aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorInstrumental <jonathan.gathman@att.com>2018-11-12 10:57:07 -0600
committerInstrumental <jonathan.gathman@att.com>2018-11-12 10:57:14 -0600
commit990a15f23a823ef02029950db5059888b7083801 (patch)
tree86dc0f817bc2717ff76379a46a5e6b8f672efac4
parentf2c2c058cf0660c94ad0a40445c6305b0be2de14 (diff)
Put MapBath code in Shiro
Issue-ID: AAF-618 Change-Id: Ibbee25744a479d40ed438f926d0d3785a76fc5d1 Signed-off-by: Instrumental <jonathan.gathman@att.com>
-rw-r--r--pom.xml2
-rw-r--r--shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java35
-rw-r--r--shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java54
3 files changed, 63 insertions, 28 deletions
diff --git a/pom.xml b/pom.xml
index 039d9e9..5fd7397 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.cadi</groupId>
<artifactId>parent</artifactId>
- <version>2.1.7-SNAPSHOT</version>
+ <version>2.1.7</version>
<name>CADI Plugins Parent</name>
<packaging>pom</packaging>
diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
index ccdaf73..96af26e 100644
--- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
+++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
@@ -37,10 +37,13 @@ import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.Symm;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.MapBathConverter;
+import org.onap.aaf.cadi.util.CSV;
import org.onap.aaf.misc.env.APIException;
public class AAFRealm extends AuthorizingRealm {
@@ -51,6 +54,7 @@ public class AAFRealm extends AuthorizingRealm {
private AAFAuthn<?> authn;
private HashSet<Class<? extends AuthenticationToken>> supports;
private AAFLurPerm authz;
+ private MapBathConverter mbc;
/**
@@ -60,6 +64,7 @@ public class AAFRealm extends AuthorizingRealm {
*/
public AAFRealm () {
access = new PropAccess(); // pick up cadi_prop_files from VM_Args
+ mbc = null;
String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES);
if(cadi_prop_files==null) {
String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm.";
@@ -70,6 +75,15 @@ public class AAFRealm extends AuthorizingRealm {
acon = AAFCon.newInstance(access);
authn = acon.newAuthn();
authz = acon.newLur(authn);
+
+ final String csv = access.getProperty(Config.CADI_BATH_CONVERT);
+ if(csv!=null) {
+ try {
+ mbc = new MapBathConverter(access, new CSV(csv));
+ } catch (IOException e) {
+ access.log(e);
+ }
+ }
} catch (APIException | CadiException | LocatorException e) {
String msg = "Cannot initiate AAFRealm";
access.log(Level.INIT,msg,e.getMessage());
@@ -85,10 +99,27 @@ public class AAFRealm extends AuthorizingRealm {
access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token);
final UsernamePasswordToken upt = (UsernamePasswordToken)token;
+ String user = upt.getUsername();
String password=new String(upt.getPassword());
+ if(mbc!=null) {
+ try {
+ final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password);
+ String bath = mbc.convert(access, oldBath);
+ if(bath!=oldBath) {
+ bath = Symm.base64noSplit.decode(bath.substring(6));
+ int colon = bath.indexOf(':');
+ if(colon>=0) {
+ user = bath.substring(0, colon);
+ password = bath.substring(colon+1);
+ }
+ }
+ } catch (IOException e) {
+ access.log(e);
+ }
+ }
String err;
try {
- err = authn.validate(upt.getUsername(),password);
+ err = authn.validate(user,password);
} catch (IOException e) {
err = "Credential cannot be validated";
access.log(e, err);
@@ -101,7 +132,7 @@ public class AAFRealm extends AuthorizingRealm {
return new AAFAuthenticationInfo(
access,
- upt.getUsername(),
+ user,
password
);
}
diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
index 591a56c..f915538 100644
--- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
+++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
@@ -27,9 +27,7 @@ import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.subject.PrincipalCollection;
-import org.junit.Test;
import org.onap.aaf.cadi.aaf.AAFPermission;
-import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.shiro.AAFRealm;
import org.onap.aaf.cadi.shiro.AAFShiroPermission;
@@ -37,31 +35,37 @@ import junit.framework.Assert;
public class JU_AAFRealm {
- // TODO: Ian - fix this test
- // @Test
- // public void test() {
- // // NOTE This is a live test. This JUnit needs to be built with "Mock"
- // try {
- // System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/etc/org.osaaf.common.props");
- // TestAAFRealm ar = new TestAAFRealm();
-
- // UsernamePasswordToken upt = new UsernamePasswordToken("jonathan@people.osaaf.org", "new2You!");
- // AuthenticationInfo ani = ar.authn(upt);
-
- // AuthorizationInfo azi = ar.authz(ani.getPrincipals());
- // // Change this to something YOU have, Sai...
-
- // testAPerm(true,azi,"org.access","something","*");
- // testAPerm(false,azi,"org.accessX","something","*");
- // } catch (Throwable t) {
- // t.printStackTrace();
- // Assert.fail();
- // }
- // }
+/*
+ @Test
+ public void test() {
+ // NOTE This is a live test. This JUnit needs to be built with "Mock" before it can be
+ // an official JUNIT
+ try {
+ System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/local/org.onap.aai.props");
+ TestAAFRealm ar = new TestAAFRealm();
+
+ //UsernamePasswordToken upt = new UsernamePasswordToken("demo@people.osaaf.org", "demo123456!");
+ UsernamePasswordToken upt = new UsernamePasswordToken("AAI", "AAI");
+
+ AuthenticationInfo ani = ar.authn(upt);
+
+ AuthorizationInfo azi = ar.authz(ani.getPrincipals());
+ // Change this to something YOU have, Sai...
+
+ testAPerm(true,azi,"org.onap.aai","resources","something","get");
+ testAPerm(false,azi,"org.osaaf.nons","resources","something","get");
+ // testAPerm(true,azi,"name","org.access","something","*");
+ // testAPerm(false,azi,"org.accessX","something","*");
+ } catch (Throwable t) {
+ t.printStackTrace();
+ Assert.fail();
+ }
+ }
+*/
- private void testAPerm(boolean expect, AuthorizationInfo azi, String name, String type, String instance, String action) {
+ private void testAPerm(boolean expect, AuthorizationInfo azi, String ns, String type, String instance, String action) {
- AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(type,name,instance,action,new ArrayList<String>()));
+ AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(ns,type,instance,action,new ArrayList<String>()));
boolean any = false;
for(Permission p : azi.getObjectPermissions()) {