diff options
Diffstat (limited to 'shiro')
4 files changed, 18 insertions, 15 deletions
diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index 99e387d..d936794 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -65,19 +65,20 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { UsernamePasswordToken upt = (UsernamePasswordToken)atoken; if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { byte[] newhash = getSaltedCred(new String(upt.getPassword())); - access.printf(Level.INFO,"Successful authentication attempt by %s",upt.getPrincipal()); if(newhash.length==hash.length) { for(int i=0;i<hash.length;++i) { if(hash[i]!=newhash[i]) { return false; } } + access.printf(Level.DEBUG,"UserPassword Matches for %s",upt.getPrincipal()); return true; } } } else { access.printf(Level.ERROR, "AAFAuthenticationInfo received non-AAF token %s (%s)",atoken.getPrincipal(),atoken.getClass().getName()); } + access.log(Level.DEBUG,"UserPassword does NOT match"); return false; } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index fc0f4ff..0035626 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -73,20 +73,20 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection<String> getRoles() { - access.log(Level.INFO,"AAFAuthorizationInfo.getRoles"); + access.log(Level.DEBUG,"AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection<String> getStringPermissions() { - access.log(Level.INFO,"AAFAuthorizationInfo.getStringPermissions"); + access.log(Level.DEBUG,"AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList<String>(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); - access.printf(Level.INFO,"the user has %s",p.getKey()); + access.printf(Level.INFO,"%s has %s",bait.getName(),p.getKey()); } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 52bf354..dbc57d7 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -23,12 +23,13 @@ package org.onap.aaf.cadi.shiro; import java.io.IOException; import java.security.Principal; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentSkipListSet; +import java.util.TreeMap; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -83,7 +84,7 @@ public class AAFRealm extends AuthorizingRealm { try { mbc = new MapBathConverter(access, new CSV(csv)); access.log(Level.INFO, "MapBathConversion enabled with file ",csv); - idMap = new ConcurrentHashMap<String,String>(); + idMap = Collections.synchronizedMap(new TreeMap<String,String>()); // Load for(Entry<String, String> es : mbc.map().entrySet()) { String oldID = es.getKey(); @@ -115,7 +116,7 @@ public class AAFRealm extends AuthorizingRealm { throw new RuntimeException(msg,e); } } - supports = new ConcurrentSkipListSet<>(); + supports = Collections.synchronizedSet(new HashSet<>()); supports.add(UsernamePasswordToken.class); } @@ -146,7 +147,7 @@ public class AAFRealm extends AuthorizingRealm { logger.debug(str); break; case ERROR: - logger.warn(str); + logger.error(str); break; case INFO: case INIT: @@ -174,7 +175,7 @@ public class AAFRealm extends AuthorizingRealm { logger.debug(str); break; case ERROR: - logger.warn(str); + logger.error(str); break; case INFO: case INIT: @@ -193,6 +194,7 @@ public class AAFRealm extends AuthorizingRealm { public boolean willLog(Level level) { if(super.willLog(level)) { switch(level) { + case WARN: case AUDIT: return logger.isWarnEnabled(); case DEBUG: @@ -206,9 +208,6 @@ public class AAFRealm extends AuthorizingRealm { return false; case TRACE: return logger.isTraceEnabled(); - case WARN: - return logger.isWarnEnabled(); - } } return false; @@ -287,8 +286,8 @@ public class AAFRealm extends AuthorizingRealm { Principal newBait = bait; if(singleton.idMap!=null) { final String newID = singleton.idMap.get(bait.getName()); - singleton.access.printf(Level.INFO,"Successful authentication attempt by %s",bait.getName()); if(newID!=null) { + singleton.access.printf(Level.INFO,"Successful authentication Translation %s to %s",bait.getName(), newID); newBait = new Principal() { @Override public String getName() { diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java index f49ecb4..f159a8f 100644 --- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java +++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java @@ -27,13 +27,14 @@ import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.subject.PrincipalCollection; +import org.junit.Assert; import org.junit.Test; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.shiro.AAFRealm; import org.onap.aaf.cadi.shiro.AAFShiroPermission; -import junit.framework.Assert; + public class JU_AAFRealm { @@ -58,6 +59,8 @@ public class JU_AAFRealm { testAPerm(false,azi,"org.osaaf.nons","resources","something","get"); // testAPerm(true,azi,"name","org.access","something","*"); // testAPerm(false,azi,"org.accessX","something","*"); + + Assert.assertEquals(true,ar.supports(upt)); } catch (Throwable t) { t.printStackTrace(); Assert.fail(); |