diff options
Diffstat (limited to 'ccsdk-app-os/src/main/java')
6 files changed, 311 insertions, 6 deletions
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java index 807ae78..665e0da 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java @@ -21,18 +21,16 @@ package org.onap.portalapp.conf; import java.util.ArrayList; import java.util.List; - -import org.onap.portalapp.lm.FusionLicenseManagerImpl; import org.onap.portalapp.login.LoginStrategyImpl; import org.onap.portalapp.controller.core.SingleSignOnController; import org.onap.portalapp.controller.sample.ElasticSearchController; import org.onap.portalapp.controller.sample.PostDroolsController; +import org.onap.portalapp.interceptor.AuthenticationInterceptor; +import org.onap.portalapp.interceptor.AuthorizationInterceptor; import org.onap.portalapp.scheduler.LogRegistry; import org.onap.portalsdk.core.auth.LoginStrategy; import org.onap.portalsdk.core.conf.AppConfig; import org.onap.portalsdk.core.conf.Configurable; -// import org.onap.portalsdk.core.lm.FusionLicenseManager; -// import org.onap.portalsdk.core.lm.FusionLicenseManagerUtils; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.objectcache.AbstractCacheManager; import org.onap.portalsdk.core.scheduler.CoreRegister; @@ -54,6 +52,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; + /** * ECOMP Portal SDK sample application. ECOMP Portal SDK core AppConfig class to * reuse interceptors, view resolvers and other features defined there. @@ -75,6 +74,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable { private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAppConfig.class); + private static final String HEALTH = "/health*"; + @Configuration @Import(SystemProperties.class) static class InnerConfiguration { @@ -133,6 +134,16 @@ public class ExternalAppConfig extends AppConfig implements Configurable { return definitions; } + @Bean + public AuthenticationInterceptor authenticationInterceptor() { + return new AuthenticationInterceptor(); + } + + @Bean + public AuthorizationInterceptor authorizationInterceptor() { + return new AuthorizationInterceptor(); + } + /** * Adds request interceptors to the specified registry by calling * {@link AppConfig#addInterceptors(InterceptorRegistry)}, but excludes @@ -140,6 +151,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable { */ @Override public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(authenticationInterceptor()).addPathPatterns("/nb-api/**"); + registry.addInterceptor(authorizationInterceptor()).addPathPatterns("/nb-api/**"); super.setExcludeUrlPathsForSessionTimeout("/login_external", "*/login_external.htm", "login", "/login.htm", "/api*", "/single_signon.htm", "/single_signon", "/health*", "/nb-api/**"); @@ -171,4 +184,5 @@ public class ExternalAppConfig extends AppConfig implements Configurable { public LoginStrategy loginStrategy() { return new LoginStrategyImpl(); } + } diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java index 9c6b95e..2624e2f 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java @@ -19,11 +19,31 @@ */ package org.onap.portalapp.conf; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; + import org.onap.ccsdk.dashboard.util.DashboardProperties; import org.onap.portalsdk.core.conf.AppInitializer; +import org.onap.portalsdk.core.logging.format.AlarmSeverityEnum; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.web.context.WebApplicationContext; public class ExternalAppInitializer extends AppInitializer { + /* + @Override + protected WebApplicationContext createServletApplicationContext() { + WebApplicationContext context = super.createServletApplicationContext(); + try { + ((ConfigurableEnvironment) context.getEnvironment()).setActiveProfiles("onap"); + } catch (Exception e) { + System.out.println("Unable to set the active profile" + e.getMessage()); + //throw e; + } + return context; + } +*/ @Override protected Class<?>[] getRootConfigClasses() { return super.getRootConfigClasses(); diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java index 673fc8d..844ae36 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java @@ -43,8 +43,8 @@ public class HibernateMappingLocations implements HibernateMappingLocatable { // a leading slash gets stripped so don't bother. // new ClassPathResource("../fusion/orm/Fusion.hbm.xml"), // This is a COPY to work around a bug in the 1.1.0 release. - new ClassPathResource("../fusion/orm/Fusion.hbm.xml"), - new ClassPathResource("../oom-app.hbm.xml")}; + new ClassPathResource("../fusion/orm/Fusion.hbm.xml")}; + //new ClassPathResource("../oom-app.hbm.xml")}; } /* diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java new file mode 100644 index 0000000..206f364 --- /dev/null +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java @@ -0,0 +1,102 @@ +/******************************************************************************* + * =============LICENSE_START========================================================= + * + * ================================================================================= + * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + *******************************************************************************/ +package org.onap.portalapp.interceptor; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +//import javax.xml.bind.DatatypeConverter; +import java.util.Base64; + +import org.apache.http.HttpStatus; +import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.service.UserProfileService; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +public class AuthenticationInterceptor implements HandlerInterceptor { + + @Autowired + private UserProfileService userSvc; + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { + String authString = request.getHeader("Authorization"); + try { + if(authString == null || authString.isEmpty()) + { + response.setStatus(HttpStatus.SC_UNAUTHORIZED); + response.sendError(HttpStatus.SC_UNAUTHORIZED, "Authentication information is missing"); + return false; //Do not continue with request + } else { + String decodedAuth = ""; + String[] authParts = authString.split("\\s+"); + String authInfo = authParts[1]; + byte[] bytes = null; + bytes = Base64.getDecoder().decode(authInfo); + //DatatypeConverter.parseBase64Binary(authInfo); + decodedAuth = new String(bytes,StandardCharsets.UTF_8); + String[] authen = decodedAuth.split(":"); + + if (authen.length > 1) { + User user = userSvc.getUserByLoginId(authen[0]); + if (user == null) { + response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation"); + return false; + } +/* ResponseEntity<String> getResponse = + userSrvc.checkUserExists(authen[0], authen[1]); + if (getResponse.getStatusCode().value() != 200) { + response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation"); + return false; + }*/ + } else { + return false; + } + } + } catch (Exception e) { + try { + response.sendError(HttpStatus.SC_UNAUTHORIZED, e.getMessage()); + } catch (IOException e1) { + return false; + } + return false; + } + return true; //Continue with request + } + + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + //Ignore + } + + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) + throws Exception { + //Ignore + } +} diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java new file mode 100644 index 0000000..2f3362b --- /dev/null +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java @@ -0,0 +1,62 @@ +/******************************************************************************* + * =============LICENSE_START========================================================= + * + * ================================================================================= + * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + *******************************************************************************/ +package org.onap.portalapp.interceptor; + +import java.util.HashSet; +import java.util.Set; +import java.util.TreeSet; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +import com.fasterxml.jackson.databind.ObjectMapper; + +public class AuthorizationInterceptor implements HandlerInterceptor { + + protected final ObjectMapper objectMapper = new ObjectMapper(); + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + Set<String> userRoleSet = new HashSet<String>(); + Set<String> userApps = new TreeSet<>(); + userRoleSet.add("Standard User"); + userRoleSet.add("ECOMPC_DCAE_WRITE"); + userApps.add("dcae"); + request.setAttribute("userRoles", userRoleSet); + request.setAttribute("userApps", userApps); + return true; //Continue with request + } + + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + //Ignore + } + + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) + throws Exception { + //Ignore + } +} diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java index b628772..d7c9ab7 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java @@ -20,22 +20,129 @@ package org.onap.portalapp.login; +import java.io.IOException; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.function.Predicate; + import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.portalsdk.core.auth.LoginStrategy; +import org.onap.portalsdk.core.command.LoginBean; +import org.onap.portalsdk.core.domain.Role; +import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.FusionObject.Parameters; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.menu.MenuProperties; import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; import org.onap.portalsdk.core.onboarding.util.CipherUtil; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; +import org.onap.portalsdk.core.service.DataAccessService; +import org.onap.portalsdk.core.service.LoginService; +import org.onap.portalsdk.core.service.RoleService; +import org.onap.portalsdk.core.util.SystemProperties; +import org.onap.portalsdk.core.web.support.AppUtils; +import org.onap.portalsdk.core.web.support.UserUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.ModelAndView; public class LoginStrategyImpl extends LoginStrategy { EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginStrategyImpl.class); + @Autowired + private LoginService loginService; + + @Autowired + private RoleService roleService; + + @Override + public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) throws IOException { + + invalidateExistingSession(request); + + LoginBean commandBean = new LoginBean(); + String loginId = request.getParameter("loginId"); + String password = request.getParameter("password"); + commandBean.setLoginId(loginId); + commandBean.setLoginPwd(password); + //commandBean.setUserid(loginId); + commandBean = loginService.findUser(commandBean, + (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap()); + List<RoleFunction> roleFunctionList = roleService.getRoleFunctions(loginId); + + if (commandBean.getUser() == null) { + String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage() + : "login.error.external.invalid - User name and/or password incorrect"; + Map<String, String> model = new HashMap<>(); + model.put("error", loginErrorMessage); + return new ModelAndView("login_external", "model", model); + } else { + // store the currently logged in user's information in the session + UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), + commandBean.getBusinessDirectMenu(), + SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList); + // set the user's max role level in session + final String adminRole = "System Administrator"; + final String standardRole = "Standard User"; + final String readRole = "Read Access"; + final String writeRole = "Write Access"; + + String maxRole = ""; + String authType = "READ"; + String accessLevel = "app"; + + Predicate<Role> adminRoleFilter = + p -> p.getName() != null && p.getName().equalsIgnoreCase(adminRole); + + Predicate<Role> writeRoleFilter = + p -> p.getName() != null && (p.getName().equalsIgnoreCase(writeRole) || p.getName().equalsIgnoreCase(standardRole)); + + Predicate<Role> readRoleFilter = + p -> p.getName() != null && (p.getName().equalsIgnoreCase(readRole) ); + + if (UserUtils.getUserSession(request) != null) { + @SuppressWarnings("unchecked") + Collection<org.onap.portalsdk.core.domain.Role> userRoles = + UserUtils.getRoles(request).values(); + if (userRoles.stream().anyMatch(adminRoleFilter) ) { + maxRole = "admin"; + } else if (userRoles.stream().anyMatch(writeRoleFilter) ) { + maxRole = "write"; + } else if (userRoles.stream().anyMatch(readRoleFilter) ) { + maxRole = "read"; + } + switch(maxRole) { + case "admin": + authType = "ADMIN"; + accessLevel = "ops"; + break; + case "write": + authType = "WRITE"; + accessLevel = "dev"; + break; + case "read": + authType = "READ"; + accessLevel = "dev"; + break; + default: + accessLevel = "app"; + } + } + AppUtils.getSession(request).setAttribute("role_level", accessLevel); + AppUtils.getSession(request).setAttribute("auth_role", authType); + initateSessionMgtHandler(request); + // user has been authenticated, now take them to the welcome page + return new ModelAndView("redirect:welcome"); + } + } + @Override public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { |