From c77d4200369b9514d9731cbdcaa987943a36346d Mon Sep 17 00:00:00 2001 From: renealr Date: Thu, 29 Nov 2018 14:03:36 -0500 Subject: update to use latest portal sdk update epsdk-fw to latest version to make use of aaf Issue-ID: AAI-1978 Change-Id: I9cd9a4ec57db5183c95b0606cac0e1fdfd1a6ac5 Signed-off-by: renealr --- .../aai/sparky/security/BaseCookieDecryptor.java | 4 +- .../org/onap/aai/sparky/security/EcompSso.java | 90 ++++---- .../aai/sparky/security/filter/LoginFilter.java | 8 +- .../portal/PortalRestAPICentralServiceImpl.java | 256 +++++++++++++++++++++ .../security/portal/PortalRestAPIServiceImpl.java | 20 +- .../aai/sparky/security/portal/UserManager.java | 4 +- .../portal/config/PortalAuthenticationConfig.java | 11 +- .../sparky/security/portal/config/RolesConfig.java | 2 +- 8 files changed, 332 insertions(+), 63 deletions(-) create mode 100644 sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPICentralServiceImpl.java (limited to 'sparkybe-onap-service/src/main/java/org') diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java index 742c4f0..720ecfd 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/BaseCookieDecryptor.java @@ -23,7 +23,7 @@ package org.onap.aai.sparky.security; import org.onap.aai.cl.api.Logger; import org.onap.aai.cl.eelf.LoggerFactory; import org.onap.aai.sparky.logging.AaiUiMsgs; -import org.openecomp.portalsdk.core.onboarding.util.CipherUtil; +import org.onap.portalsdk.core.onboarding.util.CipherUtil; public class BaseCookieDecryptor implements CookieDecryptor { @@ -36,7 +36,7 @@ public class BaseCookieDecryptor implements CookieDecryptor { String decryptedCookie = ""; try { - decryptedCookie = CipherUtil.decrypt(encryptedCookie, ""); + decryptedCookie = CipherUtil.decrypt(encryptedCookie); } catch (Exception e) { LOG.error(AaiUiMsgs.LOGIN_FILTER_INFO, "decrypting base cookie failed " + e.getLocalizedMessage()); } diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/EcompSso.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/EcompSso.java index fd64f97..51ac4d5 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/EcompSso.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/EcompSso.java @@ -27,8 +27,9 @@ import org.onap.aai.cl.api.Logger; import org.onap.aai.cl.eelf.LoggerFactory; import org.onap.aai.sparky.logging.AaiUiMsgs; import org.onap.aai.sparky.security.portal.config.PortalAuthenticationConfig; -import org.openecomp.portalsdk.core.onboarding.util.CipherUtil; -import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties; +import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; +import org.onap.portalsdk.core.onboarding.util.CipherUtil; +import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; /** * Provides authentication services for onboarded ECOMP applications. @@ -60,17 +61,6 @@ public class EcompSso { return null; } - /** - * Answers whether the ECOMP Portal service cookie is present in the specified request. - * - * @param request - * @return true if the cookie is found, else false. - */ - private static boolean isEPServiceCookiePresent(HttpServletRequest request) { - Cookie ep = getCookie(request, EP_SERVICE); - return (ep != null); - } - /** * Validates whether the ECOMP Portal sign-on process has completed, which relies the AT&T Global * Log On single-sign on process. Checks for the ECOMP cookie (see {@link #EP_SERVICE}). If found, @@ -81,37 +71,38 @@ public class EcompSso { * else null. */ public static String validateEcompSso(HttpServletRequest request) { + String uid = null; boolean isOnapEnabled = PortalAuthenticationConfig.getInstance().getIsOnapEnabled(); if (isOnapEnabled) { - if (isEPServiceCookiePresent(request)) { - /* - * This is a "temporary" fix until proper separation between closed source and open source - * code is reached - */ - return ONAP_ENABLED; + final String cookieName = PortalAuthenticationConfig.getInstance().getUserIdCookieName(); + + if (cookieName == null) { + LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to load cookie"); + return null; } - return null; - } else { - return getLoginIdFromCookie(request); - } - } + Cookie csp = getCookie(request, cookieName); + if (csp == null) { + LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to get cookie " + cookieName); + return null; + } + final String cspCookieEncrypted = csp.getValue(); - /** - * Searches the specified request for the CSP cookie, decodes it and gets the ATT UID. - * - * @param request - * @return ATTUID if the cookie is present in the request and can be decoded successfully (expired - * cookies do not decode); else null. - */ - private static String getLoginIdFromCookie(HttpServletRequest request) { - String uid = null; - try { - String[] cspFields = getCspData(request); - if (cspFields != null && cspFields.length > 5) - uid = cspFields[5]; - } catch (Exception t) { - LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO, - "getLoginIdFromCookie failed " + t.getLocalizedMessage()); + try { + uid = PortalAuthenticationConfig.getInstance().getCookieDecryptor() + .decryptCookie(cspCookieEncrypted); + } catch (ClassNotFoundException e) { + LOG.error(AaiUiMsgs.DECRYPTION_ERROR, "Unable to find the Cookie Decryptor Class"); + } + + } else { + try { + String[] cspFields = getCspData(request); + if (cspFields != null && cspFields.length > 5) + uid = cspFields[5]; + } catch (Exception t) { + LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO, + "getLoginIdFromCookie failed " + t.getLocalizedMessage()); + } } return uid; } @@ -138,14 +129,15 @@ public class EcompSso { final String cspCookieEncrypted = csp.getValue(); String cspCookieDecrypted = null; - try { - cspCookieDecrypted = PortalAuthenticationConfig.getInstance().getCookieDecryptor().decryptCookie(cspCookieEncrypted); - return cspCookieDecrypted.split("\\|"); - - } catch (ClassNotFoundException e) { - LOG.error(AaiUiMsgs.DECRYPTION_ERROR,"Unable to find the Cookie Decryptor Class"); - } - + try { + cspCookieDecrypted = PortalAuthenticationConfig.getInstance().getCookieDecryptor() + .decryptCookie(cspCookieEncrypted); + return cspCookieDecrypted.split("\\|"); + + } catch (ClassNotFoundException e) { + LOG.error(AaiUiMsgs.DECRYPTION_ERROR, "Unable to find the Cookie Decryptor Class"); + } + return null; } -} \ No newline at end of file +} diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java index bcb7ba2..5599384 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java @@ -39,10 +39,10 @@ import org.onap.aai.cl.eelf.LoggerFactory; import org.onap.aai.sparky.logging.AaiUiMsgs; import org.onap.aai.sparky.security.EcompSso; import org.onap.aai.sparky.security.portal.config.PortalAuthenticationConfig; -import org.openecomp.portalsdk.core.onboarding.listener.PortalTimeoutHandler; -import org.openecomp.portalsdk.core.onboarding.util.PortalApiConstants; -import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties; -import org.openecomp.portalsdk.core.onboarding.util.SSOUtil; +import org.onap.portalsdk.core.onboarding.listener.PortalTimeoutHandler; +import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; +import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; +import org.onap.portalsdk.core.onboarding.util.SSOUtil; /** * This filter checks every request for proper ECOMP Portal single sign on initialization. The diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPICentralServiceImpl.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPICentralServiceImpl.java new file mode 100644 index 0000000..032d3ac --- /dev/null +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPICentralServiceImpl.java @@ -0,0 +1,256 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright © 2017-2018 Amdocs + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.sparky.security.portal; + +import java.io.IOException; +import java.text.MessageFormat; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.aai.sparky.security.EcompSso; +import org.onap.aai.sparky.security.portal.config.PortalAuthenticationConfig; +import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestAPIService; +import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestCentralService; +import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; +import org.onap.portalsdk.core.onboarding.rest.RestWebServiceClient; +import org.onap.portalsdk.core.restful.domain.EcompRole; +import org.onap.portalsdk.core.restful.domain.EcompUser; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.TypeFactory; + +public class PortalRestAPICentralServiceImpl + implements IPortalRestCentralService, IPortalRestAPIService { + + private static final Logger LOG = LoggerFactory.getLogger(PortalRestAPICentralServiceImpl.class); + public static final String API_REDIRECT_VERSION = "/v4"; + private static final String ERROR_MESSAGE = "Failed to {0} user [loginId:{1}]"; + private List usersList; + private final ObjectMapper mapper; + + + /** + * Initialize user list array. + */ + public PortalRestAPICentralServiceImpl() { + usersList = new ArrayList<>(); + mapper = new ObjectMapper(); + } + + + @Override + public Map getAppCredentials() throws PortalAPIException { + PortalAuthenticationConfig config = PortalAuthenticationConfig.getInstance(); + Map appCredentialsMap = new HashMap<>(); + String appUserName = config.getUsername(); + String appPassword = config.getPassword(); + + appCredentialsMap.put("username", appUserName); + appCredentialsMap.put("password", appPassword); + return appCredentialsMap; + } + + @Override + public void pushUser(EcompUser user) throws PortalAPIException { + // Do we really need to save the users? Can this method be just empty and not throw an + // exception? + LOG.debug("Push user [loginId:" + user.getLoginId() + "]"); + if (usersList.size() == 0) { + usersList.add(user); + } else { + for (EcompUser existingUser : this.usersList) { + if (existingUser.getLoginId().equals(user.getLoginId())) { + String message = + getMessage(ERROR_MESSAGE, "push", user.getLoginId()) + ", user is already stored"; + LOG.error(message); + throw new PortalAPIException(message); + } + usersList.add(user); + + } + } + } + + @Override + public void editUser(String loginId, EcompUser user) throws PortalAPIException { + // Do we really need to save the users? Can this method be just empty and not throw an + // exception? + LOG.debug("Edit user [loginId:" + loginId + "]"); + boolean isRemoved = false; + if (usersList.size() == 0) { + usersList.add(user); + } else { + for (EcompUser existingUser : this.usersList) { + if (existingUser.getLoginId().equals(loginId)) { + isRemoved = usersList.remove(existingUser); + } + if (isRemoved) { + usersList.add(user); + } + + } + } + } + + @Override + public String getUserId(HttpServletRequest request) throws PortalAPIException { + return EcompSso.validateEcompSso(request); + } + + private String getMessage(String message, Object... args) { + MessageFormat formatter = new MessageFormat(""); + formatter.applyPattern(message); + return formatter.format(args); + } + + public List getUsersList() { + return usersList; + } + + + public void setUsersList(List usersList) { + this.usersList = usersList; + } + + + @Override + public EcompUser getUser(String loginId) throws PortalAPIException { + EcompUser user = new EcompUser(); + String responseString = null; + try { + responseString = RestWebServiceClient.getInstance().getPortalContent( + API_REDIRECT_VERSION + "/user/" + loginId, null, null, null, + getCredentials().get("username"), getCredentials().get("password"), true); + LOG.debug("responseString is: " + responseString); + user = mapper.readValue(responseString, EcompUser.class); + + } catch (IOException e) { + String response = "PortalRestAPICentralServiceImpl.getUser failed"; + LOG.error(response, e); + throw new PortalAPIException(response, e); + } + return user; + } + + + @Override + public List getUsers() throws PortalAPIException { + List usersList = new ArrayList<>(); + String responseString = null; + try { + responseString = + RestWebServiceClient.getInstance().getPortalContent(API_REDIRECT_VERSION + "/users", null, + null, null, getCredentials().get("username"), getCredentials().get("password"), true); + LOG.debug("responseString is: " + responseString); + usersList = mapper.readValue(responseString, + TypeFactory.defaultInstance().constructCollectionType(List.class, EcompUser.class)); + + } catch (IOException e) { + String response = "PortalRestAPICentralServiceImpl.getUsers failed"; + LOG.error(response, e); + throw new PortalAPIException(response, e); + } + return usersList; + } + + + @Override + public List getAvailableRoles(String requestedLoginId) throws PortalAPIException { + List rolesList = new ArrayList<>(); + String responseString = null; + try { + responseString = RestWebServiceClient.getInstance().getPortalContent( + API_REDIRECT_VERSION + "/roles", requestedLoginId, null, null, + getCredentials().get("username"), getCredentials().get("password"), true); + LOG.debug("responseString is: " + responseString); + rolesList = mapper.readValue(responseString, + TypeFactory.defaultInstance().constructCollectionType(List.class, EcompRole.class)); + + } catch (IOException e) { + String response = "PortalRestAPICentralServiceImpl.getRoles failed"; + LOG.error(response, e); + throw new PortalAPIException(response, e); + } + return rolesList; + } + + + @Override + public void pushUserRole(String loginId, List roles) throws PortalAPIException { + throw new PortalAPIException("Please use Portal for Role Management"); + } + + + @Override + public List getUserRoles(String loginId) throws PortalAPIException { + List userRoles = new ArrayList<>(); + EcompUser user = new EcompUser(); + String responseString = null; + try { + responseString = RestWebServiceClient.getInstance().getPortalContent( + API_REDIRECT_VERSION + "/user/" + loginId, null, null, null, + getCredentials().get("username"), getCredentials().get("password"), true); + LOG.debug("responseString is: " + responseString); + user = mapper.readValue(responseString, EcompUser.class); + Set roles = user.getRoles(); + userRoles = (List) roles.stream().collect(Collectors.toList()); + + } catch (IOException e) { + String response = "PortalRestAPICentralServiceImpl.getUserRoles failed"; + LOG.error(response, e); + throw new PortalAPIException(response, e); + } + return userRoles; + } + + + @Override + public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException { + LOG.debug("Authentication request"); + PortalAuthenticationConfig config = PortalAuthenticationConfig.getInstance(); + String restUsername = request.getHeader(PortalAuthenticationConfig.PROP_USERNAME); + String restPassword = request.getHeader(PortalAuthenticationConfig.PROP_PASSWORD); + return restUsername != null && restPassword != null && restUsername.equals(config.getUsername()) + && restPassword.equals(config.getPassword()); + } + + + @Override + public Map getCredentials() throws PortalAPIException { + PortalAuthenticationConfig config = PortalAuthenticationConfig.getInstance(); + Map credentialsMap = new HashMap<>(); + String appUserName = config.getUsername(); + String appPassword = config.getPassword(); + + credentialsMap.put("username", appUserName); + credentialsMap.put("password", appPassword); + return credentialsMap; + } + +} diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPIServiceImpl.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPIServiceImpl.java index 67fee73..0835b7b 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPIServiceImpl.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/PortalRestAPIServiceImpl.java @@ -23,18 +23,20 @@ package org.onap.aai.sparky.security.portal; import java.io.File; import java.io.IOException; import java.text.MessageFormat; +import java.util.HashMap; import java.util.LinkedHashSet; import java.util.List; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.onap.aai.sparky.security.EcompSso; import org.onap.aai.sparky.security.portal.config.PortalAuthenticationConfig; import org.onap.aai.sparky.viewandinspect.config.SparkyConstants; -import org.openecomp.portalsdk.core.onboarding.crossapi.IPortalRestAPIService; -import org.openecomp.portalsdk.core.onboarding.exception.PortalAPIException; -import org.openecomp.portalsdk.core.restful.domain.EcompRole; -import org.openecomp.portalsdk.core.restful.domain.EcompUser; +import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestAPIService; +import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; +import org.onap.portalsdk.core.restful.domain.EcompRole; +import org.onap.portalsdk.core.restful.domain.EcompUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -205,5 +207,15 @@ public class PortalRestAPIServiceImpl implements IPortalRestAPIService { LOG.debug("Get available roles"); return UserManager.getRoles(); } + + public Map getCredentials() { + PortalAuthenticationConfig config = PortalAuthenticationConfig.getInstance(); + Map credentialsMap = new HashMap<>(); + String appUserName = config.getUsername(); + String appPassword = config.getPassword(); + credentialsMap.put("username", appUserName); + credentialsMap.put("password", appPassword); + return credentialsMap; + } } \ No newline at end of file diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/UserManager.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/UserManager.java index b19ef98..0a217ff 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/UserManager.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/UserManager.java @@ -33,8 +33,8 @@ import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.stream.Collectors; import org.onap.aai.sparky.security.portal.config.RolesConfig; -import org.openecomp.portalsdk.core.restful.domain.EcompRole; -import org.openecomp.portalsdk.core.restful.domain.EcompUser; +import org.onap.portalsdk.core.restful.domain.EcompRole; +import org.onap.portalsdk.core.restful.domain.EcompUser; import com.google.gson.Gson; import com.google.gson.GsonBuilder; diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java index cf78614..a55fa4c 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/PortalAuthenticationConfig.java @@ -40,12 +40,14 @@ public class PortalAuthenticationConfig { private String username; private String password; private boolean isOnapEnabled; + private String userIdCookieName; private CookieDecryptor cookieDecryptor; private String cookieDecryptorClassName; public static final String PROP_USERNAME = "username"; public static final String PROP_PASSWORD = "password"; // NOSONAR public static final String PROP_IS_ONAP_ENABLED = "onap_enabled"; // NOSONAR + public static final String PROP_USERID_COOKIE_NAME = "onap.user_id_cookie_name"; // NOSONAR private static final String AUTHENTICATION_CONFIG_FILE = SparkyConstants.PORTAL_AUTHENTICATION_FILE_LOCATION; public static final String PROP_COOKIEDECRYPTORCLASSNAME = "cookie_decryptor_classname"; private static final Logger LOG = LoggerFactory.getInstance().getLogger(PortalAuthenticationConfig.class); @@ -87,7 +89,13 @@ public class PortalAuthenticationConfig { public String getcookieDecryptorClassName() { return cookieDecryptorClassName; } - + public String getUserIdCookieName() { + return userIdCookieName; + } + + public void setUserIdCookieName(String userIdCookieName) { + this.userIdCookieName = userIdCookieName; + } /** * Reload the Portal authentication properties from the classpath. */ @@ -103,6 +111,7 @@ public class PortalAuthenticationConfig { username = props.getProperty(PROP_USERNAME); password = props.getProperty(PROP_PASSWORD); isOnapEnabled = Boolean.parseBoolean(props.getProperty(PROP_IS_ONAP_ENABLED, "true")); + userIdCookieName = props.getProperty(PROP_USERID_COOKIE_NAME); cookieDecryptorClassName= props.getProperty(PROP_COOKIEDECRYPTORCLASSNAME); } diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/RolesConfig.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/RolesConfig.java index a107122..8bcc911 100644 --- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/RolesConfig.java +++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/portal/config/RolesConfig.java @@ -29,7 +29,7 @@ import java.util.Collections; import java.util.List; import org.onap.aai.sparky.viewandinspect.config.SparkyConstants; -import org.openecomp.portalsdk.core.restful.domain.EcompRole; +import org.onap.portalsdk.core.restful.domain.EcompRole; import com.google.gson.Gson; import com.google.gson.JsonSyntaxException; -- cgit 1.2.3-korg