From a70761c096192e38800bf38d6c7f61f52bf72007 Mon Sep 17 00:00:00 2001
From: hb123f <hbindu@research.att.com>
Date: Wed, 20 Mar 2019 12:20:44 -0400
Subject: CADI AAF Integration and merging the code

Issue-ID: PORTAL-319

CADI AAF Integration and code merge

Change-Id: I6e44f3b2741858d8d403b77a49ec9a0153084801
Signed-off-by: hb123f <hbindu@research.att.com>
---
 .../org/onap/portalapp/conf/ExternalAppConfig.java | 16 +++++---
 .../onap/portalapp/filter/SecurityXssFilter.java   | 47 ++++++++++++++++------
 .../src/main/resources/music.properties            |  3 +-
 .../src/main/resources/portal.properties           |  3 ++
 .../src/main/webapp/WEB-INF/conf/system.properties |  2 +-
 ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml | 28 +++++++++++++
 6 files changed, 78 insertions(+), 21 deletions(-)

(limited to 'ecomp-portal-BE-os/src/main')

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
index 862bf399..43449b38 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
@@ -164,15 +164,15 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
 			MDC.put(MDC_ALERT_SEVERITY, AlarmSeverityEnum.INFORMATIONAL.severity());
 			MDC.put(MDC_INSTANCE_UUID, SystemProperties.getProperty(SystemProperties.INSTANCE_UUID));
 			
-			if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){
-				importFromExternalAuth();
-			}			
+						if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){
+							importFromExternalAuth();
+						}			
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "init failed", e);
 		}
 	}
 
-	
+
 	private void importFromExternalAuth() throws Exception {
 		JSONArray aafAppRoles = new JSONArray();
 		JSONArray aafUserList = new JSONArray();
@@ -189,8 +189,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
 					for(int j = 0; j < aafAppRoles.length(); j++){
 						ObjectMapper mapper = new ObjectMapper();
 						String name = aafAppRoles.getJSONObject(j).getString("name");
-						//String desc = aafAppRoles.getJSONObject(j).getString("description");
-						//ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class);
+//						String desc = aafAppRoles.getJSONObject(j).getString("description");
+//						ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class);
 						aafUserList = externalAccessRolesService.getAllUsersByRole(name);	
 						if(aafUserList != null && aafUserList.length() > 0){
 							for(int k = 0; k < aafUserList.length(); k++){
@@ -222,6 +222,10 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
 		}
 	}
 
+	public DataAccessService dataAccessService() {
+		return super.dataAccessService();
+	}
+
 	@Override
 	public String[] tileDefinitions() {
 		return super.tileDefinitions();
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index bf09c122..25eee828 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -44,6 +44,7 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.util.Enumeration;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ReadListener;
@@ -128,31 +129,51 @@ public class SecurityXssFilter extends OncePerRequestFilter {
 	@Override
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
+		StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
+	    String queryString = request.getQueryString();
+	    String requestUrl = "";
+	    if (queryString == null) {
+	    	requestUrl = requestURL.toString();
+	    } else {
+	    	requestUrl = requestURL.append('?').append(queryString).toString();
+	    }
+	    validateRequest(requestUrl, response);
+		StringBuilder headerValues = new StringBuilder();
+		Enumeration<String> headerNames = request.getHeaderNames();
+		while (headerNames.hasMoreElements()) {
+			String key = (String) headerNames.nextElement();
+			String value = request.getHeader(key);
+			headerValues.append(value);
+		}
+		validateRequest(headerValues.toString(), response);
 		if (validateRequestType(request)) {
 			request = new RequestWrapper(request);
 			String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
-			try {
-				if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) {
-					response.setContentType(APPLICATION_JSON);
-					response.setStatus(HttpStatus.SC_BAD_REQUEST);
-					response.getWriter().write(ERROR_BAD_REQUEST);
-					throw new SecurityException(ERROR_BAD_REQUEST);
-				}
-			} catch (Exception e) {
-				logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
-				response.getWriter().close();
-				return;
-			}
+			validateRequest(requestData, response);
 			filterChain.doFilter(request, response);
 
 		} else {
 			filterChain.doFilter(request, response);
 		}
-
 	}
 
 	private boolean validateRequestType(HttpServletRequest request) {
 		return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT")
 				|| request.getMethod().equalsIgnoreCase("DELETE"));
 	}
+	
+	private void validateRequest(String text, HttpServletResponse response) throws IOException {
+		try {
+			if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) {
+				response.setContentType(APPLICATION_JSON);
+				response.setStatus(HttpStatus.SC_BAD_REQUEST);
+				response.getWriter().write(ERROR_BAD_REQUEST);
+				throw new SecurityException(ERROR_BAD_REQUEST);
+			}
+		} catch (Exception e) {
+			logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+			response.getWriter().close();
+			return;
+		}
+	}
 }
\ No newline at end of file
diff --git a/ecomp-portal-BE-os/src/main/resources/music.properties b/ecomp-portal-BE-os/src/main/resources/music.properties
index 87c4c942..6669011d 100644
--- a/ecomp-portal-BE-os/src/main/resources/music.properties
+++ b/ecomp-portal-BE-os/src/main/resources/music.properties
@@ -15,7 +15,8 @@ music.cleanup.threshold = 10
 cassandra.host=localhost
 zookeeper.host=localhost
 cassandra.user=cassandra
-cassandra.password=cassandra
+#cassandra.password=cassandra
+cassandra.password=PIyMiPhYvQScMwiQT9UjvV8wBvXSiCN8ZEeiBC42Gp4=
 
 #Music API 
 #music.endpoint = localhost
diff --git a/ecomp-portal-BE-os/src/main/resources/portal.properties b/ecomp-portal-BE-os/src/main/resources/portal.properties
index e853165d..156d1e27 100644
--- a/ecomp-portal-BE-os/src/main/resources/portal.properties
+++ b/ecomp-portal-BE-os/src/main/resources/portal.properties
@@ -65,3 +65,6 @@ role_access_centralized = remote
 
 ext_req_connection_timeout = 15000
 ext_req_read_timeout = 20000
+
+#Replace this based on the Env
+auth_namespace = com.att.ecomp.portal.demeter
\ No newline at end of file
diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties
index 67d93285..cb187c8c 100644
--- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties
+++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties
@@ -40,7 +40,7 @@ db.driver = org.mariadb.jdbc.Driver
 #db.connectionURL = jdbc:mariadb:failover://localhost:3306/ecomp_portal
 #db.userName = XXXX
 #db.password = XXXX
-db.connectionURL = jdbc:mariadb:failover://demeter.homer.att.com:3306/ecomp_portal_1710_os
+db.connectionURL = jdbc:mariadb:failover://localhost:3306/portal
 db.userName = portal
 db.password = P0rt@l
 # is the db.password property encrypted?
diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml
index 6984cc91..1181a2fd 100644
--- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml
+++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml
@@ -106,4 +106,32 @@
 	    <filter-name>SecurityXssFilter</filter-name>
 	    <url-pattern>/*</url-pattern>
 	</filter-mapping>
+	<!-- <filter>
+		<filter-name>CadiAuthFilter</filter-name>
+		<filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class>
+		<init-param>
+			<param-name>cadi_prop_files</param-name>
+        Add Absolute path of cadi.properties
+			<param-value>{Path}/cadi.properties
+			</param-value>
+		</init-param>
+         Add param values with comma delimited values
+		<init-param>
+			<param-name>include_url_endpoints</param-name>
+			<param-value>/auxapi/*</param-value>
+		</init-param>
+		<init-param>
+			<param-name>exclude_url_endpoints</param-name>
+			<param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>CadiAuthFilter</filter-name>
+		<url-pattern>/auxapi/v3/*</url-pattern>
+	</filter-mapping>
+	<filter-mapping>
+		<filter-name>CadiAuthFilter</filter-name>
+		<url-pattern>/auxapi/v4/*</url-pattern>
+		
+	</filter-mapping> -->
 </web-app>
-- 
cgit 1.2.3-korg