Update project structure to org.onap.aaf

Update project structure of authz module in aaf from
com.att to org.onap.aaf and add distribution management
and repositories.

Issue-id: AAF-21
Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9
Signed-off-by: sg481n <sg481n@att.com>
diff --git a/authz-gw/src/main/config/authGW.props b/authz-gw/src/main/config/authGW.props
new file mode 100644
index 0000000..294db35
--- /dev/null
+++ b/authz-gw/src/main/config/authGW.props
@@ -0,0 +1,33 @@
+##
+## AUTHZ GateWall (authz-gw) Properties
+##
+
+hostname=_HOSTNAME_
+
+## DISCOVERY (DME2) Parameters on the Command Line
+AFT_LATITUDE=_AFT_LATITUDE_
+AFT_LONGITUDE=_AFT_LONGITUDE_
+AFT_ENVIRONMENT=_AFT_ENVIRONMENT_
+AFT_ENV_CONTEXT=_ENV_CONTEXT_
+
+DEPLOYED_VERSION=_ARTIFACT_VERSION_
+
+## Pull in common/security properties
+
+cadi_prop_files=_COMMON_DIR_/com.att.aaf.common.props;_COMMON_DIR_/com.att.aaf.props
+
+
+##DME2 related parameters
+DMEServiceName=service=com.att.authz.authz-gw/version=_MAJOR_VER_._MINOR_VER_._PATCH_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+AFT_DME2_PORT_RANGE=_AUTHZ_GW_PORT_RANGE_
+
+# Turn on both AAF TAF & LUR 2.0                                                
+aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_
+
+# CSP
+csp_domain=PROD
+
+# GUI Login Page
+cadi_loginpage_url=https://DME2RESOLVE/service=com.att.authz.authz-gui/version=_MAJOR_VER_._MINOR_VER_/envContext=_ENV_CONTEXT_/routeOffer=_ROUTE_OFFER_/login
+
+
diff --git a/authz-gw/src/main/config/log4j.properties b/authz-gw/src/main/config/log4j.properties
new file mode 100644
index 0000000..fb5f22c
--- /dev/null
+++ b/authz-gw/src/main/config/log4j.properties
@@ -0,0 +1,79 @@
+#-------------------------------------------------------------------------------

+# ============LICENSE_START====================================================

+# * org.onap.aaf

+# * ===========================================================================

+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+# * ===========================================================================

+# * Licensed under the Apache License, Version 2.0 (the "License");

+# * you may not use this file except in compliance with the License.

+# * You may obtain a copy of the License at

+# * 

+#  *      http://www.apache.org/licenses/LICENSE-2.0

+# * 

+#  * Unless required by applicable law or agreed to in writing, software

+# * distributed under the License is distributed on an "AS IS" BASIS,

+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+# * See the License for the specific language governing permissions and

+# * limitations under the License.

+# * ============LICENSE_END====================================================

+# *

+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+# *

+#-------------------------------------------------------------------------------

+###############################################################################

+# Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.

+###############################################################################

+#

+# Licensed to the Apache Software Foundation (ASF) under one

+# or more contributor license agreements.  See the NOTICE file

+# distributed with this work for additional information

+# regarding copyright ownership.  The ASF licenses this file

+# to you under the Apache License, Version 2.0 (the

+# "License"); you may not use this file except in compliance

+# with the License.  You may obtain a copy of the License at

+#

+#     http://www.apache.org/licenses/LICENSE-2.0

+#

+# Unless required by applicable law or agreed to in writing,

+# software distributed under the License is distributed on an

+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

+# KIND, either express or implied.  See the License for the

+# specific language governing permissions and limitations

+# under the License.

+#

+log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender 

+log4j.appender.INIT.File=_LOG_DIR_/${LOG4J_FILENAME_init}

+log4j.appender.INIT.DatePattern='.'yyyy-MM-dd

+#log4j.appender.INIT.MaxFileSize=_MAX_LOG_FILE_SIZE_

+#log4j.appender.INIT.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_

+log4j.appender.INIT.layout=org.apache.log4j.PatternLayout 

+log4j.appender.INIT.layout.ConversionPattern=%d %p [%c] %m %n

+

+log4j.appender.GW=org.apache.log4j.DailyRollingFileAppender 

+log4j.appender.GW.File=_LOG_DIR_/${LOG4J_FILENAME_gw}

+log4j.appender.GW.DatePattern='.'yyyy-MM-dd

+#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_

+#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_

+log4j.appender.GW.layout=org.apache.log4j.PatternLayout 

+log4j.appender.GW.layout.ConversionPattern=%d %p [%c] %m %n

+

+log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender

+log4j.appender.AUDIT.File=_LOG_DIR_/${LOG4J_FILENAME_audit}

+log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd

+#log4j.appender.GW.MaxFileSize=_MAX_LOG_FILE_SIZE_

+#log4j.appender.GW.MaxBackupIndex=_MAX_LOG_FILE_BACKUP_COUNT_

+log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout 

+log4j.appender.AUDIT.layout.ConversionPattern=%d %p [%c] %m %n

+

+log4j.appender.stdout=org.apache.log4j.ConsoleAppender

+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout

+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n

+

+# General Apache libraries

+log4j.rootLogger=WARN

+log4j.logger.org.apache=WARN,INIT

+log4j.logger.dme2=WARN,INIT

+log4j.logger.init=INFO,INIT

+log4j.logger.gw=_LOG4J_LEVEL_,GW

+log4j.logger.audit=INFO,AUDIT

+

diff --git a/authz-gw/src/main/config/lrm-authz-gw.xml b/authz-gw/src/main/config/lrm-authz-gw.xml
new file mode 100644
index 0000000..f48470d
--- /dev/null
+++ b/authz-gw/src/main/config/lrm-authz-gw.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

+<!--

+  ============LICENSE_START====================================================

+  * org.onap.aaf

+  * ===========================================================================

+  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+  * ===========================================================================

+  * Licensed under the Apache License, Version 2.0 (the "License");

+  * you may not use this file except in compliance with the License.

+  * You may obtain a copy of the License at

+  * 

+   *      http://www.apache.org/licenses/LICENSE-2.0

+  * 

+   * Unless required by applicable law or agreed to in writing, software

+  * distributed under the License is distributed on an "AS IS" BASIS,

+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+  * See the License for the specific language governing permissions and

+  * limitations under the License.

+  * ============LICENSE_END====================================================

+  *

+  * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+  *

+-->

+<ns2:ManagedResourceList xmlns:ns2="http://scld.att.com/lrm/util" xmlns="http://scld.att.com/lrm/commontypes" xmlns:ns3="http://scld.att.com/lrm/types">

+    <ns2:ManagedResource>

+        <ResourceDescriptor>

+            <ResourceName>com.att.authz._ARTIFACT_ID_</ResourceName>

+            <ResourceVersion>

+                <Major>_MAJOR_VER_</Major>

+                <Minor>_MINOR_VER_</Minor>

+                <Patch>_PATCH_VER_</Patch>                

+            </ResourceVersion>

+            <RouteOffer>_ROUTE_OFFER_</RouteOffer>

+        </ResourceDescriptor>

+        <ResourceType>Java</ResourceType>

+        <ResourcePath>com.att.authz.gw.GwAPI</ResourcePath>

+        <ResourceProps>

+            <Tag>process.workdir</Tag>

+            <Value>_ROOT_DIR_</Value>

+        </ResourceProps>    	       

+        <ResourceProps>

+            <Tag>jvm.version</Tag>

+            <Value>1.8</Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>jvm.args</Tag>

+            <Value>-DAFT_LATITUDE=_AFT_LATITUDE_ -DAFT_LONGITUDE=_AFT_LONGITUDE_ -DAFT_ENVIRONMENT=_AFT_ENVIRONMENT_ -Dplatform=_SCLD_PLATFORM_ -Dcom.sun.jndi.ldap.connect.pool.maxsize=20  -Dcom.sun.jndi.ldap.connect.pool.prefsize=10 -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 </Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>jvm.classpath</Tag>

+            <Value>_ROOT_DIR_/etc:_ROOT_DIR_/lib/*:</Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>jvm.heap.min</Tag>

+            <Value>512m</Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>jvm.heap.max</Tag>

+            <Value>2048m</Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>start.class</Tag>

+            <Value>com.att.authz.gw.GwAPI</Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>stdout.redirect</Tag>

+            <Value>_ROOT_DIR_/logs/SystemOut.log</Value>

+        </ResourceProps>

+        <ResourceProps>

+            <Tag>stderr.redirect</Tag>

+            <Value>_ROOT_DIR_/logs/SystemErr.log</Value>

+        </ResourceProps>

+        <ResourceOSID>aft</ResourceOSID>

+        <ResourceStartType>AUTO</ResourceStartType>

+        <ResourceStartPriority>4</ResourceStartPriority>

+		<ResourceMinCount>_RESOURCE_MIN_COUNT_</ResourceMinCount>

+		<ResourceMaxCount>_RESOURCE_MAX_COUNT_</ResourceMaxCount>        

+		<ResourceRegistration>_RESOURCE_REGISTRATION_</ResourceRegistration>

+        <ResourceSWMComponent>com.att.authz:_ARTIFACT_ID_</ResourceSWMComponent>

+        <ResourceSWMComponentVersion>_ARTIFACT_VERSION_</ResourceSWMComponentVersion>

+    </ns2:ManagedResource>

+</ns2:ManagedResourceList>

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java
new file mode 100644
index 0000000..5872e7d
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java
@@ -0,0 +1,248 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw;

+

+import java.net.HttpURLConnection;

+import java.util.ArrayList;

+import java.util.EnumSet;

+import java.util.List;

+import java.util.Map;

+import java.util.Properties;

+

+import org.onap.aaf.authz.env.AuthzEnv;

+import org.onap.aaf.authz.gw.api.API_AAFAccess;

+import org.onap.aaf.authz.gw.api.API_Api;

+import org.onap.aaf.authz.gw.api.API_Find;

+import org.onap.aaf.authz.gw.api.API_Proxy;

+import org.onap.aaf.authz.gw.api.API_TGuard;

+import org.onap.aaf.authz.gw.facade.GwFacade_1_0;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.authz.server.AbsServer;

+import org.onap.aaf.cache.Cache;

+import org.onap.aaf.cache.Cache.Dated;

+import org.onap.aaf.cssa.rserv.HttpMethods;

+

+import com.att.aft.dme2.api.DME2Exception;

+

+import com.att.aft.dme2.api.DME2Manager;

+import com.att.aft.dme2.api.DME2Server;

+import com.att.aft.dme2.api.DME2ServerProperties;

+import com.att.aft.dme2.api.DME2ServiceHolder;

+import com.att.aft.dme2.api.util.DME2FilterHolder;

+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;

+import com.att.aft.dme2.api.util.DME2ServletHolder;

+import org.onap.aaf.cadi.CadiException;

+//import org.onap.aaf.cadi.PropAccess;

+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;

+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;

+import org.onap.aaf.cadi.config.Config;

+import org.onap.aaf.inno.env.APIException;

+

+public class GwAPI extends AbsServer {

+	private static final String USER_PERMS = "userPerms";

+	private GwFacade_1_0 facade; // this is the default Facade

+	private GwFacade_1_0 facade_1_0_XML;

+	public Map<String, Dated> cacheUser;

+	public final String aafurl;

+	public final AAFAuthn<HttpURLConnection> aafAuthn;

+	public final AAFLurPerm aafLurPerm;

+	public DME2Manager dme2Man;

+

+	

+	/**

+	 * Construct AuthzAPI with all the Context Supporting Routes that Authz needs

+	 * 

+	 * @param env

+	 * @param si 

+	 * @param dm 

+	 * @param decryptor 

+	 * @throws APIException 

+	 */

+	public GwAPI(AuthzEnv env) throws Exception {

+		super(env,"AAF GW");

+		aafurl = env.getProperty(Config.AAF_URL); 

+

+		// Setup Logging

+		//env.setLog4JNames("log4j.properties","authz","gw","audit","init","trace");

+

+		aafLurPerm = aafCon.newLur();

+		// Note: If you need both Authn and Authz construct the following:

+		aafAuthn = aafCon.newAuthn(aafLurPerm);

+

+		// Initialize Facade for all uses

+		//AuthzTrans trans = env.newTrans();

+

+	//	facade = GwFacadeFactory.v1_0(env,trans,Data.TYPE.JSON);   // Default Facade

+	//	facade_1_0_XML = GwFacadeFactory.v1_0(env,trans,Data.TYPE.XML);

+

+		synchronized(env) {

+			if(cacheUser == null) {

+				cacheUser = Cache.obtain(USER_PERMS);

+				//Cache.startCleansing(env, USER_PERMS);

+				Cache.addShutdownHook(); // Setup Shutdown Hook to close cache

+			}

+		}

+		

+		////////////////////////////////////////////////////////////////////////////

+		// Time Critical

+		//  These will always be evaluated first

+		////////////////////////////////////////////////////////////////////////

+		API_AAFAccess.init(this,facade);

+		API_Find.init(this, facade);

+		API_TGuard.init(this, facade);

+		API_Proxy.init(this, facade);

+		

+		////////////////////////////////////////////////////////////////////////

+		// Management APIs

+		////////////////////////////////////////////////////////////////////////

+		// There are several APIs around each concept, and it gets a bit too

+		// long in this class to create.  The initialization of these Management

+		// APIs have therefore been pushed to StandAlone Classes with static

+		// init functions

+		API_Api.init(this, facade);

+

+		////////////////////////////////////////////////////////////////////////

+		// Default Function

+		////////////////////////////////////////////////////////////////////////

+		API_AAFAccess.initDefault(this,facade);

+

+	}

+	

+	/**

+	 * Setup XML and JSON implementations for each supported Version type

+	 * 

+	 * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties

+	 * to do Versions and Content switches

+	 * 

+	 */

+	public void route(HttpMethods meth, String path, API api, GwCode code) throws Exception {

+		String version = "1.0";

+		// Get Correct API Class from Mapper

+		Class<?> respCls = facade.mapper().getClass(api); 

+		if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());

+		// setup Application API HTML ContentTypes for JSON and Route

+		String application = applicationJSON(respCls, version);

+		//route(env,meth,path,code,application,"application/json;version="+version,"*/*");

+

+		// setup Application API HTML ContentTypes for XML and Route

+		application = applicationXML(respCls, version);

+		//route(env,meth,path,code.clone(facade_1_0_XML,false),application,"text/xml;version="+version);

+		

+		// Add other Supported APIs here as created

+	}

+	

+	public void routeAll(HttpMethods meth, String path, API api, GwCode code) throws Exception {

+		//route(env,meth,path,code,""); // this will always match

+	}

+

+

+	/**

+	 * Start up AuthzAPI as DME2 Service

+	 * @param env

+	 * @param props

+	 * @throws DME2Exception

+	 * @throws CadiException 

+	 */

+	public void startDME2(Properties props) throws DME2Exception, CadiException {

+		

+		dme2Man = new DME2Manager("GatewayDME2Manager",props);

+

+        DME2ServiceHolder svcHolder;

+        List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();

+        svcHolder = new DME2ServiceHolder();

+        String serviceName = env.getProperty("DMEServiceName",null);

+    	if(serviceName!=null) {

+	    	svcHolder.setServiceURI(serviceName);

+	        svcHolder.setManager(dme2Man);

+	        svcHolder.setContext("/");

+	        

+	        

+	        

+	        DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[] {"/dme2","/api"});

+	        srvHolder.setContextPath("/*");

+	        slist.add(srvHolder);

+	        

+	        EnumSet<RequestDispatcherType> edlist = EnumSet.of(

+	        		RequestDispatcherType.REQUEST,

+	        		RequestDispatcherType.FORWARD,

+	        		RequestDispatcherType.ASYNC

+	        		);

+

+	        ///////////////////////

+	        // Apply Filters

+	        ///////////////////////

+	        List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();

+	        

+	        // Leave Login page un secured

+	       // AuthzTransOnlyFilter atof = new AuthzTransOnlyFilter(env);

+	      //  flist.add(new DME2FilterHolder(atof,"/login", edlist));

+

+	        // Secure all other interactions with AuthzTransFilter

+//	        flist.add(new DME2FilterHolder(

+//	        		new AuthzTransFilter(env, aafCon, new AAFTrustChecker(

+//	    	        		env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN),

+//	    	        		Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust"

+//	        			)),

+//	        		"/*", edlist));

+//	        

+

+	        svcHolder.setFilters(flist);

+	        svcHolder.setServletHolders(slist);

+	        

+	        DME2Server dme2svr = dme2Man.getServer();

+//	        dme2svr.setGracefulShutdownTimeMs(1000);

+	

+	       // env.init().log("Starting GW Jetty/DME2 server...");

+	        dme2svr.start();

+	        DME2ServerProperties dsprops = dme2svr.getServerProperties();

+	        try {

+//	        	if(env.getProperty("NO_REGISTER",null)!=null)

+	        	dme2Man.bindService(svcHolder);

+//	        	env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());

+

+	            while(true) { // Per DME2 Examples...

+	            	Thread.sleep(5000);

+	            }

+	        } catch(InterruptedException e) {

+	           // env.init().log("AAF Jetty Server interrupted!");

+	        } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process

+	         //   env.init().log(e,"DME2 Initialization Error");

+	        	dme2svr.stop();

+	        	System.exit(1);

+	        }

+    	} else {

+    		//env.init().log("Properties must contain DMEServiceName");

+    	}

+	}

+

+	public static void main(String[] args) {

+		setup(GwAPI.class,"authGW.props");

+	}

+

+//	public void route(PropAccess env, HttpMethods get, String string, GwCode gwCode, String string2, String string3,

+//			String string4) {

+//		// TODO Auto-generated method stub

+//		

+//	}

+

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java
new file mode 100644
index 0000000..a9e6eb2
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java
@@ -0,0 +1,45 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.facade.GwFacade;

+import org.onap.aaf.cssa.rserv.HttpCode;

+

+public abstract class GwCode extends HttpCode<AuthzTrans, GwFacade> implements Cloneable {

+	public boolean useJSON;

+

+	public GwCode(GwFacade facade, String description, boolean useJSON, String ... roles) {

+		super(facade, description, roles);

+		this.useJSON = useJSON;

+	}

+	

+	public <D extends GwCode> D clone(GwFacade facade, boolean useJSON) throws Exception {

+		@SuppressWarnings("unchecked")

+		D d = (D)clone();

+		d.useJSON = useJSON;

+		d.context = facade;

+		return d;

+	}

+	

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java
new file mode 100644
index 0000000..202ec58
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java
@@ -0,0 +1,363 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.api;

+

+import java.io.IOException;

+import java.net.ConnectException;

+import java.net.MalformedURLException;

+import java.net.URI;

+import java.security.Principal;

+

+import javax.servlet.ServletOutputStream;

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.GwAPI;

+import org.onap.aaf.authz.gw.GwCode;

+import org.onap.aaf.authz.gw.facade.GwFacade;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.authz.layer.Result;

+import org.onap.aaf.cache.Cache.Dated;

+import org.onap.aaf.cssa.rserv.HttpMethods;

+

+import com.att.aft.dme2.internal.jetty.http.HttpStatus;

+import org.onap.aaf.cadi.CadiException;

+import org.onap.aaf.cadi.Locator;

+import org.onap.aaf.cadi.Locator.Item;

+import org.onap.aaf.cadi.LocatorException;

+import org.onap.aaf.cadi.aaf.AAFPermission;

+import org.onap.aaf.cadi.client.Future;

+import org.onap.aaf.cadi.client.Rcli;

+import org.onap.aaf.cadi.client.Retryable;

+import org.onap.aaf.cadi.dme2.DME2Locator;

+import org.onap.aaf.cadi.principal.BasicPrincipal;

+import org.onap.aaf.inno.env.APIException;

+import org.onap.aaf.inno.env.Env;

+import org.onap.aaf.inno.env.TimeTaken;

+

+public class API_AAFAccess {

+	private static final String AUTHZ_DME2_GUI = "com.att.authz.authz-gui";

+	static final String AFT_ENVIRONMENT="AFT_ENVIRONMENT";

+	static final String AFT_ENV_CONTEXT="AFT_ENV_CONTEXT";

+	static final String AFTUAT="AFTUAT";

+	

+	private static final String PROD = "PROD";

+	private static final String IST = "IST"; // main NONPROD system

+	private static final String PERF = "PERF";

+	private static final String TEST = "TEST";

+	private static final String DEV = "DEV";

+	

+//	private static String service, version, envContext; 

+	private static String routeOffer;

+

+	private static final String GET_PERMS_BY_USER = "Get Perms by User";

+	private static final String USER_HAS_PERM ="User Has Perm";

+//	private static final String USER_IN_ROLE ="User Has Role";

+	private static final String BASIC_AUTH ="AAF Basic Auth";

+	

+	/**

+	 * Normal Init level APIs

+	 * 

+	 * @param gwAPI

+	 * @param facade

+	 * @throws Exception

+	 */

+	public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {

+		String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);

+		if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");

+		

+		int equals, count=0;

+		for(int slash = gwAPI.aafurl.indexOf('/');slash>0;++count) {

+			equals = gwAPI.aafurl.indexOf('=',slash)+1;

+			slash = gwAPI.aafurl.indexOf('/',slash+1);

+			switch(count) {

+				case 2:

+//					service = gwAPI.aafurl.substring(equals, slash);

+					break;

+				case 3:

+//					version = gwAPI.aafurl.substring(equals, slash);

+					break;

+				case 4:

+//					envContext = gwAPI.aafurl.substring(equals, slash);

+					break;

+				case 5:

+					routeOffer = gwAPI.aafurl.substring(equals);

+					break;

+			}

+		}

+		if(count<6) throw new MalformedURLException(gwAPI.aafurl);

+		

+		gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new GwCode(facade,GET_PERMS_BY_USER, true) {

+			@Override

+			public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {

+				TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);

+				try {

+					final String accept = req.getHeader("ACCEPT");

+					final String user = pathParam(req,":user");

+					if(!user.contains("@")) {

+						context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);

+						return;

+					}

+					String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");

+					TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);

+					Dated d;

+					try {

+						d = gwAPI.cacheUser.get(key);

+					} finally {

+						tt2.done();

+					}

+					

+					if(d==null || d.data.isEmpty()) {

+						tt2 = trans.start("AAF Service Call",Env.REMOTE);

+						try {

+							gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {

+								@Override

+								public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {

+									Future<String> fp = client.read("/authz/perms/user/"+user,accept);

+									if(fp.get(5000)) {

+										gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));

+										resp.setStatus(HttpStatus.OK_200);

+										ServletOutputStream sos;

+										try {

+											sos = resp.getOutputStream();

+											sos.print(fp.value);

+										} catch (IOException e) {

+											throw new CadiException(e);

+										}

+									} else {

+										gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));

+										context.error(trans,resp,fp.code(),fp.body());

+									}

+									return null;

+								}

+							});

+						} finally {

+							tt2.done();

+						}

+					} else {

+						User u = (User)d.data.get(0);

+						resp.setStatus(u.code);

+						ServletOutputStream sos = resp.getOutputStream();

+						sos.print(u.resp);

+					}

+				} finally {

+					tt.done();

+				}

+			}

+		});

+

+		gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new GwCode(facade,BASIC_AUTH, true) {

+			@Override

+			public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				Principal p = trans.getUserPrincipal();

+				if(p == null) {

+					trans.error().log("Transaction not Authenticated... no Principal");

+					resp.setStatus(HttpStatus.FORBIDDEN_403);

+				} else if (p instanceof BasicPrincipal) {

+					// the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok

+					// otherwise, it wouldn't have gotten here.

+					resp.setStatus(HttpStatus.OK_200);

+				} else {

+					trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");

+					// For Auth Security questions, we don't give any info to client on why failed

+					resp.setStatus(HttpStatus.FORBIDDEN_403);

+				}

+			}

+		},"text/plain","*/*","*");

+

+		/**

+		 * Query User Has Perm

+		 */

+		gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new GwCode(facade,USER_HAS_PERM, true) {

+			@Override

+			public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				try {

+					resp.getOutputStream().print(

+							gwAPI.aafLurPerm.fish(pathParam(req,":user"), new AAFPermission(

+								pathParam(req,":type"),

+								pathParam(req,":instance"),

+								pathParam(req,":action"))));

+					resp.setStatus(HttpStatus.OK_200);

+				} catch(Exception e) {

+					context.error(trans, resp, Result.ERR_General, e.getMessage());

+				}

+			}

+		});

+

+		if(AFTUAT.equals(aftenv)) {

+			gwAPI.route(HttpMethods.GET,"/ist/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access UAT GUI for AAF", true) {

+				@Override

+				public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+					try{

+						redirect(trans, req, resp, context, 

+								new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), IST, routeOffer), 

+								pathParam(req,":path"));

+					} catch (LocatorException e) {

+						context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+					} catch (Exception e) {

+						context.error(trans, resp, Result.ERR_General, e.getMessage());

+					}

+				}

+			});

+

+			gwAPI.route(HttpMethods.GET,"/test/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access TEST GUI for AAF", true) {

+				@Override

+				public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+					try{

+						redirect(trans, req, resp, context, 

+								new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), TEST, routeOffer), 

+								pathParam(req,":path"));

+					} catch (LocatorException e) {

+						context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+					} catch (Exception e) {

+						context.error(trans, resp, Result.ERR_General, e.getMessage());

+					}

+				}

+			});

+

+			gwAPI.route(HttpMethods.GET,"/perf/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access PERF GUI for AAF", true) {

+				@Override

+				public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+					try{

+						redirect(trans, req, resp, context, 

+								new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PERF, routeOffer), 

+								pathParam(req,":path"));

+					} catch (LocatorException e) {

+						context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+					} catch (Exception e) {

+						context.error(trans, resp, Result.ERR_General, e.getMessage());

+					}

+				}

+			});

+

+			gwAPI.route(HttpMethods.GET,"/dev/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access DEV GUI for AAF", true) {

+				@Override

+				public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+					try {

+						redirect(trans, req, resp, context, 

+								new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), DEV, routeOffer), 

+								pathParam(req,":path"));

+					} catch (LocatorException e) {

+						context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+					} catch (Exception e) {

+						context.error(trans, resp, Result.ERR_General, e.getMessage());

+					}

+				}

+			});

+		} else {

+			gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access PROD GUI for AAF", true) {

+				@Override

+				public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+					try {

+						redirect(trans, req, resp, context, 

+								new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PROD, routeOffer), 

+								pathParam(req,":path"));

+					} catch (LocatorException e) {

+						context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+					} catch (Exception e) {

+						context.error(trans, resp, Result.ERR_General, e.getMessage());

+					}

+				}

+			});

+		}

+		

+	}

+	

+	public static void initDefault(final GwAPI gwAPI, GwFacade facade) throws Exception {

+		String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);

+		if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");

+	

+		String aftctx = gwAPI.env.getProperty(AFT_ENV_CONTEXT);

+		if(aftctx==null) throw new Exception(AFT_ENV_CONTEXT + " must be set");

+

+		/**

+		 * "login" url

+		 */

+		gwAPI.route(HttpMethods.GET,"/login",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {

+			@Override

+			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				try {

+					redirect(trans, req, resp, context, 

+							new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer), 

+							"login");

+				} catch (LocatorException e) {

+					context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+				} catch (Exception e) {

+					context.error(trans, resp, Result.ERR_General, e.getMessage());

+				}

+			}

+		});

+

+		/**

+		 * Default URL

+		 */

+		gwAPI.route(HttpMethods.GET,"/",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {

+			@Override

+			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				try {

+					redirect(trans, req, resp, context, 

+							new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer), 

+							"gui/home");

+				} catch (LocatorException e) {

+					context.error(trans, resp, Result.ERR_BadData, e.getMessage());

+				} catch (Exception e) {

+					context.error(trans, resp, Result.ERR_General, e.getMessage());

+				}

+			}

+		});

+	}

+

+	private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, GwFacade context, Locator loc, String path) throws IOException {

+		try {

+			if(loc.hasItems()) {

+				Item item = loc.best();

+				URI uri = (URI) loc.get(item);

+				StringBuilder redirectURL = new StringBuilder(uri.toString()); 

+				redirectURL.append('/');

+				redirectURL.append(path);

+				String str = req.getQueryString();

+				if(str!=null) {

+					redirectURL.append('?');

+					redirectURL.append(str);

+				}

+				trans.info().log("Redirect to",redirectURL);

+				resp.sendRedirect(redirectURL.toString());

+			} else {

+				context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));

+			}

+		} catch (LocatorException e) {

+			context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));

+		}

+	}

+

+	private static class User {

+		public final int code;

+		public final String resp;

+		

+		public User(int code, String resp) {

+			this.code = code;

+			this.resp = resp;

+		}

+	}

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java
new file mode 100644
index 0000000..0a828f9
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java
@@ -0,0 +1,99 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.api;

+

+import static org.onap.aaf.authz.layer.Result.OK;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.GwAPI;

+import org.onap.aaf.authz.gw.GwCode;

+import org.onap.aaf.authz.gw.facade.GwFacade;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.authz.layer.Result;

+import org.onap.aaf.cssa.rserv.HttpMethods;

+

+import com.att.aft.dme2.internal.jetty.http.HttpStatus;

+import org.onap.aaf.cadi.Symm;

+

+/**

+ * API Apis

+ *

+ */

+public class API_Api {

+	/**

+	 * Normal Init level APIs

+	 * 

+	 * @param gwAPI

+	 * @param facade

+	 * @throws Exception

+	 */

+	public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {

+		////////

+		// Overall APIs

+		///////

+		gwAPI.route(HttpMethods.GET,"/api",API.VOID,new GwCode(facade,"Document API", true) {

+			@Override

+			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				Result<Void> r = context.getAPI(trans,resp,gwAPI);

+				switch(r.status) {

+				case OK:

+					resp.setStatus(HttpStatus.OK_200);

+					break;

+				default:

+					context.error(trans,resp,r);

+			}

+

+			}

+		});

+

+		////////

+		// Overall Examples

+		///////

+		gwAPI.route(HttpMethods.GET,"/api/example/*",API.VOID,new GwCode(facade,"Document API", true) {

+			@Override

+			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				String pathInfo = req.getPathInfo();

+				int question = pathInfo.lastIndexOf('?');

+				

+				pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/"

+				String nameOrContextType=Symm.base64noSplit.decode(pathInfo);

+//				String param = req.getParameter("optional");

+				Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType,

+						question>=0 && "optional=true".equalsIgnoreCase(req.getPathInfo().substring(question+1))

+						);

+				switch(r.status) {

+				case OK:

+					resp.setStatus(HttpStatus.OK_200);

+					break;

+				default:

+					context.error(trans,resp,r);

+			}

+

+			}

+		});

+

+	}

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java
new file mode 100644
index 0000000..63595f0
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java
@@ -0,0 +1,87 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.api;

+

+import java.net.URI;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.GwAPI;

+import org.onap.aaf.authz.gw.GwCode;

+import org.onap.aaf.authz.gw.facade.GwFacade;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.authz.layer.Result;

+import org.onap.aaf.cssa.rserv.HttpMethods;

+

+import org.onap.aaf.cadi.Locator;

+import org.onap.aaf.cadi.Locator.Item;

+import org.onap.aaf.cadi.LocatorException;

+import org.onap.aaf.cadi.dme2.DME2Locator;

+

+/**

+ * API Apis.. using Redirect for mechanism

+ * 

+ *

+ */

+public class API_Find {

+	/**

+	 * Normal Init level APIs

+	 * 

+	 * @param gwAPI

+	 * @param facade

+	 * @throws Exception

+	 */

+	public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {

+		////////

+		// Overall APIs

+		///////

+		gwAPI.route(HttpMethods.GET,"/dme2/:service/:version/:envContext/:routeOffer/:path*",API.VOID,new GwCode(facade,"Document API", true) {

+			@Override

+			public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+				//TODO cache this...

+				try {

+					Locator loc = new DME2Locator(gwAPI.env, gwAPI.dme2Man, 

+						pathParam(req,":service"),

+						pathParam(req,":version"),

+						pathParam(req,":envContext"),

+						pathParam(req,":routeOffer")

+						);

+					if(loc.hasItems()) {

+						Item item = loc.best();

+						URI uri = (URI) loc.get(item);

+						String redirectURL = uri.toString() + '/' + pathParam(req,":path");

+						trans.warn().log("Redirect to",redirectURL);

+						resp.sendRedirect(redirectURL);

+					} else {

+						context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));

+					}

+				} catch (LocatorException e) {

+					context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));

+				}

+			}

+		});

+

+	}

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java
new file mode 100644
index 0000000..90d754e
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java
@@ -0,0 +1,156 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.api;

+

+import java.net.ConnectException;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.GwAPI;

+import org.onap.aaf.authz.gw.GwCode;

+import org.onap.aaf.authz.gw.facade.GwFacade;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.cssa.rserv.HttpMethods;

+

+import com.att.aft.dme2.internal.jetty.http.HttpStatus;

+import org.onap.aaf.cadi.CadiException;

+import org.onap.aaf.cadi.client.Future;

+import org.onap.aaf.cadi.client.Rcli;

+import org.onap.aaf.cadi.client.Retryable;

+import org.onap.aaf.cadi.config.Config;

+import org.onap.aaf.inno.env.APIException;

+import org.onap.aaf.inno.env.Env;

+import org.onap.aaf.inno.env.TimeTaken;

+

+/**

+ * API Apis.. using Redirect for mechanism

+ * 

+ *

+ */

+public class API_Proxy {

+

+	/**

+	 * Normal Init level APIs

+	 * 

+	 * @param gwAPI

+	 * @param facade

+	 * @throws Exception

+	 */

+	public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {

+		

+		String aafurl = gwAPI.env.getProperty(Config.AAF_URL);

+		if(aafurl==null) {

+		} else {

+

+			////////

+			// Transferring APIs

+			///////

+			gwAPI.routeAll(HttpMethods.GET,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy GET", true) {

+				@Override

+				public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {

+					TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);

+					try {

+						gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {

+							@Override

+							public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {

+								Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);

+								ft.get(10000); // Covers return codes and err messages

+								return null;

+							}

+						});

+					

+					} catch (CadiException | APIException e) {

+						trans.error().log(e);

+					} finally {

+						tt.done();

+					}

+				}

+			});

+			

+			gwAPI.routeAll(HttpMethods.POST,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy POST", true) {

+				@Override

+				public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {

+					TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);

+					try {

+						gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {

+							@Override

+							public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {

+								Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.CREATED_201);

+								ft.get(10000); // Covers return codes and err messages

+								return null;

+							}

+						});

+					} catch (CadiException | APIException e) {

+						trans.error().log(e);

+					} finally {

+						tt.done();

+					}

+				}

+			});

+			

+			gwAPI.routeAll(HttpMethods.PUT,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy PUT", true) {

+				@Override

+				public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {

+					TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);

+					try {

+						gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {

+							@Override

+							public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {

+								Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);

+								ft.get(10000); // Covers return codes and err messages

+								return null;

+							}

+						});

+					} catch (CadiException | APIException e) {

+						trans.error().log(e);

+					} finally {

+						tt.done();

+					}

+				}

+			});

+			

+			gwAPI.routeAll(HttpMethods.DELETE,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy DELETE", true) {

+				@Override

+				public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {

+					TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);

+					try {

+						gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {

+							@Override

+							public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {

+								Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);

+								ft.get(10000); // Covers return codes and err messages

+								return null;

+							}

+						});

+					} catch (CadiException | APIException e) {

+						trans.error().log(e);

+					} finally {

+						tt.done();

+					}

+				}

+			});

+		}

+	}

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java
new file mode 100644
index 0000000..876782f
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java
@@ -0,0 +1,75 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.api;

+

+import static org.onap.aaf.authz.layer.Result.OK;

+

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.GwAPI;

+import org.onap.aaf.authz.gw.GwCode;

+import org.onap.aaf.authz.gw.facade.GwFacade;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.authz.layer.Result;

+import org.onap.aaf.cssa.rserv.HttpMethods;

+

+import com.att.aft.dme2.internal.jetty.http.HttpStatus;

+

+/**

+ * API Apis

+ *

+ */

+public class API_TGuard {

+	/**

+	 * Normal Init level APIs

+	 * 

+	 * @param gwAPI

+	 * @param facade

+	 * @throws Exception

+	 */

+	public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {

+		String aftenv = gwAPI.env.getProperty(API_AAFAccess.AFT_ENVIRONMENT);

+		if(aftenv==null) throw new Exception(API_AAFAccess.AFT_ENVIRONMENT + " must be set");

+

+		////////

+		// Do not deploy these to PROD

+		///////

+		if(API_AAFAccess.AFTUAT.equals(aftenv)) {

+			gwAPI.route(HttpMethods.GET,"/tguard/:path*",API.VOID,new GwCode(facade,"TGuard Test", true) {

+				@Override

+				public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {

+					Result<Void> r = context.getAPI(trans,resp,gwAPI);

+					switch(r.status) {

+						case OK:

+							resp.setStatus(HttpStatus.OK_200);

+							break;

+						default:

+							context.error(trans,resp,r);

+					}

+				}

+			});

+		}

+	}

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java
new file mode 100644
index 0000000..e5f3919
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java
@@ -0,0 +1,74 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.facade;

+

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.layer.Result;

+import org.onap.aaf.cssa.rserv.RServlet;

+

+

+/**

+ *   

+ *

+ */

+public interface GwFacade {

+

+/////////////////////  STANDARD ELEMENTS //////////////////

+	/** 

+	 * @param trans

+	 * @param response

+	 * @param result

+	 */

+	void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);

+

+	/**

+	 * 

+	 * @param trans

+	 * @param response

+	 * @param status

+	 */

+	void error(AuthzTrans trans, HttpServletResponse response, int status,	String msg, String ... detail);

+

+

+	/**

+	 * 

+	 * @param trans

+	 * @param resp

+	 * @param rservlet

+	 * @return

+	 */

+	public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet);

+

+	/**

+	 * 

+	 * @param trans

+	 * @param resp

+	 * @param typeCode

+	 * @param optional

+	 * @return

+	 */

+	public abstract Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional);

+

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java
new file mode 100644
index 0000000..30f9ce2
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java
@@ -0,0 +1,48 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.facade;

+

+import org.onap.aaf.authz.env.AuthzEnv;

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.mapper.Mapper_1_0;

+import org.onap.aaf.authz.gw.service.GwServiceImpl;

+

+import org.onap.aaf.inno.env.APIException;

+import org.onap.aaf.inno.env.Data;

+

+import gw.v1_0.Error;

+import gw.v1_0.InRequest;

+import gw.v1_0.Out;

+

+

+public class GwFacadeFactory {

+	public static GwFacade_1_0 v1_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type) throws APIException {

+		return new GwFacade_1_0(env,

+				new GwServiceImpl<

+					InRequest,

+					Out,

+					Error>(trans,new Mapper_1_0()),

+				type);  

+	}

+

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java
new file mode 100644
index 0000000..fa61066
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java
@@ -0,0 +1,258 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.facade;

+

+

+import static org.onap.aaf.authz.layer.Result.ERR_ActionNotCompleted;

+import static org.onap.aaf.authz.layer.Result.ERR_BadData;

+import static org.onap.aaf.authz.layer.Result.ERR_ConflictAlreadyExists;

+import static org.onap.aaf.authz.layer.Result.ERR_Denied;

+import static org.onap.aaf.authz.layer.Result.ERR_NotFound;

+import static org.onap.aaf.authz.layer.Result.ERR_NotImplemented;

+import static org.onap.aaf.authz.layer.Result.ERR_Policy;

+import static org.onap.aaf.authz.layer.Result.ERR_Security;

+

+import java.lang.reflect.Method;

+

+import javax.servlet.http.HttpServletResponse;

+

+import org.onap.aaf.authz.env.AuthzEnv;

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.mapper.Mapper;

+import org.onap.aaf.authz.gw.mapper.Mapper.API;

+import org.onap.aaf.authz.gw.service.GwService;

+import org.onap.aaf.authz.gw.service.GwServiceImpl;

+import org.onap.aaf.authz.layer.FacadeImpl;

+import org.onap.aaf.authz.layer.Result;

+import org.onap.aaf.cssa.rserv.RServlet;

+import org.onap.aaf.cssa.rserv.RouteReport;

+import org.onap.aaf.cssa.rserv.doc.ApiDoc;

+

+import org.onap.aaf.cadi.aaf.client.Examples;

+import org.onap.aaf.inno.env.APIException;

+import org.onap.aaf.inno.env.Data;

+import org.onap.aaf.inno.env.Data.TYPE;

+import org.onap.aaf.inno.env.Env;

+import org.onap.aaf.inno.env.TimeTaken;

+import org.onap.aaf.rosetta.env.RosettaDF;

+

+import gw.v1_0.Api;

+

+/**

+ * AuthzFacade

+ * 

+ * This Service Facade encapsulates the essence of the API Service can do, and provides

+ * a single created object for elements such as RosettaDF.

+ *

+ * The Responsibilities of this class are to:

+ * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)

+ * 2) Validate incoming data (if applicable)

+ * 3) Convert the Service response into the right Format, and mark the Content Type

+ * 		a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.

+ * 4) Log Service info, warnings and exceptions as necessary

+ * 5) When asked by the API layer, this will create and write Error content to the OutputStream

+ * 

+ * Note: This Class does NOT set the HTTP Status Code.  That is up to the API layer, so that it can be 

+ * clearly coordinated with the API Documentation

+ * 

+ *

+ */

+public abstract class GwFacadeImpl<IN,OUT,ERROR> extends FacadeImpl implements GwFacade 

+	{

+	private GwService<IN,OUT,ERROR> service;

+

+	private final RosettaDF<ERROR>	 	errDF;

+	private final RosettaDF<Api>	 	apiDF;

+

+	public GwFacadeImpl(AuthzEnv env, GwService<IN,OUT,ERROR> service, Data.TYPE dataType) throws APIException {

+		this.service = service;

+		(errDF 				= env.newDataFactory(mapper().getClass(API.ERROR))).in(dataType).out(dataType);

+		(apiDF				= env.newDataFactory(Api.class)).in(dataType).out(dataType);

+	}

+	

+	public Mapper<IN,OUT,ERROR> mapper() {

+		return service.mapper();

+	}

+		

+	/* (non-Javadoc)

+	 * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int)

+	 * 

+	 * Note: Conforms to AT&T TSS RESTful Error Structure

+	 */

+	@Override

+	public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {

+		String msg = result.details==null?"":result.details.trim();

+		String[] detail;

+		if(result.variables==null) {

+			detail = new String[1];

+		} else {

+			int l = result.variables.length;

+			detail=new String[l+1];

+			System.arraycopy(result.variables, 0, detail, 1, l);

+		}

+		error(trans, response, result.status,msg,detail);

+	}

+		

+	@Override

+	public void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... _detail) {

+	    	String[] detail = _detail;

+		if(detail.length==0) {

+		    detail=new String[1];

+		}

+		String msgId;

+		switch(status) {

+			case 202:

+			case ERR_ActionNotCompleted:

+				msgId = "SVC1202";

+				detail[0] = "Accepted, Action not complete";

+				response.setStatus(/*httpstatus=*/202);

+				break;

+

+			case 403:

+			case ERR_Policy:

+			case ERR_Security:

+			case ERR_Denied:

+				msgId = "SVC1403";

+				detail[0] = "Forbidden";

+				response.setStatus(/*httpstatus=*/403);

+				break;

+				

+			case 404:

+			case ERR_NotFound:

+				msgId = "SVC1404";

+				detail[0] = "Not Found";

+				response.setStatus(/*httpstatus=*/404);

+				break;

+

+			case 406:

+			case ERR_BadData:

+				msgId="SVC1406";

+				detail[0] = "Not Acceptable";

+				response.setStatus(/*httpstatus=*/406);

+				break;

+				

+			case 409:

+			case ERR_ConflictAlreadyExists:

+				msgId = "SVC1409";

+				detail[0] = "Conflict Already Exists";

+				response.setStatus(/*httpstatus=*/409);

+				break;

+			

+			case 501:

+			case ERR_NotImplemented:

+				msgId = "SVC1501";

+				detail[0] = "Not Implemented"; 

+				response.setStatus(/*httpstatus=*/501);

+				break;

+				

+

+			default:

+				msgId = "SVC1500";

+				detail[0] = "General Service Error";

+				response.setStatus(/*httpstatus=*/500);

+				break;

+		}

+

+		try {

+			StringBuilder holder = new StringBuilder();

+			errDF.newData(trans).load(

+				mapper().errorFromMessage(holder,msgId,msg,detail)).to(response.getOutputStream());

+			trans.checkpoint(

+					"ErrResp [" + 

+					msgId +

+					"] " +

+					holder.toString(),

+					Env.ALWAYS);

+		} catch (Exception e) {

+			trans.error().log(e,"unable to send response for",msg);

+		}

+	}

+	

+	/* (non-Javadoc)

+	 * @see com.att.authz.facade.AuthzFacade#getAPI(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse)

+	 */

+	public final static String API_REPORT = "apiReport";

+	@Override

+	public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet) {

+		TimeTaken tt = trans.start(API_REPORT, Env.SUB);

+		try {

+			Api api = new Api();

+			Api.Route ar;

+			Method[] meths = GwServiceImpl.class.getDeclaredMethods();

+			for(RouteReport rr : rservlet.routeReport()) {

+				api.getRoute().add(ar = new Api.Route());

+				ar.setMeth(rr.meth.name());

+				ar.setPath(rr.path);

+				ar.setDesc(rr.desc);

+				ar.getContentType().addAll(rr.contextTypes);

+				for(Method m : meths) {

+					ApiDoc ad;

+					if((ad = m.getAnnotation(ApiDoc.class))!=null &&

+							rr.meth.equals(ad.method()) &&

+						    rr.path.equals(ad.path())) {

+						for(String param : ad.params()) {

+							ar.getParam().add(param);

+						}

+						for(String text : ad.text()) {

+							ar.getComments().add(text);

+						}

+						ar.setExpected(ad.expectedCode());

+						for(int ec : ad.errorCodes()) {

+							ar.getExplicitErr().add(ec);

+						}

+					}

+				}

+			}

+			apiDF.newData(trans).load(api).to(resp.getOutputStream());

+			setContentType(resp,apiDF.getOutType());

+			return Result.ok();

+

+		} catch (Exception e) {

+			trans.error().log(e,IN,API_REPORT);

+			return Result.err(e);

+		} finally {

+			tt.done();

+		}

+	}

+	

+	public final static String API_EXAMPLE = "apiExample";

+	/* (non-Javadoc)

+	 * @see com.att.authz.facade.AuthzFacade#getAPIExample(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)

+	 */

+	@Override

+	public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) {

+		TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);

+		try {

+			String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional); 

+			resp.getOutputStream().print(content);

+			setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);

+			return Result.ok();

+		} catch (Exception e) {

+			trans.error().log(e,IN,API_EXAMPLE);

+			return Result.err(Result.ERR_NotImplemented,e.getMessage());

+		} finally {

+			tt.done();

+		}

+	}

+

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java
new file mode 100644
index 0000000..188144c
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java
@@ -0,0 +1,40 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.facade;

+

+import org.onap.aaf.authz.env.AuthzEnv;

+import org.onap.aaf.authz.gw.service.GwService;

+

+import org.onap.aaf.inno.env.APIException;

+import org.onap.aaf.inno.env.Data;

+

+import gw.v1_0.Error;

+import gw.v1_0.InRequest;

+import gw.v1_0.Out;

+

+public class GwFacade_1_0 extends GwFacadeImpl<InRequest,Out,Error>

+{

+	public GwFacade_1_0(AuthzEnv env, GwService<InRequest,Out,Error> service, Data.TYPE type) throws APIException {

+		super(env, service, type);

+	}

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java
new file mode 100644
index 0000000..230e1b3
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java
@@ -0,0 +1,33 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.mapper;

+

+public interface Mapper<IN,OUT,ERROR>

+{

+	public enum API{IN_REQ,OUT,ERROR,VOID};

+	public Class<?> getClass(API api);

+	public<A> A newInstance(API api);

+

+	public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);

+

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java
new file mode 100644
index 0000000..ba87631
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java
@@ -0,0 +1,69 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.mapper;

+

+import org.onap.aaf.cadi.util.Vars;

+

+import gw.v1_0.Error;

+import gw.v1_0.InRequest;

+import gw.v1_0.Out;

+

+public class Mapper_1_0 implements Mapper<InRequest,Out,Error> {

+	

+	@Override

+	public Class<?> getClass(API api) {

+		switch(api) {

+			case IN_REQ: return InRequest.class;

+			case OUT: return Out.class;

+			case ERROR: return Error.class;

+			case VOID: return Void.class;

+		}

+		return null;

+	}

+

+	@SuppressWarnings("unchecked")

+	@Override

+	public <A> A newInstance(API api) {

+		switch(api) {

+			case IN_REQ: return (A) new InRequest();

+			case OUT: return (A) new Out();

+			case ERROR: return (A)new Error();

+			case VOID: return null;

+		}

+		return null;

+	}

+

+	//////////////  Mapping Functions /////////////

+	@Override

+	public gw.v1_0.Error errorFromMessage(StringBuilder holder, String msgID, String text,String... var) {

+		Error err = new Error();

+		err.setMessageId(msgID);

+		// AT&T Restful Error Format requires numbers "%" placements

+		err.setText(Vars.convert(holder, text, var));

+		for(String s : var) {

+			err.getVariables().add(s);

+		}

+		return err;

+	}

+

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java
new file mode 100644
index 0000000..c4f240e
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java
@@ -0,0 +1,29 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.service;

+

+import org.onap.aaf.authz.gw.mapper.Mapper;

+

+public interface GwService<IN,OUT,ERROR> {

+	public Mapper<IN,OUT,ERROR> mapper();

+}

diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java
new file mode 100644
index 0000000..9003925
--- /dev/null
+++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java
@@ -0,0 +1,40 @@
+/*******************************************************************************

+ * ============LICENSE_START====================================================

+ * * org.onap.aaf

+ * * ===========================================================================

+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.

+ * * ===========================================================================

+ * * Licensed under the Apache License, Version 2.0 (the "License");

+ * * you may not use this file except in compliance with the License.

+ * * You may obtain a copy of the License at

+ * * 

+ *  *      http://www.apache.org/licenses/LICENSE-2.0

+ * * 

+ *  * Unless required by applicable law or agreed to in writing, software

+ * * distributed under the License is distributed on an "AS IS" BASIS,

+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * * See the License for the specific language governing permissions and

+ * * limitations under the License.

+ * * ============LICENSE_END====================================================

+ * *

+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ * *

+ ******************************************************************************/

+package org.onap.aaf.authz.gw.service;

+

+import org.onap.aaf.authz.env.AuthzTrans;

+import org.onap.aaf.authz.gw.mapper.Mapper;

+

+public class GwServiceImpl<IN,OUT,ERROR> 

+	  implements GwService<IN,OUT,ERROR> {

+	

+		private Mapper<IN,OUT,ERROR> mapper;

+	

+		public GwServiceImpl(AuthzTrans trans, Mapper<IN,OUT,ERROR> mapper) {

+			this.mapper = mapper;

+		}

+		

+		public Mapper<IN,OUT,ERROR> mapper() {return mapper;}

+

+//////////////// APIs ///////////////////

+};

diff --git a/authz-gw/src/main/xsd/gw_1_0.xsd b/authz-gw/src/main/xsd/gw_1_0.xsd
new file mode 100644
index 0000000..d5716dd
--- /dev/null
+++ b/authz-gw/src/main/xsd/gw_1_0.xsd
@@ -0,0 +1,103 @@
+<!-- Used by gw (ATT 2015) -->
+<xs:schema 
+	xmlns:xs="http://www.w3.org/2001/XMLSchema" 
+	xmlns:gw="urn:gw:v1_0" 
+	targetNamespace="urn:gw:v1_0" 
+	elementFormDefault="qualified">
+	
+
+<!-- 
+	Requests
+ -->
+	<xs:complexType name="Request">
+		<xs:sequence>
+		</xs:sequence>
+	</xs:complexType>
+
+<!-- 
+	In 
+-->	
+	<xs:element name="inRequest">
+		<xs:complexType>
+			<xs:complexContent>
+				<xs:extension base="gw:Request">
+					<xs:sequence>
+						<xs:element name="name" type="xs:string"/>
+						<xs:element name="action" type="xs:string"/>
+					</xs:sequence>
+				</xs:extension>
+			</xs:complexContent>
+		</xs:complexType>
+	</xs:element>
+
+
+<!-- 
+	Out 
+-->	
+	<xs:element name="out">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="name" type="xs:string"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+
+<!--  **************** STANDARD ELEMENTS ******************* -->
+<!--
+	Errors
+	Note: This Error Structure has been made to conform to the AT&T TSS Policies
+ -->
+	<xs:element name="error">
+		<xs:complexType>
+			<xs:sequence>
+				<!--
+				Unique message identifier of the format ‘ABCnnnn’ where ‘ABC’ is
+					either ‘SVC’ for Service Exceptions or ‘POL’ for Policy Exception.
+					Exception numbers may be in the	range of 0001 to 9999 where :
+					* 0001 to 0199 are reserved for	common exception messages
+					* 0200 to 0999 are reserved for Parlay Web Services specification use
+					* 1000-9999 are available for exceptions 
+				 -->
+				<xs:element name="messageId" type="xs:string" minOccurs="1" maxOccurs="1"/>
+				
+				<!-- 
+				Message text, with replacement
+					variables marked with %n, where n is
+					an index into the list of <variables>
+					elements, starting at 1
+				 -->
+				<xs:element name="text" type="xs:string" minOccurs="1" maxOccurs="1"/>
+				
+				<!-- 
+				List of zero or more strings that
+					represent the contents of the variables
+					used by the message text. -->
+				<xs:element name="variables" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	
+<!-- 
+	API 
+-->	
+	<xs:element name="api">
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="route" minOccurs="0" maxOccurs="unbounded">
+					<xs:complexType>
+						<xs:sequence>
+							<xs:element name="meth" type="xs:string" minOccurs="1" maxOccurs="1"/>
+							<xs:element name="path" type="xs:string" minOccurs="1" maxOccurs="1"/>
+							<xs:element name="param" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="desc" type="xs:string" minOccurs="1" maxOccurs="1"/>
+							<xs:element name="comments" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="contentType" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+							<xs:element name="expected" type="xs:int" minOccurs="1" maxOccurs="1"/>
+							<xs:element name="explicitErr" type="xs:int" minOccurs="0" maxOccurs="unbounded"/>
+						</xs:sequence>	
+					</xs:complexType>
+				</xs:element>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+</xs:schema>
\ No newline at end of file