2 files changed, 46 insertions, 18 deletions
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java
index 63c1d6e..a6b6732 100644
--- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java
+++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java
@@ -47,8 +47,6 @@ public class AAIMicroServiceAuthCore {
 
     private static LogHelper applicationLogger = LogHelper.INSTANCE;
 
-    private Path appConfigAuthDir;
-
     private boolean usersInitialized = false;
     private HashMap<String, AAIAuthUser> users;
     private String policyAuthFileName;
@@ -57,10 +55,6 @@ public class AAIMicroServiceAuthCore {
         GET, PUT, DELETE, HEAD, POST
     }
 
-    public AAIMicroServiceAuthCore() {
-        appConfigAuthDir = Paths.get(System.getProperty("CONFIG_HOME"), "auth");
-    }
-
     /**
      * @param authPolicyFile
      * @throws AAIAuthException
@@ -98,17 +92,39 @@ public class AAIMicroServiceAuthCore {
         applicationLogger.debug("Config Watcher Interval = " + TimeUnit.SECONDS.toMillis(1));
     }
 
+    /**
+     * Locate the auth policy file by its name or path.
+     * <ul>
+     * <li>First try to use the absolute path to the file (if provided), or instead locate the path relative to the
+     * current (or user) dir.</li>
+     * <li>If this fails, try resolving the path relative to the configuration home location
+     * <code>$CONFIG_HOME</code></li>
+     * <li>If this fails try resolving relative to the <code>auth</code> folder under configuration home.</li>
+     * 
+     * @param authPolicyFile
+     *            filename or path (absolute or relative)
+     * @return the canonical path to the located policy file, or null if no file was found
+     * @throws IOException
+     *             if the construction of the canonical pathname requires filesystem queries which cause I/O error(s)
+     */
     public String getConfigFile(String authPolicyFile) throws IOException {
-        File authFile = new File(authPolicyFile);
-        if (authFile.exists()) {
-            return authFile.getCanonicalPath();
-        }
-        authFile = appConfigAuthDir.resolve(authPolicyFile).toFile();
-        if (authFile.exists()) {
-            return authFile.getCanonicalPath();
-        } else {
-            return null;
+        if (authPolicyFile != null) {
+            List<Path> paths = new ArrayList<>();
+            paths.add(Paths.get("."));
+
+            String configHome = System.getProperty("CONFIG_HOME");
+            paths.add(Paths.get(configHome));
+            paths.add(Paths.get(configHome).resolve("auth"));
+
+            for (Path path : paths) {
+                File authFile = path.resolve(authPolicyFile).toFile();
+                if (authFile.exists()) {
+                    return authFile.getCanonicalPath();
+                }
+            }
         }
+
+        return null;
     }
 
     /**
diff --git a/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java
index 1b1a5bb..b81d9ed 100644
--- a/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java
+++ b/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java
@@ -53,11 +53,10 @@ public class MicroServiceAuthTest {
     }
 
     private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us";
-    private static final String authPolicyFile = "auth_policy.json";
+    private static final String authPolicyFile = "auth/auth_policy.json";
 
     /**
-     * Temporarily invalidate the default policy file and then try to initialise the authorisation class using the name
-     * of a policy file that does not exist.
+     * Initialize the authorization class using the name of a policy file that does not exist.
      *
      * @throws AAIAuthException
      *             if the authorization policy file cannot be loaded
@@ -70,6 +69,19 @@ public class MicroServiceAuthTest {
     }
 
     /**
+     * Initialize the authorization class using a null policy file name.
+     *
+     * @throws AAIAuthException
+     *             if the authorization policy file cannot be loaded
+     */
+    @Test(expected = AAIAuthException.class)
+    public void testNullPolicyFile() throws AAIAuthException {
+        ValidationServiceAuthConfig authConfig = new ValidationServiceAuthConfig();
+        authConfig.setAuthPolicyFile(null);
+        new AAIMicroServiceAuth(authConfig);
+    }
+
+    /**
      * Test loading of a temporary file created with the specified roles.
      *
      * @throws IOException