diff options
author | Instrumental <jonathan.gathman@att.com> | 2018-11-12 10:57:07 -0600 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2018-11-12 10:57:14 -0600 |
commit | 990a15f23a823ef02029950db5059888b7083801 (patch) | |
tree | 86dc0f817bc2717ff76379a46a5e6b8f672efac4 | |
parent | f2c2c058cf0660c94ad0a40445c6305b0be2de14 (diff) |
Put MapBath code in Shiro
Issue-ID: AAF-618
Change-Id: Ibbee25744a479d40ed438f926d0d3785a76fc5d1
Signed-off-by: Instrumental <jonathan.gathman@att.com>
-rw-r--r-- | pom.xml | 2 | ||||
-rw-r--r-- | shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java | 35 | ||||
-rw-r--r-- | shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java | 54 |
3 files changed, 63 insertions, 28 deletions
@@ -22,7 +22,7 @@ <modelVersion>4.0.0</modelVersion> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.7-SNAPSHOT</version> + <version>2.1.7</version> <name>CADI Plugins Parent</name> <packaging>pom</packaging> diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index ccdaf73..96af26e 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -37,10 +37,13 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.Symm; import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.MapBathConverter; +import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; public class AAFRealm extends AuthorizingRealm { @@ -51,6 +54,7 @@ public class AAFRealm extends AuthorizingRealm { private AAFAuthn<?> authn; private HashSet<Class<? extends AuthenticationToken>> supports; private AAFLurPerm authz; + private MapBathConverter mbc; /** @@ -60,6 +64,7 @@ public class AAFRealm extends AuthorizingRealm { */ public AAFRealm () { access = new PropAccess(); // pick up cadi_prop_files from VM_Args + mbc = null; String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); if(cadi_prop_files==null) { String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; @@ -70,6 +75,15 @@ public class AAFRealm extends AuthorizingRealm { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); authz = acon.newLur(authn); + + final String csv = access.getProperty(Config.CADI_BATH_CONVERT); + if(csv!=null) { + try { + mbc = new MapBathConverter(access, new CSV(csv)); + } catch (IOException e) { + access.log(e); + } + } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; access.log(Level.INIT,msg,e.getMessage()); @@ -85,10 +99,27 @@ public class AAFRealm extends AuthorizingRealm { access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token); final UsernamePasswordToken upt = (UsernamePasswordToken)token; + String user = upt.getUsername(); String password=new String(upt.getPassword()); + if(mbc!=null) { + try { + final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); + String bath = mbc.convert(access, oldBath); + if(bath!=oldBath) { + bath = Symm.base64noSplit.decode(bath.substring(6)); + int colon = bath.indexOf(':'); + if(colon>=0) { + user = bath.substring(0, colon); + password = bath.substring(colon+1); + } + } + } catch (IOException e) { + access.log(e); + } + } String err; try { - err = authn.validate(upt.getUsername(),password); + err = authn.validate(user,password); } catch (IOException e) { err = "Credential cannot be validated"; access.log(e, err); @@ -101,7 +132,7 @@ public class AAFRealm extends AuthorizingRealm { return new AAFAuthenticationInfo( access, - upt.getUsername(), + user, password ); } diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java index 591a56c..f915538 100644 --- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java +++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java @@ -27,9 +27,7 @@ import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.subject.PrincipalCollection; -import org.junit.Test; import org.onap.aaf.cadi.aaf.AAFPermission; -import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.shiro.AAFRealm; import org.onap.aaf.cadi.shiro.AAFShiroPermission; @@ -37,31 +35,37 @@ import junit.framework.Assert; public class JU_AAFRealm { - // TODO: Ian - fix this test - // @Test - // public void test() { - // // NOTE This is a live test. This JUnit needs to be built with "Mock" - // try { - // System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/etc/org.osaaf.common.props"); - // TestAAFRealm ar = new TestAAFRealm(); - - // UsernamePasswordToken upt = new UsernamePasswordToken("jonathan@people.osaaf.org", "new2You!"); - // AuthenticationInfo ani = ar.authn(upt); - - // AuthorizationInfo azi = ar.authz(ani.getPrincipals()); - // // Change this to something YOU have, Sai... - - // testAPerm(true,azi,"org.access","something","*"); - // testAPerm(false,azi,"org.accessX","something","*"); - // } catch (Throwable t) { - // t.printStackTrace(); - // Assert.fail(); - // } - // } +/* + @Test + public void test() { + // NOTE This is a live test. This JUnit needs to be built with "Mock" before it can be + // an official JUNIT + try { + System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/local/org.onap.aai.props"); + TestAAFRealm ar = new TestAAFRealm(); + + //UsernamePasswordToken upt = new UsernamePasswordToken("demo@people.osaaf.org", "demo123456!"); + UsernamePasswordToken upt = new UsernamePasswordToken("AAI", "AAI"); + + AuthenticationInfo ani = ar.authn(upt); + + AuthorizationInfo azi = ar.authz(ani.getPrincipals()); + // Change this to something YOU have, Sai... + + testAPerm(true,azi,"org.onap.aai","resources","something","get"); + testAPerm(false,azi,"org.osaaf.nons","resources","something","get"); + // testAPerm(true,azi,"name","org.access","something","*"); + // testAPerm(false,azi,"org.accessX","something","*"); + } catch (Throwable t) { + t.printStackTrace(); + Assert.fail(); + } + } +*/ - private void testAPerm(boolean expect, AuthorizationInfo azi, String name, String type, String instance, String action) { + private void testAPerm(boolean expect, AuthorizationInfo azi, String ns, String type, String instance, String action) { - AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(type,name,instance,action,new ArrayList<String>())); + AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(ns,type,instance,action,new ArrayList<String>())); boolean any = false; for(Permission p : azi.getObjectPermissions()) { |