Security fixes

Issue-ID: PORTAL-136, PORTAL-155, PORTAL-210,PORTAL-217

Includes JUNITS and docker changes, music integration and security fixes

Change-Id: Ib9205d7e8aa31c525a87e9d9a8076906ea4c7f0a
Signed-off-by: Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com>

11 files changed, 188 insertions, 23 deletions

diff --git a/deliveries/portal.cql b/deliveries/portal.cql
new file mode 100644
index 00000000..6cb62713
--- /dev/null
+++ b/deliveries/portal.cql
@@ -0,0 +1,54 @@
+CREATE KEYSPACE IF NOT EXISTS portal
+    WITH REPLICATION = {
+        'class' : 'SimpleStrategy',
+        'replication_factor': 1
+    }
+    AND DURABLE_WRITES = true;
+ 
+
+CREATE TABLE portal.spring_session (
+    primary_id text PRIMARY KEY,
+    creation_time text,
+    expiry_time text,
+    last_access_time text,
+    max_inactive_interval text,
+    principal_name text,
+    session_id text,
+    vector_ts text
+) WITH bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+    
+  
+CREATE TABLE portal.spring_session_attributes (
+    primary_id text,
+    attribute_name text,
+    attribute_bytes blob,
+    vector_ts text,
+    PRIMARY KEY (primary_id, attribute_name)
+) WITH CLUSTERING ORDER BY (attribute_name ASC)
+    AND bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';  
diff --git a/deliveries/portalsdk.cql b/deliveries/portalsdk.cql
new file mode 100644
index 00000000..62da5dd7
--- /dev/null
+++ b/deliveries/portalsdk.cql
@@ -0,0 +1,54 @@
+CREATE KEYSPACE IF NOT EXISTS portalsdk
+    WITH REPLICATION = {
+        'class' : 'SimpleStrategy',
+        'replication_factor': 1
+    }
+    AND DURABLE_WRITES = true;
+ 
+
+CREATE TABLE portalsdk.spring_session (
+    primary_id text PRIMARY KEY,
+    creation_time text,
+    expiry_time text,
+    last_access_time text,
+    max_inactive_interval text,
+    principal_name text,
+    session_id text,
+    vector_ts text
+) WITH bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+    
+  
+CREATE TABLE portalsdk.spring_session_attributes (
+    primary_id text,
+    attribute_name text,
+    attribute_bytes blob,
+    vector_ts text,
+    PRIMARY KEY (primary_id, attribute_name)
+) WITH CLUSTERING ORDER BY (attribute_name ASC)
+    AND bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';  
diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 7cdc7968..ce394eaf 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -340,7 +340,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi</artifactId>
-			<version>3.17</version>
+			<version>3.15</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -355,7 +355,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-ooxml</artifactId>
-			<version>3.17</version>
+			<version>3.15</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -547,7 +547,7 @@
 		<dependency>
 			<groupId>commons-beanutils</groupId>
 			<artifactId>commons-beanutils</artifactId>
-			<version>1.9.2</version>
+			<version>1.9.3</version>
 		</dependency>
 		<dependency>
 			<groupId>com.ecwid.consul</groupId>
@@ -633,11 +633,6 @@
 		    <version>${springframework.version}</version>
 	    </dependency>
 		<dependency>
-    		<groupId>org.apache.lucene</groupId>
-    		<artifactId>lucene-queryparser</artifactId>
-    		<version>7.2.1</version>
-		</dependency>
-		<dependency>
     		<groupId>com.thoughtworks.xstream</groupId>
     		<artifactId>xstream</artifactId>
     		<version>1.4.10</version>
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
index 678672b1..a2226944 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
@@ -1507,7 +1507,12 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 					return roleFunc;
 				roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction);
 			} else {
-				roleFunc = getRoleFuncList.get(0);
+				// Check even if single record have pipes
+				if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) {
+					roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0));
+				} else {
+					roleFunc = getRoleFuncList.get(0);
+				}
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e);
@@ -3434,8 +3439,8 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 	@Override
 	public List<CentralRole> convertV2CentralRoleListToOldVerisonCentralRoleList(List<CentralV2Role> v2CenRoleList) {
 		List<CentralRole> cenRoleList = new ArrayList<>();
-		SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
 			for(CentralV2Role v2CenRole : v2CenRoleList){
+				SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
 				for(CentralV2RoleFunction v2CenRoleFunc: v2CenRole.getRoleFunctions()){
 					CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName());
 					cenRoleFuncList.add(roleFunc);
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java
index bb408b26..295ba74b 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java
@@ -533,7 +533,7 @@ public class ExternalAccessRolesServiceImplTest {
 				.thenReturn(getRoleFuncList);
 		CentralV2RoleFunction actual = externalAccessRolesServiceImpl.getRoleFunction("test_type|type_code|*",
 				app.getUebKey());
-		assertEquals(getCenRole.getCode(), actual.getCode());
+		assertEquals("type_code", actual.getCode());
 	}
 
 	@Test
diff --git a/ecomp-portal-BE-os/README.md b/ecomp-portal-BE-os/README.md
index 6ca4b1ed..06f9ae3d 100644
--- a/ecomp-portal-BE-os/README.md
+++ b/ecomp-portal-BE-os/README.md
@@ -15,6 +15,7 @@ https://www.eclipse.org/m2e-wtp/
 ## Release Notes
 
 Version 2.2
+- [PORTAL-179] wrong menu available to App Admin User
 - [PORTAL-207] Raise 4 % percentage (from 44 to 48) sonar code coverage for ONAP PORTAL
 - [PORTAL-136] Raise JUnit test coverage ONAP Portal to 50% for Beijing 
 - [PORTAL-133] replace ECOMP to ONAP on Contact Us and Get Access page
diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index 3eae6860..ed42c061 100644
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -386,7 +386,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi</artifactId>
-			<version>3.17</version>
+			<version>3.15</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -401,7 +401,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-ooxml</artifactId>
-			<version>3.17</version>
+			<version>3.15</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -609,7 +609,7 @@
 		<dependency>
 			<groupId>commons-beanutils</groupId>
 			<artifactId>commons-beanutils</artifactId>
-			<version>1.9.2</version>
+			<version>1.9.3</version>
 		</dependency>
 		<!-- OpenID Connect Dependencies -->
 		<dependency>
@@ -656,6 +656,7 @@
 			<groupId>org.onap.portal.sdk</groupId>
 			<artifactId>epsdk-music</artifactId>
 			<version>${epsdk.version}</version>
+			<classifier>jar-with-dependencies</classifier>
 			<exclusions>
 				<exclusion>
 					<groupId>org.onap.music</groupId>
diff --git a/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql b/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql
index 18d79fa8..6461b13d 100644
--- a/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql
+++ b/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql
@@ -3,7 +3,18 @@
 -- First run the common Opensource DML; then run this file to add The Opensource only data
 USE portal;
 
-set foreign_key_checks=1; 
+set foreign_key_checks=1;
+
+--- update fn_menu for roles
+UPDATE fn_menu
+SET function_cd = 'menu_acc_admin'
+WHERE  label = 'Roles';
+
+--- update fn_menu for users
+UPDATE fn_menu
+SET function_cd = 'menu_acc_admin'
+WHERE label = 'Users';
+
 
 -- fn_user
 Insert into fn_user (USER_ID, ORG_ID, MANAGER_ID,FIRST_NAME,MIDDLE_NAME,LAST_NAME,PHONE,FAX,CELLULAR,EMAIL,ADDRESS_ID,ALERT_METHOD_CD,HRID,ORG_USER_ID,ORG_CODE,LOGIN_ID,LOGIN_PWD,LAST_LOGIN_DATE,ACTIVE_YN,CREATED_ID,CREATED_DATE,MODIFIED_ID,MODIFIED_DATE,IS_INTERNAL_YN,ADDRESS_LINE_1,ADDRESS_LINE_2,CITY,STATE_CD,ZIP_CODE,COUNTRY_CD,LOCATION_CLLI,ORG_MANAGER_USERID,COMPANY,DEPARTMENT_NAME,JOB_TITLE,TIMEZONE,DEPARTMENT,BUSINESS_UNIT,BUSINESS_UNIT_NAME,COST_CENTER,FIN_LOC_CODE,SILO_STATUS) values (1,NULL,NULL,'Demo',NULL,'User',NULL,NULL,NULL,'demo@openecomp.org',NULL,NULL,NULL,'demo',NULL,'demo','4Gl6WL1bmwviYm+XZa6pS1vC0qKXWtn9wcZWdLx61L0=','2016-10-20 15:11:16','Y',NULL,'2016-10-14 21:00:00',1,'2016-10-20 15:11:16','N',NULL,NULL,NULL,'NJ',NULL,'US',NULL,NULL,NULL,NULL,NULL,10,NULL,NULL,NULL,NULL,NULL,NULL);
@@ -89,7 +100,24 @@ insert into ep_app_function (app_id, function_cd, function_name) values
 (1,	'url|saveNotification|*','publish notifications'),
 (1,	'url|url_role.htm|*','role page'),
 (1,	'url|url_welcome.htm|*','welcome page'),
-(1, 'menu|menu_acc_admin|*','Admin Acc Menu');
+(1, 'menu|menu_acc_admin|*','Admin Account Menu'),
+(1,'url|addWebAnalyticsReport|*','Add Web Analytics Report'), 
+(1,'url|appsFullList|*','Apps Full List'),
+(1,'url|centralizedApps|*','Centralized Apps'),
+(1,'url|functionalMenu|*','Functional Menu'),
+(1,'url|getAllWebAnalytics|*','Get All Web Analytics'),
+(1,'url|getFunctionalMenuRole|*','Get Functional Menu Role'),
+(1,'url|getNotificationAppRoles|*','Get Notification App Roles'),
+(1,'url|getUserAppsWebAnalytics|*','Get User Apps Web Analytics'),
+(1,'url|getUserJourneyAnalyticsReport|*','Get User Journey Report'),
+(1,'url|get_roles%2f%2a|*','getRolesOfApp'),
+(1,'url|get_role_functions%2f%2a|*','Get Role Functions'),
+(1,'url|notification_code|*','Notification Code'),
+(1,'url|role_function_list%2fsaveRoleFunction%2f%2a|*','Save Role Function'),
+(1,'url|syncRoles|*','SyncRoles'),
+(1,'url|userAppRoles|*','userAppRoles'),
+(1,'url|userApps|*','User Apps')
+;
 
 
 insert into ep_app_role_function (id, app_id, role_id, function_cd, role_app_id) values
@@ -102,12 +130,24 @@ insert into ep_app_role_function (id, app_id, role_id, function_cd, role_app_id)
 (7, 1, 16, 'menu|menu_logout|*',	null),
 (8, 1, 950, 'url|edit_notification|*', null),
 (9, 1, 950, 'url|getAdminNotifications|*', null),
-(10, 1, 950, 'url|saveNotification|*', null),
-(11, 1, 999, 'url|edit_notification|*', null),
-(12, 1, 999, 'url|getAdminNotifications|*', null),
-(13, 1, 999, 'menu|menu_admin|*', null),
-(14, 1, 1010, 'menu|menu_web_analytics|*', null),
+(10,1, 950, 'url|saveNotification|*', null),
+(11,1, 999,'url|userAppRoles|*','userAppRoles', null),
+(12,1, 999, 'url|getAdminNotifications|*', null),
+(13,1, 999,'url|userApps|*','User Apps'),
+(14,1, 1010, 'menu|menu_web_analytics|*', null),
 (15, 1, 2115, 'menu|menu_web_analytics|*', null),
 (16, 1 , 1, 'menu|menu_acc_admin|*' , null),
 (17, 1 , 999 ,'menu|menu_acc_admin|*', null);
+(18,1,999,'url|centralizedApps|*','Centralized Apps', null),
+(19,1,999,'url|getAllWebAnalytics|*','Get All Web Analytics', null),
+(20,1,999,'url|getFunctionalMenuRole|*','Get Functional Menu Role', null),
+(21,1,999,'url|getNotificationAppRoles|*','Get Notification App Roles', null),
+(22,1,999,'url|getUserAppsWebAnalytics|*','Get User Apps Web Analytics', null),
+(23,1,999,'url|getUserJourneyAnalyticsReport|*','Get User Journey Report', null),
+(24,1,999,'url|get_roles%2f%2a|*','getRolesOfApp', null),
+(25,1,999,'url|get_role_functions%2f%2a|*','Get Role Functions', null),
+(26,1,999,'url|notification_code|*','Notification Code', null),
+(27,1,999,'url|role_function_list%2fsaveRoleFunction%2f%2a|*','Save Role Function', null),
+(28,1,999,'url|syncRoles|*','SyncRoles', null);
+
 commit;    
\ No newline at end of file
diff --git a/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html b/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html
index 508db70a..cb29ef73 100644
--- a/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html
+++ b/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html
@@ -60,7 +60,7 @@
 				
             <div class="span6" >
                 <div class="item-label">Title</div>
-                <input id="input-title" ddh-reset ng-readonly="!functionalMenuDetails.formEditable ? 'checked':'' " placeholder="Enter text"class="functionalMenu-height" ng-model="functionalMenuDetails.menutitle" type="text" name="text"/>
+                <input id="input-title" ddh-reset ng-readonly="!functionalMenuDetails.formEditable ? 'checked':'' " placeholder="Enter text"class="functionalMenu-height" ng-model="functionalMenuDetails.menutitle" type="text" name="text" maxlength="100"/>
                 <div id="div-error-conflict" class="error-container" ng-show="functionalMenuDetails.conflictMessages.text">
                     <small id="msg-error-conflict" id="functionalMenuDetails-input-title-conflict" class="err-message" ng-bind="functionalMenuDetails.conflictMessages.text"></small>
                 </div>
diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index a3c5546e..5d8896c2 100644
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -152,6 +152,21 @@
 			<artifactId>logback-classic</artifactId>
 			<version>1.2.3</version>
 		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-annotations</artifactId>
+			<version>2.8.10</version>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-core</artifactId>
+			<version>2.8.10</version>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+			<version>2.8.10</version>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/pom.xml b/pom.xml
index c1b07e00..d3571b3c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
 		<!-- Jenkins should invoke mvn with argument -Dbuild.number=${BUILD_NUMBER} -->
 		<build.number>0</build.number>
 		<epsdk.version>2.2.0-SNAPSHOT</epsdk.version>
-		<springframework.version>4.2.2.RELEASE</springframework.version>
+		<springframework.version>4.2.3.RELEASE</springframework.version>
 		<hibernate.version>4.3.11.Final</hibernate.version>
 		<fasterxml.version>2.8.10</fasterxml.version>
 		<eelf.version>1.0.0</eelf.version>