diff options
author | Michael Mokry <mm117s@att.com> | 2018-09-21 15:56:43 -0500 |
---|---|---|
committer | Michael Mokry <mm117s@att.com> | 2018-09-25 08:59:59 -0500 |
commit | e9312923e96a2678f794fcf08ff5918d1b005bbd (patch) | |
tree | 14625c864f82336de5e9dfc2568283092b183e36 /PolicyEngineUtils/src/main/java | |
parent | 26eed4a43bd97265ea08ded2eaf626a23bf66ce4 (diff) |
CADI AAF changes for policy/engine
Added cadi properties and modified policy aaf client code.
Fixed issue with namespace and modified code to reverse it for
structuring the username sent in AAF API call
Added properties for keystore and keystore password after getting error
response from AAF when setting up the connection to AAF
Missed a fix for one of Jorge's comments in last patch, here it is.
Change-Id: Ic164ade8aa34da95a560c1592656e0caf990a595
Issue-ID: POLICY-913
Signed-off-by: Michael Mokry <mm117s@att.com>
Diffstat (limited to 'PolicyEngineUtils/src/main/java')
-rw-r--r-- | PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java | 158 |
1 files changed, 71 insertions, 87 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java index e65ac2780..1513507ca 100644 --- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java +++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java @@ -32,53 +32,41 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.locator.PropertyLocator; import org.onap.aaf.cadi.principal.UnAuthPrincipal; - - /** - * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization. + * AAF Client: Generic AAF Client implementation to connect to AAF Resources to + * validate permissions and authorization. * */ -public class AAFPolicyClientImpl implements AAFPolicyClient{ +public class AAFPolicyClientImpl implements AAFPolicyClient { private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName()); private static final String ENVIRONMENT = "ENVIRONMENT"; - - // Warning Please don't Change these Values. Confirm with AAF team. - private static final String DEVL_AAF_URL = ""; - private static final String TEST_AAF_URL = ""; - private static final String PROD_AAF_URL = ""; - private static final String DEFAULT_AFT_LATITUDE = "32.780140"; - private static final String DEFAULT_AFT_LONGITUDE = "-96.800451"; - private static final String TEST_AFT_ENVIRONMENT = "AFTUAT"; - private static final String PROD_AFT_ENVIRONMENT = "AFTPRD"; - private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache - private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache - private static AAFPolicyClientImpl instance = null; - - private static Properties props = new Properties(); + private static Properties cadiprops = new Properties(); private static AAFCon<?> aafCon = null; private static AAFLurPerm aafLurPerm = null; private static AAFAuthn<?> aafAuthn = null; private static PropAccess access = null; - private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{ + private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException { setup(properties); } /** - * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * Gets the instance of the AAFClient instance. Needs Proper properties with + * CLIENT_ID, CLIENT_KEY and ENVIRONMENT * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT * @return AAFClient instance. - * @throws AAFPolicyException Exceptions. + * @throws AAFPolicyException + * Exceptions. */ - public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{ - if(instance == null) { + public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException { + if (instance == null) { logger.info("Creating AAFClient Instance "); instance = new AAFPolicyClientImpl(properties); } @@ -87,84 +75,76 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ // To set Property values && Connections. private static void setup(Properties properties) throws AAFPolicyException { - if(properties!=null && !properties.isEmpty()){ - props = System.getProperties(); - props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE)); - props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE)); - String aftEnv = TEST_AFT_ENVIRONMENT; - props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID")); - props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass")); - if(properties.containsKey(Config.AAF_URL)){ - // if given a value in properties file. - props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL)); - }else{ - // Set Default values. - if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){ - props.setProperty(Config.AAF_URL, TEST_AAF_URL); - }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){ - props.setProperty(Config.AAF_URL, PROD_AAF_URL); - aftEnv = PROD_AFT_ENVIRONMENT; - }else{ - props.setProperty(Config.AAF_URL, DEVL_AAF_URL); - } - } - props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv)); - props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES)); - props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT)); - }else{ + if (properties != null && !properties.isEmpty()) { + cadiprops = properties; + access = new PolicyAccess(cadiprops, + Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString()))); + } else { logger.error("Required Property value is missing : " + ENVIRONMENT); throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT); } - access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString()))); setUpAAF(); } /** * Updates the Properties file in case if required. * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT - * @throws AAFPolicyException exceptions if any. + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @throws AAFPolicyException + * exceptions if any. */ @Override - public void updateProperties(Properties properties) throws AAFPolicyException{ + public void updateProperties(Properties properties) throws AAFPolicyException { setup(properties); } /** * Checks the Authentication and Permissions for the given values. * - * @param mechID MechID or ATT ID must be registered under the Name space. - * @param pass Password pertaining to the MechID or ATTID. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * Username must be registered under the Name space. + * @param pass + * Password pertaining to the Username. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return */ @Override - public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){ - return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action); + public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) { + return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action); } /** * Checks the Authentication of the UserName and Password Given. * - * @param userName UserName or MechID - * @param pass Password. + * @param userName + * UserName + * @param pass + * Password. * @return True or False. */ @Override - public boolean checkAuth(String userName, String pass){ + public boolean checkAuth(String userName, String pass) { if (aafAuthn == null) { return false; } try { - int i=0; - do{ - if(aafAuthn.validate(userName, pass)==null){ + int i = 0; + do { + String aafAuthResponse = aafAuthn.validate(userName, pass); + if (aafAuthResponse==null) { return true; + } else { + logger.warn("User, " + userName + ", failed to authenticate with AAF. \n" + + "AAF Response is " + aafAuthResponse); } i++; - }while(i<2); + } while (i < 2); } catch (Exception e) { logger.error(e.getMessage() + e); } @@ -173,28 +153,31 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } /** - * Checks Permissions for the given UserName, Password and Type, Instance Action. + * Checks Permissions for the given UserName, Password and Type, Instance + * Action. * - * @param userName UserName or MechID - * @param pass Password. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * UserName + * @param pass + * Password. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return True or False. */ @Override - public boolean checkPerm(String userName, String pass, String type, String instance, String action){ - int i =0; - Boolean result= false; - do{ - if(aafCon!=null && aafLurPerm !=null){ + public boolean checkPerm(String userName, String pass, String type, String instance, String action) { + int i = 0; + Boolean result = false; + do { + if (aafCon != null && aafLurPerm != null) { try { aafCon.basicAuth(userName, pass); - // - // The first parameter is the namespace. At this point we will default - // to null until we are given a namespace to use. - // - AAFPermission perm = new AAFPermission(null, type, instance, action); + AAFPermission perm = new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type, + instance, action); final Principal p = new UnAuthPrincipal(userName); result = aafLurPerm.fish(p, perm); } catch (CadiException e) { @@ -203,13 +186,14 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } } i++; - }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues. + } while (i < 2 && !result); // Try once more to check if this can be passed. AAF has some issues. return result; } - private static boolean setUpAAF(){ + private static boolean setUpAAF() { try { - aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100")); + aafCon = new AAFConHttp(access, + new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100")); aafLurPerm = aafCon.newLur(); aafAuthn = aafCon.newAuthn(aafLurPerm); return true; |