From 9b8bad6df2746688133bc57306c98e201f8fa6a8 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Mon, 2 Jul 2018 16:53:27 -0500 Subject: move shiro modules to cadi repo Issue-ID: AAF-380 Change-Id: I3383995551a7ea3a98d9e1cbebd324d49bbba134 Signed-off-by: Sai Gandham --- .../onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 90 ------------- .../onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 94 -------------- .../aaf/cadi/shiro/AAFPrincipalCollection.java | 125 ------------------ .../java/org/onap/aaf/cadi/shiro/AAFRealm.java | 142 --------------------- .../onap/aaf/cadi/shiro/AAFShiroPermission.java | 45 ------- 5 files changed, 496 deletions(-) delete mode 100644 cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java delete mode 100644 cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java delete mode 100644 cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java delete mode 100644 cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java delete mode 100644 cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java (limited to 'cadi/shiro/src/main') diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java deleted file mode 100644 index a1d304bd..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ /dev/null @@ -1,90 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.nio.ByteBuffer; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; - -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.subject.PrincipalCollection; -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.Hash; -import org.onap.aaf.cadi.Access.Level; - -public class AAFAuthenticationInfo implements AuthenticationInfo { - private static final long serialVersionUID = -1502704556864321020L; - // We assume that Shiro is doing Memory Only, and this salt is not needed cross process - private final static int salt = new SecureRandom().nextInt(); - - private final AAFPrincipalCollection apc; - private final byte[] hash; - private Access access; - - public AAFAuthenticationInfo(Access access, String username, String password) { - this.access = access; - apc = new AAFPrincipalCollection(username); - hash = getSaltedCred(password); - } - @Override - public byte[] getCredentials() { - access.log(Level.DEBUG, "AAFAuthenticationInfo.getCredentials"); - return hash; - } - - @Override - public PrincipalCollection getPrincipals() { - access.log(Level.DEBUG, "AAFAuthenticationInfo.getPrincipals"); - return apc; - } - - public boolean matches(AuthenticationToken atoken) { - if(atoken instanceof UsernamePasswordToken) { - UsernamePasswordToken upt = (UsernamePasswordToken)atoken; - if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { - byte[] newhash = getSaltedCred(new String(upt.getPassword())); - if(newhash.length==hash.length) { - for(int i=0;i pond; - private ArrayList sPerms; - private ArrayList oPerms; - - public AAFAuthorizationInfo(Access access, Principal bait, List pond) { - this.access = access; - this.bait = bait; - this.pond = pond; - sPerms=null; - oPerms=null; - } - - public Principal principal() { - return bait; - } - - @Override - public Collection getObjectPermissions() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); - synchronized(bait) { - if(oPerms == null) { - oPerms = new ArrayList(); - for(final org.onap.aaf.cadi.Permission p : pond) { - oPerms.add(new AAFShiroPermission(p)); - } - } - } - return oPerms; - } - - @Override - public Collection getRoles() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); - // Until we decide to make Roles available, tie into String based permissions. - return getStringPermissions(); - } - - @Override - public Collection getStringPermissions() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); - synchronized(bait) { - if(sPerms == null) { - sPerms = new ArrayList(); - for(org.onap.aaf.cadi.Permission p : pond) { - sPerms.add(p.getKey()); - } - } - } - return sPerms; - } - -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java deleted file mode 100644 index 145968de..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java +++ /dev/null @@ -1,125 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.security.Principal; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import org.apache.shiro.subject.PrincipalCollection; - -public class AAFPrincipalCollection implements PrincipalCollection { - private static final long serialVersionUID = 558246013419818831L; - private static final Set realmSet; - private final Principal principal; - private List list=null; - private Set set=null; - - static { - realmSet = new HashSet(); - realmSet.add(AAFRealm.AAF_REALM); - } - - public AAFPrincipalCollection(Principal p) { - principal = p; - } - - public AAFPrincipalCollection(final String principalName) { - principal = new Principal() { - private final String name = principalName; - @Override - public String getName() { - return name; - } - }; - } - - @Override - public Iterator iterator() { - return null; - } - - @Override - public List asList() { - if(list==null) { - list = new ArrayList(); - } - list.add(principal); - return list; - } - - @Override - public Set asSet() { - if(set==null) { - set = new HashSet(); - } - set.add(principal); - return set; - } - - @SuppressWarnings("unchecked") - @Override - public Collection byType(Class cls) { - Collection coll = new ArrayList(); - if(cls.isAssignableFrom(Principal.class)) { - coll.add((T)principal); - } - return coll; - } - - @Override - public Collection fromRealm(String realm) { - if(AAFRealm.AAF_REALM.equals(realm)) { - return asList(); - } else { - return new ArrayList(); - } - } - - @Override - public Principal getPrimaryPrincipal() { - return principal; - } - - @Override - public Set getRealmNames() { - return realmSet; - } - - @Override - public boolean isEmpty() { - return principal==null; - } - - @SuppressWarnings("unchecked") - @Override - public T oneByType(Class cls) { - if(cls.isAssignableFrom(Principal.class)) { - return (T)principal; - } - return null; - } - -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java deleted file mode 100644 index 006547a9..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ /dev/null @@ -1,142 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import java.io.IOException; -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; - -import org.apache.shiro.authc.AuthenticationException; -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.UsernamePasswordToken; -import org.apache.shiro.realm.AuthorizingRealm; -import org.apache.shiro.subject.PrincipalCollection; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.LocatorException; -import org.onap.aaf.cadi.Permission; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; -import org.onap.aaf.cadi.aaf.v2_0.AAFCon; -import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.misc.env.APIException; - -public class AAFRealm extends AuthorizingRealm { - public static final String AAF_REALM = "AAFRealm"; - - private PropAccess access; - private AAFCon acon; - private AAFAuthn authn; - private HashSet> supports; - private AAFLurPerm authz; - - - /** - * - * There appears to be no configuration objects or references available for CADI to start with. - * - */ - public AAFRealm () { - access = new PropAccess(); // pick up cadi_prop_files from VM_Args - String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); - if(cadi_prop_files==null) { - String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - access.log(Level.INIT,msg); - throw new RuntimeException(msg); - } else { - try { - acon = AAFCon.newInstance(access); - authn = acon.newAuthn(); - authz = acon.newLur(authn); - } catch (APIException | CadiException | LocatorException e) { - String msg = "Cannot initiate AAFRealm"; - access.log(Level.INIT,msg,e.getMessage()); - throw new RuntimeException(msg,e); - } - } - supports = new HashSet>(); - supports.add(UsernamePasswordToken.class); - } - - @Override - protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token); - - final UsernamePasswordToken upt = (UsernamePasswordToken)token; - String password=new String(upt.getPassword()); - String err; - try { - err = authn.validate(upt.getUsername(),password); - } catch (IOException|CadiException e) { - err = "Credential cannot be validated"; - access.log(e, err); - } - - if(err != null) { - access.log(Level.DEBUG, err); - throw new AuthenticationException(err); - } - - return new AAFAuthenticationInfo( - access, - upt.getUsername(), - password - ); - } - - @Override - protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { - if(ai instanceof AAFAuthenticationInfo) { - if(!((AAFAuthenticationInfo)ai).matches(atoken)) { - throw new AuthenticationException("Credentials do not match"); - } - } else { - throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo"); - } - } - - - @Override - protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo"); - Principal bait = (Principal)principals.getPrimaryPrincipal(); - List pond = new ArrayList(); - authz.fishAll(bait,pond); - - return new AAFAuthorizationInfo(access,bait,pond); - - } - - @Override - public boolean supports(AuthenticationToken token) { - return supports.contains(token.getClass()); - } - - @Override - public String getName() { - return AAF_REALM; - } - -} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java deleted file mode 100644 index a348a045..00000000 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ -package org.onap.aaf.cadi.shiro; - -import org.apache.shiro.authz.Permission; - -public class AAFShiroPermission implements Permission { - private org.onap.aaf.cadi.Permission perm; - public AAFShiroPermission(org.onap.aaf.cadi.Permission perm) { - this.perm = perm; - } - @Override - public boolean implies(Permission sp) { - if(sp instanceof AAFShiroPermission) { - if(perm.match(((AAFShiroPermission)sp).perm)){ - return true; - } - } - return false; - } - - @Override - public String toString() { - return perm.toString(); - } - -} -- cgit 1.2.3-korg