summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java13
-rw-r--r--ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties2
-rw-r--r--ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties2
-rw-r--r--ONAP-PDP-REST/xacml.pdp.properties34
-rw-r--r--packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties3
5 files changed, 45 insertions, 9 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
index d06321d64..246f5a26d 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/config/PDPApiAuth.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -90,7 +90,7 @@ public class PDPApiAuth {
*/
public static boolean checkPermissions(String clientEncoding, String requestID,
String resource) {
- try{
+ try{
String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
if(userNamePass==null || userNamePass.length==0){
String usernameAndPassword = null;
@@ -105,7 +105,14 @@ public class PDPApiAuth {
Boolean result = false;
// Check Backward Compatibility.
try{
- result = clientAuth(userNamePass);
+ /*
+ * If AAF is NOT enabled in the properties we will allow the user to
+ * continue to use the client.properties file to authenticate.
+ * Note: Disabling AAF is for testing purposes and not intended for production.
+ */
+ if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) {
+ result = clientAuth(userNamePass);
+ }
}catch(Exception e){
LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
}
diff --git a/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties b/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties
index 2a3600559..345de16b0 100644
--- a/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties
+++ b/ONAP-PDP-REST/src/test/resources/notification.xacml.pdp.properties
@@ -167,5 +167,7 @@ xacml.rest.pep.idfile = src/test/resources/client.properties
#Not Mandatory for Open Onap
policy.aaf.namespace =
policy.aaf.resource =
+enable_aaf=false
+
#
DMAAP_AAF_LOGIN =
diff --git a/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties b/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties
index c3eda591f..cf6d92753 100644
--- a/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties
+++ b/ONAP-PDP-REST/src/test/resources/pass.xacml.pdp.properties
@@ -167,5 +167,7 @@ xacml.rest.pep.idfile = src/test/resources/client.properties
#Not Mandatory for Open Onap
policy.aaf.namespace =
policy.aaf.resource =
+enable_aaf=false
+
#
DMAAP_AAF_LOGIN =
diff --git a/ONAP-PDP-REST/xacml.pdp.properties b/ONAP-PDP-REST/xacml.pdp.properties
index 57e1d708b..a707678c3 100644
--- a/ONAP-PDP-REST/xacml.pdp.properties
+++ b/ONAP-PDP-REST/xacml.pdp.properties
@@ -19,7 +19,7 @@
###
# Default XACML Properties File for PDP RESTful servlet
-#
+# NOTE: All properties in this file are for local development environments only.
# Standard API Factories
#
xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
@@ -165,12 +165,34 @@ dependency_groups=site_1.pdplp_1;site_1.astragw_1;site_1.brmsgw_1
# this can be DEVL, TEST, PROD
ENVIRONMENT=DEVL
-xacml.rest.pep.idfile = client.properties
+xacml.rest.pep.idfile=client.properties
+
+
+#AAF cadi properties
+enable_aaf=false
+policy.aaf.namespace=org.onap.policy
+policy.aaf.root.permission=org.onap.policy.pdpx
+cm_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.cm:2.1
+cadi_latitude=38.000
+cadi.longitude=72.000
+cadi_alias=policy@policy.onap.org
+cadi_loglevel=DEBUG
+cadi_keyfile=/media/sf_SourceTree/gerrit-pe/engine/packages/base/src/files/etc/ssl/aaf-cadi.keyfile
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
+cadi_keystore=/media/sf_SourceTree/gerrit-pe/engine/packages/base/src/files/etc/ssl/policy-keystore
+cadi_keystore_password=Pol1cy_0nap
+cadi_truststore=/media/sf_SourceTree/gerrit-pe/engine/packages/base/src/files/etc/ssl/policy-truststore
+cadi_truststore_password=Pol1cy_0nap
+aaf_env=DEV
+aaf_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.service:2.1
+aaf_fqdn=aaf-onap-test.osaaf.org
+aaf_oauth2_introspect_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.introspect:2.1/introspect
+aaf_oauth2_token_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.token:2.1/token
+fs_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.fs.2.1
+gui_url=https://aaf-onap-test.osaaf.org:8095/AAF_NS.gui.2.1
+
-#AAF Policy Name space
-#Not Mandatory for Open Onap
-policy.aaf.namespace =
-policy.aaf.resource =
# Decision Response settings.
# can be either PERMIT or DENY.
decision.indeterminate.response=PERMIT \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
index ad27cd09e..315fb4d67 100644
--- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
+++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
@@ -137,6 +137,7 @@ ENVIRONMENT=${{ENVIRONMENT}}
xacml.rest.pep.idfile = client.properties
#AAF cadi properties
+enable_aaf=false
policy.aaf.namespace = ${{AAF_NAMESPACE}}
policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx
cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1
@@ -150,6 +151,8 @@ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_
cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore
cadi_keystore_password=${{KEYSTORE_PASSWD}}
cadi_key_password=${{KEYSTORE_PASSWD}}
+cadi_truststore=${{POLICY_HOME}}/etc/ssl/policy-truststore
+cadi_truststore_password=${{TRUSTSTORE_PASSWD}}
aaf_env=DEV
aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1
aaf_fqdn=${{AAF_HOST}}