From 21a8761f684745bb300e075c7e98ad897ace9eed Mon Sep 17 00:00:00 2001 From: st782s Date: Tue, 30 Jan 2018 17:29:36 -0500 Subject: Security/ Package Name changes Issue-ID: PORTAL-174, PORTAL-157, PORTAL-156, PORTAL-148, PORTAL-145, PORTAL-140, PORTAL-133, PORTAL-121, PORTAL-111, PORTAL-88 Includes security fixes, Role Centralization, replace certain ECOMP occurrences etc Change-Id: I3c8b706709c6b92e646e3cbe50c2d660e8a46ef4 Signed-off-by: st782s --- .../portalapp/authentication/LoginStrategy.java | 45 +++++++ .../authentication/OpenIdConnectLoginStrategy.java | 123 +++++++++++++++++++ .../authentication/SimpleLoginStrategy.java | 131 +++++++++++++++++++++ 3 files changed, 299 insertions(+) create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java (limited to 'ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication') diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java new file mode 100644 index 00000000..767bd520 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java @@ -0,0 +1,45 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.authentication; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public interface LoginStrategy { + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception; +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java new file mode 100644 index 00000000..cbe4b352 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java @@ -0,0 +1,123 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.authentication; + +import java.util.HashSet; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.mitre.openid.connect.model.UserInfo; +import org.onap.portalapp.command.EPLoginBean; +import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.util.SessionCookieUtil; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; +import org.onap.portalsdk.core.util.SystemProperties; +import org.springframework.util.StringUtils; +import org.springframework.web.servlet.ModelAndView; + +public class OpenIdConnectLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrategy implements org.onap.portalapp.authentication.LoginStrategy { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(OpenIdConnectLoginStrategy.class); + + private static final String GLOBAL_LOCATION_KEY = "Location"; + + @SuppressWarnings("rawtypes") + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{ + + logger.info("Attempting Login"); + + //check both authentication cookie and authentication header + UserInfo userInfo = (UserInfo) request.getAttribute("userInfo"); + + if (userInfo != null && !StringUtils.isEmpty(userInfo.getPreferredUsername())) { + //package the userid in the login form for processing + EPLoginBean commandBean = new EPLoginBean(); + commandBean.setOrgUserId(userInfo.getPreferredUsername()); + + EPUser user = new EPUser(); + + user.setOrgUserId(userInfo.getPreferredUsername()); + user.setEmail(userInfo.getEmail()); + user.setFirstName(userInfo.getName()); + user.setLastName(userInfo.getFamilyName()); + + //store the currently logged in user's information in the session + EPUserUtils.setUserSession(request, user, new HashSet(), new HashSet(), SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM),null); + + logger.info(EELFLoggerDelegate.errorLogger, request.getContextPath()); + SessionCookieUtil.preSetUp(request, response); + return true; + } else { + // in case authentication cookie is missing, send 401 UNAUTHORIZED to client and it will redirect to Logon + try { + String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM); + String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL); + logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'."); + + if (authentication == null || authentication.equals("") || authentication.trim().equals("OIDC")) { + response.sendRedirect("oid-login"); + } else { + logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); + response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); + } + } catch(Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "login failed", e); + } + } + return false; + } + + @Override + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new Exception(message); + } + + @Override + public String getUserId(HttpServletRequest request) throws PortalAPIException { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new PortalAPIException(message); + } +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java new file mode 100644 index 00000000..55a0f10a --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java @@ -0,0 +1,131 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.authentication; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.portalapp.command.EPLoginBean; +import org.onap.portalapp.portal.service.EPLoginService; +import org.onap.portalapp.portal.service.EPRoleFunctionService; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.util.SessionCookieUtil; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.menu.MenuProperties; +import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; +import org.onap.portalsdk.core.util.SystemProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.StringUtils; +import org.springframework.web.servlet.ModelAndView; + +public class SimpleLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrategy implements LoginStrategy{ + + @Autowired + private EPLoginService loginService; + + @Autowired + private EPRoleFunctionService ePRoleFunctionService; + + private static final String GLOBAL_LOCATION_KEY = "Location"; + + EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SimpleLoginStrategy.class); + + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{ + logger.info("Attempting 'Simple' Login"); + + //check both authentication cookie and authentication header + String orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response); + + if (!StringUtils.isEmpty(orgUserId)) { + // package the userid in the login form for processing + EPLoginBean commandBean = new EPLoginBean(); + commandBean.setOrgUserId(orgUserId); + commandBean = loginService.findUser(commandBean, (String)request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), null); + + // in case authentication has passed but user is not in the ECOMP data base, return a Guest User to the home page. + if (commandBean.getUser() == null) { + } + else { + // store the currently logged in user's information in the session + EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), "", ePRoleFunctionService); + logger.info(EELFLoggerDelegate.debugLogger, commandBean.getUser().getOrgUserId() + " exists in the the system."); + } + + logger.info(EELFLoggerDelegate.errorLogger, request.getContextPath()); + SessionCookieUtil.preSetUp(request, response); + return true; + } else { + // in case authentication cookie is missing, send 401 UNAUTHORIZED to client and it will redirect to Logon + try { + String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM); + String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL); + logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'."); + if (authentication == null || authentication.equals("") || authentication.trim().equals("BOTH")) { + + logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); + response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm"); + }else { + logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); + response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm"); + } + } catch(Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "login failed", e); + } + } + + return false; + + } + + @Override + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new Exception(message); + } + + @Override + public String getUserId(HttpServletRequest request) throws PortalAPIException { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new PortalAPIException(message); + } +} -- cgit 1.2.3-korg