diff options
5 files changed, 45 insertions, 9 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java index d06321d64..246f5a26d 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-PDP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -90,7 +90,7 @@ public class PDPApiAuth { */ public static boolean checkPermissions(String clientEncoding, String requestID, String resource) { - try{ + try{ String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding); if(userNamePass==null || userNamePass.length==0){ String usernameAndPassword = null; @@ -105,7 +105,14 @@ public class PDPApiAuth { Boolean result = false; // Check Backward Compatibility. try{ - result = clientAuth(userNamePass); + /* + * If AAF is NOT enabled in the properties we will allow the user to + * continue to use the client.properties file to authenticate. + * Note: Disabling AAF is for testing purposes and not intended for production. + */ + if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) { + result = clientAuth(userNamePass); + } }catch(Exception e){ LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e); } diff --git a/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties b/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties index 2a3600559..345de16b0 100644 --- a/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties +++ b/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties @@ -167,5 +167,7 @@ xacml.rest.pep.idfile = src/test/resources/client.properties #Not Mandatory for Open Onap policy.aaf.namespace = policy.aaf.resource = +enable_aaf=false + # DMAAP_AAF_LOGIN = diff --git a/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties b/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties index c3eda591f..cf6d92753 100644 --- a/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties +++ b/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties @@ -167,5 +167,7 @@ xacml.rest.pep.idfile = src/test/resources/client.properties #Not Mandatory for Open Onap policy.aaf.namespace = policy.aaf.resource = +enable_aaf=false + # DMAAP_AAF_LOGIN = diff --git a/ONAP-PDP-REST/xacml.pdp.properties b/ONAP-PDP-REST/xacml.pdp.properties index 57e1d708b..a707678c3 100644 --- a/ONAP-PDP-REST/xacml.pdp.properties +++ b/ONAP-PDP-REST/xacml.pdp.properties @@ -19,7 +19,7 @@ ### # Default XACML Properties File for PDP RESTful servlet -# +# NOTE: All properties in this file are for local development environments only. # Standard API Factories # xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory @@ -165,12 +165,34 @@ dependency_groups=site_1.pdplp_1;site_1.astragw_1;site_1.brmsgw_1 # this can be DEVL, TEST, PROD ENVIRONMENT=DEVL -xacml.rest.pep.idfile = client.properties +xacml.rest.pep.idfile=client.properties + + +#AAF cadi properties +enable_aaf=false +policy.aaf.namespace=org.onap.policy +policy.aaf.root.permission=org.onap.policy.pdpx +cm_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.cm:2.1 +cadi_latitude=38.000 +cadi.longitude=72.000 +cadi_alias=policy@policy.onap.org +cadi_loglevel=DEBUG +cadi_keyfile=/media/sf_SourceTree/gerrit-pe/engine/packages/base/src/files/etc/ssl/aaf-cadi.keyfile +cadi_protocols=TLSv1.1,TLSv1.2 +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US +cadi_keystore=/media/sf_SourceTree/gerrit-pe/engine/packages/base/src/files/etc/ssl/policy-keystore +cadi_keystore_password=Pol1cy_0nap +cadi_truststore=/media/sf_SourceTree/gerrit-pe/engine/packages/base/src/files/etc/ssl/policy-truststore +cadi_truststore_password=Pol1cy_0nap +aaf_env=DEV +aaf_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.service:2.1 +aaf_fqdn=aaf-onap-test.osaaf.org +aaf_oauth2_introspect_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.token:2.1/token +fs_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.fs.2.1 +gui_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.gui.2.1 + -#AAF Policy Name space -#Not Mandatory for Open Onap -policy.aaf.namespace = -policy.aaf.resource = # Decision Response settings. # can be either PERMIT or DENY. decision.indeterminate.response=PERMIT
\ No newline at end of file diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties index ad27cd09e..315fb4d67 100644 --- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties +++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties @@ -137,6 +137,7 @@ ENVIRONMENT=${{ENVIRONMENT}} xacml.rest.pep.idfile = client.properties #AAF cadi properties +enable_aaf=false policy.aaf.namespace = ${{AAF_NAMESPACE}} policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1 @@ -150,6 +151,8 @@ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_ cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore cadi_keystore_password=${{KEYSTORE_PASSWD}} cadi_key_password=${{KEYSTORE_PASSWD}} +cadi_truststore=${{POLICY_HOME}}/etc/ssl/policy-truststore +cadi_truststore_password=${{TRUSTSTORE_PASSWD}} aaf_env=DEV aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1 aaf_fqdn=${{AAF_HOST}} |