diff options
| author |   Sai Gandham <sg481n@att.com> | 2018-07-02 22:37:37 -0500 |
|---|---|---|
| committer | Sai Gandham <sg481n@att.com> | 2018-07-02 22:37:56 -0500 |
| commit | a7f4def785c9e169ebcb4785d7561505e47f3fc0 (patch) | |
| tree | 9269cabdec93c0c3daeb907873cf5910e29495c3 | |
| parent | 61f3653ef53fc3b64e21ec3f22123274f3b5d732 (diff) | |
Moving Shiro modules to cadi repo
Issue-ID: AAF-380
Change-Id: If1029a16958335277ff38cdbe5662b0a14ea439f
Signed-off-by: Sai Gandham <sg481n@att.com>
| -rw-r--r-- | SOURCE_MOVED | 1 | ||||
| -rw-r--r-- | pom.xml | 569 | ||||
| -rw-r--r-- | shiro-osgi-bundle/.gitignore | 5 | ||||
| -rw-r--r-- | shiro-osgi-bundle/pom.xml | 97 | ||||
| -rw-r--r-- | shiro/.gitignore | 4 | ||||
| -rw-r--r-- | shiro/pom.xml | 204 | ||||
| -rw-r--r-- | shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 90 | ||||
| -rw-r--r-- | shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 94 | ||||
| -rw-r--r-- | shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java | 125 | ||||
| -rw-r--r-- | shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java | 142 | ||||
| -rw-r--r-- | shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java | 45 | ||||
| -rw-r--r-- | shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java | 93 | ||||
| -rw-r--r-- | version.properties | 6 |
13 files changed, 1153 insertions, 322 deletions
diff --git a/SOURCE_MOVED b/SOURCE_MOVED deleted file mode 100644 index 39822ab..0000000 --- a/SOURCE_MOVED +++ /dev/null @@ -1 +0,0 @@ -Source for "cadi" has been consolidated into "authz" repo as of the Beijing release @@ -1,79 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> <!-- - ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.onap.aaf.cadi</groupId> - <artifactId>parent</artifactId> - <name>aaf-cadi</name> - <version>1.0.0-SNAPSHOT</version> - <inceptionYear>2015-07-20</inceptionYear> + <artifactId>cadimiscparent</artifactId> + <version>2.1.2-SNAPSHOT</version> + <name>CADI Misc Modules</name> <packaging>pom</packaging> - <url>https://github.com/att/AAF</url> - <description>CADI</description> - <licenses> - <license> - <name>BSD License</name> - <url> </url> - </license> - </licenses> - <developers> - <developer> - <name>Jonathan Gathman</name> - <email></email> - <organization>ATT</organization> - <organizationUrl></organizationUrl> - </developer> - </developers> - - <parent> - <groupId>org.onap.oparent</groupId> - <artifactId>oparent</artifactId> - <version>1.1.0</version> - </parent> + + <parent> + <groupId>org.onap.oparent</groupId> + <artifactId>oparent</artifactId> + <version>1.1.0</version> + </parent> <properties> - <skipSigning>true</skipSigning> + <!-- <sonar.skip>true</sonar.skip> --> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <project.innoVersion>1.0.0-SNAPSHOT</project.innoVersion> - <project.authClientVersion>1.0.0-SNAPSHOT</project.authClientVersion> - <project.dme2Version>3.1.200</project.dme2Version> - <!-- version>2.8.5.8</version --> - <!-- version>2.6.20</version --> - <!-- version>2.6.29</version --> - <!-- version>2.8.1</version --> - <!-- version>2.8.2.5</version --> - <!-- jetty-version>8.1.7.v20120910</jetty-version --> - <!-- jetty-version>7.2.0.v20101020</jetty-version --> - <!-- project.jettyVersion>9.0.3.v20130506</project.jettyVersion --> - <project.cadiVersion>1.0.0-SNAPSHOT</project.cadiVersion> - + <project.jettyVersion>9.3.9.v20160517</project.jettyVersion> + <powermock.version>1.5.1</powermock.version> <!-- SONAR --> <jacoco.version>0.7.7.201606060606</jacoco.version> <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> <!-- Default Sonar configuration --> - <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath> - <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath> + <sonar.jacoco.reportPaths>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPaths> + <sonar.jacoco.itReportPaths>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPaths> <!-- Note: This list should match jacoco-maven-plugin's exclusion list below --> <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> <nexusproxy>https://nexus.onap.org</nexusproxy> @@ -82,19 +53,69 @@ <stagingNexusPath>/content/repositories/staging/</stagingNexusPath> <sitePath>/content/sites/site/org/onap/aaf/cadi/${project.artifactId}/${project.version}</sitePath> </properties> + <!-- ============================================================== --> <!-- Define the major contributors and developers of CADI --> <!-- ============================================================== --> - <contributors> - <contributor> + <developers> + <developer> <name>Jonathan Gathman</name> - <email></email> - <timezone>CST</timezone> - </contributor> - </contributors> + <email>jonathan.gathman@att.com</email> + <organization>ATT</organization> + <roles> + <role>Architect</role> + <role>Lead Developer</role> + </roles> + </developer> + <developer> + <name>Gabe Maurer</name> + <email>gabe.maurer@att.com</email> + <organization>ATT</organization> + <roles> + <role>Developer</role> + </roles> + </developer> + <developer> + <name>Ian Howell</name> + <email>ian.howell@att.com</email> + <organization>ATT</organization> + <roles> + <role>Developer</role> + </roles> + </developer> + <developer> + <name>Sai Gandham</name> + <email>sai.gandham@att.com</email> + <organization>ATT</organization> + <roles> + <role>Developer</role> + </roles> + </developer> + </developers> + <dependencies> <dependency> + <groupId>org.mockito</groupId> + <artifactId>mockito-all</artifactId> + <version>1.9.5</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.powermock</groupId> + <artifactId>powermock-module-junit4</artifactId> + <version>${powermock.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.powermock</groupId> + <artifactId>powermock-api-mockito</artifactId> + <version>${powermock.version}</version> + <scope>test</scope> + </dependency> + + <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.10</version> @@ -106,6 +127,8 @@ <!-- Define sub-projects (modules) --> <!-- ============================================================== --> <modules> + <module>shiro</module> + <module>shiro-osgi-bundle</module> </modules> <!-- ============================================================== --> @@ -113,127 +136,122 @@ <!-- ============================================================== --> <dependencyManagement> <dependencies> - <dependency> - <groupId>org.mockito</groupId> - <artifactId>mockito-all</artifactId> - <version>1.9.5</version> - <scope>test</scope> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-auth-client</artifactId> + <version>${project.version}</version> </dependency> + <dependency> <groupId>org.onap.aaf.authz</groupId> - <artifactId>authz-client</artifactId> - <version>${project.authClientVersion}</version> + <artifactId>aaf-cadi-core</artifactId> + <version>${project.version}</version> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-core</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-oauth</artifactId> <version>${project.version}</version> </dependency> + + <!-- Prevent Cycles in Testing --> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-core</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-core</artifactId> <version>${project.version}</version> <classifier>tests</classifier> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-cass</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-jetty</artifactId> <version>${project.version}</version> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-aaf</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-cass</artifactId> <version>${project.version}</version> - </dependency> + </dependency> - <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-aaf</artifactId> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> <version>${project.version}</version> - <classifier>full</classifier> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-client</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> <version>${project.version}</version> + <classifier>full</classifier> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-tomcat</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-client</artifactId> <version>${project.version}</version> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>cadi-tguard</artifactId> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-misc-env</artifactId> <version>${project.version}</version> </dependency> <dependency> - <groupId>org.onap.aaf.inno</groupId> - <artifactId>env</artifactId> - <version>${project.innoVersion}</version> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-misc-rosetta</artifactId> + <version>${project.version}</version> </dependency> <dependency> - <groupId>org.onap.aaf.inno</groupId> - <artifactId>rosetta</artifactId> - <version>${project.innoVersion}</version> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-misc-log4j</artifactId> + <version>${project.version}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-servlet</artifactId> - <version>9.0.3.v20130506</version> + <version>${project.jettyVersion}</version> + </dependency> + + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-io</artifactId> + <version>${project.jettyVersion}</version> + </dependency> + + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-security</artifactId> + <version>${project.jettyVersion}</version> </dependency> <dependency> <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-webapp</artifactId> - <version>9.0.3.v20130506</version> + <artifactId>jetty-http</artifactId> + <version>${project.jettyVersion}</version> </dependency> <dependency> - <groupId>org.eclipse.jetty.aggregate</groupId> - <artifactId>jetty-all</artifactId> - <version>9.0.3.v20130506</version> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-util</artifactId> + <version>${project.jettyVersion}</version> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - <version>2.5</version> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-server</artifactId> + <version>${project.jettyVersion}</version> </dependency> <dependency> - <groupId>com.att.aft</groupId> - <artifactId>dme2</artifactId> - <version>${project.dme2Version}</version> - <exclusions> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </exclusion> - <exclusion> - <groupId>log4j</groupId> - <artifactId>log4j</artifactId> - </exclusion> - <exclusion> - <groupId>com.att.javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - </exclusion> - <exclusion> - <groupId>javax.mail</groupId> - <artifactId>mail</artifactId> - </exclusion> - - </exclusions> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>3.0.1</version> </dependency> <dependency> @@ -250,7 +268,9 @@ <build> <testSourceDirectory>src/test/java</testSourceDirectory> <plugins> - + </plugins> + <pluginManagement> + <plugins> <plugin> <inherited>true</inherited> <groupId>org.apache.maven.plugins</groupId> @@ -261,7 +281,7 @@ <target>1.7</target> </configuration> </plugin> - + <plugin> <groupId>org.apache.maven.plugins</groupId> <version>2.4</version> @@ -275,67 +295,17 @@ </archive> </configuration> </plugin> - - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-surefire-plugin</artifactId> - <version>2.17</version> - <configuration> - <skipTests>false</skipTests> - <includes> - <include>**/JU*.java</include> - </includes> - <excludes> - <!-- <exclude>**/JU_LocalLur.java</exclude> --> - <!-- <exclude>**/JU_BufferedServletInputStream.java</exclude> --> - <!--<exclude>**/JU_Passcode.java</exclude> --> - <!--<exclude>**/JU_XReader.java</exclude> --> - <exclude>**/JU_CASS.java</exclude> - <exclude>**/JU_PropertyLocator.java</exclude> - <exclude>**/JU_PermEval.java</exclude> - <exclude>**/JU_JMeter.java</exclude> - <exclude>**/JU_Lur2_0Call.java</exclude> - </excludes> - </configuration> - </plugin> + <!-- Define the javadoc plugin --> <plugin> <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jarsigner-plugin</artifactId> - <version>1.2</version> - <executions> - <execution> - <id>sign</id> - <goals> - <goal>sign</goal> - </goals> - <configuration> - <!-- skip>${skipSigning}</skip --> - <archive>target/${project.artifactId}-${project.version}.jar</archive> - </configuration> - </execution> - <execution> - <id>verify</id> - <goals> - <goal>verify</goal> - </goals> - <configuration> - <archive>target/${project.artifactId}-${project.version}.jar</archive> - </configuration> - </execution> - </executions> + <artifactId>maven-javadoc-plugin</artifactId> + <version>2.10</version> <configuration> - <skip>true</skip> - <alias>cadi</alias> - <keystore>/Volumes/Data/src/cadi/keys/aaf_cadi.jks</keystore> - <storepass>Surprise!</storepass> - <keypass>Surprise!</keypass> - <verbose>true</verbose> - <certs>true</certs> + <excludePackageNames>org.opendaylight.*</excludePackageNames> </configuration> </plugin> - - + <plugin> <artifactId>maven-release-plugin</artifactId> <version>2.5.2</version> @@ -343,12 +313,12 @@ <goals>-s ${mvn.settings} deploy</goals> </configuration> </plugin> - + <plugin> <artifactId>maven-assembly-plugin</artifactId> <version>2.5.5</version> </plugin> - + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> @@ -356,62 +326,30 @@ <configuration> <skip>false</skip> </configuration> - + </plugin> - + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>2.10</version> </plugin> - - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <version>2.10.4</version> - <configuration> - <failOnError>false</failOnError> - </configuration> - <executions> - <execution> - <id>attach-javadocs</id> - <goals> - <goal>jar</goal> - </goals> - </execution> - </executions> - </plugin> - - - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-source-plugin</artifactId> - <version>2.2.1</version> - <executions> - <execution> - <id>attach-sources</id> - <goals> - <goal>jar-no-fork</goal> - </goals> - </execution> - </executions> - </plugin> - - - - <plugin> - <groupId>org.codehaus.mojo</groupId> - <artifactId>cobertura-maven-plugin</artifactId> - <version>2.7</version> - <configuration> - <formats> - <format>html</format> - <format>xml</format> - </formats> - </configuration> - </plugin> - - <!--This plugin's configuration is used to store Eclipse m2e settings + + <!-- Maven surefire plugin for testing --> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.17</version> + <configuration> + <skipTests>false</skipTests> + <includes> + <include>**/JU*.java</include> + </includes> + <excludes> + </excludes> + </configuration> + </plugin> + + <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself. --> <plugin> <groupId>org.eclipse.m2e</groupId> @@ -443,85 +381,79 @@ </lifecycleMappingMetadata> </configuration> </plugin> - <plugin> - <groupId>org.sonatype.plugins</groupId> - <artifactId>nexus-staging-maven-plugin</artifactId> - <version>1.6.7</version> - <extensions>true</extensions> - <configuration> - <nexusUrl>${nexusproxy}</nexusUrl> - <stagingProfileId>176c31dfe190a</stagingProfileId> - <serverId>ecomp-staging</serverId> - </configuration> - </plugin> - - <plugin> - <groupId>org.jacoco</groupId> - <artifactId>jacoco-maven-plugin</artifactId> - <version>${jacoco.version}</version> - <configuration> - <excludes> - <exclude>**/gen/**</exclude> - <exclude>**/generated-sources/**</exclude> - <exclude>**/yang-gen/**</exclude> - <exclude>**/pax/**</exclude> - </excludes> - </configuration> - <executions> - - <execution> - <id>pre-unit-test</id> - <goals> - <goal>prepare-agent</goal> - </goals> - <configuration> - <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile> - <propertyName>surefireArgLine</propertyName> - </configuration> - </execution> - - - <execution> - <id>post-unit-test</id> - <phase>test</phase> - <goals> - <goal>report</goal> - </goals> - <configuration> - <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile> - <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> - </configuration> - </execution> - <execution> - <id>pre-integration-test</id> - <phase>pre-integration-test</phase> - <goals> - <goal>prepare-agent</goal> - </goals> - <configuration> - <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile> - - <propertyName>failsafeArgLine</propertyName> - </configuration> - </execution> - - - <execution> - <id>post-integration-test</id> - <phase>post-integration-test</phase> - <goals> - <goal>report</goal> - </goals> - <configuration> - <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile> - <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory> - </configuration> - </execution> - </executions> - </plugin> - - </plugins> + <plugin> + <groupId>org.sonatype.plugins</groupId> + <artifactId>nexus-staging-maven-plugin</artifactId> + <version>1.6.7</version> + <extensions>true</extensions> + <configuration> + <nexusUrl>${nexusproxy}</nexusUrl> + <stagingProfileId>176c31dfe190a</stagingProfileId> + <serverId>ecomp-staging</serverId> + </configuration> + </plugin> + <plugin> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <version>${jacoco.version}</version> + <configuration> + <excludes> + <exclude>**/gen/**</exclude> + <exclude>**/generated-sources/**</exclude> + <exclude>**/yang-gen/**</exclude> + <exclude>**/pax/**</exclude> + </excludes> + </configuration> + <executions> + <execution> + <id>pre-unit-test</id> + <goals> + <goal>prepare-agent</goal> + </goals> + <configuration> + <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile> + <propertyName>surefireArgLine</propertyName> + </configuration> + </execution> + <execution> + <id>post-unit-test</id> + <phase>test</phase> + <goals> + <goal>report</goal> + </goals> + <configuration> + <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> + </configuration> + </execution> + <execution> + <id>pre-integration-test</id> + <phase>pre-integration-test</phase> + <goals> + <goal>prepare-agent</goal> + </goals> + <configuration> + <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile> + <propertyName>failsafeArgLine</propertyName> + </configuration> + </execution> + <execution> + <id>post-integration-test</id> + <phase>post-integration-test</phase> + <goals> + <goal>report</goal> + </goals> + <configuration> + <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </pluginManagement> </build> + <distributionManagement> <repository> <id>ecomp-releases</id> @@ -538,4 +470,5 @@ <url>dav:${nexusproxy}${sitePath}</url> </site> </distributionManagement> + </project> diff --git a/shiro-osgi-bundle/.gitignore b/shiro-osgi-bundle/.gitignore new file mode 100644 index 0000000..f4b8361 --- /dev/null +++ b/shiro-osgi-bundle/.gitignore @@ -0,0 +1,5 @@ +/target +/bin/ +/.classpath +/.settings +/.project diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml new file mode 100644 index 0000000..305eab7 --- /dev/null +++ b/shiro-osgi-bundle/pom.xml @@ -0,0 +1,97 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + + <parent> + <groupId>org.onap.aaf.cadi</groupId> + <artifactId>cadimiscparent</artifactId> + <version>2.1.2-SNAPSHOT</version> + <relativePath>..</relativePath> + </parent> + <modelVersion>4.0.0</modelVersion> + + <name>AAF Shiro CADI Plugin</name> + <artifactId>aaf-shiro-aafrealm-osgi-bundle</artifactId> + <packaging>bundle</packaging> + + <properties> + <sonar.skip>true</sonar.skip> + <cadi.shiro.version>2.1.0</cadi.shiro.version> + </properties> + + <build> + <plugins> + <plugin> + <groupId>org.apache.felix</groupId> + <artifactId>maven-bundle-plugin</artifactId> + <version>2.5.4</version> + <extensions>true</extensions> + <configuration> + <instructions> + <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName> + <Bundle-Version>${project.version}</Bundle-Version> + <Export-Package> + org.onap.aaf.cadi.shiro*;version=${cadi.shiro.version} + </Export-Package> + <Import-Package> + javax.servlet, + javax.servlet.http, + org.osgi.service.blueprint;version="[1.0.0,2.0.0)", + javax.net.ssl, + javax.crypto, + javax.crypto.spec, + javax.xml.bind.annotation, + javax.xml.bind, + javax.xml.transform, + javax.xml.datatype, + javax.management, + javax.security.auth, + javax.security.auth.login, + javax.security.auth.callback, + javax.xml.soap, + javax.xml.parsers, + javax.xml.namespace, + org.w3c.dom, + org.xml.sax, + javax.xml.transform.stream + </Import-Package> + <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency> + <!-- <Embed-Dependency>*;scope=compile|runtime;artifactId=!shiro-core;inline=false</Embed-Dependency> --> + <Embed-Transitive>true</Embed-Transitive> + <Fragment-Host>org.apache.shiro.core</Fragment-Host> + </instructions> + </configuration> + </plugin> + </plugins> + + + </build> + + <dependencies> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-shiro</artifactId> + <version>2.1.0</version> + </dependency> + </dependencies> +</project>
\ No newline at end of file diff --git a/shiro/.gitignore b/shiro/.gitignore new file mode 100644 index 0000000..6028f0a --- /dev/null +++ b/shiro/.gitignore @@ -0,0 +1,4 @@ +/.classpath +/.settings/ +/target/ +/.project diff --git a/shiro/pom.xml b/shiro/pom.xml new file mode 100644 index 0000000..081313b --- /dev/null +++ b/shiro/pom.xml @@ -0,0 +1,204 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <parent> + <groupId>org.onap.aaf.cadi</groupId> + <artifactId>cadimiscparent</artifactId> + <version>2.1.2-SNAPSHOT</version> + <relativePath>..</relativePath> + </parent> + + <modelVersion>4.0.0</modelVersion> + <name>AAF CADI Shiro Plugin</name> + <packaging>jar</packaging> + <artifactId>aaf-cadi-shiro</artifactId> + + <properties> + <!-- SONAR --> + <sonar.skip>true</sonar.skip> + <jacoco.version>0.7.7.201606060606</jacoco.version> + <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> + <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin> + <!-- Default Sonar configuration --> + <sonar.jacoco.reportPaths>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPaths> + <sonar.jacoco.itReportPaths>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPaths> + <!-- Note: This list should match jacoco-maven-plugin's exclusion list below --> + <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions> + <nexusproxy>https://nexus.onap.org</nexusproxy> + <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath> + <releaseNexusPath>/content/repositories/releases/</releaseNexusPath> + <stagingNexusPath>/content/repositories/staging/</stagingNexusPath> + <sitePath>/content/sites/site/org/onap/aaf/authz/${project.artifactId}/${project.version}</sitePath> + </properties> + + <developers> + <developer> + <name>Jonathan Gathman</name> + <email>jonathan.gathman@att.com</email> + <organization>ATT</organization> + <roles> + <role>Architect</role> + <role>Lead Developer</role> + </roles> + </developer> + <developer> + <name>Gabe Maurer</name> + <email>gabe.maurer@att.com</email> + <organization>ATT</organization> + <roles> + <role>Developer</role> + </roles> + </developer> + <developer> + <name>Ian Howell</name> + <email>ian.howell@att.com</email> + <organization>ATT</organization> + <roles> + <role>Developer</role> + </roles> + </developer> + <developer> + <name>Sai Gandham</name> + <email>sai.gandham@att.com</email> + <organization>ATT</organization> + <roles> + <role>Developer</role> + </roles> + </developer> + </developers> + + <dependencies> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> + </dependency> + <!--<dependency> + <groupId>org.apache.shiro</groupId> + <artifactId>shiro-core</artifactId> + <version>1.4.0</version> + </dependency> --> + + <dependency> + <groupId>org.apache.shiro</groupId> + <artifactId>shiro-core</artifactId> + <version>1.3.2</version> + </dependency> + + </dependencies> + <build> + <plugins> + <plugin> + <groupId>org.sonatype.plugins</groupId> + <artifactId>nexus-staging-maven-plugin</artifactId> + <extensions>true</extensions> + <configuration> + <nexusUrl>${nexusproxy}</nexusUrl> + <stagingProfileId>176c31dfe190a</stagingProfileId> + <serverId>ecomp-staging</serverId> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-deploy-plugin</artifactId> + <configuration> + <skip>false</skip> + </configuration> + </plugin> + <plugin> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <configuration> + <excludes> + <exclude>**/gen/**</exclude> + <exclude>**/generated-sources/**</exclude> + <exclude>**/yang-gen/**</exclude> + <exclude>**/pax/**</exclude> + </excludes> + </configuration> + <executions> + <execution> + <id>pre-unit-test</id> + <goals> + <goal>prepare-agent</goal> + </goals> + <configuration> + <destFile>${project.build.directory}/code-coverage/jacoco-ut.exec</destFile> + <propertyName>surefireArgLine</propertyName> + </configuration> + </execution> + <execution> + <id>post-unit-test</id> + <phase>test</phase> + <goals> + <goal>report</goal> + </goals> + <configuration> + <dataFile>${project.build.directory}/code-coverage/jacoco-ut.exec</dataFile> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-ut</outputDirectory> + </configuration> + </execution> + <execution> + <id>pre-integration-test</id> + <phase>pre-integration-test</phase> + <goals> + <goal>prepare-agent</goal> + </goals> + <configuration> + <destFile>${project.build.directory}/code-coverage/jacoco-it.exec</destFile> + <propertyName>failsafeArgLine</propertyName> + </configuration> + </execution> + <execution> + <id>post-integration-test</id> + <phase>post-integration-test</phase> + <goals> + <goal>report</goal> + </goals> + <configuration> + <dataFile>${project.build.directory}/code-coverage/jacoco-it.exec</dataFile> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-it</outputDirectory> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + + </build> + + <distributionManagement> + <repository> + <id>ecomp-releases</id> + <name>AAF Release Repository</name> + <url>${nexusproxy}${releaseNexusPath}</url> + </repository> + <snapshotRepository> + <id>ecomp-snapshots</id> + <name>AAF Snapshot Repository</name> + <url>${nexusproxy}${snapshotNexusPath}</url> + </snapshotRepository> + <site> + <id>ecomp-site</id> + <url>dav:${nexusproxy}${sitePath}</url> + </site> + </distributionManagement> +</project> diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java new file mode 100644 index 0000000..a1d304b --- /dev/null +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -0,0 +1,90 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.cadi.shiro; + +import java.nio.ByteBuffer; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.subject.PrincipalCollection; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Hash; +import org.onap.aaf.cadi.Access.Level; + +public class AAFAuthenticationInfo implements AuthenticationInfo { + private static final long serialVersionUID = -1502704556864321020L; + // We assume that Shiro is doing Memory Only, and this salt is not needed cross process + private final static int salt = new SecureRandom().nextInt(); + + private final AAFPrincipalCollection apc; + private final byte[] hash; + private Access access; + + public AAFAuthenticationInfo(Access access, String username, String password) { + this.access = access; + apc = new AAFPrincipalCollection(username); + hash = getSaltedCred(password); + } + @Override + public byte[] getCredentials() { + access.log(Level.DEBUG, "AAFAuthenticationInfo.getCredentials"); + return hash; + } + + @Override + public PrincipalCollection getPrincipals() { + access.log(Level.DEBUG, "AAFAuthenticationInfo.getPrincipals"); + return apc; + } + + public boolean matches(AuthenticationToken atoken) { + if(atoken instanceof UsernamePasswordToken) { + UsernamePasswordToken upt = (UsernamePasswordToken)atoken; + if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { + byte[] newhash = getSaltedCred(new String(upt.getPassword())); + if(newhash.length==hash.length) { + for(int i=0;i<hash.length;++i) { + if(hash[i]!=newhash[i]) { + return false; + } + } + return true; + } + } + } + return false; + } + + private byte[] getSaltedCred(String password) { + byte[] pbytes = password.getBytes(); + ByteBuffer bb = ByteBuffer.allocate(pbytes.length+Integer.SIZE/8); + bb.asIntBuffer().put(salt); + bb.put(password.getBytes()); + try { + return Hash.hashSHA256(bb.array()); + } catch (NoSuchAlgorithmException e) { + return new byte[0]; // should never get here + } + } +} diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java new file mode 100644 index 0000000..bfdc6bf --- /dev/null +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -0,0 +1,94 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.cadi.shiro; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.Permission; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; + +/** + * We treat "roles" and "permissions" in a similar way for first pass. + * + * @author JonathanGathman + * + */ +public class AAFAuthorizationInfo implements AuthorizationInfo { + private static final long serialVersionUID = -4805388954462426018L; + private Access access; + private Principal bait; + private List<org.onap.aaf.cadi.Permission> pond; + private ArrayList<String> sPerms; + private ArrayList<Permission> oPerms; + + public AAFAuthorizationInfo(Access access, Principal bait, List<org.onap.aaf.cadi.Permission> pond) { + this.access = access; + this.bait = bait; + this.pond = pond; + sPerms=null; + oPerms=null; + } + + public Principal principal() { + return bait; + } + + @Override + public Collection<Permission> getObjectPermissions() { + access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); + synchronized(bait) { + if(oPerms == null) { + oPerms = new ArrayList<Permission>(); + for(final org.onap.aaf.cadi.Permission p : pond) { + oPerms.add(new AAFShiroPermission(p)); + } + } + } + return oPerms; + } + + @Override + public Collection<String> getRoles() { + access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); + // Until we decide to make Roles available, tie into String based permissions. + return getStringPermissions(); + } + + @Override + public Collection<String> getStringPermissions() { + access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); + synchronized(bait) { + if(sPerms == null) { + sPerms = new ArrayList<String>(); + for(org.onap.aaf.cadi.Permission p : pond) { + sPerms.add(p.getKey()); + } + } + } + return sPerms; + } + +} diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java new file mode 100644 index 0000000..145968d --- /dev/null +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java @@ -0,0 +1,125 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.cadi.shiro; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.shiro.subject.PrincipalCollection; + +public class AAFPrincipalCollection implements PrincipalCollection { + private static final long serialVersionUID = 558246013419818831L; + private static final Set<String> realmSet; + private final Principal principal; + private List<Principal> list=null; + private Set<Principal> set=null; + + static { + realmSet = new HashSet<String>(); + realmSet.add(AAFRealm.AAF_REALM); + } + + public AAFPrincipalCollection(Principal p) { + principal = p; + } + + public AAFPrincipalCollection(final String principalName) { + principal = new Principal() { + private final String name = principalName; + @Override + public String getName() { + return name; + } + }; + } + + @Override + public Iterator<Principal> iterator() { + return null; + } + + @Override + public List<Principal> asList() { + if(list==null) { + list = new ArrayList<Principal>(); + } + list.add(principal); + return list; + } + + @Override + public Set<Principal> asSet() { + if(set==null) { + set = new HashSet<Principal>(); + } + set.add(principal); + return set; + } + + @SuppressWarnings("unchecked") + @Override + public <T> Collection<T> byType(Class<T> cls) { + Collection<T> coll = new ArrayList<T>(); + if(cls.isAssignableFrom(Principal.class)) { + coll.add((T)principal); + } + return coll; + } + + @Override + public Collection<Principal> fromRealm(String realm) { + if(AAFRealm.AAF_REALM.equals(realm)) { + return asList(); + } else { + return new ArrayList<Principal>(); + } + } + + @Override + public Principal getPrimaryPrincipal() { + return principal; + } + + @Override + public Set<String> getRealmNames() { + return realmSet; + } + + @Override + public boolean isEmpty() { + return principal==null; + } + + @SuppressWarnings("unchecked") + @Override + public <T> T oneByType(Class<T> cls) { + if(cls.isAssignableFrom(Principal.class)) { + return (T)principal; + } + return null; + } + +} diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java new file mode 100644 index 0000000..006547a --- /dev/null +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -0,0 +1,142 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.cadi.shiro; + +import java.io.IOException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; + +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.realm.AuthorizingRealm; +import org.apache.shiro.subject.PrincipalCollection; +import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.LocatorException; +import org.onap.aaf.cadi.Permission; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; +import org.onap.aaf.cadi.aaf.v2_0.AAFCon; +import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.misc.env.APIException; + +public class AAFRealm extends AuthorizingRealm { + public static final String AAF_REALM = "AAFRealm"; + + private PropAccess access; + private AAFCon<?> acon; + private AAFAuthn<?> authn; + private HashSet<Class<? extends AuthenticationToken>> supports; + private AAFLurPerm authz; + + + /** + * + * There appears to be no configuration objects or references available for CADI to start with. + * + */ + public AAFRealm () { + access = new PropAccess(); // pick up cadi_prop_files from VM_Args + String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); + if(cadi_prop_files==null) { + String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; + access.log(Level.INIT,msg); + throw new RuntimeException(msg); + } else { + try { + acon = AAFCon.newInstance(access); + authn = acon.newAuthn(); + authz = acon.newLur(authn); + } catch (APIException | CadiException | LocatorException e) { + String msg = "Cannot initiate AAFRealm"; + access.log(Level.INIT,msg,e.getMessage()); + throw new RuntimeException(msg,e); + } + } + supports = new HashSet<Class<? extends AuthenticationToken>>(); + supports.add(UsernamePasswordToken.class); + } + + @Override + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token); + + final UsernamePasswordToken upt = (UsernamePasswordToken)token; + String password=new String(upt.getPassword()); + String err; + try { + err = authn.validate(upt.getUsername(),password); + } catch (IOException|CadiException e) { + err = "Credential cannot be validated"; + access.log(e, err); + } + + if(err != null) { + access.log(Level.DEBUG, err); + throw new AuthenticationException(err); + } + + return new AAFAuthenticationInfo( + access, + upt.getUsername(), + password + ); + } + + @Override + protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { + if(ai instanceof AAFAuthenticationInfo) { + if(!((AAFAuthenticationInfo)ai).matches(atoken)) { + throw new AuthenticationException("Credentials do not match"); + } + } else { + throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo"); + } + } + + + @Override + protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo"); + Principal bait = (Principal)principals.getPrimaryPrincipal(); + List<Permission> pond = new ArrayList<Permission>(); + authz.fishAll(bait,pond); + + return new AAFAuthorizationInfo(access,bait,pond); + + } + + @Override + public boolean supports(AuthenticationToken token) { + return supports.contains(token.getClass()); + } + + @Override + public String getName() { + return AAF_REALM; + } + +} diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java new file mode 100644 index 0000000..a348a04 --- /dev/null +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFShiroPermission.java @@ -0,0 +1,45 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.cadi.shiro; + +import org.apache.shiro.authz.Permission; + +public class AAFShiroPermission implements Permission { + private org.onap.aaf.cadi.Permission perm; + public AAFShiroPermission(org.onap.aaf.cadi.Permission perm) { + this.perm = perm; + } + @Override + public boolean implies(Permission sp) { + if(sp instanceof AAFShiroPermission) { + if(perm.match(((AAFShiroPermission)sp).perm)){ + return true; + } + } + return false; + } + + @Override + public String toString() { + return perm.toString(); + } + +} diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java new file mode 100644 index 0000000..add449c --- /dev/null +++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java @@ -0,0 +1,93 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.cadi.shiro.test; + +import java.util.ArrayList; + +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authz.AuthorizationInfo; +import org.apache.shiro.authz.Permission; +import org.apache.shiro.subject.PrincipalCollection; +import org.junit.Test; +import org.onap.aaf.cadi.aaf.AAFPermission; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.shiro.AAFRealm; +import org.onap.aaf.cadi.shiro.AAFShiroPermission; + +import junit.framework.Assert; + +public class JU_AAFRealm { + + // TODO: Ian - fix this test + // @Test + // public void test() { + // // NOTE This is a live test. This JUnit needs to be built with "Mock" + // try { + // System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/etc/org.osaaf.common.props"); + // TestAAFRealm ar = new TestAAFRealm(); + + // UsernamePasswordToken upt = new UsernamePasswordToken("jonathan@people.osaaf.org", "new2You!"); + // AuthenticationInfo ani = ar.authn(upt); + + // AuthorizationInfo azi = ar.authz(ani.getPrincipals()); + // // Change this to something YOU have, Sai... + + // testAPerm(true,azi,"org.access","something","*"); + // testAPerm(false,azi,"org.accessX","something","*"); + // } catch (Throwable t) { + // t.printStackTrace(); + // Assert.fail(); + // } + // } + + private void testAPerm(boolean expect,AuthorizationInfo azi, String type, String instance, String action) { + + AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(type,instance,action,new ArrayList<String>())); + + boolean any = false; + for(Permission p : azi.getObjectPermissions()) { + if(p.implies(testPerm)) { + any = true; + } + } + if(expect) { + Assert.assertTrue(any); + } else { + Assert.assertFalse(any); + } + + + } + + /** + * Note, have to create a derived class, because "doGet"... are protected + */ + private class TestAAFRealm extends AAFRealm { + public AuthenticationInfo authn(UsernamePasswordToken upt) { + return doGetAuthenticationInfo(upt); + } + public AuthorizationInfo authz(PrincipalCollection pc) { + return doGetAuthorizationInfo(pc); + } + + } +} diff --git a/version.properties b/version.properties index 7bdcb45..c16deb0 100644 --- a/version.properties +++ b/version.properties @@ -25,9 +25,9 @@ # Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
# because they are used in Jenkins, whose plug-in doesn't support
-major=1
-minor=0
-patch=0
+major=2
+minor=1
+patch=2
base_version=${major}.${minor}.${patch}
|