Obtain the Jars
Maven - TODO give examples of latest version Dependencies
<dependencyManagement> <dependencies> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-env</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-log4j</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-rosetta</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-misc-xgen</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-core</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-client</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-aaf</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-oauth-enduser</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-cadi-shiro</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-client</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-core</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-cass</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-cmd</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-oauth</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-deforg</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-service</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-hello</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-locate</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-fs</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-gui</artifactId> <version>2.1.0</version> </dependency> <dependency> <groupId>org.onap.aaf.authz</groupId> <artifactId>aaf-auth-certman</artifactId> <version>2.1.0</version> </dependency> </dependencies> </dependencyManagement>
TEST version of "cadi.properties"
These properties point you to the ONAP TEST environment.
Example Source Code
Example Source Code
/**
* ============LICENSE_START====================================================
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END====================================================
*
*/
package org.onap.aaf.cadi.lur.aaf.test;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import org.onap.aaf.cadi.Permission;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.locator.PropertyLocator;
import org.onap.aaf.cadi.principal.UnAuthPrincipal;
import org.onap.aaf.stillNeed.TestPrincipal;
public class ClientAccessTest {
public static void main(String args[]) {
// Link or reuse to your Logging mechanism
PropAccess myAccess = new PropAccess(); //
//
try {
AAFConHttp con = new AAFConHttp(myAccess,new PropertyLocator("https://aaf-onap-beijing-test.osaaf.org:8100"));
// AAFLur has pool of DME clients as needed, and Caches Client lookups
final AAFLurPerm aafLur = con.newLur();
aafLur.setDebug("jonathan@people.osaaf.org");
// Note: If you need both Authn and Authz construct the following:
AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);
// Do not set Mech ID until after you construct AAFAuthn,
// because we initiate "401" info to determine the Realm of
// of the service we're after.
final String id = myAccess.getProperty(Config.AAF_APPID,null);
final String pass = myAccess.decrypt(myAccess.getProperty(Config.AAF_APPPASS,null),false);
if(id!=null && pass!=null) {
try {
// Normally, you obtain Principal from Authentication System.
// // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
// // If you use CADI as Authenticator, it will get you these Principals from
// // CSP or BasicAuth mechanisms.
// String id = "jonathan@people.osaaf.org";
//
// // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
String ok;
ok = aafAuthn.validate(id, pass,null /* use AuthzTrans or HttpServlet, if you have it */);
if(ok!=null) {
System.out.println(ok);
}
List<Permission> pond = new ArrayList<Permission>();
for(int i=0;i<20;++i) {
pond.clear();
aafLur.fishAll(new TestPrincipal(i+id), pond);
if(ok!=null && i%1000==0) {
System.out.println(i + " " + ok);
}
}
for(int i=0;i<1000000;++i) {
ok = aafAuthn.validate( i+ id, "wrongPass",null /* use AuthzTrans or HttpServlet, if you have it */);
if(ok!=null && i%1000==0) {
System.out.println(i + " " + ok);
}
}
final AAFPermission perm = new AAFPermission("org.osaaf.aaf.access","*","*");
// Now you can ask the LUR (Local Representative of the User Repository about Authorization
// With CADI, in J2EE, you can call isUserInRole("org.osaaf.mygroup|mytype|write") on the Request Object
// instead of creating your own LUR
//
// If possible, use the Principal provided by the Authentication Call. If that is not possible
// because of separation Classes by tooling, or other such reason, you can use "UnAuthPrincipal"
final Principal p = new UnAuthPrincipal(id);
for(int i=0;i<4;++i) {
if(aafLur.fish(p, perm)) {
System.out.println("Yes, " + id + " has permission for " + perm.getKey());
} else {
System.out.println("No, " + id + " does not have permission for " + perm.getKey());
}
}
// Or you can all for all the Permissions available
List<Permission> perms = new ArrayList<Permission>();
aafLur.fishAll(p,perms);
System.out.println("Perms for " + id);
for(Permission prm : perms) {
System.out.println(prm.getKey());
}
System.out.println("Press any key to continue");
System.in.read();
for(int j=0;j<5;++j) {
new Thread(new Runnable() {
@Override
public void run() {
for(int i=0;i<20;++i) {
if(aafLur.fish(p, perm)) {
System.out.println("Yes, " + id + " has permission for " + perm.getKey());
} else {
System.out.println("No, " + id + " does not have permission for " + perm.getKey());
}
}
}
}).start();
}
} finally {
aafLur.destroy();
}
} else { // checked on IDs
System.err.println(Config.AAF_APPID + " and/or " + Config.AAF_APPPASS + " are not set.");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}