CCSDK DCAE dashboard feature changes

Issue-ID: DCAEGEN2-1857
Issue-ID: DCAEGEN2-2074
Issue-ID: DCAEGEN2-2364

Change-Id: I97f5ec4599512ed848136971b11d4c2a137a4999
Signed-off-by: Kotagiri, Ramprasad (rp5662) <rp5662@att.com>

6 files changed, 311 insertions, 6 deletions

diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
index 807ae78..665e0da 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
@@ -21,18 +21,16 @@ package org.onap.portalapp.conf;
 
 import java.util.ArrayList;
 import java.util.List;
-
-import org.onap.portalapp.lm.FusionLicenseManagerImpl;
 import org.onap.portalapp.login.LoginStrategyImpl;
 import org.onap.portalapp.controller.core.SingleSignOnController;
 import org.onap.portalapp.controller.sample.ElasticSearchController;
 import org.onap.portalapp.controller.sample.PostDroolsController;
+import org.onap.portalapp.interceptor.AuthenticationInterceptor;
+import org.onap.portalapp.interceptor.AuthorizationInterceptor;
 import org.onap.portalapp.scheduler.LogRegistry;
 import org.onap.portalsdk.core.auth.LoginStrategy;
 import org.onap.portalsdk.core.conf.AppConfig;
 import org.onap.portalsdk.core.conf.Configurable;
-// import org.onap.portalsdk.core.lm.FusionLicenseManager;
-// import org.onap.portalsdk.core.lm.FusionLicenseManagerUtils;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.objectcache.AbstractCacheManager;
 import org.onap.portalsdk.core.scheduler.CoreRegister;
@@ -54,6 +52,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 
+
 /**
  * ECOMP Portal SDK sample application. ECOMP Portal SDK core AppConfig class to
  * reuse interceptors, view resolvers and other features defined there.
@@ -75,6 +74,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
 
     private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAppConfig.class);
 
+    private static final String HEALTH = "/health*";
+    
     @Configuration
     @Import(SystemProperties.class)
     static class InnerConfiguration {
@@ -133,6 +134,16 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
         return definitions;
     }
 
+    @Bean
+    public AuthenticationInterceptor authenticationInterceptor() {
+         return new AuthenticationInterceptor();
+     }
+    
+    @Bean
+    public AuthorizationInterceptor authorizationInterceptor() {
+         return new AuthorizationInterceptor();
+     }
+    
     /**
      * Adds request interceptors to the specified registry by calling
      * {@link AppConfig#addInterceptors(InterceptorRegistry)}, but excludes
@@ -140,6 +151,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
      */
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authenticationInterceptor()).addPathPatterns("/nb-api/**");
+        registry.addInterceptor(authorizationInterceptor()).addPathPatterns("/nb-api/**");
         super.setExcludeUrlPathsForSessionTimeout("/login_external", "*/login_external.htm",
             "login", "/login.htm", "/api*", "/single_signon.htm", "/single_signon", "/health*",
             "/nb-api/**");
@@ -171,4 +184,5 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
     public LoginStrategy loginStrategy() {
         return new LoginStrategyImpl();
     }
+
 }
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
index 9c6b95e..2624e2f 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
@@ -19,11 +19,31 @@
  */
 package org.onap.portalapp.conf;
 
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+
 import org.onap.ccsdk.dashboard.util.DashboardProperties;
 import org.onap.portalsdk.core.conf.AppInitializer;
+import org.onap.portalsdk.core.logging.format.AlarmSeverityEnum;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.web.context.WebApplicationContext;
 
 public class ExternalAppInitializer extends AppInitializer {
 
+    /*
+    @Override
+    protected WebApplicationContext createServletApplicationContext() {
+        WebApplicationContext context = super.createServletApplicationContext();
+        try {
+            ((ConfigurableEnvironment) context.getEnvironment()).setActiveProfiles("onap");
+        } catch (Exception e) {
+            System.out.println("Unable to set the active profile" + e.getMessage());
+            //throw e;
+        }
+        return context;
+    }
+*/
     @Override
     protected Class<?>[] getRootConfigClasses() {
         return super.getRootConfigClasses();
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
index 673fc8d..844ae36 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
@@ -43,8 +43,8 @@ public class HibernateMappingLocations implements HibernateMappingLocatable {
             // a leading slash gets stripped so don't bother.
             // new ClassPathResource("../fusion/orm/Fusion.hbm.xml"),
             // This is a COPY to work around a bug in the 1.1.0 release.
-            new ClassPathResource("../fusion/orm/Fusion.hbm.xml"),
-            new ClassPathResource("../oom-app.hbm.xml")};
+            new ClassPathResource("../fusion/orm/Fusion.hbm.xml")};
+            //new ClassPathResource("../oom-app.hbm.xml")};
     }
 
     /*
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java
new file mode 100644
index 0000000..206f364
--- /dev/null
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java
@@ -0,0 +1,102 @@
+/*******************************************************************************
+ * =============LICENSE_START=========================================================
+ *
+ * =================================================================================
+ * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ *******************************************************************************/
+package org.onap.portalapp.interceptor;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+//import javax.xml.bind.DatatypeConverter;
+import java.util.Base64;
+
+import org.apache.http.HttpStatus;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.service.UserProfileService;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+public class AuthenticationInterceptor implements HandlerInterceptor {
+
+	@Autowired
+	private UserProfileService userSvc;
+	
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+		String authString = request.getHeader("Authorization");
+		try {
+		if(authString == null || authString.isEmpty())
+		{
+			response.setStatus(HttpStatus.SC_UNAUTHORIZED);
+			response.sendError(HttpStatus.SC_UNAUTHORIZED, "Authentication information is missing");
+			return false; //Do not continue with request
+		} else {
+			String decodedAuth = "";
+			String[] authParts = authString.split("\\s+");
+			String authInfo = authParts[1];
+			byte[] bytes = null;
+			bytes = Base64.getDecoder().decode(authInfo);
+					//DatatypeConverter.parseBase64Binary(authInfo);
+			decodedAuth = new String(bytes,StandardCharsets.UTF_8);
+			String[] authen = decodedAuth.split(":");
+
+			if  (authen.length > 1) {
+			    User user = userSvc.getUserByLoginId(authen[0]);
+			    if (user == null) {
+	                 response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation");
+	                    return false;
+			    }
+/*				ResponseEntity<String> getResponse = 
+				    userSrvc.checkUserExists(authen[0], authen[1]);
+				if (getResponse.getStatusCode().value() != 200) {	
+					response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation");
+					return false;
+				}*/
+			} else {
+				return false;
+			}
+		}
+		} catch (Exception e) {
+			try {
+				response.sendError(HttpStatus.SC_UNAUTHORIZED, e.getMessage());
+			} catch (IOException e1) {
+				return false;
+			}
+			return false;
+		}
+		return true; //Continue with request
+	}
+	
+	@Override
+	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+			ModelAndView modelAndView) throws Exception {
+		//Ignore
+	}
+	
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+			throws Exception {
+		//Ignore
+	}
+}
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java
new file mode 100644
index 0000000..2f3362b
--- /dev/null
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java
@@ -0,0 +1,62 @@
+/*******************************************************************************
+ * =============LICENSE_START=========================================================
+ *
+ * =================================================================================
+ * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ *******************************************************************************/
+package org.onap.portalapp.interceptor;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.TreeSet;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class AuthorizationInterceptor implements HandlerInterceptor {
+    
+    protected final ObjectMapper objectMapper = new ObjectMapper();
+    
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        Set<String> userRoleSet = new HashSet<String>();
+        Set<String> userApps = new TreeSet<>();
+        userRoleSet.add("Standard User");
+        userRoleSet.add("ECOMPC_DCAE_WRITE");
+        userApps.add("dcae");
+        request.setAttribute("userRoles", userRoleSet);
+        request.setAttribute("userApps", userApps);       
+		return true; //Continue with request
+	}
+	
+	@Override
+	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+			ModelAndView modelAndView) throws Exception {
+		//Ignore
+	}
+	
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+			throws Exception {
+		//Ignore
+	}
+}
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
index b628772..d7c9ab7 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
@@ -20,22 +20,129 @@
 
 package org.onap.portalapp.login;
 
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Predicate;
+
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.onap.portalsdk.core.auth.LoginStrategy;
+import org.onap.portalsdk.core.command.LoginBean;
+import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.domain.RoleFunction;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.domain.FusionObject.Parameters;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.menu.MenuProperties;
 import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
 import org.onap.portalsdk.core.onboarding.util.CipherUtil;
 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
 import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.onap.portalsdk.core.service.DataAccessService;
+import org.onap.portalsdk.core.service.LoginService;
+import org.onap.portalsdk.core.service.RoleService;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.AppUtils;
+import org.onap.portalsdk.core.web.support.UserUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.ModelAndView;
 
 public class LoginStrategyImpl extends LoginStrategy {
 
     EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginStrategyImpl.class);
 
+    @Autowired
+    private LoginService loginService;
+
+    @Autowired
+    private RoleService roleService;
+       
+    @Override
+    public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+
+        invalidateExistingSession(request);
+
+        LoginBean commandBean = new LoginBean();
+        String loginId = request.getParameter("loginId");
+        String password = request.getParameter("password");
+        commandBean.setLoginId(loginId);
+        commandBean.setLoginPwd(password);
+        //commandBean.setUserid(loginId);
+        commandBean = loginService.findUser(commandBean,
+                (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap());
+        List<RoleFunction> roleFunctionList = roleService.getRoleFunctions(loginId);
+
+        if (commandBean.getUser() == null) {
+            String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage()
+                    : "login.error.external.invalid - User name and/or password incorrect";
+            Map<String, String> model = new HashMap<>();
+            model.put("error", loginErrorMessage);
+            return new ModelAndView("login_external", "model", model);
+        } else {
+            // store the currently logged in user's information in the session
+            UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
+                    commandBean.getBusinessDirectMenu(),
+                    SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList);
+            // set the user's max role level in session
+            final String adminRole = "System Administrator";
+            final String standardRole = "Standard User";
+            final String readRole = "Read Access";
+            final String writeRole = "Write Access";
+            
+            String maxRole = "";
+            String authType = "READ";
+            String accessLevel = "app";
+            
+            Predicate<Role> adminRoleFilter = 
+                p -> p.getName() != null && p.getName().equalsIgnoreCase(adminRole);
+            
+            Predicate<Role> writeRoleFilter = 
+                p -> p.getName() != null && (p.getName().equalsIgnoreCase(writeRole) || p.getName().equalsIgnoreCase(standardRole));
+            
+            Predicate<Role> readRoleFilter = 
+                p -> p.getName() != null && (p.getName().equalsIgnoreCase(readRole) );               
+
+            if (UserUtils.getUserSession(request) != null) {
+                @SuppressWarnings("unchecked")
+                Collection<org.onap.portalsdk.core.domain.Role> userRoles = 
+                    UserUtils.getRoles(request).values();
+                if (userRoles.stream().anyMatch(adminRoleFilter) ) {
+                    maxRole = "admin";
+                } else if (userRoles.stream().anyMatch(writeRoleFilter) ) {
+                    maxRole = "write";
+                } else if (userRoles.stream().anyMatch(readRoleFilter) ) {
+                    maxRole = "read";
+                }
+                switch(maxRole) {
+                    case "admin":
+                        authType = "ADMIN";
+                        accessLevel = "ops";
+                        break;
+                    case "write":
+                        authType = "WRITE";
+                        accessLevel = "dev";                
+                        break;
+                    case "read":
+                        authType = "READ";
+                        accessLevel = "dev";                
+                        break;              
+                    default:
+                        accessLevel = "app";                
+                }
+            }
+            AppUtils.getSession(request).setAttribute("role_level", accessLevel);
+            AppUtils.getSession(request).setAttribute("auth_role", authType);
+            initateSessionMgtHandler(request);
+            // user has been authenticated, now take them to the welcome page
+            return new ModelAndView("redirect:welcome");
+        }
+    }
+    
     @Override
     public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response)
         throws Exception {