summaryrefslogtreecommitdiffstats
path: root/shiro/src
diff options
context:
space:
mode:
Diffstat (limited to 'shiro/src')
-rw-r--r--shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java3
-rw-r--r--shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java6
-rw-r--r--shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java19
-rw-r--r--shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java5
4 files changed, 18 insertions, 15 deletions
diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java
index 99e387d..d936794 100644
--- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java
+++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java
@@ -65,19 +65,20 @@ public class AAFAuthenticationInfo implements AuthenticationInfo {
UsernamePasswordToken upt = (UsernamePasswordToken)atoken;
if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) {
byte[] newhash = getSaltedCred(new String(upt.getPassword()));
- access.printf(Level.INFO,"Successful authentication attempt by %s",upt.getPrincipal());
if(newhash.length==hash.length) {
for(int i=0;i<hash.length;++i) {
if(hash[i]!=newhash[i]) {
return false;
}
}
+ access.printf(Level.DEBUG,"UserPassword Matches for %s",upt.getPrincipal());
return true;
}
}
} else {
access.printf(Level.ERROR, "AAFAuthenticationInfo received non-AAF token %s (%s)",atoken.getPrincipal(),atoken.getClass().getName());
}
+ access.log(Level.DEBUG,"UserPassword does NOT match");
return false;
}
diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
index fc0f4ff..0035626 100644
--- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
+++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
@@ -73,20 +73,20 @@ public class AAFAuthorizationInfo implements AuthorizationInfo {
@Override
public Collection<String> getRoles() {
- access.log(Level.INFO,"AAFAuthorizationInfo.getRoles");
+ access.log(Level.DEBUG,"AAFAuthorizationInfo.getRoles");
// Until we decide to make Roles available, tie into String based permissions.
return getStringPermissions();
}
@Override
public Collection<String> getStringPermissions() {
- access.log(Level.INFO,"AAFAuthorizationInfo.getStringPermissions");
+ access.log(Level.DEBUG,"AAFAuthorizationInfo.getStringPermissions");
synchronized(bait) {
if(sPerms == null) {
sPerms = new ArrayList<String>();
for(org.onap.aaf.cadi.Permission p : pond) {
sPerms.add(p.getKey().replace("|",":"));
- access.printf(Level.INFO,"the user has %s",p.getKey());
+ access.printf(Level.INFO,"%s has %s",bait.getName(),p.getKey());
}
}
}
diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
index 52bf354..dbc57d7 100644
--- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
+++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java
@@ -23,12 +23,13 @@ package org.onap.aaf.cadi.shiro;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentSkipListSet;
+import java.util.TreeMap;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
@@ -83,7 +84,7 @@ public class AAFRealm extends AuthorizingRealm {
try {
mbc = new MapBathConverter(access, new CSV(csv));
access.log(Level.INFO, "MapBathConversion enabled with file ",csv);
- idMap = new ConcurrentHashMap<String,String>();
+ idMap = Collections.synchronizedMap(new TreeMap<String,String>());
// Load
for(Entry<String, String> es : mbc.map().entrySet()) {
String oldID = es.getKey();
@@ -115,7 +116,7 @@ public class AAFRealm extends AuthorizingRealm {
throw new RuntimeException(msg,e);
}
}
- supports = new ConcurrentSkipListSet<>();
+ supports = Collections.synchronizedSet(new HashSet<>());
supports.add(UsernamePasswordToken.class);
}
@@ -146,7 +147,7 @@ public class AAFRealm extends AuthorizingRealm {
logger.debug(str);
break;
case ERROR:
- logger.warn(str);
+ logger.error(str);
break;
case INFO:
case INIT:
@@ -174,7 +175,7 @@ public class AAFRealm extends AuthorizingRealm {
logger.debug(str);
break;
case ERROR:
- logger.warn(str);
+ logger.error(str);
break;
case INFO:
case INIT:
@@ -193,6 +194,7 @@ public class AAFRealm extends AuthorizingRealm {
public boolean willLog(Level level) {
if(super.willLog(level)) {
switch(level) {
+ case WARN:
case AUDIT:
return logger.isWarnEnabled();
case DEBUG:
@@ -206,9 +208,6 @@ public class AAFRealm extends AuthorizingRealm {
return false;
case TRACE:
return logger.isTraceEnabled();
- case WARN:
- return logger.isWarnEnabled();
-
}
}
return false;
@@ -287,8 +286,8 @@ public class AAFRealm extends AuthorizingRealm {
Principal newBait = bait;
if(singleton.idMap!=null) {
final String newID = singleton.idMap.get(bait.getName());
- singleton.access.printf(Level.INFO,"Successful authentication attempt by %s",bait.getName());
if(newID!=null) {
+ singleton.access.printf(Level.INFO,"Successful authentication Translation %s to %s",bait.getName(), newID);
newBait = new Principal() {
@Override
public String getName() {
diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
index f49ecb4..f159a8f 100644
--- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
+++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java
@@ -27,13 +27,14 @@ import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.subject.PrincipalCollection;
+import org.junit.Assert;
import org.junit.Test;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.shiro.AAFRealm;
import org.onap.aaf.cadi.shiro.AAFShiroPermission;
-import junit.framework.Assert;
+
public class JU_AAFRealm {
@@ -58,6 +59,8 @@ public class JU_AAFRealm {
testAPerm(false,azi,"org.osaaf.nons","resources","something","get");
// testAPerm(true,azi,"name","org.access","something","*");
// testAPerm(false,azi,"org.accessX","something","*");
+
+ Assert.assertEquals(true,ar.supports(upt));
} catch (Throwable t) {
t.printStackTrace();
Assert.fail();