diff options
Diffstat (limited to 'cadi')
-rw-r--r-- | cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java | 27 | ||||
-rw-r--r-- | cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java | 25 |
2 files changed, 46 insertions, 6 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java index d4d11bbb..83b66a08 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTaf.java @@ -23,8 +23,10 @@ package org.onap.aaf.cadi.aaf.v2_0; import java.io.IOException; import java.security.Principal; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.onap.aaf.cadi.AbsUserCache; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CachedPrincipal; @@ -42,28 +44,34 @@ import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.principal.BasicPrincipal; import org.onap.aaf.cadi.principal.CachedBasicPrincipal; import org.onap.aaf.cadi.taf.HttpTaf; import org.onap.aaf.cadi.taf.TafResp; import org.onap.aaf.cadi.taf.TafResp.RESP; import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp; +import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpTaf { private AAFCon<CLIENT> aaf; private boolean warn; - + private MapBathConverter mapIds; + public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning) { super(con.access,con.cleanInterval,con.highCount, con.usageRefreshTriggerCount); aaf = con; warn = turnOnWarning; + initMapBathConverter(); } public AAFTaf(AAFCon<CLIENT> con, boolean turnOnWarning, AbsUserCache<AAFPermission> other) { super(other); aaf = con; warn = turnOnWarning; + initMapBathConverter(); + } // Note: Needed for Creation of this Object with Generics @@ -78,6 +86,19 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT this((AAFCon<CLIENT>)mustBeAAFCon,turnOnWarning); } + private void initMapBathConverter() { + String csvFile = access.getProperty(Config.CADI_BATH_CONVERT, null); + if(csvFile==null) { + mapIds=null; + } else { + try { + mapIds = new MapBathConverter(access, new CSV(csvFile)); + } catch (IOException | CadiException e) { + access.log(e,"Bath Map Conversion is not initialzed (non fatal)"); + } + } + + } public TafResp validate(final LifeForm reading, final HttpServletRequest req, final HttpServletResponse resp) { //TODO Do we allow just anybody to validate? @@ -88,6 +109,10 @@ public class AAFTaf<CLIENT> extends AbsUserCache<AAFPermission> implements HttpT if (warn&&!req.isSecure()) { aaf.access.log(Level.WARN,"WARNING! BasicAuth has been used over an insecure channel"); } + if(mapIds != null) { + authz = mapIds.convert(access, authz); + } + try { final CachedBasicPrincipal bp; if (req.getUserPrincipal() instanceof CachedBasicPrincipal) { diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java index 7a138e97..93074932 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapBathConverter.java @@ -139,6 +139,7 @@ public class MapBathConverter { public String convert(Access access, final String bath) { String rv = map.get(bath); String cred=null; + String tcred=null; Holder<String> hpass=null; try { if(rv==null || !rv.startsWith(BASIC)) { @@ -154,9 +155,8 @@ public class MapBathConverter { // for SAFETY REASONS, we WILL NOT allow a non validated cred to // pass a password from file. Should be caught from Instation, but... if(rv!=null) { - if(rv.startsWith(BASIC)) { - return bath; - } else { + if(!rv.startsWith(BASIC)) { + tcred = rv; rv = BASIC + Symm.base64noSplit.encode(rv+':'+hpass.value); } } @@ -164,7 +164,22 @@ public class MapBathConverter { } catch (IOException | CadiException e) { access.log(e,"Invalid Authorization"); } - - return rv; + + if(rv==null) { + rv=bath; + } else { + try { + if(cred==null) { + cred = idFromBasic(bath,null); + } + if(tcred==null) { + tcred = idFromBasic(rv,null); + } + } catch (IOException | CadiException e) { + access.log(Level.ERROR,"Invalid Basic Authentication for conversion"); + } + access.printf(Level.AUDIT, "ID %s converted to %s",cred,tcred); + } + return rv==null?bath:rv; } } |