diff options
Diffstat (limited to 'aaf/src/test/java/org/onap/aaf/example')
5 files changed, 430 insertions, 0 deletions
diff --git a/aaf/src/test/java/org/onap/aaf/example/CadiTest.java b/aaf/src/test/java/org/onap/aaf/example/CadiTest.java new file mode 100644 index 0000000..34ed858 --- /dev/null +++ b/aaf/src/test/java/org/onap/aaf/example/CadiTest.java @@ -0,0 +1,58 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.example;
+
+import java.net.HttpURLConnection;
+import java.net.URI;
+
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.config.SecurityInfoC;
+import org.onap.aaf.cadi.http.HClient;
+import org.onap.aaf.cadi.http.HX509SS;
+
+public class CadiTest {
+ public static void main(String args[]) {
+ Access access = new PropAccess();
+ try {
+ SecurityInfoC<HttpURLConnection> si = new SecurityInfoC<HttpURLConnection>(access);
+ HClient hclient = new HClient(
+ new HX509SS(si),
+ new URI("https://mithrilcsp.sbc.com:8085"),3000);
+ hclient.setMethod("OPTIONS");
+ hclient.setPathInfo("/gui/cadi/log/toggle/INFO");
+ hclient.send();
+ Future<String> future = hclient.futureReadString();
+ if(future.get(5000)) {
+ System.out.println(future.value);
+ } else {
+ System.out.printf("Error: %d-%s", future.code(),future.body());
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+}
diff --git a/aaf/src/test/java/org/onap/aaf/example/ExampleAuthCheck.java b/aaf/src/test/java/org/onap/aaf/example/ExampleAuthCheck.java new file mode 100644 index 0000000..65972cd --- /dev/null +++ b/aaf/src/test/java/org/onap/aaf/example/ExampleAuthCheck.java @@ -0,0 +1,57 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.example;
+
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
+import org.onap.aaf.cadi.locator.DNSLocator;
+
+public class ExampleAuthCheck {
+ public static void main(String args[]) {
+ // Link or reuse to your Logging mechanism
+ PropAccess myAccess = new PropAccess(); //
+
+ try {
+ AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(
+ myAccess,"https","localhost","8100"));
+ AAFAuthn<?> authn = acon.newAuthn();
+ long start;
+ for (int i=0;i<10;++i) {
+ start = System.nanoTime();
+ String err = authn.validate("", "gritty");
+ if(err!=null) System.err.println(err);
+ else System.out.println("I'm ok");
+
+ err = authn.validate("bogus", "gritty");
+ if(err!=null) System.err.println(err + " (correct error)");
+ else System.out.println("I'm ok");
+
+ System.out.println((System.nanoTime()-start)/1000000f + " ms");
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+}
diff --git a/aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0.java b/aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0.java new file mode 100644 index 0000000..f83b15b --- /dev/null +++ b/aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0.java @@ -0,0 +1,113 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.example;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConDME2;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+
+public class ExamplePerm2_0 {
+ public static void main(String args[]) {
+
+ // Link or reuse to your Logging mechanism
+ PropAccess myAccess = new PropAccess();
+
+ //
+ try {
+ AAFCon<?> acon = new AAFConDME2(myAccess);
+
+ // AAFLur has pool of DME clients as needed, and Caches Client lookups
+ AAFLurPerm aafLur = acon.newLur();
+
+ // Note: If you need both Authn and Authz construct the following:
+ AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);
+
+ // Do not set Mech ID until after you construct AAFAuthn,
+ // because we initiate "401" info to determine the Realm of
+ // of the service we're after.
+ acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");
+
+ try {
+
+ // Normally, you obtain Principal from Authentication System.
+ // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
+ // If you use CADI as Authenticator, it will get you these Principals from
+ // CSP or BasicAuth mechanisms.
+ String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";
+
+ // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
+ String ok = aafAuthn.validate(id, "XXXXXX");
+ if(ok!=null)System.out.println(ok);
+
+ ok = aafAuthn.validate(id, "wrongPass");
+ if(ok!=null)System.out.println(ok);
+
+
+ // AAF Style permissions are in the form
+ // Type, Instance, Action
+ AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");
+
+ // Now you can ask the LUR (Local Representative of the User Repository about Authorization
+ // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object
+ // instead of creating your own LUR
+ System.out.println("Does " + id + " have " + perm);
+ if(aafLur.fish(id, perm)) {
+ System.out.println("Yes, you have permission");
+ } else {
+ System.out.println("No, you don't have permission");
+ }
+
+ System.out.println("Does Bogus have " + perm);
+ if(aafLur.fish("Bogus", perm)) {
+ System.out.println("Yes, you have permission");
+ } else {
+ System.out.println("No, you don't have permission");
+ }
+
+ // Or you can all for all the Permissions available
+ List<Permission> perms = new ArrayList<Permission>();
+
+ aafLur.fishAll(id,perms);
+ for(Permission prm : perms) {
+ System.out.println(prm.getKey());
+ }
+
+ // It might be helpful in some cases to clear the User's identity from the Cache
+ aafLur.remove(id);
+ } finally {
+ aafLur.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+}
diff --git a/aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0_DME2.java b/aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0_DME2.java new file mode 100644 index 0000000..f6024a5 --- /dev/null +++ b/aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0_DME2.java @@ -0,0 +1,113 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.example;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.locator.DNSLocator;
+
+public class ExamplePerm2_0_DME2 {
+ public static void main(String args[]) {
+ // Link or reuse to your Logging mechanism
+ PropAccess myAccess = new PropAccess();
+
+ //
+ try {
+ AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(
+ myAccess,"https","localhost","8100"));
+
+ // AAFLur has pool of DME clients as needed, and Caches Client lookups
+ AAFLurPerm aafLur = acon.newLur();
+
+ // Note: If you need both Authn and Authz construct the following:
+ AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);
+
+ // Do not set Mech ID until after you construct AAFAuthn,
+ // because we initiate "401" info to determine the Realm of
+ // of the service we're after.
+ acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");
+
+ try {
+
+ // Normally, you obtain Principal from Authentication System.
+ // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
+ // If you use CADI as Authenticator, it will get you these Principals from
+ // CSP or BasicAuth mechanisms.
+ String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";
+
+ // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
+ String ok = aafAuthn.validate(id, "XXXXXX");
+ if(ok!=null)System.out.println(ok);
+
+ ok = aafAuthn.validate(id, "wrongPass");
+ if(ok!=null)System.out.println(ok);
+
+
+ // AAF Style permissions are in the form
+ // Type, Instance, Action
+ AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");
+
+ // Now you can ask the LUR (Local Representative of the User Repository about Authorization
+ // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object
+ // instead of creating your own LUR
+ System.out.println("Does " + id + " have " + perm);
+ if(aafLur.fish(id, perm)) {
+ System.out.println("Yes, you have permission");
+ } else {
+ System.out.println("No, you don't have permission");
+ }
+
+ System.out.println("Does Bogus have " + perm);
+ if(aafLur.fish("Bogus", perm)) {
+ System.out.println("Yes, you have permission");
+ } else {
+ System.out.println("No, you don't have permission");
+ }
+
+ // Or you can all for all the Permissions available
+ List<Permission> perms = new ArrayList<Permission>();
+
+ aafLur.fishAll(id,perms);
+ for(Permission prm : perms) {
+ System.out.println(prm.getKey());
+ }
+
+ // It might be helpful in some cases to clear the User's identity from the Cache
+ aafLur.remove(id);
+ } finally {
+ aafLur.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+}
diff --git a/aaf/src/test/java/org/onap/aaf/example/X509Test.java b/aaf/src/test/java/org/onap/aaf/example/X509Test.java new file mode 100644 index 0000000..ad5d4b2 --- /dev/null +++ b/aaf/src/test/java/org/onap/aaf/example/X509Test.java @@ -0,0 +1,89 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.example;
+
+import java.security.Principal;
+
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.locator.DNSLocator;
+import org.onap.aaf.cadi.lur.LocalPermission;
+
+public class X509Test {
+ public static void main(String args[]) {
+ // Link or reuse to your Logging mechanism
+
+ PropAccess myAccess = new PropAccess();
+
+ //
+ try {
+ AAFConHttp con = new AAFConHttp(myAccess,
+ new DNSLocator(myAccess,"https","mithrilcsp.sbc.com","8100"));
+
+ // AAFLur has pool of DME clients as needed, and Caches Client lookups
+ AAFLurPerm aafLur = con.newLur();
+
+ // Note: If you need both Authn and Authz construct the following:
+// AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);
+
+ // con.x509Alias("aaf.att"); // alias in keystore
+
+ try {
+
+ // Normally, you obtain Principal from Authentication System.
+// // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
+// // If you use CADI as Authenticator, it will get you these Principals from
+// // CSP or BasicAuth mechanisms.
+// String id = "cluster_admin@gridcore.att.com";
+//
+// // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
+ Future<String> fs =
+ con.client("2.0").read("/authz/perms/com.att.aaf.ca","application/Perms+json");
+ if(fs.get(3000)) {
+ System.out.println(fs.value);
+ } else {
+ System.out.println("Error: " + fs.code() + ':' + fs.body());
+ }
+
+ // Check on Perms with LUR
+ if(aafLur.fish(new Principal() {
+ @Override
+ public String getName() {
+ return "m12345@aaf.att.com";
+ }
+ }, new LocalPermission("com.att.aaf.ca|aaf|request"))) {
+ System.out.println("Has Perm");
+ } else {
+ System.out.println("Does NOT Have Perm");
+ }
+ } finally {
+ aafLur.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ }
+}
|