summaryrefslogtreecommitdiffstats
path: root/ONAP-PDP-REST/src
diff options
context:
space:
mode:
authorMichael Mokry <michael.mokry@att.com>2018-10-30 16:51:57 -0500
committerMichael Mokry <michael.mokry@att.com>2018-11-01 13:22:43 -0500
commit6accdc2ae0340ed84a59c739bd345ced2ff323c5 (patch)
treecdd4972a89e809c96f19a34864063086ad37f053 /ONAP-PDP-REST/src
parent77dff05e4fba2bc3994941663871ab2390ae3a63 (diff)
Modified to make AAF configurable in policy/engine
Added property to enable or disable AAF Added logic to the code to check the property and use old authentication logic to authenticate the user rather than AAF if disabled. Fixed license issue Modified cadi_truststore_password value to use proper variable Added comment to local development enviroment properties file Modified test resources to fix Junit failures Change-Id: I962895154716092c9cc0bc6c48f6419f3b5900fe Issue-ID: POLICY-1217 Signed-off-by: Michael Mokry <michael.mokry@att.com>
Diffstat (limited to 'ONAP-PDP-REST/src')
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java13
-rw-r--r--ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties2
-rw-r--r--ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties2
3 files changed, 14 insertions, 3 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
index d06321d64..246f5a26d 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -90,7 +90,7 @@ public class PDPApiAuth {
*/
public static boolean checkPermissions(String clientEncoding, String requestID,
String resource) {
- try{
+ try{
String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
if(userNamePass==null || userNamePass.length==0){
String usernameAndPassword = null;
@@ -105,7 +105,14 @@ public class PDPApiAuth {
Boolean result = false;
// Check Backward Compatibility.
try{
- result = clientAuth(userNamePass);
+ /*
+ * If AAF is NOT enabled in the properties we will allow the user to
+ * continue to use the client.properties file to authenticate.
+ * Note: Disabling AAF is for testing purposes and not intended for production.
+ */
+ if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) {
+ result = clientAuth(userNamePass);
+ }
}catch(Exception e){
LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
}
diff --git a/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties b/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties
index 2a3600559..345de16b0 100644
--- a/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties
+++ b/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties
@@ -167,5 +167,7 @@ xacml.rest.pep.idfile = src/test/resources/client.properties
#Not Mandatory for Open Onap
policy.aaf.namespace =
policy.aaf.resource =
+enable_aaf=false
+
#
DMAAP_AAF_LOGIN =
diff --git a/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties b/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties
index c3eda591f..cf6d92753 100644
--- a/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties
+++ b/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties
@@ -167,5 +167,7 @@ xacml.rest.pep.idfile = src/test/resources/client.properties
#Not Mandatory for Open Onap
policy.aaf.namespace =
policy.aaf.resource =
+enable_aaf=false
+
#
DMAAP_AAF_LOGIN =