diff options
Diffstat (limited to 'PolicyEngineUtils/src/main')
-rw-r--r-- | PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java | 158 |
1 files changed, 71 insertions, 87 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java index e65ac2780..1513507ca 100644 --- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java +++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java @@ -32,53 +32,41 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm; -import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.locator.PropertyLocator; import org.onap.aaf.cadi.principal.UnAuthPrincipal; - - /** - * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization. + * AAF Client: Generic AAF Client implementation to connect to AAF Resources to + * validate permissions and authorization. * */ -public class AAFPolicyClientImpl implements AAFPolicyClient{ +public class AAFPolicyClientImpl implements AAFPolicyClient { private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName()); private static final String ENVIRONMENT = "ENVIRONMENT"; - - // Warning Please don't Change these Values. Confirm with AAF team. - private static final String DEVL_AAF_URL = ""; - private static final String TEST_AAF_URL = ""; - private static final String PROD_AAF_URL = ""; - private static final String DEFAULT_AFT_LATITUDE = "32.780140"; - private static final String DEFAULT_AFT_LONGITUDE = "-96.800451"; - private static final String TEST_AFT_ENVIRONMENT = "AFTUAT"; - private static final String PROD_AFT_ENVIRONMENT = "AFTPRD"; - private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache - private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache - private static AAFPolicyClientImpl instance = null; - - private static Properties props = new Properties(); + private static Properties cadiprops = new Properties(); private static AAFCon<?> aafCon = null; private static AAFLurPerm aafLurPerm = null; private static AAFAuthn<?> aafAuthn = null; private static PropAccess access = null; - private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{ + private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException { setup(properties); } /** - * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * Gets the instance of the AAFClient instance. Needs Proper properties with + * CLIENT_ID, CLIENT_KEY and ENVIRONMENT * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT * @return AAFClient instance. - * @throws AAFPolicyException Exceptions. + * @throws AAFPolicyException + * Exceptions. */ - public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{ - if(instance == null) { + public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException { + if (instance == null) { logger.info("Creating AAFClient Instance "); instance = new AAFPolicyClientImpl(properties); } @@ -87,84 +75,76 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ // To set Property values && Connections. private static void setup(Properties properties) throws AAFPolicyException { - if(properties!=null && !properties.isEmpty()){ - props = System.getProperties(); - props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE)); - props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE)); - String aftEnv = TEST_AFT_ENVIRONMENT; - props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID")); - props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass")); - if(properties.containsKey(Config.AAF_URL)){ - // if given a value in properties file. - props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL)); - }else{ - // Set Default values. - if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){ - props.setProperty(Config.AAF_URL, TEST_AAF_URL); - }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){ - props.setProperty(Config.AAF_URL, PROD_AAF_URL); - aftEnv = PROD_AFT_ENVIRONMENT; - }else{ - props.setProperty(Config.AAF_URL, DEVL_AAF_URL); - } - } - props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv)); - props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES)); - props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT)); - }else{ + if (properties != null && !properties.isEmpty()) { + cadiprops = properties; + access = new PolicyAccess(cadiprops, + Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString()))); + } else { logger.error("Required Property value is missing : " + ENVIRONMENT); throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT); } - access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString()))); setUpAAF(); } /** * Updates the Properties file in case if required. * - * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT - * @throws AAFPolicyException exceptions if any. + * @param properties + * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT + * @throws AAFPolicyException + * exceptions if any. */ @Override - public void updateProperties(Properties properties) throws AAFPolicyException{ + public void updateProperties(Properties properties) throws AAFPolicyException { setup(properties); } /** * Checks the Authentication and Permissions for the given values. * - * @param mechID MechID or ATT ID must be registered under the Name space. - * @param pass Password pertaining to the MechID or ATTID. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * Username must be registered under the Name space. + * @param pass + * Password pertaining to the Username. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return */ @Override - public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){ - return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action); + public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) { + return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action); } /** * Checks the Authentication of the UserName and Password Given. * - * @param userName UserName or MechID - * @param pass Password. + * @param userName + * UserName + * @param pass + * Password. * @return True or False. */ @Override - public boolean checkAuth(String userName, String pass){ + public boolean checkAuth(String userName, String pass) { if (aafAuthn == null) { return false; } try { - int i=0; - do{ - if(aafAuthn.validate(userName, pass)==null){ + int i = 0; + do { + String aafAuthResponse = aafAuthn.validate(userName, pass); + if (aafAuthResponse==null) { return true; + } else { + logger.warn("User, " + userName + ", failed to authenticate with AAF. \n" + + "AAF Response is " + aafAuthResponse); } i++; - }while(i<2); + } while (i < 2); } catch (Exception e) { logger.error(e.getMessage() + e); } @@ -173,28 +153,31 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } /** - * Checks Permissions for the given UserName, Password and Type, Instance Action. + * Checks Permissions for the given UserName, Password and Type, Instance + * Action. * - * @param userName UserName or MechID - * @param pass Password. - * @param type Permissions Type. - * @param instance Permissions Instance. - * @param action Permissions Action. + * @param userName + * UserName + * @param pass + * Password. + * @param type + * Permissions Type. + * @param instance + * Permissions Instance. + * @param action + * Permissions Action. * @return True or False. */ @Override - public boolean checkPerm(String userName, String pass, String type, String instance, String action){ - int i =0; - Boolean result= false; - do{ - if(aafCon!=null && aafLurPerm !=null){ + public boolean checkPerm(String userName, String pass, String type, String instance, String action) { + int i = 0; + Boolean result = false; + do { + if (aafCon != null && aafLurPerm != null) { try { aafCon.basicAuth(userName, pass); - // - // The first parameter is the namespace. At this point we will default - // to null until we are given a namespace to use. - // - AAFPermission perm = new AAFPermission(null, type, instance, action); + AAFPermission perm = new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type, + instance, action); final Principal p = new UnAuthPrincipal(userName); result = aafLurPerm.fish(p, perm); } catch (CadiException e) { @@ -203,13 +186,14 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{ } } i++; - }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues. + } while (i < 2 && !result); // Try once more to check if this can be passed. AAF has some issues. return result; } - private static boolean setUpAAF(){ + private static boolean setUpAAF() { try { - aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100")); + aafCon = new AAFConHttp(access, + new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100")); aafLurPerm = aafCon.newLur(); aafAuthn = aafCon.newAuthn(aafLurPerm); return true; |