[AAI-244] grep scan

Issue-ID:AAI-244
Change-Id: Ibc51a8c72c411cff9ffc5b58bd40439ff3d703be
Signed-off-by: arul.nambi <arul.nambi@amdocs.com>

2 files changed, 6 insertions, 274 deletions

diff --git a/src/main/java/org/openecomp/sparky/security/EcompSso.java b/src/main/java/org/openecomp/sparky/security/EcompSso.java
index 654af96..c771e6c 100644
--- a/src/main/java/org/openecomp/sparky/security/EcompSso.java
+++ b/src/main/java/org/openecomp/sparky/security/EcompSso.java
@@ -80,7 +80,7 @@ public class EcompSso {
    * then searches for a CSP cookie; if not found, for a WebJunction header.
    *
    * @param request
-   * @return ATT UID if the ECOMP cookie is present and the sign-on process established an ATT UID;
+   * @return User ID if the ECOMP cookie is present and the sign-on process established an User ID;
    *         else null.
    */
   public static String validateEcompSso(HttpServletRequest request) {
@@ -98,23 +98,23 @@ public class EcompSso {
   }
 
   /**
-   * Searches the specified request for the CSP cookie, decodes it and gets the ATT UID.
+   * Searches the specified request for the CSP cookie, decodes it and gets the User ID.
    *
    * @param request
-   * @return ATTUID if the cookie is present in the request and can be decoded successfully (expired
+   * @return User ID if the cookie is present in the request and can be decoded successfully (expired
    *         cookies do not decode); else null.
    */
   private static String getLoginIdFromCookie(HttpServletRequest request) {
-    String attuid = null;
+    String userid = null;
     try {
       String[] cspFields = getCspData(request);
       if (cspFields != null && cspFields.length > 5)
-        attuid = cspFields[5];
+        userid = cspFields[5];
     } catch (Throwable t) {
       LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
           "getLoginIdFromCookie failed " + t.getLocalizedMessage());
     }
-    return attuid;
+    return userid;
   }
 
   /**
diff --git a/src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java b/src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java
deleted file mode 100644
index 1f06f9d..0000000
--- a/src/main/java/org/openecomp/sparky/security/filter/CspCookieFilter.java
+++ /dev/null
@@ -1,268 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * Copyright © 2017 Amdocs
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- */
-package org.openecomp.sparky.security.filter;
-
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.InetAddress;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.net.UnknownHostException;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Properties;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.openecomp.cl.api.Logger;
-import org.openecomp.cl.eelf.LoggerFactory;
-import org.openecomp.sparky.logging.AaiUiMsgs;
-import org.openecomp.sparky.util.NodeUtils;
-import org.openecomp.sparky.viewandinspect.config.TierSupportUiConstants;
-
-import org.openecomp.cl.mdc.MdcContext;
-
-// import esGateKeeper.esGateKeeper;
-
-/**
- * Redirects to the AT&T global login page if the user is not authenticated.<br>
- * Filter properties need to be configured in: csp-cookie-filter.properties
- */
-public class CspCookieFilter implements Filter {
-
-  /** Redirect URL for the login page. */
-  private String globalLoginUrl;
-
-  /** Application identifier. */
-  private String applicationId;
-
-  /** Gatekeeper environment setting (development or production). */
-  private String gateKeeperEnvironment;
-
-  private static final String FILTER_PARAMETER_CONFIG = "config";
-  private static final String PROPERTY_GLOBAL_LOGIN_URL = "global.login.url";
-  private static final String PROPERTY_APPLICATION_ID = "application.id";
-  private static final String PROPERTY_GATEKEEPER_ENVIRONMENT = "gatekeeper.environment";
-  // valid open redirect domains
-  private List<String> redirectDomains = new ArrayList<>();
-  private static final String PROPERTY_REDIRECT_DOMAINS = "redirect-domain";
-
-  /** Needed by esGateKeeper, does not accept any other value. */
-  private static final String GATEKEEPER_ACCOUNT_NAME = "CSP";
-
-  private static final Logger LOG = LoggerFactory.getInstance().getLogger(CspCookieFilter.class);
-
-
-  /* (non-Javadoc)
-   * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
-   */
-  @Override
-  public void init(FilterConfig filterConfig) throws ServletException {
-	String txnID = NodeUtils.getRandomTxnId();
-	MdcContext.initialize(txnID, "CspCookieFilter", "", "Init", "");
-	
-	try {
-      setConfigurationProperties(filterConfig);
-    } catch (IOException exc) {
-      LOG.error(AaiUiMsgs.ERROR_CSP_CONFIG_FILE);
-      throw new ServletException(exc);
-    }
-  }
-
-
-  /* (non-Javadoc)
-   * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
-   */
-  @Override
-  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
-      throws IOException, ServletException {
-    HttpServletRequest request = (HttpServletRequest) req;
-    HttpServletResponse response = (HttpServletResponse) res;
-
-    Cookie[] cookies = request.getCookies();
-    if ((cookies == null) || (cookies.length == 0)) {
-      doLogin(request, response);
-      return;
-    }
-
-    /*
-     * String attEsSec = getSecurityCookie(cookies);
-     * 
-     * if (attESSec == null || attESSec.length() == 0) { doLogin(request, response); return; }
-     * 
-     * String attESSecUnEncrypted = esGateKeeper.esGateKeeper(attESSec, GATEKEEPER_ACCOUNT_NAME,
-     * gateKeeperEnvironment); if (attESSecUnEncrypted == null) { doLogin(request, response); } else
-     * {
-     */
-    // LOG.info("User has valid cookie");
-    chain.doFilter(request, response);
-    // }
-  }
-
-
-  /* (non-Javadoc)
-   * @see javax.servlet.Filter#destroy()
-   */
-  @Override
-  public void destroy() {}
-
-  /**
-   * Sets all required properties needed by this filter.
-   *
-   * @param filterConfig the filter configuration defined in the application web.xml
-   * @throws IOException if the properties failed to load.
-   */
-  private void setConfigurationProperties(FilterConfig filterConfig) throws IOException {
-    InputStream inputStream = new FileInputStream(TierSupportUiConstants.STATIC_CONFIG_APP_LOCATION
-        + filterConfig.getInitParameter(FILTER_PARAMETER_CONFIG));
-    Properties cspProperties = new Properties();
-    cspProperties.load(inputStream);
-    globalLoginUrl = cspProperties.getProperty(PROPERTY_GLOBAL_LOGIN_URL);
-    applicationId = cspProperties.getProperty(PROPERTY_APPLICATION_ID);
-    gateKeeperEnvironment = cspProperties.getProperty(PROPERTY_GATEKEEPER_ENVIRONMENT);
-    redirectDomains = Arrays.asList(cspProperties.getProperty(PROPERTY_REDIRECT_DOMAINS).split(","));
-  }
-
-  /**
-   * Returns the attESSec cookie if found in the client.
-   *
-   * @param cookies the cookies available in the client
-   * @return the attESSec authentication cookie generated by the login page.
-   */
-  private String getSecurityCookie(Cookie[] cookies) {
-    String attEsSec = null;
-    for (int i = 0; i < cookies.length; i++) {
-      Cookie thisCookie = cookies[i];
-      String cookieName = thisCookie.getName();
-
-      if ("attESSec".equals(cookieName)) {
-        attEsSec = thisCookie.getValue();
-        break;
-      }
-    }
-    return attEsSec;
-  }
-
-  /**
-   * Redirects to the AT&T global login page. If this is an AJAX request it returns an unauthorized
-   * HTTP error in the response.
-   *
-   * @param request the filter request object
-   * @param response the filter response object
-   * @throws IOException if there is an error setting the error response
-   */
-  private void doLogin(HttpServletRequest request, HttpServletResponse response)
-      throws IOException {
-    if (isAjaxRequest(request)) {
-      response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
-          "User is not authorized. Please login to application");
-    } else {
-      // Fix for Safari 7.0.2 onwards to avoid login page cache
-      response.addHeader("Cache-Control", "no-cache, no-store");
-      String redirectURL = createRedirectUrl(request);
-      if (this.isValidRedirectURL(redirectURL)){
-          response.sendRedirect(redirectURL);
-          LOG.debug(AaiUiMsgs.VALID_REDIRECT_URL, redirectURL);
-      } else{ 
-          response.sendError(400, "Bad redirect URL: " + redirectURL);
-          LOG.error(AaiUiMsgs.INVALID_REDIRECT_URL, redirectURL);
-      }
-    }
-  }
-  
-  /**
-   * Checks if a redirect url is valid
-   * @param url URL to validate
-   * @return true if URL is a valid redirect URL, false otherwise
-   */
-  private boolean isValidRedirectURL (String url){
-      String redirectTo = url.substring(url.indexOf("?retURL=")+ "?retURL=".length());
-      try {
-          redirectTo = URLDecoder.decode(redirectTo, StandardCharsets.UTF_8.toString());
-      } catch (UnsupportedEncodingException e) {
-          LOG.error(AaiUiMsgs.UNSUPPORTED_URL_ENCODING, e.getLocalizedMessage());
-          return false;
-      }
-      for (String domain: this.redirectDomains){
-          if (redirectTo.endsWith(domain))
-              return true;
-      }
-      return false;
-  }
-  
-
-  /**
-   * Returns <code>true</code> if the request is an AJAX request.
-   *
-   * @param request the filter request object
-   * @return <code>true</code> if the request is an AJAX request.
-   */
-  private boolean isAjaxRequest(HttpServletRequest request) {
-    String headerValue = request.getHeader("X-Requested-With");
-    if ("XMLHttpRequest".equals(headerValue)) {
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Returns the redirection URL to the AT&T Global login page.
-   *
-   * @param request the request
-   * @return the string
-   * @throws UnsupportedEncodingException the unsupported encoding exception
-   */
-  private String createRedirectUrl(HttpServletRequest request) throws UnsupportedEncodingException {
-    String returnUrl = getReturnUrl(request);
-
-    return globalLoginUrl + "?retURL=" + returnUrl + "&sysName=" + applicationId;
-  }
-
-  /**
-   * Gets the URL encoded return URL.
-   *
-   * @param request the HTTP request
-   * @return an encoded URL to return to following login
-   * @throws UnsupportedEncodingException the unsupported encoding exception
-   */
-  private String getReturnUrl(HttpServletRequest request) throws UnsupportedEncodingException {
-    StringBuffer retUrl = request.getRequestURL();
-    String urlParams = request.getQueryString();
-    if (urlParams != null) {
-      retUrl.append("?" + urlParams);
-    }
-    return URLEncoder.encode(retUrl.toString(), StandardCharsets.UTF_8.toString());
-  }
-}