. - * - * @param access - */ - public static void setAccess(Access access) { - AAFBase.access = access; - } - - - public void validateConfiguration() throws ConfigurationException { - setup(); - if(!props_ok) { - throw new ConfigurationException("AAF not initialized"); - } - } - - @SuppressWarnings("unchecked") - public synchronized void setup() { - if(aafAuthn == null) { - try { - if(access==null) { - String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties"); - Properties initial = new Properties(); - URL cadi_props = ClassLoader.getSystemResource(value); - if(cadi_props == null) { - File cp = new File(value); - if(cp.exists()) { - InputStream is = new FileInputStream(cp); - try { - initial.load(is); - } finally { - is.close(); - } - } else { - System.out.printf("%s does not exist as File or in Classpath\n",value); - initial.setProperty(Config.CADI_PROP_FILES, value); - } - } else { - InputStream is = cadi_props.openStream(); - try { - initial.load(is); - } finally { - is.close(); - } - } - access = new PropAccess(initial); - } - props_ok = true; - if((perm_type = Config.logProp(access, "cass_group_name",null))==null) { - props_ok=false; - } else { - perm_type = perm_type + ".cass"; - } - - if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) { - if((cluster_name = DatabaseDescriptor.getClusterName())==null) { - props_ok=false; - } - } - - if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) { - props_ok=false; - } - - if(props_ok==false) { - return; - } - - // AAFLur has pool of DME clients as needed, and Caches Client lookups - SecurityInfoC<HttpURLConnection> si = SecurityInfoC.instance(access, HttpURLConnection.class); - Lur lur = Config.configLur(si,aafcon); - // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon - if(lur instanceof EpiLur) { - EpiLur elur = (EpiLur)lur; - for(int i=0; (lur = elur.get(i))!=null;++i) { - if(lur instanceof AbsAAFLur) { - aafLur=(AbsAAFLur<AAFPermission>)lur; - aafcon = aafLur.aaf; - aafAuthn = aafLur.aaf.newAuthn(aafLur); - break; - } else if(lur instanceof LocalLur) { - localLur = (LocalLur)lur; - } - } - } else if(lur instanceof AbsAAFLur) { - aafLur=(AbsAAFLur<AAFPermission>)lur; - aafcon = aafLur.aaf; - aafAuthn = aafLur.aaf.newAuthn(aafLur); - } - if(aafAuthn==null) { - access.log(Level.INIT,"Failed to instantiate full AAF access"); - props_ok = false; - } - } catch (Exception e) { - aafAuthn=null; - if(access!=null)access.log(e, "Failed to initialize AAF"); - props_ok = false; - } - } - } - - public Set<DataResource> protectedResources() { - access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty"); - return dataResource; - } - - public Set<IAuthenticator.Option> supportedOptions() { - access.log(Level.DEBUG, "supportedOptions() called"); - return options; - } - - public Set<IAuthenticator.Option> alterableOptions() { - access.log(Level.DEBUG, "alterableOptions() called"); - return options; - } - - -} diff --git a/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticatedUserTest.java b/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticatedUserTest.java deleted file mode 100644 index 2f196720..00000000 --- a/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticatedUserTest.java +++ /dev/null @@ -1,90 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * - ******************************************************************************/ -package org.onap.aaf.cadi.cass; - -import static org.junit.Assert.*; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.junit.Before; -import org.junit.Test; - -import com.att.aaf.cadi.cass.AAFAuthenticatedUser; - -public class JU_AAFAuthenticatedUserTest { - - @Before - public void setUp() throws Exception { - } - - @Test - public void test() { - AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "User1@aaf"); - assertEquals(user.getFullName(),"User1@aaf"); - assertEquals(user.getName(),"User1@aaf"); - assertFalse(user.isAnonymous()); - assertFalse(user.isSuper()); - assertFalse(user.isLocal()); - - - - } - - @Test - public void testone() { - AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "User2@aaf"); - assertEquals(user.getFullName(),"User2@aaf"); - assertEquals(user.getName(),"User2@aaf"); - assertFalse(user.isAnonymous()); - assertFalse(user.isSuper()); - assertFalse(user.isLocal()); - - - - } - - @Test - public void testtwo() { - AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "onap@aaf"); - assertEquals(user.getFullName(),"onap@aaf"); - assertEquals(user.getName(),"onap@aaf"); - assertFalse(user.isAnonymous()); - assertFalse(user.isSuper()); - assertFalse(user.isLocal()); - - - - } - - @Test - public void testthree() { - AAFAuthenticatedUser user = new AAFAuthenticatedUser(null, "openecomp@aaf"); - assertEquals(user.getFullName(),"openecomp@aaf"); - assertEquals(user.getName(),"openecomp@aaf"); - assertFalse(user.isAnonymous()); - assertFalse(user.isSuper()); - assertFalse(user.isLocal()); - - - - } - -} diff --git a/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticator.java b/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticator.java deleted file mode 100644 index af558428..00000000 --- a/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_AAFAuthenticator.java +++ /dev/null @@ -1,111 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * - ******************************************************************************/ -package org.onap.aaf.cadi.cass; - -import static org.junit.Assert.*; - -import java.util.HashMap; -import java.util.Map; - -import org.junit.Test; -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.Access.Level; -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.exceptions.AuthenticationException; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import static org.junit.Assert.*; - -import com.att.aaf.cadi.cass.AAFAuthenticatedUser; -import com.att.aaf.cadi.cass.AAFAuthenticator; -import com.att.aaf.cadi.cass.AAFBase; - -import junit.framework.Assert; - -public class JU_AAFAuthenticator extends AAFBase -{ - - - @Before - public void setUp() - { - - } - - @After - public void tearDown() - { - - } - - @Test - public void checkRequiredAuth() { - AAFAuthenticator test = new AAFAuthenticator(); - Assert.assertTrue(test.requireAuthentication()); - } - // TODO: Call may be broken due to missing ATT specific code - // @Test - public void checkAuthenticate() throws AuthenticationException { - AuthenticatedUser user = new AuthenticatedUser("testUser"); - AAFAuthenticator test = new AAFAuthenticator(); - Map<String, String> cred = new HashMap<String,String>(); - cred.put("username", "testUser"); - cred.put("password", "testPass"); - String username = (String)cred.get("username"); - Access access = new PropAccess(); - AAFAuthenticatedUser aau = new AAFAuthenticatedUser(access,username); - String fullName=aau.getFullName(); - access.log(Level.DEBUG, "Authenticating", aau.getName(),"(", fullName,")"); - //test.authenticate(cred); - //Assert.assert - - } - - @Test(expected = AuthenticationException.class) - public void checkThrowsUser() throws AuthenticationException { - AAFAuthenticator test = new AAFAuthenticator(); - Map<String, String> cred = new HashMap<String,String>(); - cred.put("username", null); - Assert.assertNull(cred.get("username")); - test.authenticate(cred); - } - - // TODO: Ian - Fix this failing test - //@Test(expected = AuthenticationException.class) - public void checkThrowsPass() throws AuthenticationException { - AAFAuthenticator test = new AAFAuthenticator(); - Map<String, String> cred = new HashMap<String,String>(); - cred.put("username", "testUser"); - cred.put("password", "bsf:"); - Assert.assertNotNull(cred.get("password")); - test.authenticate(cred); - - cred.put("password", null); - Assert.assertNull(cred.get("password")); - test.authenticate(cred); - } - - - -} diff --git a/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_CASS.java b/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_CASS.java deleted file mode 100644 index 03a5df1d..00000000 --- a/cadi/cass/src/test/java/org/onap/aaf/cadi/cass/JU_CASS.java +++ /dev/null @@ -1,114 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * - ******************************************************************************/ -package org.onap.aaf.cadi.cass; - -import static org.junit.Assert.*; - -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IResource; -import org.apache.cassandra.auth.Permission; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.att.aaf.cadi.cass.AAFAuthenticator; -import com.att.aaf.cadi.cass.AAFAuthorizer; - -public class JU_CASS { - - // TODO: Ian - Fix this test - @Test - public void notYetImplemented() { - assertTrue(true); - } - -// private static AAFAuthenticator aa; -// private static AAFAuthorizer an; - -// @BeforeClass -// public static void setUpBeforeClass() throws Exception { -// System.setProperty("cadi_prop_files", "etc/cadi.properties"); - -// aa = new AAFAuthenticator(); -// an = new AAFAuthorizer(); - -// aa.setup(); -// an.setup(); // does nothing after aa. - -// aa.validateConfiguration(); - -// } - -// @AfterClass -// public static void tearDownAfterClass() throws Exception { -// } - -// @Test -// public void test() throws Exception { -// Map<String,String> creds = new HashMap<String,String>(); -// creds.put("username", "XXX@NS"); -// creds.put("password", "enc:???"); -// AuthenticatedUser aaf = aa.authenticate(creds); - -// // Test out "aaf_default_domain -// creds.put("username", "XX"); -// aaf = aa.authenticate(creds); - -// IResource resource = new IResource() { -// public String getName() { -// return "data/authz"; -// } - -// public IResource getParent() { -// return null; -// } - -// public boolean hasParent() { -// return false; -// } - -// public boolean exists() { -// return true; -// } - -// }; - -// Set<Permission> perms = an.authorize(aaf, resource); - -// // Test out "AAF" access -// creds.put("username", "XXX@NS"); -// creds.put("password", "enc:???"); -// aaf = aa.authenticate(creds); -// perms = an.authorize(aaf, resource); -// Assert.assertFalse(perms.isEmpty()); - -// perms = an.authorize(aaf, resource); -// Assert.assertFalse(perms.isEmpty()); - -// } - -} diff --git a/cadi/pom.xml b/cadi/pom.xml index dbf692b3..a0bf0bdd 100644 --- a/cadi/pom.xml +++ b/cadi/pom.xml @@ -136,7 +136,6 @@ <module>core</module> <module>client</module> <module>aaf</module> - <module>cass</module> <module>oauth-enduser</module> <module>shiro</module> </modules> |