aboutsummaryrefslogtreecommitdiffstats
path: root/ccsdk-app-os/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'ccsdk-app-os/src/main/java')
-rw-r--r--ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java22
-rw-r--r--ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java20
-rw-r--r--ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java4
-rw-r--r--ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java102
-rw-r--r--ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java62
-rw-r--r--ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java107
6 files changed, 311 insertions, 6 deletions
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
index 807ae78..665e0da 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
@@ -21,18 +21,16 @@ package org.onap.portalapp.conf;
import java.util.ArrayList;
import java.util.List;
-
-import org.onap.portalapp.lm.FusionLicenseManagerImpl;
import org.onap.portalapp.login.LoginStrategyImpl;
import org.onap.portalapp.controller.core.SingleSignOnController;
import org.onap.portalapp.controller.sample.ElasticSearchController;
import org.onap.portalapp.controller.sample.PostDroolsController;
+import org.onap.portalapp.interceptor.AuthenticationInterceptor;
+import org.onap.portalapp.interceptor.AuthorizationInterceptor;
import org.onap.portalapp.scheduler.LogRegistry;
import org.onap.portalsdk.core.auth.LoginStrategy;
import org.onap.portalsdk.core.conf.AppConfig;
import org.onap.portalsdk.core.conf.Configurable;
-// import org.onap.portalsdk.core.lm.FusionLicenseManager;
-// import org.onap.portalsdk.core.lm.FusionLicenseManagerUtils;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.objectcache.AbstractCacheManager;
import org.onap.portalsdk.core.scheduler.CoreRegister;
@@ -54,6 +52,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+
/**
* ECOMP Portal SDK sample application. ECOMP Portal SDK core AppConfig class to
* reuse interceptors, view resolvers and other features defined there.
@@ -75,6 +74,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAppConfig.class);
+ private static final String HEALTH = "/health*";
+
@Configuration
@Import(SystemProperties.class)
static class InnerConfiguration {
@@ -133,6 +134,16 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
return definitions;
}
+ @Bean
+ public AuthenticationInterceptor authenticationInterceptor() {
+ return new AuthenticationInterceptor();
+ }
+
+ @Bean
+ public AuthorizationInterceptor authorizationInterceptor() {
+ return new AuthorizationInterceptor();
+ }
+
/**
* Adds request interceptors to the specified registry by calling
* {@link AppConfig#addInterceptors(InterceptorRegistry)}, but excludes
@@ -140,6 +151,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
+ registry.addInterceptor(authenticationInterceptor()).addPathPatterns("/nb-api/**");
+ registry.addInterceptor(authorizationInterceptor()).addPathPatterns("/nb-api/**");
super.setExcludeUrlPathsForSessionTimeout("/login_external", "*/login_external.htm",
"login", "/login.htm", "/api*", "/single_signon.htm", "/single_signon", "/health*",
"/nb-api/**");
@@ -171,4 +184,5 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
public LoginStrategy loginStrategy() {
return new LoginStrategyImpl();
}
+
}
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
index 9c6b95e..2624e2f 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
@@ -19,11 +19,31 @@
*/
package org.onap.portalapp.conf;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+
import org.onap.ccsdk.dashboard.util.DashboardProperties;
import org.onap.portalsdk.core.conf.AppInitializer;
+import org.onap.portalsdk.core.logging.format.AlarmSeverityEnum;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.springframework.core.env.ConfigurableEnvironment;
+import org.springframework.web.context.WebApplicationContext;
public class ExternalAppInitializer extends AppInitializer {
+ /*
+ @Override
+ protected WebApplicationContext createServletApplicationContext() {
+ WebApplicationContext context = super.createServletApplicationContext();
+ try {
+ ((ConfigurableEnvironment) context.getEnvironment()).setActiveProfiles("onap");
+ } catch (Exception e) {
+ System.out.println("Unable to set the active profile" + e.getMessage());
+ //throw e;
+ }
+ return context;
+ }
+*/
@Override
protected Class<?>[] getRootConfigClasses() {
return super.getRootConfigClasses();
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
index 673fc8d..844ae36 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
@@ -43,8 +43,8 @@ public class HibernateMappingLocations implements HibernateMappingLocatable {
// a leading slash gets stripped so don't bother.
// new ClassPathResource("../fusion/orm/Fusion.hbm.xml"),
// This is a COPY to work around a bug in the 1.1.0 release.
- new ClassPathResource("../fusion/orm/Fusion.hbm.xml"),
- new ClassPathResource("../oom-app.hbm.xml")};
+ new ClassPathResource("../fusion/orm/Fusion.hbm.xml")};
+ //new ClassPathResource("../oom-app.hbm.xml")};
}
/*
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java
new file mode 100644
index 0000000..206f364
--- /dev/null
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java
@@ -0,0 +1,102 @@
+/*******************************************************************************
+ * =============LICENSE_START=========================================================
+ *
+ * =================================================================================
+ * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ *******************************************************************************/
+package org.onap.portalapp.interceptor;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+//import javax.xml.bind.DatatypeConverter;
+import java.util.Base64;
+
+import org.apache.http.HttpStatus;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.service.UserProfileService;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+public class AuthenticationInterceptor implements HandlerInterceptor {
+
+ @Autowired
+ private UserProfileService userSvc;
+
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+ String authString = request.getHeader("Authorization");
+ try {
+ if(authString == null || authString.isEmpty())
+ {
+ response.setStatus(HttpStatus.SC_UNAUTHORIZED);
+ response.sendError(HttpStatus.SC_UNAUTHORIZED, "Authentication information is missing");
+ return false; //Do not continue with request
+ } else {
+ String decodedAuth = "";
+ String[] authParts = authString.split("\\s+");
+ String authInfo = authParts[1];
+ byte[] bytes = null;
+ bytes = Base64.getDecoder().decode(authInfo);
+ //DatatypeConverter.parseBase64Binary(authInfo);
+ decodedAuth = new String(bytes,StandardCharsets.UTF_8);
+ String[] authen = decodedAuth.split(":");
+
+ if (authen.length > 1) {
+ User user = userSvc.getUserByLoginId(authen[0]);
+ if (user == null) {
+ response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation");
+ return false;
+ }
+/* ResponseEntity<String> getResponse =
+ userSrvc.checkUserExists(authen[0], authen[1]);
+ if (getResponse.getStatusCode().value() != 200) {
+ response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation");
+ return false;
+ }*/
+ } else {
+ return false;
+ }
+ }
+ } catch (Exception e) {
+ try {
+ response.sendError(HttpStatus.SC_UNAUTHORIZED, e.getMessage());
+ } catch (IOException e1) {
+ return false;
+ }
+ return false;
+ }
+ return true; //Continue with request
+ }
+
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+ ModelAndView modelAndView) throws Exception {
+ //Ignore
+ }
+
+ @Override
+ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+ throws Exception {
+ //Ignore
+ }
+}
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java
new file mode 100644
index 0000000..2f3362b
--- /dev/null
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java
@@ -0,0 +1,62 @@
+/*******************************************************************************
+ * =============LICENSE_START=========================================================
+ *
+ * =================================================================================
+ * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ *******************************************************************************/
+package org.onap.portalapp.interceptor;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.TreeSet;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class AuthorizationInterceptor implements HandlerInterceptor {
+
+ protected final ObjectMapper objectMapper = new ObjectMapper();
+
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+ Set<String> userRoleSet = new HashSet<String>();
+ Set<String> userApps = new TreeSet<>();
+ userRoleSet.add("Standard User");
+ userRoleSet.add("ECOMPC_DCAE_WRITE");
+ userApps.add("dcae");
+ request.setAttribute("userRoles", userRoleSet);
+ request.setAttribute("userApps", userApps);
+ return true; //Continue with request
+ }
+
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+ ModelAndView modelAndView) throws Exception {
+ //Ignore
+ }
+
+ @Override
+ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+ throws Exception {
+ //Ignore
+ }
+}
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
index b628772..d7c9ab7 100644
--- a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
+++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
@@ -20,22 +20,129 @@
package org.onap.portalapp.login;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Predicate;
+
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.portalsdk.core.auth.LoginStrategy;
+import org.onap.portalsdk.core.command.LoginBean;
+import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.domain.RoleFunction;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.domain.FusionObject.Parameters;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.menu.MenuProperties;
import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
import org.onap.portalsdk.core.onboarding.util.CipherUtil;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.onap.portalsdk.core.service.DataAccessService;
+import org.onap.portalsdk.core.service.LoginService;
+import org.onap.portalsdk.core.service.RoleService;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.web.support.AppUtils;
+import org.onap.portalsdk.core.web.support.UserUtils;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.ModelAndView;
public class LoginStrategyImpl extends LoginStrategy {
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginStrategyImpl.class);
+ @Autowired
+ private LoginService loginService;
+
+ @Autowired
+ private RoleService roleService;
+
+ @Override
+ public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+
+ invalidateExistingSession(request);
+
+ LoginBean commandBean = new LoginBean();
+ String loginId = request.getParameter("loginId");
+ String password = request.getParameter("password");
+ commandBean.setLoginId(loginId);
+ commandBean.setLoginPwd(password);
+ //commandBean.setUserid(loginId);
+ commandBean = loginService.findUser(commandBean,
+ (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap());
+ List<RoleFunction> roleFunctionList = roleService.getRoleFunctions(loginId);
+
+ if (commandBean.getUser() == null) {
+ String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage()
+ : "login.error.external.invalid - User name and/or password incorrect";
+ Map<String, String> model = new HashMap<>();
+ model.put("error", loginErrorMessage);
+ return new ModelAndView("login_external", "model", model);
+ } else {
+ // store the currently logged in user's information in the session
+ UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
+ commandBean.getBusinessDirectMenu(),
+ SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList);
+ // set the user's max role level in session
+ final String adminRole = "System Administrator";
+ final String standardRole = "Standard User";
+ final String readRole = "Read Access";
+ final String writeRole = "Write Access";
+
+ String maxRole = "";
+ String authType = "READ";
+ String accessLevel = "app";
+
+ Predicate<Role> adminRoleFilter =
+ p -> p.getName() != null && p.getName().equalsIgnoreCase(adminRole);
+
+ Predicate<Role> writeRoleFilter =
+ p -> p.getName() != null && (p.getName().equalsIgnoreCase(writeRole) || p.getName().equalsIgnoreCase(standardRole));
+
+ Predicate<Role> readRoleFilter =
+ p -> p.getName() != null && (p.getName().equalsIgnoreCase(readRole) );
+
+ if (UserUtils.getUserSession(request) != null) {
+ @SuppressWarnings("unchecked")
+ Collection<org.onap.portalsdk.core.domain.Role> userRoles =
+ UserUtils.getRoles(request).values();
+ if (userRoles.stream().anyMatch(adminRoleFilter) ) {
+ maxRole = "admin";
+ } else if (userRoles.stream().anyMatch(writeRoleFilter) ) {
+ maxRole = "write";
+ } else if (userRoles.stream().anyMatch(readRoleFilter) ) {
+ maxRole = "read";
+ }
+ switch(maxRole) {
+ case "admin":
+ authType = "ADMIN";
+ accessLevel = "ops";
+ break;
+ case "write":
+ authType = "WRITE";
+ accessLevel = "dev";
+ break;
+ case "read":
+ authType = "READ";
+ accessLevel = "dev";
+ break;
+ default:
+ accessLevel = "app";
+ }
+ }
+ AppUtils.getSession(request).setAttribute("role_level", accessLevel);
+ AppUtils.getSession(request).setAttribute("auth_role", authType);
+ initateSessionMgtHandler(request);
+ // user has been authenticated, now take them to the welcome page
+ return new ModelAndView("redirect:welcome");
+ }
+ }
+
@Override
public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response)
throws Exception {