diff options
Diffstat (limited to 'ccsdk-app-os/src/main/java')
6 files changed, 125 insertions, 149 deletions
diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java index 665e0da..c59d5d9 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java @@ -1,8 +1,8 @@ /*- * ================================================================================ - * ECOMP Portal SDK + * DCAE Dashboard * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property + * Copyright (C) 2020 AT&T Intellectual Property * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,6 +17,7 @@ * limitations under the License. * ================================================================================ */ + package org.onap.portalapp.conf; import java.util.ArrayList; @@ -52,7 +53,6 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; - /** * ECOMP Portal SDK sample application. ECOMP Portal SDK core AppConfig class to * reuse interceptors, view resolvers and other features defined there. @@ -75,7 +75,7 @@ public class ExternalAppConfig extends AppConfig implements Configurable { private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAppConfig.class); private static final String HEALTH = "/health*"; - + @Configuration @Import(SystemProperties.class) static class InnerConfiguration { @@ -136,14 +136,14 @@ public class ExternalAppConfig extends AppConfig implements Configurable { @Bean public AuthenticationInterceptor authenticationInterceptor() { - return new AuthenticationInterceptor(); - } - + return new AuthenticationInterceptor(); + } + @Bean public AuthorizationInterceptor authorizationInterceptor() { - return new AuthorizationInterceptor(); - } - + return new AuthorizationInterceptor(); + } + /** * Adds request interceptors to the specified registry by calling * {@link AppConfig#addInterceptors(InterceptorRegistry)}, but excludes diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java index 2624e2f..d966c3a 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java @@ -1,8 +1,8 @@ /*- * ================================================================================ - * ECOMP Portal SDK + * DCAE Dashboard * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property + * Copyright (C) 2020 AT&T Intellectual Property * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,31 +19,11 @@ */ package org.onap.portalapp.conf; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; - import org.onap.ccsdk.dashboard.util.DashboardProperties; import org.onap.portalsdk.core.conf.AppInitializer; -import org.onap.portalsdk.core.logging.format.AlarmSeverityEnum; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.springframework.core.env.ConfigurableEnvironment; -import org.springframework.web.context.WebApplicationContext; public class ExternalAppInitializer extends AppInitializer { - /* - @Override - protected WebApplicationContext createServletApplicationContext() { - WebApplicationContext context = super.createServletApplicationContext(); - try { - ((ConfigurableEnvironment) context.getEnvironment()).setActiveProfiles("onap"); - } catch (Exception e) { - System.out.println("Unable to set the active profile" + e.getMessage()); - //throw e; - } - return context; - } -*/ @Override protected Class<?>[] getRootConfigClasses() { return super.getRootConfigClasses(); diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java index 206f364..e8a64b3 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthenticationInterceptor.java @@ -18,6 +18,7 @@ * ============LICENSE_END========================================================= * *******************************************************************************/ + package org.onap.portalapp.interceptor; import java.io.IOException; @@ -25,7 +26,6 @@ import java.nio.charset.StandardCharsets; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -//import javax.xml.bind.DatatypeConverter; import java.util.Base64; import org.apache.http.HttpStatus; @@ -33,70 +33,65 @@ import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.core.service.UserProfileService; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.ResponseEntity; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; public class AuthenticationInterceptor implements HandlerInterceptor { - @Autowired - private UserProfileService userSvc; - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { - String authString = request.getHeader("Authorization"); - try { - if(authString == null || authString.isEmpty()) - { - response.setStatus(HttpStatus.SC_UNAUTHORIZED); - response.sendError(HttpStatus.SC_UNAUTHORIZED, "Authentication information is missing"); - return false; //Do not continue with request - } else { - String decodedAuth = ""; - String[] authParts = authString.split("\\s+"); - String authInfo = authParts[1]; - byte[] bytes = null; - bytes = Base64.getDecoder().decode(authInfo); - //DatatypeConverter.parseBase64Binary(authInfo); - decodedAuth = new String(bytes,StandardCharsets.UTF_8); - String[] authen = decodedAuth.split(":"); + @Autowired + private UserProfileService userSvc; + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, + Object handler) { + String authString = request.getHeader("Authorization"); + try { + if (authString == null || authString.isEmpty()) { + response.setStatus(HttpStatus.SC_UNAUTHORIZED); + response.sendError(HttpStatus.SC_UNAUTHORIZED, + "Authentication information is missing"); + return false; // Do not continue with request + } else { + String decodedAuth = ""; + String[] authParts = authString.split("\\s+"); + String authInfo = authParts[1]; + byte[] bytes = null; + bytes = Base64.getDecoder().decode(authInfo); + // DatatypeConverter.parseBase64Binary(authInfo); + decodedAuth = new String(bytes, StandardCharsets.UTF_8); + String[] authen = decodedAuth.split(":"); + + if (authen.length > 1) { + User user = userSvc.getUserByLoginId(authen[0]); + if (user == null) { + response.sendError(HttpStatus.SC_UNAUTHORIZED, + "Un-authorized to perform this operation"); + return false; + } + } else { + return false; + } + } + } catch (Exception e) { + try { + response.sendError(HttpStatus.SC_UNAUTHORIZED, e.getMessage()); + } catch (IOException e1) { + return false; + } + return false; + } + return true; // Continue with request + } + + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + // Ignore + } - if (authen.length > 1) { - User user = userSvc.getUserByLoginId(authen[0]); - if (user == null) { - response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation"); - return false; - } -/* ResponseEntity<String> getResponse = - userSrvc.checkUserExists(authen[0], authen[1]); - if (getResponse.getStatusCode().value() != 200) { - response.sendError(HttpStatus.SC_UNAUTHORIZED, "Un-authorized to perform this operation"); - return false; - }*/ - } else { - return false; - } - } - } catch (Exception e) { - try { - response.sendError(HttpStatus.SC_UNAUTHORIZED, e.getMessage()); - } catch (IOException e1) { - return false; - } - return false; - } - return true; //Continue with request - } - - @Override - public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, - ModelAndView modelAndView) throws Exception { - //Ignore - } - - @Override - public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) - throws Exception { - //Ignore - } + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, + Object handler, Exception ex) throws Exception { + // Ignore + } } diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java index 2f3362b..df230d2 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/interceptor/AuthorizationInterceptor.java @@ -18,6 +18,7 @@ * ============LICENSE_END========================================================= * *******************************************************************************/ + package org.onap.portalapp.interceptor; import java.util.HashSet; @@ -33,30 +34,31 @@ import org.springframework.web.servlet.ModelAndView; import com.fasterxml.jackson.databind.ObjectMapper; public class AuthorizationInterceptor implements HandlerInterceptor { - + protected final ObjectMapper objectMapper = new ObjectMapper(); - - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, + Object handler) throws Exception { Set<String> userRoleSet = new HashSet<String>(); Set<String> userApps = new TreeSet<>(); userRoleSet.add("Standard User"); - userRoleSet.add("ECOMPC_DCAE_WRITE"); + userRoleSet.add("DCAE_WRITE"); userApps.add("dcae"); request.setAttribute("userRoles", userRoleSet); - request.setAttribute("userApps", userApps); - return true; //Continue with request - } - - @Override - public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, - ModelAndView modelAndView) throws Exception { - //Ignore - } - - @Override - public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) - throws Exception { - //Ignore - } + request.setAttribute("userApps", userApps); + return true; // Continue with request + } + + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + // Ignore + } + + @Override + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, + Object handler, Exception ex) throws Exception { + // Ignore + } } diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java index d7c9ab7..8e80e79 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java @@ -1,6 +1,6 @@ /*- * ================================================================================ - * ECOMP Portal SDK + * DCAE Dashboard * ================================================================================ * Copyright (C) 2017 AT&T Intellectual Property * ================================================================================ @@ -35,15 +35,9 @@ import org.onap.portalsdk.core.auth.LoginStrategy; import org.onap.portalsdk.core.command.LoginBean; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.RoleFunction; -import org.onap.portalsdk.core.domain.User; -import org.onap.portalsdk.core.domain.FusionObject.Parameters; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.menu.MenuProperties; import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; -import org.onap.portalsdk.core.onboarding.util.CipherUtil; -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; -import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.service.LoginService; import org.onap.portalsdk.core.service.RoleService; import org.onap.portalsdk.core.util.SystemProperties; @@ -61,9 +55,10 @@ public class LoginStrategyImpl extends LoginStrategy { @Autowired private RoleService roleService; - + @Override - public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) throws IOException { + public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) + throws IOException { invalidateExistingSession(request); @@ -72,13 +67,15 @@ public class LoginStrategyImpl extends LoginStrategy { String password = request.getParameter("password"); commandBean.setLoginId(loginId); commandBean.setLoginPwd(password); - //commandBean.setUserid(loginId); + // commandBean.setUserid(loginId); commandBean = loginService.findUser(commandBean, - (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap()); + (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), + new HashMap()); List<RoleFunction> roleFunctionList = roleService.getRoleFunctions(loginId); if (commandBean.getUser() == null) { - String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage() + String loginErrorMessage = + (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage() : "login.error.external.invalid - User name and/or password incorrect"; Map<String, String> model = new HashMap<>(); model.put("error", loginErrorMessage); @@ -86,53 +83,55 @@ public class LoginStrategyImpl extends LoginStrategy { } else { // store the currently logged in user's information in the session UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), - commandBean.getBusinessDirectMenu(), - SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList); + commandBean.getBusinessDirectMenu(), + SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), + roleFunctionList); // set the user's max role level in session final String adminRole = "System Administrator"; final String standardRole = "Standard User"; final String readRole = "Read Access"; final String writeRole = "Write Access"; - + String maxRole = ""; String authType = "READ"; String accessLevel = "app"; - - Predicate<Role> adminRoleFilter = + + Predicate<Role> adminRoleFilter = p -> p.getName() != null && p.getName().equalsIgnoreCase(adminRole); - - Predicate<Role> writeRoleFilter = - p -> p.getName() != null && (p.getName().equalsIgnoreCase(writeRole) || p.getName().equalsIgnoreCase(standardRole)); - - Predicate<Role> readRoleFilter = - p -> p.getName() != null && (p.getName().equalsIgnoreCase(readRole) ); + + Predicate<Role> writeRoleFilter = + p -> p.getName() != null && (p.getName().equalsIgnoreCase(writeRole) + || p.getName().equalsIgnoreCase(standardRole)); + + Predicate<Role> readRoleFilter = + p -> p.getName() != null && (p.getName().equalsIgnoreCase(readRole)); if (UserUtils.getUserSession(request) != null) { @SuppressWarnings("unchecked") - Collection<org.onap.portalsdk.core.domain.Role> userRoles = + Collection<org.onap.portalsdk.core.domain.Role> userRoles = UserUtils.getRoles(request).values(); - if (userRoles.stream().anyMatch(adminRoleFilter) ) { + if (userRoles.stream().anyMatch(adminRoleFilter)) { maxRole = "admin"; - } else if (userRoles.stream().anyMatch(writeRoleFilter) ) { + } else if (userRoles.stream().anyMatch(writeRoleFilter)) { maxRole = "write"; - } else if (userRoles.stream().anyMatch(readRoleFilter) ) { + } else if (userRoles.stream().anyMatch(readRoleFilter)) { maxRole = "read"; } - switch(maxRole) { + switch (maxRole) { case "admin": authType = "ADMIN"; accessLevel = "ops"; break; case "write": authType = "WRITE"; - accessLevel = "dev"; + accessLevel = "dev"; break; case "read": authType = "READ"; - accessLevel = "dev"; - break; + accessLevel = "dev"; + break; default: - accessLevel = "app"; + accessLevel = "app"; } } AppUtils.getSession(request).setAttribute("role_level", accessLevel); @@ -142,7 +141,7 @@ public class LoginStrategyImpl extends LoginStrategy { return new ModelAndView("redirect:welcome"); } } - + @Override public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { @@ -165,7 +164,7 @@ public class LoginStrategyImpl extends LoginStrategy { return userid; } - private static String getUserIdFromCookie(HttpServletRequest request){ + private static String getUserIdFromCookie(HttpServletRequest request) { String userId = ""; Cookie[] cookies = request.getCookies(); Cookie userIdcookie = null; diff --git a/ccsdk-app-os/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java b/ccsdk-app-os/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java index da306f6..65e8541 100644 --- a/ccsdk-app-os/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java +++ b/ccsdk-app-os/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java @@ -1,6 +1,6 @@ /*- * ================================================================================ - * ECOMP Portal SDK + * DCAE Dashboard * ================================================================================ * Copyright (C) 2017 AT&T Intellectual Property * ================================================================================ @@ -17,11 +17,11 @@ * limitations under the License. * ================================================================================ */ + package org.onap.portalapp.service; import java.util.Set; -import org.onap.portalapp.service.IAdminAuthExtension; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; |