From 62c4eb45e157d502463d797c1353802ca8e1e307 Mon Sep 17 00:00:00 2001 From: sg481n Date: Fri, 25 Aug 2017 01:57:24 -0400 Subject: Update project structure for aaf/cadi Update project structure from com.att to org.onap and add distribution management and staging plugin. Issue-id: AAF-22 Change-Id: Idf2b591139e38921ad28782a51486714a05dee92 Signed-off-by: sg481n --- cass/pom.xml | 84 ++++++-- .../att/cadi/aaf/cass/AAFAuthenticatedUser.java | 111 ---------- .../com/att/cadi/aaf/cass/AAFAuthenticator.java | 175 ---------------- .../java/com/att/cadi/aaf/cass/AAFAuthorizer.java | 227 --------------------- .../main/java/com/att/cadi/aaf/cass/AAFBase.java | 192 ----------------- .../aaf/cadi/aaf/cass/AAFAuthenticatedUser.java | 110 ++++++++++ .../onap/aaf/cadi/aaf/cass/AAFAuthenticator.java | 174 ++++++++++++++++ .../org/onap/aaf/cadi/aaf/cass/AAFAuthorizer.java | 226 ++++++++++++++++++++ .../java/org/onap/aaf/cadi/aaf/cass/AAFBase.java | 191 +++++++++++++++++ cass/src/test/java/com/att/aaf/cass/JU_CASS.java | 107 ---------- .../java/com/att/cadi/aaf/cass/test/JU_CASS.java | 107 ---------- .../org/onap/aaf/cadi/aaf/cass/test/JU_CASS.java | 106 ++++++++++ cass/src/test/java/org/onap/aaf/cass/JU_CASS.java | 106 ++++++++++ 13 files changed, 980 insertions(+), 936 deletions(-) delete mode 100644 cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticatedUser.java delete mode 100644 cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticator.java delete mode 100644 cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthorizer.java delete mode 100644 cass/src/main/java/com/att/cadi/aaf/cass/AAFBase.java create mode 100644 cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticatedUser.java create mode 100644 cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticator.java create mode 100644 cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthorizer.java create mode 100644 cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFBase.java delete mode 100644 cass/src/test/java/com/att/aaf/cass/JU_CASS.java delete mode 100644 cass/src/test/java/com/att/cadi/aaf/cass/test/JU_CASS.java create mode 100644 cass/src/test/java/org/onap/aaf/cadi/aaf/cass/test/JU_CASS.java create mode 100644 cass/src/test/java/org/onap/aaf/cass/JU_CASS.java (limited to 'cass') diff --git a/cass/pom.xml b/cass/pom.xml index 4e07ae8..9af30fa 100644 --- a/cass/pom.xml +++ b/cass/pom.xml @@ -22,7 +22,7 @@ --> - com.att.cadi + org.onap.aaf.cadi parent 1.0.0-SNAPSHOT .. @@ -34,10 +34,18 @@ https://github.com/att/AAF CADI cadi-cass - + + UTF-8 + 1.0.0-SNAPSHOT + https://nexus.onap.org + /content/repositories/snapshots/ + /content/repositories/releases/ + /content/repositories/staging/ + /content/sites/site/${project.groupId}/${project.artifactId}/${project.version} + - com.att.cadi + org.onap.aaf.cadi cadi-aaf @@ -96,19 +104,61 @@ - - - - org.sonatype.plugins - nexus-staging-maven-plugin - 1.6.7 - true - - ossrhdme - https://oss.sonatype.org/ - true - - + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.6.7 + true + + ${nexusproxy} + 176c31dfe190a + ecomp-staging + + - + + + + ecomp-releases + AAF Release Repository + ${nexusproxy}${releaseNexusPath} + + + ecomp-snapshots + AAF Snapshot Repository + ${nexusproxy}${snapshotNexusPath} + + + ecomp-site + dav:${nexusproxy}${sitePath} + + + + + onap-plugin-snapshots + https://nexus.onap.org/content/repositories/snapshots/ + + + + + + central + Maven 2 repository 2 + http://repo2.maven.org/maven2/ + + + onap-jar-snapshots + https://nexus.onap.org/content/repositories/snapshots + + + spring-repo + Spring repo + https://artifacts.alfresco.com/nexus/content/repositories/public/ + + + repository.jboss.org-public + JBoss.org Maven repository + https://repository.jboss.org/nexus/content/groups/public + + diff --git a/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticatedUser.java b/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticatedUser.java deleted file mode 100644 index e847bd0..0000000 --- a/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticatedUser.java +++ /dev/null @@ -1,111 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.cass; - -import java.security.Principal; - -import org.apache.cassandra.auth.AuthenticatedUser; - -import com.att.cadi.Access; - -public class AAFAuthenticatedUser extends AuthenticatedUser implements Principal { - private boolean anonymous = false, supr=false, local=false; - private String fullName; -// private Access access; - - public AAFAuthenticatedUser(Access access, String name) { - super(name); -// this.access = access; - int endIndex = name.indexOf("@"); - if(endIndex >= 0) { - fullName = name; - } else { - fullName = name + '@' + AAFBase.default_realm; - } - } - - public String getFullName() { - return fullName; - } - - public String getName() { - return fullName; - } - - /* (non-Javadoc) - * @see org.apache.cassandra.auth.AuthenticatedUser#isAnonymous() - */ - @Override - public boolean isAnonymous() { - return anonymous; - } - - public void setAnonymous(boolean anon) { - anonymous = anon; - } - - public boolean getAnonymous() { - return anonymous; - } - - /* (non-Javadoc) - * @see org.apache.cassandra.auth.AuthenticatedUser#isSuper() - */ - @Override - public boolean isSuper() { - return supr; - } - - public void setSuper(boolean supr) { - this.supr = supr; - } - - public boolean getSuper() { - return supr; - } - - /** - * We check Local so we can compare with the right Lur. This is AAF Plugin only. - * @return - */ - public boolean isLocal() { - return local; - } - - public void setLocal(boolean val) { - local = val; - } - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (!(o instanceof AAFAuthenticatedUser)) return false; - return ((AuthenticatedUser)o).getName().equals(this.getName()); - } - - @Override - public int hashCode() { - //access.log(Level.DEBUG, "AAFAuthentication hashcode ",getName().hashCode()); - return getName().hashCode(); - } -} diff --git a/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticator.java b/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticator.java deleted file mode 100644 index 631a3fa..0000000 --- a/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthenticator.java +++ /dev/null @@ -1,175 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.cass; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.util.Arrays; -import java.util.HashMap; -import java.util.Map; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.auth.ISaslAwareAuthenticator; -import org.apache.cassandra.exceptions.AuthenticationException; -import org.apache.cassandra.exceptions.InvalidRequestException; -import org.apache.cassandra.exceptions.RequestExecutionException; - -import com.att.cadi.Access.Level; -import com.att.cadi.CredVal.Type; -import com.att.cadi.Symm; -import com.att.cadi.config.Config; - -public class AAFAuthenticator extends AAFBase implements ISaslAwareAuthenticator { - - public boolean requireAuthentication() { - return true; - } - - /** - * Invoked to authenticate an user - */ - public AuthenticatedUser authenticate(Map credentials) throws AuthenticationException { - String username = (String)credentials.get("username"); - if (username == null) { - throw new AuthenticationException("'username' is missing"); - } - - AAFAuthenticatedUser aau = new AAFAuthenticatedUser(access,username); - String fullName=aau.getFullName(); - access.log(Level.DEBUG, "Authenticating", aau.getName(),"(", fullName,")"); - - String password = (String)credentials.get("password"); - if (password == null) { - throw new AuthenticationException("'password' is missing"); - } else if(password.startsWith("bsf:")) { - try { - password = Symm.base64noSplit.depass(password); - } catch (IOException e) { - throw new AuthenticationException("AAF bnf: Password cannot be decoded"); - } - } else if(password.startsWith("enc:???")) { - try { - password = access.decrypt(password, true); - } catch (IOException e) { - throw new AuthenticationException("AAF Encrypted Password cannot be decrypted"); - } - } - - if(localLur!=null) { - access.log(Level.DEBUG, "Validating",fullName, "with LocalTaf", password); - if(localLur.validate(fullName, Type.PASSWORD, password.getBytes())) { - aau.setAnonymous(true); - aau.setLocal(true); - access.log(Level.DEBUG, fullName, "is authenticated locally"); - return aau; - } - } - - String aafResponse; - try { - access.log(Level.DEBUG, "Validating",fullName, "with AAF");//, password); - aafResponse = aafAuthn.validate(fullName, password); - if(aafResponse != null) { // Reason for failing. - access.log(Level.AUDIT, "AAF reports ",fullName,":",aafResponse); - throw new AuthenticationException(aafResponse); - } - access.log(Level.AUDIT, fullName, "is authenticated"); //,password); - // This tells Cassandra to skip checking it's own tables for User Entries. - aau.setAnonymous(true); - } catch (AuthenticationException ex) { - throw ex; - } catch(Exception ex) { - access.log(ex,"Exception validating user"); - throw new AuthenticationException("Exception validating user"); - } - - return aau; - } - - public void create(String username, Map options) throws InvalidRequestException, RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to create user"); - } - - public void alter(String username, Map options) throws RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to alter user"); - } - - public void drop(String username) throws RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to delete user"); - } - - public SaslAuthenticator newAuthenticator() { - return new ISaslAwareAuthenticator.SaslAuthenticator() { - private boolean complete = false; - private Map credentials; - - public byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationException { - this.credentials = decodeCredentials(clientResponse); - this.complete = true; - return null; - } - - public boolean isComplete() { - return this.complete; - } - - public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException { - return AAFAuthenticator.this.authenticate(this.credentials); - } - - private Map decodeCredentials(byte[] bytes) throws AuthenticationException { - access.log(Level.DEBUG,"Decoding credentials from client token"); - byte[] user = null; - byte[] pass = null; - int end = bytes.length; - for (int i = bytes.length - 1; i >= 0; i--) - { - if (bytes[i] != 0) - continue; - if (pass == null) - pass = Arrays.copyOfRange(bytes, i + 1, end); - else if (user == null) - user = Arrays.copyOfRange(bytes, i + 1, end); - end = i; - } - - if (user == null) - throw new AuthenticationException("Authentication ID must not be null"); - if (pass == null) { - throw new AuthenticationException("Password must not be null"); - } - Map credentials = new HashMap(); - try { - credentials.put(IAuthenticator.USERNAME_KEY, new String(user, Config.UTF_8)); - credentials.put(IAuthenticator.PASSWORD_KEY, new String(pass, Config.UTF_8)); - } catch (UnsupportedEncodingException e) { - throw new AuthenticationException(e.getMessage()); - } - return credentials; - } - }; - } - -} - diff --git a/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthorizer.java b/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthorizer.java deleted file mode 100644 index 650e570..0000000 --- a/cass/src/main/java/com/att/cadi/aaf/cass/AAFAuthorizer.java +++ /dev/null @@ -1,227 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.cass; - -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Set; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IAuthorizer; -import org.apache.cassandra.auth.IResource; -import org.apache.cassandra.auth.Permission; -import org.apache.cassandra.auth.PermissionDetails; -import org.apache.cassandra.exceptions.RequestExecutionException; -import org.apache.cassandra.exceptions.RequestValidationException; - -import com.att.cadi.Access.Level; -import com.att.cadi.aaf.v2_0.AbsAAFLur; -import com.att.cadi.lur.LocalPermission; - -public class AAFAuthorizer extends AAFBase implements IAuthorizer { - // Returns every permission on the resource granted to the user. - public Set authorize(AuthenticatedUser user, IResource resource) { - String uname, rname; - access.log(Level.DEBUG,"Authorizing",uname=user.getName(),"for",rname=resource.getName()); - - Set permissions; - - if(user instanceof AAFAuthenticatedUser) { - AAFAuthenticatedUser aafUser = (AAFAuthenticatedUser) user; - aafUser.setAnonymous(false); - - if(aafUser.isLocal()) { - permissions = checkPermissions(aafUser, new LocalPermission( - rname.replaceFirst("data", cluster_name) - )); - } else { - permissions = checkPermissions( - aafUser, - perm_type, - ':'+rname.replaceFirst("data", cluster_name).replace('/', ':')); - } - } else { - permissions = Permission.NONE; - } - - access.log(Level.INFO,"Permissions on",rname,"for",uname,':', permissions); - - return permissions; - } - - /** - * Check only for Localized IDs (see cadi.properties) - * @param aau - * @param perm - * @return - */ - private Set checkPermissions(AAFAuthenticatedUser aau, LocalPermission perm) { - if(localLur.fish(aau.getFullName(), perm)) { -// aau.setSuper(true); - return Permission.ALL; - } else { - return Permission.NONE; - } - } - - /** - * Check remoted AAF Permissions - * @param aau - * @param type - * @param instance - * @return - */ - private Set checkPermissions(AAFAuthenticatedUser aau, String type, String instance) { - // Can perform ALL actions - String fullName = aau.getFullName(); - PermHolder ph = new PermHolder(aau); - aafLur.fishOneOf(fullName, ph,type,instance,actions); - return ph.permissions; - } - - private class PermHolder { - private AAFAuthenticatedUser aau; - public PermHolder(AAFAuthenticatedUser aau) { - this.aau = aau; - } - public Set permissions = Permission.NONE; - public void mutable() { - if(permissions==Permission.NONE) { - permissions = new HashSet(); - } - } - }; - - /** - * This specialty List avoid extra Object Creation, and allows the Lur to do a Vistor on all appropriate Perms - */ - private static final ArrayList> actions = new ArrayList>(); - static { - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "*"; - } - - public boolean exec(PermHolder a) { - a.aau.setSuper(true); - a.permissions = Permission.ALL; - return true; - } - }); - - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "SELECT"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.SELECT); - return false; - } - }); - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "MODIFY"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.MODIFY); - return false; - } - }); - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "CREATE"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.CREATE); - return false; - } - }); - - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "ALTER"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.ALTER); - return false; - } - }); - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "DROP"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.DROP); - return false; - } - }); - actions.add(new AbsAAFLur.Action() { - public String getName() { - return "AUTHORIZE"; - } - - public boolean exec(PermHolder ph) { - ph.mutable(); - ph.permissions.add(Permission.AUTHORIZE); - return false; - } - }); - - - }; - - - public void grant(AuthenticatedUser performer, Set permissions, IResource resource, String to) throws RequestExecutionException { - access.log(Level.INFO, "Use AAF CLI to grant permission(s) to user/role"); - } - - public void revoke(AuthenticatedUser performer, Set permissions, IResource resource, String from) throws RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role"); - } - - public Set list(AuthenticatedUser performer, Set permissions, IResource resource, String of) throws RequestValidationException, RequestExecutionException { - access.log(Level.INFO,"Use AAF CLI to find the list of permissions"); - return null; - } - - // Called prior to deleting the user with DROP USER query. Internal hook, so no permission checks are needed here. - public void revokeAll(String droppedUser) { - access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role"); - } - - // Called after a resource is removed (DROP KEYSPACE, DROP TABLE, etc.). - public void revokeAll(IResource droppedResource) { - access.log(Level.INFO,"Use AAF CLI to delete the unused permission", droppedResource.getName()); - } - -} diff --git a/cass/src/main/java/com/att/cadi/aaf/cass/AAFBase.java b/cass/src/main/java/com/att/cadi/aaf/cass/AAFBase.java deleted file mode 100644 index 4d82a6b..0000000 --- a/cass/src/main/java/com/att/cadi/aaf/cass/AAFBase.java +++ /dev/null @@ -1,192 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.cass; - -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; -import java.net.URL; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; - -import org.apache.cassandra.auth.DataResource; -import org.apache.cassandra.auth.IAuthenticator; -import org.apache.cassandra.config.DatabaseDescriptor; -import org.apache.cassandra.exceptions.ConfigurationException; - -import com.att.cadi.Access; -import com.att.cadi.Access.Level; -import com.att.cadi.Lur; -import com.att.cadi.SLF4JAccess; -import com.att.cadi.aaf.v2_0.AAFAuthn; -import com.att.cadi.aaf.v2_0.AAFCon; -import com.att.cadi.aaf.v2_0.AbsAAFLur; -import com.att.cadi.config.Config; -import com.att.cadi.lur.EpiLur; -import com.att.cadi.lur.LocalLur; -import com.att.cadi.aaf.AAFPermission; - -public abstract class AAFBase { - protected static final Set options; - protected static final Set dataResource; - - static { - options = new HashSet(); - options.add(IAuthenticator.Option.PASSWORD); - - dataResource = new HashSet(); - dataResource.add(DataResource.columnFamily("system_auth", "credentials")); - } - - protected static Access access; - protected static LocalLur localLur; - protected static AAFCon aafcon; - protected static AAFAuthn aafAuthn; - protected static AbsAAFLur aafLur; - protected static String default_realm; - protected static String cluster_name; - protected static String perm_type; - private static boolean props_ok = false; - - /** - * If you use your own Access Class, this must be called before - * "setup()" is invoked by Cassandra. - * - * Otherwise, it will default to reading Properties CADI style. - * - * @param access - */ - public static void setAccess(Access access) { - AAFBase.access = access; - } - - - public void validateConfiguration() throws ConfigurationException { - setup(); - if(!props_ok) { - throw new ConfigurationException("AAF not initialized"); - } - } - - @SuppressWarnings("unchecked") - public synchronized void setup() { - if(aafAuthn == null) { - try { - if(access==null) { - String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties"); - Properties initial = new Properties(); - URL cadi_props = ClassLoader.getSystemResource(value); - if(cadi_props == null) { - File cp = new File(value); - if(cp.exists()) { - InputStream is = new FileInputStream(cp); - try { - initial.load(is); - } finally { - is.close(); - } - } else { - System.out.printf("%s does not exist as File or in Classpath\n",value); - initial.setProperty(Config.CADI_PROP_FILES, value); - } - } else { - InputStream is = cadi_props.openStream(); - try { - initial.load(is); - } finally { - is.close(); - } - } - access = new SLF4JAccess(initial); - } - props_ok = true; - if((perm_type = Config.logProp(access, "cass_group_name",null))==null) { - props_ok=false; - } else { - perm_type = perm_type + ".cass"; - } - - if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) { - if((cluster_name = DatabaseDescriptor.getClusterName())==null) { - props_ok=false; - } - } - - if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) { - props_ok=false; - } - - if(props_ok==false) { - return; - } - - // AAFLur has pool of DME clients as needed, and Caches Client lookups - Lur lur = Config.configLur(access); - // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon - if(lur instanceof EpiLur) { - EpiLur elur = (EpiLur)lur; - for(int i=0; (lur = elur.get(i))!=null;++i) { - if(lur instanceof AbsAAFLur) { - aafLur=(AbsAAFLur)lur; - aafcon = aafLur.aaf; - aafAuthn = aafLur.aaf.newAuthn(aafLur); - break; - } else if(lur instanceof LocalLur) { - localLur = (LocalLur)lur; - } - } - } else if(lur instanceof AbsAAFLur) { - aafLur=(AbsAAFLur)lur; - aafcon = aafLur.aaf; - aafAuthn = aafLur.aaf.newAuthn(aafLur); - } - if(aafAuthn==null) { - access.log(Level.INIT,"Failed to instantiate full AAF access"); - props_ok = false; - } - } catch (Exception e) { - aafAuthn=null; - if(access!=null)access.log(e, "Failed to initialize AAF"); - props_ok = false; - } - } - } - - public Set protectedResources() { - access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty"); - return dataResource; - } - - public Set supportedOptions() { - access.log(Level.DEBUG, "supportedOptions() called"); - return options; - } - - public Set alterableOptions() { - access.log(Level.DEBUG, "alterableOptions() called"); - return options; - } - - -} diff --git a/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticatedUser.java b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticatedUser.java new file mode 100644 index 0000000..30d979a --- /dev/null +++ b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticatedUser.java @@ -0,0 +1,110 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package org.onap.aaf.cadi.aaf.cass; + +import java.security.Principal; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.onap.aaf.cadi.Access; + +public class AAFAuthenticatedUser extends AuthenticatedUser implements Principal { + private boolean anonymous = false, supr=false, local=false; + private String fullName; +// private Access access; + + public AAFAuthenticatedUser(Access access, String name) { + super(name); +// this.access = access; + int endIndex = name.indexOf("@"); + if(endIndex >= 0) { + fullName = name; + } else { + fullName = name + '@' + AAFBase.default_realm; + } + } + + public String getFullName() { + return fullName; + } + + public String getName() { + return fullName; + } + + /* (non-Javadoc) + * @see org.apache.cassandra.auth.AuthenticatedUser#isAnonymous() + */ + @Override + public boolean isAnonymous() { + return anonymous; + } + + public void setAnonymous(boolean anon) { + anonymous = anon; + } + + public boolean getAnonymous() { + return anonymous; + } + + /* (non-Javadoc) + * @see org.apache.cassandra.auth.AuthenticatedUser#isSuper() + */ + @Override + public boolean isSuper() { + return supr; + } + + public void setSuper(boolean supr) { + this.supr = supr; + } + + public boolean getSuper() { + return supr; + } + + /** + * We check Local so we can compare with the right Lur. This is AAF Plugin only. + * @return + */ + public boolean isLocal() { + return local; + } + + public void setLocal(boolean val) { + local = val; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof AAFAuthenticatedUser)) return false; + return ((AuthenticatedUser)o).getName().equals(this.getName()); + } + + @Override + public int hashCode() { + //access.log(Level.DEBUG, "AAFAuthentication hashcode ",getName().hashCode()); + return getName().hashCode(); + } +} diff --git a/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticator.java b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticator.java new file mode 100644 index 0000000..6b8b29d --- /dev/null +++ b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthenticator.java @@ -0,0 +1,174 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package org.onap.aaf.cadi.aaf.cass; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.apache.cassandra.auth.IAuthenticator; +import org.apache.cassandra.auth.ISaslAwareAuthenticator; +import org.apache.cassandra.exceptions.AuthenticationException; +import org.apache.cassandra.exceptions.InvalidRequestException; +import org.apache.cassandra.exceptions.RequestExecutionException; +import org.onap.aaf.cadi.Symm; +import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.CredVal.Type; +import org.onap.aaf.cadi.config.Config; + +public class AAFAuthenticator extends AAFBase implements ISaslAwareAuthenticator { + + public boolean requireAuthentication() { + return true; + } + + /** + * Invoked to authenticate an user + */ + public AuthenticatedUser authenticate(Map credentials) throws AuthenticationException { + String username = (String)credentials.get("username"); + if (username == null) { + throw new AuthenticationException("'username' is missing"); + } + + AAFAuthenticatedUser aau = new AAFAuthenticatedUser(access,username); + String fullName=aau.getFullName(); + access.log(Level.DEBUG, "Authenticating", aau.getName(),"(", fullName,")"); + + String password = (String)credentials.get("password"); + if (password == null) { + throw new AuthenticationException("'password' is missing"); + } else if(password.startsWith("bsf:")) { + try { + password = Symm.base64noSplit.depass(password); + } catch (IOException e) { + throw new AuthenticationException("AAF bnf: Password cannot be decoded"); + } + } else if(password.startsWith("enc:???")) { + try { + password = access.decrypt(password, true); + } catch (IOException e) { + throw new AuthenticationException("AAF Encrypted Password cannot be decrypted"); + } + } + + if(localLur!=null) { + access.log(Level.DEBUG, "Validating",fullName, "with LocalTaf", password); + if(localLur.validate(fullName, Type.PASSWORD, password.getBytes())) { + aau.setAnonymous(true); + aau.setLocal(true); + access.log(Level.DEBUG, fullName, "is authenticated locally"); + return aau; + } + } + + String aafResponse; + try { + access.log(Level.DEBUG, "Validating",fullName, "with AAF");//, password); + aafResponse = aafAuthn.validate(fullName, password); + if(aafResponse != null) { // Reason for failing. + access.log(Level.AUDIT, "AAF reports ",fullName,":",aafResponse); + throw new AuthenticationException(aafResponse); + } + access.log(Level.AUDIT, fullName, "is authenticated"); //,password); + // This tells Cassandra to skip checking it's own tables for User Entries. + aau.setAnonymous(true); + } catch (AuthenticationException ex) { + throw ex; + } catch(Exception ex) { + access.log(ex,"Exception validating user"); + throw new AuthenticationException("Exception validating user"); + } + + return aau; + } + + public void create(String username, Map options) throws InvalidRequestException, RequestExecutionException { + access.log(Level.INFO,"Use AAF CLI to create user"); + } + + public void alter(String username, Map options) throws RequestExecutionException { + access.log(Level.INFO,"Use AAF CLI to alter user"); + } + + public void drop(String username) throws RequestExecutionException { + access.log(Level.INFO,"Use AAF CLI to delete user"); + } + + public SaslAuthenticator newAuthenticator() { + return new ISaslAwareAuthenticator.SaslAuthenticator() { + private boolean complete = false; + private Map credentials; + + public byte[] evaluateResponse(byte[] clientResponse) throws AuthenticationException { + this.credentials = decodeCredentials(clientResponse); + this.complete = true; + return null; + } + + public boolean isComplete() { + return this.complete; + } + + public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException { + return AAFAuthenticator.this.authenticate(this.credentials); + } + + private Map decodeCredentials(byte[] bytes) throws AuthenticationException { + access.log(Level.DEBUG,"Decoding credentials from client token"); + byte[] user = null; + byte[] pass = null; + int end = bytes.length; + for (int i = bytes.length - 1; i >= 0; i--) + { + if (bytes[i] != 0) + continue; + if (pass == null) + pass = Arrays.copyOfRange(bytes, i + 1, end); + else if (user == null) + user = Arrays.copyOfRange(bytes, i + 1, end); + end = i; + } + + if (user == null) + throw new AuthenticationException("Authentication ID must not be null"); + if (pass == null) { + throw new AuthenticationException("Password must not be null"); + } + Map credentials = new HashMap(); + try { + credentials.put(IAuthenticator.USERNAME_KEY, new String(user, Config.UTF_8)); + credentials.put(IAuthenticator.PASSWORD_KEY, new String(pass, Config.UTF_8)); + } catch (UnsupportedEncodingException e) { + throw new AuthenticationException(e.getMessage()); + } + return credentials; + } + }; + } + +} + diff --git a/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthorizer.java b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthorizer.java new file mode 100644 index 0000000..bea0e86 --- /dev/null +++ b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFAuthorizer.java @@ -0,0 +1,226 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package org.onap.aaf.cadi.aaf.cass; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Set; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.apache.cassandra.auth.IAuthorizer; +import org.apache.cassandra.auth.IResource; +import org.apache.cassandra.auth.Permission; +import org.apache.cassandra.auth.PermissionDetails; +import org.apache.cassandra.exceptions.RequestExecutionException; +import org.apache.cassandra.exceptions.RequestValidationException; +import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur; +import org.onap.aaf.cadi.lur.LocalPermission; + +public class AAFAuthorizer extends AAFBase implements IAuthorizer { + // Returns every permission on the resource granted to the user. + public Set authorize(AuthenticatedUser user, IResource resource) { + String uname, rname; + access.log(Level.DEBUG,"Authorizing",uname=user.getName(),"for",rname=resource.getName()); + + Set permissions; + + if(user instanceof AAFAuthenticatedUser) { + AAFAuthenticatedUser aafUser = (AAFAuthenticatedUser) user; + aafUser.setAnonymous(false); + + if(aafUser.isLocal()) { + permissions = checkPermissions(aafUser, new LocalPermission( + rname.replaceFirst("data", cluster_name) + )); + } else { + permissions = checkPermissions( + aafUser, + perm_type, + ':'+rname.replaceFirst("data", cluster_name).replace('/', ':')); + } + } else { + permissions = Permission.NONE; + } + + access.log(Level.INFO,"Permissions on",rname,"for",uname,':', permissions); + + return permissions; + } + + /** + * Check only for Localized IDs (see cadi.properties) + * @param aau + * @param perm + * @return + */ + private Set checkPermissions(AAFAuthenticatedUser aau, LocalPermission perm) { + if(localLur.fish(aau.getFullName(), perm)) { +// aau.setSuper(true); + return Permission.ALL; + } else { + return Permission.NONE; + } + } + + /** + * Check remoted AAF Permissions + * @param aau + * @param type + * @param instance + * @return + */ + private Set checkPermissions(AAFAuthenticatedUser aau, String type, String instance) { + // Can perform ALL actions + String fullName = aau.getFullName(); + PermHolder ph = new PermHolder(aau); + aafLur.fishOneOf(fullName, ph,type,instance,actions); + return ph.permissions; + } + + private class PermHolder { + private AAFAuthenticatedUser aau; + public PermHolder(AAFAuthenticatedUser aau) { + this.aau = aau; + } + public Set permissions = Permission.NONE; + public void mutable() { + if(permissions==Permission.NONE) { + permissions = new HashSet(); + } + } + }; + + /** + * This specialty List avoid extra Object Creation, and allows the Lur to do a Vistor on all appropriate Perms + */ + private static final ArrayList> actions = new ArrayList>(); + static { + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "*"; + } + + public boolean exec(PermHolder a) { + a.aau.setSuper(true); + a.permissions = Permission.ALL; + return true; + } + }); + + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "SELECT"; + } + + public boolean exec(PermHolder ph) { + ph.mutable(); + ph.permissions.add(Permission.SELECT); + return false; + } + }); + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "MODIFY"; + } + + public boolean exec(PermHolder ph) { + ph.mutable(); + ph.permissions.add(Permission.MODIFY); + return false; + } + }); + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "CREATE"; + } + + public boolean exec(PermHolder ph) { + ph.mutable(); + ph.permissions.add(Permission.CREATE); + return false; + } + }); + + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "ALTER"; + } + + public boolean exec(PermHolder ph) { + ph.mutable(); + ph.permissions.add(Permission.ALTER); + return false; + } + }); + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "DROP"; + } + + public boolean exec(PermHolder ph) { + ph.mutable(); + ph.permissions.add(Permission.DROP); + return false; + } + }); + actions.add(new AbsAAFLur.Action() { + public String getName() { + return "AUTHORIZE"; + } + + public boolean exec(PermHolder ph) { + ph.mutable(); + ph.permissions.add(Permission.AUTHORIZE); + return false; + } + }); + + + }; + + + public void grant(AuthenticatedUser performer, Set permissions, IResource resource, String to) throws RequestExecutionException { + access.log(Level.INFO, "Use AAF CLI to grant permission(s) to user/role"); + } + + public void revoke(AuthenticatedUser performer, Set permissions, IResource resource, String from) throws RequestExecutionException { + access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role"); + } + + public Set list(AuthenticatedUser performer, Set permissions, IResource resource, String of) throws RequestValidationException, RequestExecutionException { + access.log(Level.INFO,"Use AAF CLI to find the list of permissions"); + return null; + } + + // Called prior to deleting the user with DROP USER query. Internal hook, so no permission checks are needed here. + public void revokeAll(String droppedUser) { + access.log(Level.INFO,"Use AAF CLI to revoke permission(s) for user/role"); + } + + // Called after a resource is removed (DROP KEYSPACE, DROP TABLE, etc.). + public void revokeAll(IResource droppedResource) { + access.log(Level.INFO,"Use AAF CLI to delete the unused permission", droppedResource.getName()); + } + +} diff --git a/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFBase.java b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFBase.java new file mode 100644 index 0000000..e422234 --- /dev/null +++ b/cass/src/main/java/org/onap/aaf/cadi/aaf/cass/AAFBase.java @@ -0,0 +1,191 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package org.onap.aaf.cadi.aaf.cass; + +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.net.URL; +import java.util.HashSet; +import java.util.Properties; +import java.util.Set; + +import org.apache.cassandra.auth.DataResource; +import org.apache.cassandra.auth.IAuthenticator; +import org.apache.cassandra.config.DatabaseDescriptor; +import org.apache.cassandra.exceptions.ConfigurationException; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Lur; +import org.onap.aaf.cadi.SLF4JAccess; +import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.aaf.AAFPermission; +import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; +import org.onap.aaf.cadi.aaf.v2_0.AAFCon; +import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.lur.EpiLur; +import org.onap.aaf.cadi.lur.LocalLur; + +public abstract class AAFBase { + protected static final Set options; + protected static final Set dataResource; + + static { + options = new HashSet(); + options.add(IAuthenticator.Option.PASSWORD); + + dataResource = new HashSet(); + dataResource.add(DataResource.columnFamily("system_auth", "credentials")); + } + + protected static Access access; + protected static LocalLur localLur; + protected static AAFCon aafcon; + protected static AAFAuthn aafAuthn; + protected static AbsAAFLur aafLur; + protected static String default_realm; + protected static String cluster_name; + protected static String perm_type; + private static boolean props_ok = false; + + /** + * If you use your own Access Class, this must be called before + * "setup()" is invoked by Cassandra. + * + * Otherwise, it will default to reading Properties CADI style. + * + * @param access + */ + public static void setAccess(Access access) { + AAFBase.access = access; + } + + + public void validateConfiguration() throws ConfigurationException { + setup(); + if(!props_ok) { + throw new ConfigurationException("AAF not initialized"); + } + } + + @SuppressWarnings("unchecked") + public synchronized void setup() { + if(aafAuthn == null) { + try { + if(access==null) { + String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties"); + Properties initial = new Properties(); + URL cadi_props = ClassLoader.getSystemResource(value); + if(cadi_props == null) { + File cp = new File(value); + if(cp.exists()) { + InputStream is = new FileInputStream(cp); + try { + initial.load(is); + } finally { + is.close(); + } + } else { + System.out.printf("%s does not exist as File or in Classpath\n",value); + initial.setProperty(Config.CADI_PROP_FILES, value); + } + } else { + InputStream is = cadi_props.openStream(); + try { + initial.load(is); + } finally { + is.close(); + } + } + access = new SLF4JAccess(initial); + } + props_ok = true; + if((perm_type = Config.logProp(access, "cass_group_name",null))==null) { + props_ok=false; + } else { + perm_type = perm_type + ".cass"; + } + + if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) { + if((cluster_name = DatabaseDescriptor.getClusterName())==null) { + props_ok=false; + } + } + + if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) { + props_ok=false; + } + + if(props_ok==false) { + return; + } + + // AAFLur has pool of DME clients as needed, and Caches Client lookups + Lur lur = Config.configLur(access); + // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon + if(lur instanceof EpiLur) { + EpiLur elur = (EpiLur)lur; + for(int i=0; (lur = elur.get(i))!=null;++i) { + if(lur instanceof AbsAAFLur) { + aafLur=(AbsAAFLur)lur; + aafcon = aafLur.aaf; + aafAuthn = aafLur.aaf.newAuthn(aafLur); + break; + } else if(lur instanceof LocalLur) { + localLur = (LocalLur)lur; + } + } + } else if(lur instanceof AbsAAFLur) { + aafLur=(AbsAAFLur)lur; + aafcon = aafLur.aaf; + aafAuthn = aafLur.aaf.newAuthn(aafLur); + } + if(aafAuthn==null) { + access.log(Level.INIT,"Failed to instantiate full AAF access"); + props_ok = false; + } + } catch (Exception e) { + aafAuthn=null; + if(access!=null)access.log(e, "Failed to initialize AAF"); + props_ok = false; + } + } + } + + public Set protectedResources() { + access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty"); + return dataResource; + } + + public Set supportedOptions() { + access.log(Level.DEBUG, "supportedOptions() called"); + return options; + } + + public Set alterableOptions() { + access.log(Level.DEBUG, "alterableOptions() called"); + return options; + } + + +} diff --git a/cass/src/test/java/com/att/aaf/cass/JU_CASS.java b/cass/src/test/java/com/att/aaf/cass/JU_CASS.java deleted file mode 100644 index 9eca242..0000000 --- a/cass/src/test/java/com/att/aaf/cass/JU_CASS.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.aaf.cass; - -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IResource; -import org.apache.cassandra.auth.Permission; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.att.cadi.aaf.cass.AAFAuthenticator; -import com.att.cadi.aaf.cass.AAFAuthorizer; - -public class JU_CASS { - - private static AAFAuthenticator aa; - private static AAFAuthorizer an; - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - System.setProperty("cadi_prop_files", "etc/cadi.properties"); - - aa = new AAFAuthenticator(); - an = new AAFAuthorizer(); - - aa.setup(); - an.setup(); // does nothing after aa. - - aa.validateConfiguration(); - - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Test - public void test() throws Exception { - Map creds = new HashMap(); - creds.put("username", "XXX@NS"); - creds.put("password", "enc:???"); - AuthenticatedUser aaf = aa.authenticate(creds); - - // Test out "aaf_default_domain - creds.put("username", "XX"); - aaf = aa.authenticate(creds); - - IResource resource = new IResource() { - public String getName() { - return "data/authz"; - } - - public IResource getParent() { - return null; - } - - public boolean hasParent() { - return false; - } - - public boolean exists() { - return true; - } - - }; - - Set perms = an.authorize(aaf, resource); - - // Test out "AAF" access - creds.put("username", "XXX@NS"); - creds.put("password", "enc:???"); - aaf = aa.authenticate(creds); - perms = an.authorize(aaf, resource); - Assert.assertFalse(perms.isEmpty()); - - perms = an.authorize(aaf, resource); - Assert.assertFalse(perms.isEmpty()); - - } - -} diff --git a/cass/src/test/java/com/att/cadi/aaf/cass/test/JU_CASS.java b/cass/src/test/java/com/att/cadi/aaf/cass/test/JU_CASS.java deleted file mode 100644 index 0eb95be..0000000 --- a/cass/src/test/java/com/att/cadi/aaf/cass/test/JU_CASS.java +++ /dev/null @@ -1,107 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package com.att.cadi.aaf.cass.test; - -import java.util.HashMap; -import java.util.Map; -import java.util.Set; - -import org.apache.cassandra.auth.AuthenticatedUser; -import org.apache.cassandra.auth.IResource; -import org.apache.cassandra.auth.Permission; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.att.cadi.aaf.cass.AAFAuthenticator; -import com.att.cadi.aaf.cass.AAFAuthorizer; - -public class JU_CASS { - - private static AAFAuthenticator aa; - private static AAFAuthorizer an; - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - System.setProperty("cadi_prop_files", "etc/cadi.properties"); - - aa = new AAFAuthenticator(); - an = new AAFAuthorizer(); - - aa.setup(); - an.setup(); // does nothing after aa. - - aa.validateConfiguration(); - - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Test - public void test() throws Exception { - Map creds = new HashMap(); - creds.put("username", "XXX@NS"); - creds.put("password", "enc:???"); - AuthenticatedUser aaf = aa.authenticate(creds); - - // Test out "aaf_default_domain - creds.put("username", "XX"); - aaf = aa.authenticate(creds); - - IResource resource = new IResource() { - public String getName() { - return "data/authz"; - } - - public IResource getParent() { - return null; - } - - public boolean hasParent() { - return false; - } - - public boolean exists() { - return true; - } - - }; - - Set perms = an.authorize(aaf, resource); - - // Test out "AAF" access - creds.put("username", "XXX@NS"); - creds.put("password", "enc:???"); - aaf = aa.authenticate(creds); - perms = an.authorize(aaf, resource); - Assert.assertFalse(perms.isEmpty()); - - perms = an.authorize(aaf, resource); - Assert.assertFalse(perms.isEmpty()); - - } - -} diff --git a/cass/src/test/java/org/onap/aaf/cadi/aaf/cass/test/JU_CASS.java b/cass/src/test/java/org/onap/aaf/cadi/aaf/cass/test/JU_CASS.java new file mode 100644 index 0000000..bedfa25 --- /dev/null +++ b/cass/src/test/java/org/onap/aaf/cadi/aaf/cass/test/JU_CASS.java @@ -0,0 +1,106 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package org.onap.aaf.cadi.aaf.cass.test; + +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.apache.cassandra.auth.IResource; +import org.apache.cassandra.auth.Permission; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.onap.aaf.cadi.aaf.cass.AAFAuthenticator; +import org.onap.aaf.cadi.aaf.cass.AAFAuthorizer; + +public class JU_CASS { + + private static AAFAuthenticator aa; + private static AAFAuthorizer an; + + @BeforeClass + public static void setUpBeforeClass() throws Exception { + System.setProperty("cadi_prop_files", "etc/cadi.properties"); + + aa = new AAFAuthenticator(); + an = new AAFAuthorizer(); + + aa.setup(); + an.setup(); // does nothing after aa. + + aa.validateConfiguration(); + + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + } + + @Test + public void test() throws Exception { + Map creds = new HashMap(); + creds.put("username", "XXX@NS"); + creds.put("password", "enc:???"); + AuthenticatedUser aaf = aa.authenticate(creds); + + // Test out "aaf_default_domain + creds.put("username", "XX"); + aaf = aa.authenticate(creds); + + IResource resource = new IResource() { + public String getName() { + return "data/authz"; + } + + public IResource getParent() { + return null; + } + + public boolean hasParent() { + return false; + } + + public boolean exists() { + return true; + } + + }; + + Set perms = an.authorize(aaf, resource); + + // Test out "AAF" access + creds.put("username", "XXX@NS"); + creds.put("password", "enc:???"); + aaf = aa.authenticate(creds); + perms = an.authorize(aaf, resource); + Assert.assertFalse(perms.isEmpty()); + + perms = an.authorize(aaf, resource); + Assert.assertFalse(perms.isEmpty()); + + } + +} diff --git a/cass/src/test/java/org/onap/aaf/cass/JU_CASS.java b/cass/src/test/java/org/onap/aaf/cass/JU_CASS.java new file mode 100644 index 0000000..f5ee310 --- /dev/null +++ b/cass/src/test/java/org/onap/aaf/cass/JU_CASS.java @@ -0,0 +1,106 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aaf + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package org.onap.aaf.cass; + +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import org.apache.cassandra.auth.AuthenticatedUser; +import org.apache.cassandra.auth.IResource; +import org.apache.cassandra.auth.Permission; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.onap.aaf.cadi.aaf.cass.AAFAuthenticator; +import org.onap.aaf.cadi.aaf.cass.AAFAuthorizer; + +public class JU_CASS { + + private static AAFAuthenticator aa; + private static AAFAuthorizer an; + + @BeforeClass + public static void setUpBeforeClass() throws Exception { + System.setProperty("cadi_prop_files", "etc/cadi.properties"); + + aa = new AAFAuthenticator(); + an = new AAFAuthorizer(); + + aa.setup(); + an.setup(); // does nothing after aa. + + aa.validateConfiguration(); + + } + + @AfterClass + public static void tearDownAfterClass() throws Exception { + } + + @Test + public void test() throws Exception { + Map creds = new HashMap(); + creds.put("username", "XXX@NS"); + creds.put("password", "enc:???"); + AuthenticatedUser aaf = aa.authenticate(creds); + + // Test out "aaf_default_domain + creds.put("username", "XX"); + aaf = aa.authenticate(creds); + + IResource resource = new IResource() { + public String getName() { + return "data/authz"; + } + + public IResource getParent() { + return null; + } + + public boolean hasParent() { + return false; + } + + public boolean exists() { + return true; + } + + }; + + Set perms = an.authorize(aaf, resource); + + // Test out "AAF" access + creds.put("username", "XXX@NS"); + creds.put("password", "enc:???"); + aaf = aa.authenticate(creds); + perms = an.authorize(aaf, resource); + Assert.assertFalse(perms.isEmpty()); + + perms = an.authorize(aaf, resource); + Assert.assertFalse(perms.isEmpty()); + + } + +} -- cgit 1.2.3-korg