diff options
Diffstat (limited to 'shiro')
5 files changed, 41 insertions, 36 deletions
diff --git a/shiro/pom.xml b/shiro/pom.xml index 1d435b0..09078cc 100644 --- a/shiro/pom.xml +++ b/shiro/pom.xml @@ -22,7 +22,7 @@ <parent> <groupId>org.onap.aaf.cadi</groupId> <artifactId>parent</artifactId> - <version>2.1.11-SNAPSHOT</version> + <version>2.1.12-SNAPSHOT</version> <relativePath>..</relativePath> </parent> diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index 45bdadc..beb9707 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -36,7 +36,7 @@ import org.onap.aaf.cadi.Hash; public class AAFAuthenticationInfo implements AuthenticationInfo { private static final long serialVersionUID = -1502704556864321020L; - final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); + final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); // We assume that Shiro is doing Memory Only, and this salt is not needed cross process private final static int salt = new SecureRandom().nextInt(); @@ -52,11 +52,13 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { } @Override public byte[] getCredentials() { +// logger.info("AAFAuthenticationInfo.getCredentials"); return hash; } @Override public PrincipalCollection getPrincipals() { +// logger.info( "AAFAuthenticationInfo.getPrincipals"); return apc; } @@ -65,6 +67,7 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { UsernamePasswordToken upt = (UsernamePasswordToken)atoken; if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { byte[] newhash = getSaltedCred(new String(upt.getPassword())); + logger.info("Successful authentication attempt by " +upt.getPrincipal()); if(newhash.length==hash.length) { for(int i=0;i<hash.length;++i) { if(hash[i]!=newhash[i]) { diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index f1bfd3c..4b0993b 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -31,6 +31,7 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; import org.slf4j.Logger; import org.slf4j.LoggerFactory; + /** * We treat "roles" and "permissions" in a similar way for first pass. * @@ -40,7 +41,7 @@ import org.slf4j.LoggerFactory; public class AAFAuthorizationInfo implements AuthorizationInfo { private static final long serialVersionUID = -4805388954462426018L; - final static Logger logger = LoggerFactory.getLogger(AAFAuthorizationInfo.class); + final static Logger logger = LoggerFactory.getLogger(AAFAuthorizationInfo.class); private Access access; private Principal bait; @@ -63,7 +64,7 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection<Permission> getObjectPermissions() { -// access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); +// logger.info("AAFAuthorizationInfo.getObjectPermissions"); synchronized(bait) { if(oPerms == null) { oPerms = new ArrayList<Permission>(); @@ -72,23 +73,29 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { } } } + + return oPerms; } @Override public Collection<String> getRoles() { +// logger.info("AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection<String> getStringPermissions() { + +// logger.info("AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList<String>(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); -// System.out.println("Replacing | to :" + p.getKey().replace("|",":")); + logger.info("the user has " +p.getKey()); + } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java index 145968d..15fad53 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java @@ -27,11 +27,15 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.apache.shiro.subject.PrincipalCollection; public class AAFPrincipalCollection implements PrincipalCollection { + private static final long serialVersionUID = 558246013419818831L; + private static final Logger logger = LoggerFactory.getLogger(AAFPrincipalCollection.class); private static final Set<String> realmSet; private final Principal principal; private List<Principal> list=null; @@ -44,6 +48,7 @@ public class AAFPrincipalCollection implements PrincipalCollection { public AAFPrincipalCollection(Principal p) { principal = p; + } public AAFPrincipalCollection(final String principalName) { diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 4b24c70..0fc962f 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -30,6 +30,7 @@ import java.util.Map; import java.util.Map.Entry; import java.util.TreeMap; + import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -55,7 +56,7 @@ import org.slf4j.LoggerFactory; public class AAFRealm extends AuthorizingRealm { - final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); + final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); public static final String AAF_REALM = "AAFRealm"; @@ -80,23 +81,14 @@ public class AAFRealm extends AuthorizingRealm { String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); if(cadi_prop_files==null) { String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - access.log(Level.DEBUG,msg); + logger.info(msg); throw new RuntimeException(msg); } else { try { - String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg"; - - PropertyConfigurator.configure(log4jConfigFile); - System.setOut(createLoggingProxy(System.out)); - System.setErr(createLoggingProxy(System.err)); - } catch(Exception e) { - e.printStackTrace(); - } - //System.out.println("Configuration done"); - try { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); authz = acon.newLur(authn); + final String csv = access.getProperty(Config.CADI_BATH_CONVERT); if(csv!=null) { try { @@ -122,39 +114,32 @@ public class AAFRealm extends AuthorizingRealm { } } idMap.put(oldID,newID); + } } catch (IOException e) { -// access.log(e); + logger.info(e.getMessage(), e); } } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; - access.log(Level.INIT,msg,e.getMessage()); + logger.info(msg + " "+ e.getMessage(), e); throw new RuntimeException(msg,e); } } supports = new HashSet<Class<? extends AuthenticationToken>>(); supports.add(UsernamePasswordToken.class); } - public static PrintStream createLoggingProxy(final PrintStream realPrintStream) { - return new PrintStream(realPrintStream) { - public void print(final String string) { - realPrintStream.print(string); - logger.info(string); - } - }; - } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + logger.info("AAFRealm.doGetAuthenticationInfo :"+token); final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); String authUser = user; final String password=new String(upt.getPassword()); String authPassword = password; - if(mbc!=null) { + if(mbc!=null) { try { - final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); String bath = mbc.convert(access, oldBath); if(bath!=oldBath) { @@ -163,12 +148,12 @@ public class AAFRealm extends AuthorizingRealm { if(colon>=0) { authUser = bath.substring(0, colon); authPassword = bath.substring(colon+1); - access.log(Level.DEBUG, authUser,"user authenticated"); - access.log(Level.DEBUG, authn.validate(authUser,authPassword)); } } } catch (IOException e) { - access.log(e); + + logger.info(e.getMessage(), e); + } } String err; @@ -176,11 +161,11 @@ public class AAFRealm extends AuthorizingRealm { err = authn.validate(authUser,authPassword); } catch (IOException e) { err = "Credential cannot be validated"; - access.log(Level.DEBUG, e, err); + logger.info(e.getMessage(), e); } if(err != null) { - access.log(Level.DEBUG, err, " - Credential cannot be validated"); + logger.info(err); throw new AuthenticationException(err); } @@ -188,29 +173,34 @@ public class AAFRealm extends AuthorizingRealm { access, user, password - ); - } @Override protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { + if(ai instanceof AAFAuthenticationInfo) { if(!((AAFAuthenticationInfo)ai).matches(atoken)) { throw new AuthenticationException("Credentials do not match"); + } + } else { throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo"); + } } + + @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; if(idMap!=null) { final String newID = idMap.get(bait.getName()); + logger.info("Successful authentication attempt by " +bait.getName()); if(newID!=null) { newBait = new Principal() { @Override |