summaryrefslogtreecommitdiffstats
path: root/PolicyEngineUtils
diff options
context:
space:
mode:
Diffstat (limited to 'PolicyEngineUtils')
-rw-r--r--PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java158
1 files changed, 71 insertions, 87 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
index e65ac2780..1513507ca 100644
--- a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/AAFPolicyClientImpl.java
@@ -32,53 +32,41 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
-import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.locator.PropertyLocator;
import org.onap.aaf.cadi.principal.UnAuthPrincipal;
-
-
/**
- * AAF Client: Generic AAF Client implementation to connect to AAF Resources to validate permissions and authorization.
+ * AAF Client: Generic AAF Client implementation to connect to AAF Resources to
+ * validate permissions and authorization.
*
*/
-public class AAFPolicyClientImpl implements AAFPolicyClient{
+public class AAFPolicyClientImpl implements AAFPolicyClient {
private static Logger logger = Logger.getLogger(AAFPolicyClientImpl.class.getName());
private static final String ENVIRONMENT = "ENVIRONMENT";
-
- // Warning Please don't Change these Values. Confirm with AAF team.
- private static final String DEVL_AAF_URL = "";
- private static final String TEST_AAF_URL = "";
- private static final String PROD_AAF_URL = "";
- private static final String DEFAULT_AFT_LATITUDE = "32.780140";
- private static final String DEFAULT_AFT_LONGITUDE = "-96.800451";
- private static final String TEST_AFT_ENVIRONMENT = "AFTUAT";
- private static final String PROD_AFT_ENVIRONMENT = "AFTPRD";
- private static final String DEFAULT_AAF_USER_EXPIRES = Integer.toString(5*60000); // 5 minutes for found items to live in cache
- private static final String DEFAULT_AAF_HIGH_COUNT = Integer.toString(400); // Maximum number of items in Cache
-
private static AAFPolicyClientImpl instance = null;
-
- private static Properties props = new Properties();
+ private static Properties cadiprops = new Properties();
private static AAFCon<?> aafCon = null;
private static AAFLurPerm aafLurPerm = null;
private static AAFAuthn<?> aafAuthn = null;
private static PropAccess access = null;
- private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException{
+ private AAFPolicyClientImpl(Properties properties) throws AAFPolicyException {
setup(properties);
}
/**
- * Gets the instance of the AAFClient instance. Needs Proper properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+ * Gets the instance of the AAFClient instance. Needs Proper properties with
+ * CLIENT_ID, CLIENT_KEY and ENVIRONMENT
*
- * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+ * @param properties
+ * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
* @return AAFClient instance.
- * @throws AAFPolicyException Exceptions.
+ * @throws AAFPolicyException
+ * Exceptions.
*/
- public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException{
- if(instance == null) {
+ public static synchronized AAFPolicyClientImpl getInstance(Properties properties) throws AAFPolicyException {
+ if (instance == null) {
logger.info("Creating AAFClient Instance ");
instance = new AAFPolicyClientImpl(properties);
}
@@ -87,84 +75,76 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{
// To set Property values && Connections.
private static void setup(Properties properties) throws AAFPolicyException {
- if(properties!=null && !properties.isEmpty()){
- props = System.getProperties();
- props.setProperty("AFT_LATITUDE", properties.getProperty("AFT_LATITUDE", DEFAULT_AFT_LATITUDE));
- props.setProperty("AFT_LONGITUDE", properties.getProperty("AFT_LONGITUDE", DEFAULT_AFT_LONGITUDE));
- String aftEnv = TEST_AFT_ENVIRONMENT;
- props.setProperty("aaf_id",properties.getProperty("aaf_id", "aafID"));
- props.setProperty("aaf_password", properties.getProperty("aaf_password", "aafPass"));
- if(properties.containsKey(Config.AAF_URL)){
- // if given a value in properties file.
- props.setProperty(Config.AAF_URL, properties.getProperty(Config.AAF_URL));
- }else{
- // Set Default values.
- if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.TEST.toString())){
- props.setProperty(Config.AAF_URL, TEST_AAF_URL);
- }else if(properties.getProperty(ENVIRONMENT, "DEVL").equalsIgnoreCase(AAFEnvironment.PROD.toString())){
- props.setProperty(Config.AAF_URL, PROD_AAF_URL);
- aftEnv = PROD_AFT_ENVIRONMENT;
- }else{
- props.setProperty(Config.AAF_URL, DEVL_AAF_URL);
- }
- }
- props.setProperty("AFT_ENVIRONMENT", properties.getProperty("AFT_ENVIRONMENT", aftEnv));
- props.setProperty(Config.AAF_USER_EXPIRES, properties.getProperty(Config.AAF_USER_EXPIRES, DEFAULT_AAF_USER_EXPIRES));
- props.setProperty(Config.AAF_HIGH_COUNT, properties.getProperty(Config.AAF_HIGH_COUNT, DEFAULT_AAF_HIGH_COUNT));
- }else{
+ if (properties != null && !properties.isEmpty()) {
+ cadiprops = properties;
+ access = new PolicyAccess(cadiprops,
+ Level.valueOf(cadiprops.getProperty("cadi_loglevel", Level.DEBUG.toString())));
+ } else {
logger.error("Required Property value is missing : " + ENVIRONMENT);
throw new AAFPolicyException("Required Property value is missing : " + ENVIRONMENT);
}
- access = new PolicyAccess(props, Level.valueOf(properties.getProperty("AAF_LOG_LEVEL", Level.ERROR.toString())));
setUpAAF();
}
/**
* Updates the Properties file in case if required.
*
- * @param properties Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
- * @throws AAFPolicyException exceptions if any.
+ * @param properties
+ * Properties with CLIENT_ID, CLIENT_KEY and ENVIRONMENT
+ * @throws AAFPolicyException
+ * exceptions if any.
*/
@Override
- public void updateProperties(Properties properties) throws AAFPolicyException{
+ public void updateProperties(Properties properties) throws AAFPolicyException {
setup(properties);
}
/**
* Checks the Authentication and Permissions for the given values.
*
- * @param mechID MechID or ATT ID must be registered under the Name space.
- * @param pass Password pertaining to the MechID or ATTID.
- * @param type Permissions Type.
- * @param instance Permissions Instance.
- * @param action Permissions Action.
+ * @param userName
+ * Username must be registered under the Name space.
+ * @param pass
+ * Password pertaining to the Username.
+ * @param type
+ * Permissions Type.
+ * @param instance
+ * Permissions Instance.
+ * @param action
+ * Permissions Action.
* @return
*/
@Override
- public boolean checkAuthPerm(String mechID, String pass, String type, String instance, String action){
- return checkAuth(mechID, pass) && checkPerm(mechID, pass, type, instance, action);
+ public boolean checkAuthPerm(String userName, String pass, String type, String instance, String action) {
+ return checkAuth(userName, pass) && checkPerm(userName, pass, type, instance, action);
}
/**
* Checks the Authentication of the UserName and Password Given.
*
- * @param userName UserName or MechID
- * @param pass Password.
+ * @param userName
+ * UserName
+ * @param pass
+ * Password.
* @return True or False.
*/
@Override
- public boolean checkAuth(String userName, String pass){
+ public boolean checkAuth(String userName, String pass) {
if (aafAuthn == null) {
return false;
}
try {
- int i=0;
- do{
- if(aafAuthn.validate(userName, pass)==null){
+ int i = 0;
+ do {
+ String aafAuthResponse = aafAuthn.validate(userName, pass);
+ if (aafAuthResponse==null) {
return true;
+ } else {
+ logger.warn("User, " + userName + ", failed to authenticate with AAF. \n"
+ + "AAF Response is " + aafAuthResponse);
}
i++;
- }while(i<2);
+ } while (i < 2);
} catch (Exception e) {
logger.error(e.getMessage() + e);
}
@@ -173,28 +153,31 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{
}
/**
- * Checks Permissions for the given UserName, Password and Type, Instance Action.
+ * Checks Permissions for the given UserName, Password and Type, Instance
+ * Action.
*
- * @param userName UserName or MechID
- * @param pass Password.
- * @param type Permissions Type.
- * @param instance Permissions Instance.
- * @param action Permissions Action.
+ * @param userName
+ * UserName
+ * @param pass
+ * Password.
+ * @param type
+ * Permissions Type.
+ * @param instance
+ * Permissions Instance.
+ * @param action
+ * Permissions Action.
* @return True or False.
*/
@Override
- public boolean checkPerm(String userName, String pass, String type, String instance, String action){
- int i =0;
- Boolean result= false;
- do{
- if(aafCon!=null && aafLurPerm !=null){
+ public boolean checkPerm(String userName, String pass, String type, String instance, String action) {
+ int i = 0;
+ Boolean result = false;
+ do {
+ if (aafCon != null && aafLurPerm != null) {
try {
aafCon.basicAuth(userName, pass);
- //
- // The first parameter is the namespace. At this point we will default
- // to null until we are given a namespace to use.
- //
- AAFPermission perm = new AAFPermission(null, type, instance, action);
+ AAFPermission perm = new AAFPermission(cadiprops.getProperty("policy.aaf.namespace"), type,
+ instance, action);
final Principal p = new UnAuthPrincipal(userName);
result = aafLurPerm.fish(p, perm);
} catch (CadiException e) {
@@ -203,13 +186,14 @@ public class AAFPolicyClientImpl implements AAFPolicyClient{
}
}
i++;
- }while(i<2 && !result); // Try once more to check if this can be passed. AAF has some issues.
+ } while (i < 2 && !result); // Try once more to check if this can be passed. AAF has some issues.
return result;
}
- private static boolean setUpAAF(){
+ private static boolean setUpAAF() {
try {
- aafCon = new AAFConHttp(access,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100"));
+ aafCon = new AAFConHttp(access,
+ new PropertyLocator("https://" + cadiprops.getProperty("aaf_fqdn") + ":8100"));
aafLurPerm = aafCon.newLur();
aafAuthn = aafCon.newAuthn(aafLurPerm);
return true;