1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
/*******************************************************************************
* ============LICENSE_START====================================================
* * org.onap.aaf
* * ===========================================================================
* * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
* * ===========================================================================
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
* * ============LICENSE_END====================================================
* *
* * ECOMP is a trademark and service mark of AT&T Intellectual Property.
* *
******************************************************************************/
package org.onap.aaf.example;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConDME2;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
public class ExamplePerm2_0 {
public static void main(String args[]) {
// Link or reuse to your Logging mechanism
PropAccess myAccess = new PropAccess();
//
try {
AAFCon<?> acon = new AAFConDME2(myAccess);
// AAFLur has pool of DME clients as needed, and Caches Client lookups
AAFLurPerm aafLur = acon.newLur();
// Note: If you need both Authn and Authz construct the following:
AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);
// Do not set Mech ID until after you construct AAFAuthn,
// because we initiate "401" info to determine the Realm of
// of the service we're after.
acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");
try {
// Normally, you obtain Principal from Authentication System.
// For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
// If you use CADI as Authenticator, it will get you these Principals from
// CSP or BasicAuth mechanisms.
String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";
// If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
String ok = aafAuthn.validate(id, "XXXXXX");
if(ok!=null)System.out.println(ok);
ok = aafAuthn.validate(id, "wrongPass");
if(ok!=null)System.out.println(ok);
// AAF Style permissions are in the form
// Type, Instance, Action
AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");
// Now you can ask the LUR (Local Representative of the User Repository about Authorization
// With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object
// instead of creating your own LUR
System.out.println("Does " + id + " have " + perm);
if(aafLur.fish(id, perm)) {
System.out.println("Yes, you have permission");
} else {
System.out.println("No, you don't have permission");
}
System.out.println("Does Bogus have " + perm);
if(aafLur.fish("Bogus", perm)) {
System.out.println("Yes, you have permission");
} else {
System.out.println("No, you don't have permission");
}
// Or you can all for all the Permissions available
List<Permission> perms = new ArrayList<Permission>();
aafLur.fishAll(id,perms);
for(Permission prm : perms) {
System.out.println(prm.getKey());
}
// It might be helpful in some cases to clear the User's identity from the Cache
aafLur.remove(id);
} finally {
aafLur.destroy();
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
|