diff options
Diffstat (limited to 'shiro')
4 files changed, 30 insertions, 26 deletions
diff --git a/shiro/pom.xml b/shiro/pom.xml index 60a3de5..1d435b0 100644 --- a/shiro/pom.xml +++ b/shiro/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.10-SNAPSHOT</version> + <version>2.1.11-SNAPSHOT</version> <relativePath>..</relativePath> </parent> diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index 4e5d59b..45bdadc 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -24,7 +24,8 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import org.apache.log4j.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; @@ -35,7 +36,7 @@ import org.onap.aaf.cadi.Hash; public class AAFAuthenticationInfo implements AuthenticationInfo { private static final long serialVersionUID = -1502704556864321020L; - final static Logger logger = Logger.getLogger(AAFAuthenticationInfo.class); + final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); // We assume that Shiro is doing Memory Only, and this salt is not needed cross process private final static int salt = new SecureRandom().nextInt(); @@ -50,14 +51,12 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { hash = getSaltedCred(password); } @Override - public byte[] getCredentials() { - logger.debug("AAFAuthenticationInfo.getCredentials"); + public byte[] getCredentials() { return hash; } @Override public PrincipalCollection getPrincipals() { - logger.debug( "AAFAuthenticationInfo.getPrincipals"); return apc; } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 7633670..f1bfd3c 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -29,7 +29,8 @@ import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; - +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * We treat "roles" and "permissions" in a similar way for first pass. * @@ -38,6 +39,9 @@ import org.onap.aaf.cadi.Access.Level; */ public class AAFAuthorizationInfo implements AuthorizationInfo { private static final long serialVersionUID = -4805388954462426018L; + + final static Logger logger = LoggerFactory.getLogger(AAFAuthorizationInfo.class); + private Access access; private Principal bait; private List<org.onap.aaf.cadi.Permission> pond; @@ -50,6 +54,7 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { this.pond = pond; sPerms=null; oPerms=null; + } public Principal principal() { @@ -64,7 +69,6 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { oPerms = new ArrayList<Permission>(); for(final org.onap.aaf.cadi.Permission p : pond) { oPerms.add(new AAFShiroPermission(p)); - System.out.println("List user" + p); } } } @@ -73,20 +77,18 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection<String> getRoles() { -// access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection<String> getStringPermissions() { -// access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList<String>(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); - System.out.println("Replacing | to :" + p.getKey().replace("|",":")); +// System.out.println("Replacing | to :" + p.getKey().replace("|",":")); } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 091c22b..4b24c70 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -30,7 +30,6 @@ import java.util.Map; import java.util.Map.Entry; import java.util.TreeMap; -import org.apache.log4j.Logger; import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -51,9 +50,12 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + public class AAFRealm extends AuthorizingRealm { - final static Logger logger = Logger.getLogger(AAFRealm.class); + final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); public static final String AAF_REALM = "AAFRealm"; @@ -78,11 +80,12 @@ public class AAFRealm extends AuthorizingRealm { String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); if(cadi_prop_files==null) { String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - access.log(Level.INIT,msg); + access.log(Level.DEBUG,msg); throw new RuntimeException(msg); } else { try { String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg"; + PropertyConfigurator.configure(log4jConfigFile); System.setOut(createLoggingProxy(System.out)); System.setErr(createLoggingProxy(System.err)); @@ -94,7 +97,6 @@ public class AAFRealm extends AuthorizingRealm { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); authz = acon.newLur(authn); - final String csv = access.getProperty(Config.CADI_BATH_CONVERT); if(csv!=null) { try { @@ -122,12 +124,12 @@ public class AAFRealm extends AuthorizingRealm { idMap.put(oldID,newID); } } catch (IOException e) { - logger.error(e.getMessage(), e); +// access.log(e); } } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; - logger.info(msg + " "+ e.getMessage(), e); + access.log(Level.INIT,msg,e.getMessage()); throw new RuntimeException(msg,e); } } @@ -145,15 +147,14 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - logger.debug("AAFRealm.doGetAuthenticationInfo :"+token); - final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); String authUser = user; final String password=new String(upt.getPassword()); String authPassword = password; - if(mbc!=null) { + if(mbc!=null) { try { + final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); String bath = mbc.convert(access, oldBath); if(bath!=oldBath) { @@ -161,11 +162,13 @@ public class AAFRealm extends AuthorizingRealm { int colon = bath.indexOf(':'); if(colon>=0) { authUser = bath.substring(0, colon); - authPassword = bath.substring(colon+1); + authPassword = bath.substring(colon+1); + access.log(Level.DEBUG, authUser,"user authenticated"); + access.log(Level.DEBUG, authn.validate(authUser,authPassword)); } } } catch (IOException e) { - logger.error(e.getMessage(), e); + access.log(e); } } String err; @@ -173,11 +176,11 @@ public class AAFRealm extends AuthorizingRealm { err = authn.validate(authUser,authPassword); } catch (IOException e) { err = "Credential cannot be validated"; - logger.error(err, e); + access.log(Level.DEBUG, e, err); } if(err != null) { - logger.debug(err); + access.log(Level.DEBUG, err, " - Credential cannot be validated"); throw new AuthenticationException(err); } @@ -185,7 +188,9 @@ public class AAFRealm extends AuthorizingRealm { access, user, password + ); + } @Override @@ -202,7 +207,6 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - logger.debug("AAFRealm.doGetAuthenthorizationInfo"); Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; if(idMap!=null) { @@ -218,7 +222,6 @@ public class AAFRealm extends AuthorizingRealm { } List<Permission> pond = new ArrayList<>(); authz.fishAll(newBait,pond); - return new AAFAuthorizationInfo(access,bait,pond); } |