From 21a8761f684745bb300e075c7e98ad897ace9eed Mon Sep 17 00:00:00 2001 From: st782s Date: Tue, 30 Jan 2018 17:29:36 -0500 Subject: Security/ Package Name changes Issue-ID: PORTAL-174, PORTAL-157, PORTAL-156, PORTAL-148, PORTAL-145, PORTAL-140, PORTAL-133, PORTAL-121, PORTAL-111, PORTAL-88 Includes security fixes, Role Centralization, replace certain ECOMP occurrences etc Change-Id: I3c8b706709c6b92e646e3cbe50c2d660e8a46ef4 Signed-off-by: st782s --- .../portalapp/authentication/LoginStrategy.java | 45 +++ .../authentication/OpenIdConnectLoginStrategy.java | 123 ++++++ .../authentication/SimpleLoginStrategy.java | 131 +++++++ .../org/onap/portalapp/conf/ExternalAppConfig.java | 412 ++++++++++++++++++++ .../portalapp/conf/ExternalAppInitializer.java | 78 ++++ .../portalapp/conf/HibernateMappingLocations.java | 61 +++ .../controller/ECOMPLogoutController.java | 133 +++++++ .../onap/portalapp/controller/LoginController.java | 413 +++++++++++++++++++++ .../onap/portalapp/controller/LoginService.java | 54 +++ .../portalapp/controller/ONAPLoginController.java | 99 +++++ .../controller/ONAPWelcomeController.java | 102 +++++ .../controller/OpenCollaborationController.java | 41 ++ .../portalapp/controller/PeerBroadcastSocket.java | 124 +++++++ .../onap/portalapp/filter/SecurityXssFilter.java | 158 ++++++++ .../portalapp/filter/SecurityXssValidator.java | 207 +++++++++++ .../portal/controller/AppsOSController.java | 135 +++++++ .../DashboardSearchResultController.java | 262 +++++++++++++ .../controller/ExternalAppsRestfulController.java | 148 ++++++++ .../portal/controller/PortalAdminController.java | 156 ++++++++ .../interceptor/SessionTimeoutInterceptor.java | 118 ++++++ .../portal/logging/aop/EPEELFLoggerAspect.java | 225 +++++++++++ .../portalapp/portal/service/AppsCacheService.java | 58 +++ .../portal/service/AppsCacheServiceImple.java | 124 +++++++ .../portalapp/portal/service/EPAppServiceImpl.java | 178 +++++++++ .../portalapp/portal/service/SearchService.java | 58 +++ .../portal/service/SearchServiceImpl.java | 214 +++++++++++ .../portal/service/TicketEventServiceImpl.java | 56 +++ .../portal/service/UserRolesServiceImpl.java | 123 ++++++ .../onap/portalapp/portal/service/UserService.java | 52 +++ .../portalapp/portal/service/UserServiceImpl.java | 275 ++++++++++++++ .../portalapp/portal/transport/OnboardingApp.java | 107 ++++++ .../org/onap/portalapp/portal/ueb/EPUebHelper.java | 220 +++++++++++ .../onap/portalapp/portal/ueb/EPUebMsgTypes.java | 45 +++ .../portalapp/portal/utils/EPSystemProperties.java | 61 +++ .../java/org/onap/portalapp/scheduler/LogJob.java | 63 ++++ .../org/onap/portalapp/scheduler/LogRegistry.java | 75 ++++ .../org/onap/portalapp/scheduler/Register.java | 103 +++++ .../onap/portalapp/scheduler/RegistryAdapter.java | 118 ++++++ .../portalapp/scheduler/SessionMgtRegistry.java | 105 ++++++ .../service/RemoteWebServiceCallServiceImpl.java | 114 ++++++ .../uebhandler/FunctionalMenuHandler.java | 136 +++++++ .../onap/portalapp/uebhandler/InitUebHandler.java | 86 +++++ .../onap/portalapp/uebhandler/MainUebHandler.java | 125 +++++++ .../uebhandler/WidgetNotificationHandler.java | 110 ++++++ .../org/onap/portalapp/util/SessionCookieUtil.java | 146 ++++++++ .../portalapp/authentication/LoginStrategy.java | 45 --- .../authentication/OpenIdConnectLoginStrategy.java | 123 ------ .../authentication/SimpleLoginStrategy.java | 131 ------- .../portalapp/conf/ExternalAppConfig.java | 335 ----------------- .../portalapp/conf/ExternalAppInitializer.java | 78 ---- .../portalapp/conf/HibernateMappingLocations.java | 61 --- .../controller/ECOMPLogoutController.java | 132 ------- .../portalapp/controller/LoginController.java | 392 ------------------- .../portalapp/controller/LoginService.java | 54 --- .../portalapp/controller/ONAPLoginController.java | 99 ----- .../controller/ONAPWelcomeController.java | 102 ----- .../controller/OpenCollaborationController.java | 41 -- .../portalapp/controller/PeerBroadcastSocket.java | 124 ------- .../portal/controller/AppsOSController.java | 134 ------- .../DashboardSearchResultController.java | 261 ------------- .../controller/ExternalAppsRestfulController.java | 147 -------- .../portal/controller/PortalAdminController.java | 155 -------- .../interceptor/SessionTimeoutInterceptor.java | 118 ------ .../portal/logging/aop/EPEELFLoggerAspect.java | 222 ----------- .../portalapp/portal/service/AppsCacheService.java | 58 --- .../portal/service/AppsCacheServiceImple.java | 122 ------ .../portalapp/portal/service/EPAppServiceImpl.java | 176 --------- .../portalapp/portal/service/SearchService.java | 58 --- .../portal/service/SearchServiceImpl.java | 211 ----------- .../portal/service/TicketEventServiceImpl.java | 55 --- .../portal/service/UserRolesServiceImpl.java | 121 ------ .../portalapp/portal/service/UserService.java | 52 --- .../portalapp/portal/service/UserServiceImpl.java | 273 -------------- .../portalapp/portal/transport/OnboardingApp.java | 107 ------ .../portalapp/portal/ueb/EPUebHelper.java | 221 ----------- .../portalapp/portal/ueb/EPUebMsgTypes.java | 45 --- .../portalapp/portal/utils/EPSystemProperties.java | 60 --- .../org/openecomp/portalapp/scheduler/LogJob.java | 63 ---- .../openecomp/portalapp/scheduler/LogRegistry.java | 75 ---- .../openecomp/portalapp/scheduler/Register.java | 103 ----- .../portalapp/scheduler/RegistryAdapter.java | 118 ------ .../portalapp/scheduler/SessionMgtRegistry.java | 105 ------ .../service/RemoteWebServiceCallServiceImpl.java | 118 ------ .../uebhandler/FunctionalMenuHandler.java | 136 ------- .../portalapp/uebhandler/InitUebHandler.java | 86 ----- .../portalapp/uebhandler/MainUebHandler.java | 125 ------- .../uebhandler/WidgetNotificationHandler.java | 110 ------ .../portalapp/util/SessionCookieUtil.java | 146 -------- 88 files changed, 5977 insertions(+), 5498 deletions(-) create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginService.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/OpenCollaborationController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/PortalAdminController.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/interceptor/SessionTimeoutInterceptor.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/logging/aop/EPEELFLoggerAspect.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/AppsCacheService.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/AppsCacheServiceImple.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/EPAppServiceImpl.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/SearchService.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/SearchServiceImpl.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/TicketEventServiceImpl.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/UserRolesServiceImpl.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/UserService.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/service/UserServiceImpl.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/ueb/EPUebHelper.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/ueb/EPUebMsgTypes.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/utils/EPSystemProperties.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/scheduler/LogJob.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/scheduler/LogRegistry.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/scheduler/Register.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/scheduler/RegistryAdapter.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/scheduler/SessionMgtRegistry.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/service/RemoteWebServiceCallServiceImpl.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/uebhandler/FunctionalMenuHandler.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/uebhandler/InitUebHandler.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/uebhandler/MainUebHandler.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/uebhandler/WidgetNotificationHandler.java create mode 100644 ecomp-portal-BE-os/src/main/java/org/onap/portalapp/util/SessionCookieUtil.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/authentication/LoginStrategy.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/authentication/OpenIdConnectLoginStrategy.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/authentication/SimpleLoginStrategy.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/conf/ExternalAppConfig.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/conf/ExternalAppInitializer.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/conf/HibernateMappingLocations.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/ECOMPLogoutController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/LoginController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/LoginService.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/ONAPLoginController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/ONAPWelcomeController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/OpenCollaborationController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/controller/PeerBroadcastSocket.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/controller/AppsOSController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/controller/DashboardSearchResultController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/controller/ExternalAppsRestfulController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/controller/PortalAdminController.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/interceptor/SessionTimeoutInterceptor.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/logging/aop/EPEELFLoggerAspect.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/AppsCacheService.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/AppsCacheServiceImple.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/EPAppServiceImpl.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/SearchService.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/SearchServiceImpl.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/TicketEventServiceImpl.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/UserRolesServiceImpl.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/UserService.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/service/UserServiceImpl.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/transport/OnboardingApp.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/ueb/EPUebHelper.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/ueb/EPUebMsgTypes.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/portal/utils/EPSystemProperties.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/scheduler/LogJob.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/scheduler/LogRegistry.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/scheduler/Register.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/scheduler/RegistryAdapter.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/scheduler/SessionMgtRegistry.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/service/RemoteWebServiceCallServiceImpl.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/uebhandler/FunctionalMenuHandler.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/uebhandler/InitUebHandler.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/uebhandler/MainUebHandler.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/uebhandler/WidgetNotificationHandler.java delete mode 100644 ecomp-portal-BE-os/src/main/java/org/openecomp/portalapp/util/SessionCookieUtil.java (limited to 'ecomp-portal-BE-os/src/main/java') diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java new file mode 100644 index 00000000..767bd520 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/LoginStrategy.java @@ -0,0 +1,45 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.authentication; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public interface LoginStrategy { + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception; +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java new file mode 100644 index 00000000..cbe4b352 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/OpenIdConnectLoginStrategy.java @@ -0,0 +1,123 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.authentication; + +import java.util.HashSet; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.mitre.openid.connect.model.UserInfo; +import org.onap.portalapp.command.EPLoginBean; +import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.util.SessionCookieUtil; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; +import org.onap.portalsdk.core.util.SystemProperties; +import org.springframework.util.StringUtils; +import org.springframework.web.servlet.ModelAndView; + +public class OpenIdConnectLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrategy implements org.onap.portalapp.authentication.LoginStrategy { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(OpenIdConnectLoginStrategy.class); + + private static final String GLOBAL_LOCATION_KEY = "Location"; + + @SuppressWarnings("rawtypes") + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{ + + logger.info("Attempting Login"); + + //check both authentication cookie and authentication header + UserInfo userInfo = (UserInfo) request.getAttribute("userInfo"); + + if (userInfo != null && !StringUtils.isEmpty(userInfo.getPreferredUsername())) { + //package the userid in the login form for processing + EPLoginBean commandBean = new EPLoginBean(); + commandBean.setOrgUserId(userInfo.getPreferredUsername()); + + EPUser user = new EPUser(); + + user.setOrgUserId(userInfo.getPreferredUsername()); + user.setEmail(userInfo.getEmail()); + user.setFirstName(userInfo.getName()); + user.setLastName(userInfo.getFamilyName()); + + //store the currently logged in user's information in the session + EPUserUtils.setUserSession(request, user, new HashSet(), new HashSet(), SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM),null); + + logger.info(EELFLoggerDelegate.errorLogger, request.getContextPath()); + SessionCookieUtil.preSetUp(request, response); + return true; + } else { + // in case authentication cookie is missing, send 401 UNAUTHORIZED to client and it will redirect to Logon + try { + String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM); + String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL); + logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'."); + + if (authentication == null || authentication.equals("") || authentication.trim().equals("OIDC")) { + response.sendRedirect("oid-login"); + } else { + logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); + response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); + } + } catch(Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "login failed", e); + } + } + return false; + } + + @Override + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new Exception(message); + } + + @Override + public String getUserId(HttpServletRequest request) throws PortalAPIException { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new PortalAPIException(message); + } +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java new file mode 100644 index 00000000..55a0f10a --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/authentication/SimpleLoginStrategy.java @@ -0,0 +1,131 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.authentication; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.portalapp.command.EPLoginBean; +import org.onap.portalapp.portal.service.EPLoginService; +import org.onap.portalapp.portal.service.EPRoleFunctionService; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.util.SessionCookieUtil; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.menu.MenuProperties; +import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; +import org.onap.portalsdk.core.util.SystemProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.StringUtils; +import org.springframework.web.servlet.ModelAndView; + +public class SimpleLoginStrategy extends org.onap.portalsdk.core.auth.LoginStrategy implements LoginStrategy{ + + @Autowired + private EPLoginService loginService; + + @Autowired + private EPRoleFunctionService ePRoleFunctionService; + + private static final String GLOBAL_LOCATION_KEY = "Location"; + + EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SimpleLoginStrategy.class); + + public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{ + logger.info("Attempting 'Simple' Login"); + + //check both authentication cookie and authentication header + String orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response); + + if (!StringUtils.isEmpty(orgUserId)) { + // package the userid in the login form for processing + EPLoginBean commandBean = new EPLoginBean(); + commandBean.setOrgUserId(orgUserId); + commandBean = loginService.findUser(commandBean, (String)request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), null); + + // in case authentication has passed but user is not in the ECOMP data base, return a Guest User to the home page. + if (commandBean.getUser() == null) { + } + else { + // store the currently logged in user's information in the session + EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), "", ePRoleFunctionService); + logger.info(EELFLoggerDelegate.debugLogger, commandBean.getUser().getOrgUserId() + " exists in the the system."); + } + + logger.info(EELFLoggerDelegate.errorLogger, request.getContextPath()); + SessionCookieUtil.preSetUp(request, response); + return true; + } else { + // in case authentication cookie is missing, send 401 UNAUTHORIZED to client and it will redirect to Logon + try { + String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM); + String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL); + logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'."); + if (authentication == null || authentication.equals("") || authentication.trim().equals("BOTH")) { + + logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); + response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm"); + }else { + logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'."); + response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); + response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm"); + } + } catch(Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "login failed", e); + } + } + + return false; + + } + + @Override + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new Exception(message); + } + + @Override + public String getUserId(HttpServletRequest request) throws PortalAPIException { + String message = "Method not implmented; Cannot be called"; + logger.error(EELFLoggerDelegate.errorLogger, message); + throw new PortalAPIException(message); + } +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java new file mode 100644 index 00000000..b6d384d5 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java @@ -0,0 +1,412 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.conf; + +import static com.att.eelf.configuration.Configuration.MDC_ALERT_SEVERITY; +import static com.att.eelf.configuration.Configuration.MDC_INSTANCE_UUID; +import static com.att.eelf.configuration.Configuration.MDC_SERVER_FQDN; +import static com.att.eelf.configuration.Configuration.MDC_SERVER_IP_ADDRESS; +import static com.att.eelf.configuration.Configuration.MDC_SERVICE_INSTANCE_ID; +import static com.att.eelf.configuration.Configuration.MDC_SERVICE_NAME; + +import java.net.InetAddress; +import java.text.SimpleDateFormat; +import java.util.ArrayList; +import java.util.Calendar; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.annotation.PostConstruct; + +import org.json.JSONArray; +import org.json.JSONObject; +import org.onap.portalapp.authentication.LoginStrategy; +import org.onap.portalapp.authentication.OpenIdConnectLoginStrategy; +import org.onap.portalapp.authentication.SimpleLoginStrategy; +import org.onap.portalapp.controller.core.LogoutController; +import org.onap.portalapp.controller.core.SDKLoginController; +import org.onap.portalapp.portal.domain.EPApp; +import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.domain.EPUserApp; +import org.onap.portalapp.portal.interceptor.PortalResourceInterceptor; +import org.onap.portalapp.portal.interceptor.SessionTimeoutInterceptor; +import org.onap.portalapp.portal.listener.HealthMonitor; +import org.onap.portalapp.portal.service.EPLoginService; +import org.onap.portalapp.portal.service.EPLoginServiceImpl; +import org.onap.portalapp.portal.service.ExternalAccessRolesService; +import org.onap.portalapp.portal.service.UserRolesService; +import org.onap.portalapp.portal.transport.ExternalAuthUserRole; +import org.onap.portalapp.portal.transport.ExternalRoleDescription; +import org.onap.portalapp.portal.ueb.EPUebHelper; +import org.onap.portalapp.portal.utils.EPCommonSystemProperties; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.scheduler.RegistryAdapter; +import org.onap.portalapp.uebhandler.FunctionalMenuHandler; +import org.onap.portalapp.uebhandler.InitUebHandler; +import org.onap.portalapp.uebhandler.MainUebHandler; +import org.onap.portalapp.uebhandler.WidgetNotificationHandler; +import org.onap.portalsdk.core.conf.AppConfig; +import org.onap.portalsdk.core.conf.Configurable; +import org.onap.portalsdk.core.logging.format.AlarmSeverityEnum; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.objectcache.AbstractCacheManager; +import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; +import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; +import org.onap.portalsdk.core.service.DataAccessService; +import org.onap.portalsdk.core.service.FnMenuService; +import org.onap.portalsdk.core.service.FnMenuServiceImpl; +import org.onap.portalsdk.core.util.CacheManager; +import org.onap.portalsdk.core.util.SystemProperties; +import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.ComponentScan.Filter; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.FilterType; +import org.springframework.context.annotation.Profile; +import org.springframework.scheduling.annotation.EnableAsync; +import org.springframework.scheduling.annotation.EnableScheduling; +import org.springframework.scheduling.quartz.SchedulerFactoryBean; +import org.springframework.web.servlet.ViewResolver; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.gson.Gson; + +@Configuration +@EnableWebMvc +@ComponentScan(basePackages = {"org.onap", "org.openecomp" }, excludeFilters = { + @Filter(value = { LogoutController.class, SDKLoginController.class}, type = FilterType.ASSIGNABLE_TYPE) }) +@Profile("src") +@EnableAsync +@EnableScheduling + +public class ExternalAppConfig extends AppConfig implements Configurable { + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAppConfig.class); + + @Autowired + private DataAccessService dataAccessService; + + @Autowired + private UserRolesService userRolesService; + + @Autowired + private ExternalAccessRolesService externalAccessRolesService; + + private RegistryAdapter schedulerRegistryAdapter; + + String UEB_APP_KEY = PortalApiProperties.getProperty(PortalApiConstants.UEB_APP_KEY); + + public ViewResolver viewResolver() { + return super.viewResolver(); + } + + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + registry.addResourceHandler("/app/fusion/**").addResourceLocations("/app/fusion/"); + registry.addResourceHandler("/static/**").addResourceLocations("/static/"); + registry.addResourceHandler("/images/**").addResourceLocations("/images/"); + registry.addResourceHandler("/**").addResourceLocations("/public/"); + } + + @PostConstruct + private void init() { + String remotecentralizedsystemaccess = SystemProperties.getProperty(EPCommonSystemProperties.REMOTE_CENTRALIZED_SYSTEM_ACCESS); + try { + // Loading defaults + MDC.put(MDC_SERVICE_NAME, EPSystemProperties.ECOMP_PORTAL_BE); + MDC.put(MDC_SERVER_FQDN, InetAddress.getLocalHost().getHostName()); + MDC.put(MDC_SERVER_IP_ADDRESS, InetAddress.getLocalHost().getHostAddress()); + MDC.put(MDC_SERVICE_INSTANCE_ID, ""); + MDC.put(MDC_ALERT_SEVERITY, AlarmSeverityEnum.INFORMATIONAL.severity()); + MDC.put(MDC_INSTANCE_UUID, SystemProperties.getProperty(SystemProperties.INSTANCE_UUID)); + if(remotecentralizedsystemaccess.equalsIgnoreCase("true")){ + importFromExternalAuth(); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "init failed", e); + } + } + + /** + * Does a sync on functions, roles and role functions based on namespace + * for all the centralized applications between AAF and ONAP, updates + * fn_user and fn_user_role with user information from AAF. + * + */ + private void importFromExternalAuth() throws Exception { + JSONArray aafAppRoles = new JSONArray(); + JSONArray aafUserList = new JSONArray(); + List appList; + //to get all centralized apps + List centralizedAppList = dataAccessService.executeNamedQuery("getCentralizedApps", null, null); + if(centralizedAppList != null && centralizedAppList.size() > 0){ + for(int i = 0; i < centralizedAppList.size(); i++){ + //syncRoles(does a sync on functions, roles and role functions) + externalAccessRolesService.syncApplicationRolesWithEcompDB(centralizedAppList.get(i)); + //retrieve roles based on NS + aafAppRoles = externalAccessRolesService.getAppRolesJSONFromExtAuthSystem(centralizedAppList.get(i)); + if(aafAppRoles != null && aafAppRoles.length() > 0){ + for(int j = 0; j < aafAppRoles.length(); j++){ + ObjectMapper mapper = new ObjectMapper(); + String name = aafAppRoles.getJSONObject(j).getString("name"); + String desc = aafAppRoles.getJSONObject(j).getString("description"); + ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class); + aafUserList = externalAccessRolesService.getAllUsersByRole(name); + if(aafUserList != null && aafUserList.length() > 0){ + for(int k = 0; k < aafUserList.length(); k++){ + EPUser user = null; + List usersList = null; + List userRolesList = new ArrayList(); + JSONObject userRole = (JSONObject) aafUserList.get(k); + Gson gson = new Gson(); + ExternalAuthUserRole userRoleObj = gson.fromJson(userRole.toString(), ExternalAuthUserRole.class); + if(userRoleObj.getUser() != null){ + userRoleObj.setUser(userRoleObj.getUser().substring(0, userRoleObj.getUser().indexOf("@"))); + } + //for each role and user in that role, check if user exists in fn_user. If not, add + Map orgUserId = new HashMap<>(); + orgUserId.put("orgUserIdValue", userRoleObj.getUser()); + usersList = dataAccessService.executeNamedQuery("epUserAppId", orgUserId, null); + if(usersList != null && usersList.size() > 0){ + user = usersList.get(0); + } + if(user == null){ + // add user to fn_user(needs to be revisited after getting user info from AAF PORTAL-172) + } + //for each role and user in that role, check if user exists in fn_user_role. If not, add + /*userRolesList = userRolesService.getUserRolesList(centralizedAppList.get(0).getId(), user.getId(), Long.valueOf(externalRoleDescription.getId())); + if(userRolesList == null || userRolesList.isEmpty()){ + // add userRole to fn_user_role(needs to be revisited after getting user info from AAF PORTAL-172) + }*/ + } + } + + } + } + } + } + } + + public DataAccessService dataAccessService() { + return super.dataAccessService(); + } + + public String[] tileDefinitions() { + return super.tileDefinitions(); + } + + public List addTileDefinitions() { + List definitions = new ArrayList(); + definitions.add("/WEB-INF/defs/definitions.xml"); + return definitions; + } + + @Bean + public AbstractCacheManager cacheManager() { + return new CacheManager(); + } + + @Bean + public SessionTimeoutInterceptor sessionTimeoutInterceptor() { + return new SessionTimeoutInterceptor(); + } + + @Bean + public PortalResourceInterceptor portalResourceInterceptor() { + return new PortalResourceInterceptor(); + } + + @Bean + public EPLoginService eploginService() { + return new EPLoginServiceImpl(); + } + + @Bean + public org.onap.portalsdk.core.auth.LoginStrategy coreLoginStrategy() { + if (SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM).trim().equalsIgnoreCase("OIDC")) + return new OpenIdConnectLoginStrategy(); + else + return new SimpleLoginStrategy(); + } + + @Bean + public LoginStrategy loginStrategy() { + + if (SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM).trim().equalsIgnoreCase("OIDC")) + return new OpenIdConnectLoginStrategy(); + else + return new SimpleLoginStrategy(); + } + + public FnMenuService fnMenuService() { + return new FnMenuServiceImpl(); + } + + @Override + public void addInterceptors(InterceptorRegistry registry) { + // registry.addInterceptor(new + // StaticResourcesInterceptor()).addPathPatterns("/index.htm", + // "/applicationsHome", "/widgetsHome", "/admins", "/users", + // "/applications", "/widgets"); + // Excludes login/logout pages and REST endpoints used by other + // application servers. + + registry.addInterceptor(sessionTimeoutInterceptor()).excludePathPatterns("/oid-login", "/portalApi/healthCheck", + "/portalApi/healthCheck/", "/portalApi/healthCheckSuspend", "/portalApi/healthCheckSuspend/", + "/portalApi/healthCheckResume", "/portalApi/healthCheckResume/", "/login_external", + "/login_external.htm*", "login", "/login.htm*", "/auxapi/*", "/context/*", "/api*", + "/single_signon.htm", "/single_signon", "/dashboard", "/OpenSourceLogin.htm"); + + registry.addInterceptor(portalResourceInterceptor()); + + } + + /** + * Creates and returns a new instance of a {@link SchedulerFactoryBean} and + * populates it with triggers. + * + * @return New instance of {@link SchedulerFactoryBean} + */ + + @Bean + public EPUebHelper epUebHelper() { + return new EPUebHelper(); + } + + @Bean + public HealthMonitor healthMonitor() { + return new HealthMonitor(); + } + + /** + * Creates and returns a new instance of a {@link MainUebHandler}. + * + * @return New instance of {@link MainUebHandler}. + */ + @Bean + public MainUebHandler mainUebHandler() { + return new MainUebHandler(); + } + + /** + * Creates and returns a new instance of a {@link InitUebHandler}. + * + * @return New instance of {@link InitUebHandler}. + */ + @Bean + public InitUebHandler initUebHandler() { + return new InitUebHandler(); + } + + /** + * Creates and returns a new instance of a {@link WidgetNotificationHandler} + * . + * + * @return New instance of {@link WidgetNotificationHandler}. + */ + @Bean + public WidgetNotificationHandler widgetNotificationHandler() { + return new WidgetNotificationHandler(); + } + + /** + * Creates and returns a new instance of a {@link FunctionalMenuHandler} . + * + * @return New instance of {@link FunctionalMenuHandler}. + */ + @Bean + public FunctionalMenuHandler functionalMenuHandler() { + return new FunctionalMenuHandler(); + } + + /** + * Creates and returns a new instance of a {@link SchedulerFactoryBean} and + * populates it with triggers. + * + * @return New instance of {@link SchedulerFactoryBean} + * @throws Exception if dataSource fails + */ + // APPLICATIONS REQUIRING QUARTZ SHOULD RESTORE ANNOTATION + @Bean // ANNOTATION COMMENTED OUT + public SchedulerFactoryBean schedulerFactoryBean() throws Exception { + SchedulerFactoryBean scheduler = new SchedulerFactoryBean(); + scheduler.setConfigLocation(appApplicationContext.getResource("WEB-INF/conf/quartz.properties")); + scheduler.setDataSource(dataSource()); + scheduler.setTriggers(schedulerRegistryAdapter.getTriggers()); + scheduler.setSchedulerName(getScheduleName()); + return scheduler; + } + + protected String getScheduleName() { + final String CRON_SITE_NAME = "cron_site_name"; + String cronSiteVal = "Default"; + try { + cronSiteVal = SystemProperties.getProperty(CRON_SITE_NAME); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getScheduleName failed", e); + logger.warn(EELFLoggerDelegate.errorLogger, + "Cron site name not added in property file, using Default value"); + } + + String cronSiteName = cronSiteVal != null ? cronSiteVal : ""; + + SimpleDateFormat dateFormat = new SimpleDateFormat(); + dateFormat.applyPattern("YYYYMMdd"); + String currentDateStr = dateFormat.format(Calendar.getInstance().getTime()); + + return "Scheduler" + "_" + currentDateStr + "_" + cronSiteName; + } + + /** + * Sets the scheduler registry adapter. + * + * @param schedulerRegistryAdapter + * Scheduler registry adapter + */ + @Autowired + public void setSchedulerRegistryAdapter(final RegistryAdapter schedulerRegistryAdapter) { + this.schedulerRegistryAdapter = schedulerRegistryAdapter; + } + +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java new file mode 100644 index 00000000..62051b1d --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java @@ -0,0 +1,78 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.conf; + +import java.util.Arrays; + +import org.onap.portalsdk.core.conf.AppInitializer; + +public class ExternalAppInitializer extends AppInitializer{ + + + @Override + protected Class[] getRootConfigClasses() { + return super.getRootConfigClasses(); + } + + @Override + protected Class[] getServletConfigClasses() { +// Class[] configClasses = super.getServletConfigClasses(); +// Class[] additionalConfigClasses = Arrays.copyOf(configClasses, configClasses.length); +// addConfigClass(additionalConfigClasses, ExternalAppConfig.class); +// return additionalConfigClasses; +// + return new Class[] {ExternalAppConfig.class}; + } + + static Class[] addConfigClass(Class[] a, Class e) { + a = Arrays.copyOf(a, a.length + 1); + a[a.length - 1] = e; + return a; + } + + /* + * URL request will direct to the Spring dispatcher for processing + */ + @Override + protected String[] getServletMappings() { + return super.getServletMappings(); + } + +} + + diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java new file mode 100644 index 00000000..f340ec35 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java @@ -0,0 +1,61 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.conf; + +import org.onap.portalsdk.core.conf.HibernateMappingLocatable; +import org.springframework.context.annotation.Profile; +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; +import org.springframework.stereotype.Component; + +@Component +@Profile("src") +public class HibernateMappingLocations implements HibernateMappingLocatable { + + public Resource[] getMappingLocations() { + return new Resource[] { new ClassPathResource("../fusion/orm/Fusion.hbm.xml"), + new ClassPathResource("../fusion/orm/EP.hbm.xml"), + new ClassPathResource("../fusion/orm/Workflow.hbm.xml") }; + } + + @Override + public String[] getPackagesToScan() { + return new String[] { "org.onap","org.openecomp" }; + } + +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java new file mode 100644 index 00000000..0f0cf270 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java @@ -0,0 +1,133 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.portalapp.controller.EPUnRestrictedBaseController; +import org.onap.portalapp.portal.domain.EPUser; +import org.onap.portalapp.portal.logging.aop.EPAuditLog; +import org.onap.portalapp.portal.logging.aop.EPMetricsLog; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.springframework.context.annotation.EnableAspectJAutoProxy; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.ModelAndView; + +@Controller +@RequestMapping("/") +@org.springframework.context.annotation.Configuration +@EnableAspectJAutoProxy +@Profile("src") +public class ECOMPLogoutController extends EPUnRestrictedBaseController{ + + private EPUser user; + private static final String EP_SERVICE = "EPService"; + EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ECOMPLogoutController.class); + + @EPAuditLog + @RequestMapping(value = {"/logout.htm" }, method = RequestMethod.GET) + public ModelAndView logOut(HttpServletRequest request, + HttpServletResponse response) throws Exception { + + ModelAndView modelView = null; + + chatRoomLogout(request); + logger.debug(EELFLoggerDelegate.debugLogger, "ECOMPLogoutController.handleRequestInternal - Logout request received."); + + modelView = new ModelAndView("redirect:login.htm"); + + /** + if (UserUtils.isClientMobileDevice(request)){ + modelView.setViewName(modelView.getViewName().concat("?viewType=mobile")); + } + */ + String cookieDoamin = EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN); + Cookie epCookie = new Cookie(EP_SERVICE, ""); + epCookie.setMaxAge(0); + epCookie.setDomain(cookieDoamin); + epCookie.setPath("/"); + + Cookie appHeaderCookie = new Cookie("show_app_header", ""); + appHeaderCookie.setMaxAge(0); + appHeaderCookie.setDomain(cookieDoamin); + appHeaderCookie.setPath("/"); + + Cookie appTabCookie = new Cookie("cookieTabs", ""); + appTabCookie.setMaxAge(0); + appTabCookie.setDomain(cookieDoamin); + appTabCookie.setPath("/"); + + Cookie appVisInvisTabCookie = new Cookie("visInVisCookieTabs", ""); + appVisInvisTabCookie.setMaxAge(0); + appVisInvisTabCookie.setDomain(cookieDoamin); + appVisInvisTabCookie.setPath("/"); + + response.addCookie(epCookie); + response.addCookie(appHeaderCookie); + response.addCookie(appTabCookie); + response.addCookie(appVisInvisTabCookie); + request.getSession().invalidate(); + + logger.debug(EELFLoggerDelegate.debugLogger, "ECOMPLogoutController.handleRequestInternal - Successfully processed the logout request."); + + return modelView; + } + + @EPMetricsLog + public void chatRoomLogout(HttpServletRequest request){ + request = ((ServletRequestAttributes)RequestContextHolder.currentRequestAttributes()).getRequest(); + setUser(EPUserUtils.getUserSession(request)); + } + + public EPUser getUser() { + return user; + } + + public void setUser(EPUser user) { + this.user = user; + } +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java new file mode 100644 index 00000000..273a0b1e --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java @@ -0,0 +1,413 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID; + +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLDecoder; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.json.JSONObject; +import org.onap.portalapp.command.EPLoginBean; +import org.onap.portalapp.controller.EPUnRestrictedBaseController; +import org.onap.portalapp.portal.domain.SharedContext; +import org.onap.portalapp.portal.service.EPLoginService; +import org.onap.portalapp.portal.service.EPRoleFunctionService; +import org.onap.portalapp.portal.service.SharedContextService; +import org.onap.portalapp.portal.utils.EPCommonSystemProperties; +import org.onap.portalapp.portal.utils.EPSystemProperties; +import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.util.SessionCookieUtil; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.menu.MenuProperties; +import org.onap.portalsdk.core.onboarding.util.CipherUtil; +import org.onap.portalsdk.core.util.SystemProperties; +import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.util.StopWatch; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.servlet.ModelAndView; +import org.springframework.web.util.WebUtils; + +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; + +@Controller +@RequestMapping("/") +public class LoginController extends EPUnRestrictedBaseController implements LoginService { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginController.class); + + public static final String DEFAULT_SUCCESS_VIEW = "applicationsHome"; + public static final String DEFAULT_FAILURE_VIEW = "login"; + public static final String ERROR_MESSAGE_KEY = "error"; + public static final String REDIRECT_URL = "redirectUrl"; + public static final String REDIRECT_COLON = "redirect:"; + + @Autowired + private EPLoginService loginService; + @Autowired + private SharedContextService sharedContextService; + @Autowired + private EPRoleFunctionService ePRoleFunctionService; + + private String viewName = "login"; + + private String welcomeView; + + @RequestMapping(value = { "/login.htm" }, method = RequestMethod.GET) + public ModelAndView login(HttpServletRequest request) { + Map model = new HashMap(); + String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM); + String loginPage; + if (authentication == null || "".equals(authentication) || "OICD".equals(authentication.trim())) + loginPage = "openIdLogin"; + else + loginPage = getViewName(); + return new ModelAndView(loginPage, "model", model); + } + + @SuppressWarnings("rawtypes") + @RequestMapping(value = { "/open_source/login" }, method = RequestMethod.POST) + @ResponseBody + public String loginValidate(HttpServletRequest request, HttpServletResponse response) throws Exception { + + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + JsonNode root = mapper.readTree(request.getReader()); + + EPLoginBean commandBean = new EPLoginBean(); + String loginId = root.get("loginId").textValue(); + String password = root.get("password").textValue(); + commandBean.setLoginId(loginId); + commandBean.setLoginPwd(CipherUtil.encrypt(password)); + HashMap additionalParamsMap = new HashMap(); + StringBuilder sbAdditionalInfo = new StringBuilder(); + + commandBean = getLoginService().findUser(commandBean, + (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), additionalParamsMap); + String fullURL = getFullURL(request); + if (commandBean.getUser() == null) { + String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage() + : "login.error.external.invalid"; + logger.info(EELFLoggerDelegate.debugLogger, "loginId {} does not exist in the the DB.", loginId); + sbAdditionalInfo.append(String.format("But the Login-Id: %s doesn't exist in the Database. Request-URL: %s", + loginId, fullURL)); + return loginErrorMessage; + } else { + // store the currently logged in user's information in the session + EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), + commandBean.getBusinessDirectMenu(), + SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM), ePRoleFunctionService); + + try { + logger.info(EELFLoggerDelegate.debugLogger, "loginValidate: store user info into share context begins"); + String sessionId = request.getSession().getId(); + List existingSC = getSharedContextService().getSharedContexts(sessionId); + if (existingSC == null || existingSC.isEmpty()) { + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_FIRST_NAME, + commandBean.getUser().getFirstName()); + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_LAST_NAME, + commandBean.getUser().getLastName()); + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_EMAIL, + commandBean.getUser().getEmail()); + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_ORG_USERID, + commandBean.getLoginId()); + } + + } catch (Exception e) { + logger.info(EELFLoggerDelegate.errorLogger, "loginValidate: failed the shared context adding process ", + e); + } + logger.info(EELFLoggerDelegate.debugLogger, + "loginValidate: PresetUp the EP service cookie and intial sessionManagement"); + + SessionCookieUtil.preSetUp(request, response); + SessionCookieUtil.setUpUserIdCookie(request, response, loginId); + + JSONObject j = new JSONObject("{success: success}"); + + return j.toString(); + } + } + + /* + * Work around a bug in ecompsdkos version 1.1.0 which hard-codes this endpoint. + */ + @RequestMapping(value = { "/process_csp" }, method = RequestMethod.GET) + public ModelAndView processCsp(HttpServletRequest request, HttpServletResponse response) throws Exception { + return processSingleSignOn(request, response); + } + /* + * Remove this method after epsdk-app-common/.../SingleSignOnController.java is + * repaired. + */ + + @RequestMapping(value = { "/processSingleSignOn" }, method = RequestMethod.GET) + public ModelAndView processSingleSignOn(HttpServletRequest request, HttpServletResponse response) throws Exception { + + Map model = new HashMap(); + HashMap additionalParamsMap = new HashMap(); + EPLoginBean commandBean = new EPLoginBean(); + MDC.put(MDC_KEY_REQUEST_ID, getRequestId(request)); + // get userId from cookie + String orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response); + logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: begins with orgUserId {}", orgUserId); + + StringBuilder sbAdditionalInfo = new StringBuilder(); + validateDomain(request); + if (orgUserId == null || orgUserId.length() == 0) { + model.put(ERROR_MESSAGE_KEY, SystemProperties.MESSAGE_KEY_LOGIN_ERROR_COOKIE_EMPTY); + if (request.getParameter(REDIRECT_URL) != null && request.getParameter(REDIRECT_URL).length() != 0) { + return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm" + "?redirectUrl=" + + request.getParameter(REDIRECT_URL)); + } else { + return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm"); + } + } else { + + StopWatch stopWatch = new StopWatch("LoginController.Login"); + stopWatch.start(); + + try { + logger.info(EELFLoggerDelegate.debugLogger, + "Operation findUser is started to locate user {} in the database.", orgUserId); + commandBean.setLoginId(orgUserId); + commandBean.setOrgUserId(orgUserId); + commandBean = getLoginService().findUser(commandBean, + (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), + additionalParamsMap); + + stopWatch.stop(); + MDC.put(EPSystemProperties.MDC_TIMER, stopWatch.getTotalTimeMillis() + "ms"); + logger.info(EELFLoggerDelegate.debugLogger, "Operation findUser is completed."); + } catch (Exception e) { + stopWatch.stop(); + MDC.put(EPSystemProperties.MDC_TIMER, stopWatch.getTotalTimeMillis() + "ms"); + logger.info(EELFLoggerDelegate.errorLogger, "processSingleSignOn failed on user " + orgUserId, e); + } finally { + MDC.remove(EPSystemProperties.MDC_TIMER); + } + + sbAdditionalInfo.append("Login attempt is succeeded. "); + String fullURL = getFullURL(request); + if (commandBean.getUser() == null) { + logger.info(EELFLoggerDelegate.debugLogger, + "processSingleSignOn: loginId {} does not exist in the the DB.", orgUserId); + + sbAdditionalInfo.append(String.format( + "But the Login-Id: %s doesn't exist in the Database. Created a Guest Session. Request-URL: %s", + orgUserId, fullURL)); + validateDomain(request); + if (request.getParameter(REDIRECT_URL) != null && request.getParameter(REDIRECT_URL).length() != 0) { + return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm" + "?redirectUrl=" + + request.getParameter(REDIRECT_URL)); + } else { + return new ModelAndView(REDIRECT_COLON + DEFAULT_FAILURE_VIEW + ".htm"); + } + } else { + + sbAdditionalInfo.append( + String.format("Login-Id: %s, Login-Method: %s, Request-URL: %s", orgUserId, "", fullURL)); + logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: now set up user session for {}", + orgUserId); + + EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), + commandBean.getBusinessDirectMenu(), + SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM), ePRoleFunctionService); + logger.info(EELFLoggerDelegate.debugLogger, + "processSingleSignOn: now set up user session for {} finished", orgUserId); + + // Store user's information into share context + try { + logger.info(EELFLoggerDelegate.debugLogger, + "processSingleSignOn: store user info into share context begins"); + String sessionId = request.getSession().getId(); + List existingSC = getSharedContextService().getSharedContexts(sessionId); + if (existingSC == null || existingSC.isEmpty()) { + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_FIRST_NAME, + commandBean.getUser().getFirstName()); + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_LAST_NAME, + commandBean.getUser().getLastName()); + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_EMAIL, + commandBean.getUser().getEmail()); + getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_ORG_USERID, + commandBean.getLoginId()); + } + } catch (Exception e) { + logger.info(EELFLoggerDelegate.errorLogger, + "processSingleSignOn: failed the shared context adding process", e); + } + + logger.info(EELFLoggerDelegate.debugLogger, + "processSingleSignOn: PresetUp the EP service cookie and intial sessionManagement"); + SessionCookieUtil.preSetUp(request, response); + SessionCookieUtil.setUpUserIdCookie(request, response, orgUserId); + logger.info(EELFLoggerDelegate.debugLogger, + "processSingleSignOn: PresetUp the EP service cookie and intial sessionManagement completed"); + logger.info(EELFLoggerDelegate.debugLogger, + commandBean.getUser().getOrgUserId() + " exists in the the system."); + + // get redirectUrl from URL parameter + validateDomain(request); + if (request.getParameter(REDIRECT_URL) != null && request.getParameter(REDIRECT_URL).length() != 0) { + String forwardUrl = URLDecoder.decode(request.getParameter(REDIRECT_URL), "UTF-8"); + // clean cookie + Cookie cookie2 = new Cookie(REDIRECT_URL, ""); + // ONAP does not use https + cookie2.setSecure(false); + cookie2.setMaxAge(0); + cookie2.setDomain(EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN)); + cookie2.setPath("/"); + response.addCookie(cookie2); + return new ModelAndView(REDIRECT_COLON + forwardUrl); + } + + // first check if redirectUrl exists or not + if (WebUtils.getCookie(request, REDIRECT_URL) != null) { + String forwardUrl = WebUtils.getCookie(request, REDIRECT_URL).getValue(); + // clean cookie + Cookie cookie2 = new Cookie(REDIRECT_URL, ""); + // ONAP does not use https + cookie2.setSecure(false); + cookie2.setMaxAge(0); + cookie2.setDomain(EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN)); + cookie2.setPath("/"); + response.addCookie(cookie2); + + return new ModelAndView(REDIRECT_COLON + forwardUrl); + } + } + } + + // if user has been authenticated, now take them to the welcome page. + logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: Now return to application home page"); + return new ModelAndView(REDIRECT_COLON + SystemProperties.getProperty(EPSystemProperties.FE_URL)); + } + + private void validateDomain(HttpServletRequest request) throws MalformedURLException { + final String returnToAppUrl = request.getParameter(REDIRECT_URL); + if (StringUtils.isNotBlank(returnToAppUrl)) { + String hostName = new URL(returnToAppUrl).getHost(); + if (StringUtils.isNotBlank(hostName) + && !hostName.endsWith(EPSystemProperties.getProperty(EPCommonSystemProperties.COOKIE_DOMAIN))) { + logger.debug(EELFLoggerDelegate.debugLogger, + "processSingleSignOn () accessing Unauthorized url :" + hostName); + throw new SecurityException("accessing Unauthorized url : " + hostName); + } + } + } + + private String getFullURL(HttpServletRequest request) { + if (request != null) { + String requestURL = request.getRequestURL().toString(); + String queryString = request.getQueryString(); + if (queryString == null) { + return requestURL; + } else { + return requestURL + "?" + queryString; + } + } + return ""; + } + + private String getRequestId(HttpServletRequest request) { + Enumeration headerNames = request.getHeaderNames(); + String requestId = ""; + while (headerNames.hasMoreElements()) { + String headerName = headerNames.nextElement(); + logger.debug(EELFLoggerDelegate.debugLogger, "getRequestId: header {} has value {}", headerName, + request.getHeader(headerName)); + if (headerName.equalsIgnoreCase(SystemProperties.ECOMP_REQUEST_ID)) { + requestId = request.getHeader(headerName); + break; + } + } + return requestId.isEmpty() ? UUID.randomUUID().toString() : requestId; + } + + public String getWelcomeView() { + return welcomeView; + } + + public void setWelcomeView(String welcomeView) { + this.welcomeView = welcomeView; + } + + @Override + public String getViewName() { + return viewName; + } + + @Override + public void setViewName(String viewName) { + this.viewName = viewName; + } + + public EPLoginService getLoginService() { + return loginService; + } + + public void setLoginService(EPLoginService loginService) { + this.loginService = loginService; + } + + public SharedContextService getSharedContextService() { + return sharedContextService; + } + + public void setSharedContextService(SharedContextService sharedContextService) { + this.sharedContextService = sharedContextService; + } + +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginService.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginService.java new file mode 100644 index 00000000..41e07a8e --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginService.java @@ -0,0 +1,54 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.servlet.ModelAndView; + +public interface LoginService { + + public ModelAndView login(HttpServletRequest request); + + public @ResponseBody String loginValidate(HttpServletRequest request, HttpServletResponse response) throws Exception; + + public ModelAndView processSingleSignOn(HttpServletRequest request, HttpServletResponse response) throws Exception; + +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java new file mode 100644 index 00000000..d20a4608 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPLoginController.java @@ -0,0 +1,99 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.portalsdk.core.auth.LoginStrategy; +import org.onap.portalsdk.core.controller.UnRestrictedBaseController; +import org.onap.portalsdk.core.onboarding.listener.PortalTimeoutHandler; +import org.onap.portalsdk.core.service.LoginService; +import org.onap.portalsdk.core.service.ProfileService; +import org.onap.portalsdk.core.web.support.AppUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.servlet.ModelAndView; + +@Controller +@RequestMapping("/") +public class ONAPLoginController extends UnRestrictedBaseController { + @Autowired + ProfileService service; + @Autowired + private LoginService loginService; + @Autowired + private LoginStrategy loginStrategy; + String viewName; + + @RequestMapping(value = { "/doLogin" }, method = RequestMethod.GET) + public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception { + return loginStrategy.doLogin(request, response); + } + + public String getJessionId(HttpServletRequest request) { + return request.getSession().getId(); + } + + protected void initateSessionMgtHandler(HttpServletRequest request) { + String jSessionId = getJessionId(request); + PortalTimeoutHandler.sessionCreated(jSessionId, jSessionId, AppUtils.getSession(request)); + } + + public String getViewName() { + return viewName; + } + + public void setViewName(String viewName) { + this.viewName = viewName; + } + + public LoginService getLoginService() { + return loginService; + } + + public void setLoginService(LoginService loginService) { + this.loginService = loginService; + } + +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java new file mode 100644 index 00000000..0435dbaf --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ONAPWelcomeController.java @@ -0,0 +1,102 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import java.security.Principal; +import java.util.Set; + +import javax.annotation.Resource; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.mitre.openid.connect.client.SubjectIssuerGrantedAuthority; +import org.onap.portalapp.controller.EPRestrictedBaseController; +import org.onap.portalapp.portal.logging.aop.EPAuditLog; +import org.springframework.context.annotation.EnableAspectJAutoProxy; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.servlet.ModelAndView; + +@Controller +@RequestMapping("/") +@org.springframework.context.annotation.Configuration +@EnableAspectJAutoProxy +@EPAuditLog +public class ONAPWelcomeController extends EPRestrictedBaseController{ + String viewName; + + @RequestMapping(value = "/index.htm", method = RequestMethod.GET) + public String getIndexPage(HttpServletRequest request) { + return "/index"; + } + + @RequestMapping(value = {"/applicationsHome", "/dashboard", "/widgetsHome", "/kpidash*", "/admins", "/users", "/portalAdmins", "/applications", "/widgets", "/functionalMenu", "/contactUs", "/getAccess","/appCatalog", "/widgetOnboarding", "/accountOnboarding"}, method = RequestMethod.GET) + public String getEcompSinglePage(HttpServletRequest request, HttpServletResponse response) { + return "forward:/index.html"; + } + + protected String getViewName() { + return viewName; + } + + protected void setViewName(String viewName) { + this.viewName = viewName; + } + + //@Resource(name = "namedAdmins") + private Set admins; + + @RequestMapping("/user") + public String user(Principal p) { + return "oid-user"; + } + + @RequestMapping("/admin") + public String admin(Model model, Principal p) { + + model.addAttribute("admins", admins); + + return "oid-admin"; + } + @RequestMapping("/oid-login") + public ModelAndView login(Principal p) { + return new ModelAndView("openIdLogin"); + } +} diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/OpenCollaborationController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/OpenCollaborationController.java new file mode 100644 index 00000000..5348f237 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/OpenCollaborationController.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import java.util.HashMap; +import java.util.Map; diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java new file mode 100644 index 00000000..170c3ce1 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java @@ -0,0 +1,124 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.controller; + +import java.io.IOException; +import java.util.Hashtable; +import java.util.Map; + +import javax.websocket.OnClose; +import javax.websocket.OnMessage; +import javax.websocket.OnOpen; +import javax.websocket.Session; +import javax.websocket.server.ServerEndpoint; + +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import com.fasterxml.jackson.databind.ObjectMapper; + +@ServerEndpoint("/opencontact") +public class PeerBroadcastSocket { + + EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PeerBroadcastSocket.class); + + public static Map channelMap = new Hashtable(); + public Map sessionMap = new Hashtable(); + ObjectMapper mapper = new ObjectMapper(); + + @OnMessage + public void message(String message, Session session) { + try { + // JSONObject jsonObject = new JSONObject(message); + @SuppressWarnings("unchecked") + Map jsonObject = mapper.readValue(message, Map.class); + try { + Object from = jsonObject.get("from"); + if (from != null) { + if(channelMap.get(from.toString()) == null) { + channelMap.put(from.toString(), session); + sessionMap.put(session.getId(), from.toString()); + } + } + } catch (Exception je) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to read value" + je.getMessage()); + } + + try { + Object to = jsonObject.get("to"); + if (to == null) + return; + Object toSessionObj = channelMap.get(to); + if (toSessionObj != null) { + Session toSession = null; + toSession = (Session) toSessionObj; + toSession.getBasicRemote().sendText(message); + } + + } catch (Exception ex) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to send text" + ex.getMessage()); + } + + } catch (Exception ex) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed" + ex.getMessage()); + } + + } + + @OnOpen + public void open(Session session) { + logger.info(EELFLoggerDelegate.debugLogger, "Channel opened"); + } + + @OnClose + public void close(Session session) { + String channel = sessionMap.get(session.getId()); + if (channel != null) { + Object sessObj = channelMap.get(channel); + if (sessObj != null) { + try { + ((Session) sessObj).close(); + } catch (IOException e) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to close" + e.getMessage()); + } + } + channelMap.remove(channel); + } + logger.info(EELFLoggerDelegate.debugLogger, "Channel closed"); + } + +} + diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java new file mode 100644 index 00000000..11d1a449 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java @@ -0,0 +1,158 @@ + +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.filter; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; + +import javax.servlet.FilterChain; +import javax.servlet.ReadListener; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.http.HttpStatus; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.springframework.web.filter.OncePerRequestFilter; + +public class SecurityXssFilter extends OncePerRequestFilter { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class); + + private static final String APPLICATION_JSON = "application/json"; + + private static final String ERROR_BAD_REQUEST = "{\"error\":\"BAD_REQUEST\"}"; + + private SecurityXssValidator validator = SecurityXssValidator.getInstance(); + + public class RequestWrapper extends HttpServletRequestWrapper { + + private ByteArrayOutputStream cachedBytes; + + public RequestWrapper(HttpServletRequest request) { + super(request); + } + + @Override + public ServletInputStream getInputStream() throws IOException { + if (cachedBytes == null) + cacheInputStream(); + + return new CachedServletInputStream(); + } + + @Override + public BufferedReader getReader() throws IOException { + return new BufferedReader(new InputStreamReader(getInputStream())); + } + + private void cacheInputStream() throws IOException { + cachedBytes = new ByteArrayOutputStream(); + IOUtils.copy(super.getInputStream(), cachedBytes); + } + + public class CachedServletInputStream extends ServletInputStream { + private ByteArrayInputStream input; + + public CachedServletInputStream() { + input = new ByteArrayInputStream(cachedBytes.toByteArray()); + } + + @Override + public int read() throws IOException { + return input.read(); + } + + @Override + public boolean isFinished() { + return false; + } + + @Override + public boolean isReady() { + return false; + } + + @Override + public void setReadListener(ReadListener readListener) { + + } + + } + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + if (validateRequestType(request)) { + request = new RequestWrapper(request); + String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString()); + try { + if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) { + response.setContentType(APPLICATION_JSON); + response.setStatus(HttpStatus.SC_BAD_REQUEST); + response.getWriter().write(ERROR_BAD_REQUEST); + throw new SecurityException(ERROR_BAD_REQUEST); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); + response.getWriter().close(); + return; + } + filterChain.doFilter(request, response); + + } else { + filterChain.doFilter(request, response); + } + + } + + private boolean validateRequestType(HttpServletRequest request) { + return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT") + || request.getMethod().equalsIgnoreCase("DELETE")); + } +} \ No newline at end of file diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java new file mode 100644 index 00000000..4d6a9fe2 --- /dev/null +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java @@ -0,0 +1,207 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalapp.filter; + +import java.util.ArrayList; +import java.util.List; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantLock; +import java.util.regex.Pattern; + +import org.apache.commons.lang.NotImplementedException; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.lang3.StringEscapeUtils; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.util.SystemProperties; +import org.owasp.esapi.ESAPI; +import org.owasp.esapi.codecs.Codec; +import org.owasp.esapi.codecs.MySQLCodec; +import org.owasp.esapi.codecs.MySQLCodec.Mode; +import org.owasp.esapi.codecs.OracleCodec; + +public class SecurityXssValidator { + + private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssValidator.class); + + private static final String MYSQL_DB = "mysql"; + private static final String ORACLE_DB = "oracle"; + private static final String MARIA_DB = "mariadb"; + private static final int FLAGS = Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL; + static SecurityXssValidator validator = null; + private static Codec instance; + private static final Lock lock = new ReentrantLock(); + + public static SecurityXssValidator getInstance() { + + if (validator == null) { + lock.lock(); + try { + if (validator == null) + validator = new SecurityXssValidator(); + } finally { + lock.unlock(); + } + } + + return validator; + } + + private SecurityXssValidator() { + // Avoid anything between script tags + XSS_INPUT_PATTERNS.add(Pattern.compile("", FLAGS)); + + // avoid iframes + XSS_INPUT_PATTERNS.add(Pattern.compile("(.*?)", FLAGS)); + + // Avoid anything in a src='...' type of expression + XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*([^>]+)", FLAGS)); + + // Remove any lonesome tag + XSS_INPUT_PATTERNS.add(Pattern.compile("", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile(".*().*", FLAGS)); + + XSS_INPUT_PATTERNS.add(Pattern.compile(".*().*", FLAGS)); + + // Remove any lonesome