summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2017-11-02 17:05:10 -0400
committerst782s <statta@research.att.com>2017-11-02 17:07:34 -0400
commita37fe92b5daca76aabd50ff1e6920670b30b84ee (patch)
tree35c4bf73f1235830054967352a816e0f05329599
parent5eb302b890ef11d7bab5b27b91c77c5d9175a7f4 (diff)
Handle Session issues and security vulnerability login issue to by preventing sql injection attack Issue: PORTAL-137 Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f Signed-off-by: st782s <statta@research.att.com>
-rw-r--r--ecomp-sdk/epsdk-analytics/README.md3
-rw-r--r--ecomp-sdk/epsdk-analytics/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-app-common/README.md3
-rw-r--r--ecomp-sdk/epsdk-app-common/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java5
-rw-r--r--ecomp-sdk/epsdk-app-os/README.md3
-rw-r--r--ecomp-sdk/epsdk-app-os/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-app-overlay/README.md3
-rw-r--r--ecomp-sdk/epsdk-app-overlay/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml21
-rw-r--r--ecomp-sdk/epsdk-core/README.md3
-rw-r--r--ecomp-sdk/epsdk-core/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java113
-rw-r--r--ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java257
-rw-r--r--ecomp-sdk/epsdk-fw/README.md3
-rw-r--r--ecomp-sdk/epsdk-fw/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-workflow/README.md3
-rw-r--r--ecomp-sdk/epsdk-workflow/pom.xml2
-rw-r--r--ecomp-sdk/pom.xml2
19 files changed, 202 insertions, 231 deletions
diff --git a/ecomp-sdk/epsdk-analytics/README.md b/ecomp-sdk/epsdk-analytics/README.md
index 73105352..3f398c77 100644
--- a/ecomp-sdk/epsdk-analytics/README.md
+++ b/ecomp-sdk/epsdk-analytics/README.md
@@ -11,6 +11,9 @@ features including charts, maps and reports ("Raptor").
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- No changes
+
Version 1.3.1, 15 October 2017
- No changes
diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml
index d211e069..6fc3eaf6 100644
--- a/ecomp-sdk/epsdk-analytics/pom.xml
+++ b/ecomp-sdk/epsdk-analytics/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-common/README.md b/ecomp-sdk/epsdk-app-common/README.md
index 8a7d0e60..edca9b5d 100644
--- a/ecomp-sdk/epsdk-app-common/README.md
+++ b/ecomp-sdk/epsdk-app-common/README.md
@@ -24,6 +24,9 @@ AngularJS version 1.5.0.
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
Version 1.3.1, 15 October 2017
- No changes
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index bacab499..d10e4739 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
index 766d9eb9..f921581f 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
@@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController {
final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
redirectUrl);
+
+ // this line may not be necessary but jsessionid cookie is not getting created in all cases,
+ // so force the cookie creation
+ request.getSession(true);
+
return new ModelAndView("redirect:" + redirectUrl);
}
}
diff --git a/ecomp-sdk/epsdk-app-os/README.md b/ecomp-sdk/epsdk-app-os/README.md
index 79ab9740..e4132378 100644
--- a/ecomp-sdk/epsdk-app-os/README.md
+++ b/ecomp-sdk/epsdk-app-os/README.md
@@ -13,6 +13,9 @@ https://www.eclipse.org/m2e-wtp/
## Release Notes
+Version 1.3.2, 1 November 2017
+- No changes
+
Version 1.3.1, 15 October 2017
- PORTAL-104 Changed the sql connector to Mariadb
- PORTAL-127 Remove GreenSock code from b2b library in SDK
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index 94530cdd..85bc253c 100644
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-overlay/README.md b/ecomp-sdk/epsdk-app-overlay/README.md
index df86ec91..094ab0fc 100644
--- a/ecomp-sdk/epsdk-app-overlay/README.md
+++ b/ecomp-sdk/epsdk-app-overlay/README.md
@@ -17,6 +17,9 @@ AngularJS version 1.5.0.
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
Version 1.3.1, 15 October 2017
- PORTAL-127 Remove GreenSock code from b2b library
diff --git a/ecomp-sdk/epsdk-app-overlay/pom.xml b/ecomp-sdk/epsdk-app-overlay/pom.xml
index 0332717d..63800739 100644
--- a/ecomp-sdk/epsdk-app-overlay/pom.xml
+++ b/ecomp-sdk/epsdk-app-overlay/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
index 098a5857..dbe53d5b 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
@@ -352,14 +352,14 @@
<query name="getAllUsers">
select id, firstName, lastName from User where active = true order by lastName, firstName
</query>
-
+
<query name="getRoleNameById">
select name from Role where id = :role_id
</query>
<query name="getAllRoles">
select id, name from Role order by name
- </query>
+ </query>
<query name="getReportSecurityUsers">
select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and userId is not null
@@ -369,11 +369,6 @@
select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and roleId is not null
</query>
-<!-- <query name="insertReportSecurityUsers">
- insert into ReportUserRole (repId, roleId, userId, readOnlyYn) values (:report_id, :role_id, :user_id, :read_only_yn)
- </query> -->
-
-
<query name="deleteReportSecurityUsers">
delete from ReportUserRole where repId = :report_id and userId =:user_id
</query>
@@ -390,4 +385,16 @@
select id from User where orgUserId = :orgUserId
</query>
+ <query name="getUserByOrgUserId">
+ FROM User WHERE orgUserId = :org_user_id
+ </query>
+
+ <query name="getUserByLoginId">
+ FROM User WHERE loginId = :login_id
+ </query>
+
+ <query name="getUserByLoginIdLoginPwd">
+ FROM User WHERE loginId = :login_id and loginPwd = :login_pwd
+ </query>
+
</hibernate-mapping>
diff --git a/ecomp-sdk/epsdk-core/README.md b/ecomp-sdk/epsdk-core/README.md
index b6eac5c9..6b22f121 100644
--- a/ecomp-sdk/epsdk-core/README.md
+++ b/ecomp-sdk/epsdk-core/README.md
@@ -13,6 +13,9 @@ ECOMP SDK web application.
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
Version 1.3.1, 15 October 2017
- No changes
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index b2f69eba..bfef5a9a 100644
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java
index bab2249c..7783e82e 100644
--- a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java
@@ -24,46 +24,38 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
public class LoginServiceCentralizedImpl extends FusionService implements LoginService {
- private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceCentralizedImpl.class);
-
- @Autowired
- AppService appService;
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceCentralizedImpl.class);
@Autowired
private DataAccessService dataAccessService;
-
- @Autowired
- RestApiRequestBuilder restApiRequestBuilder;
-
+
@Autowired
- UserService userService;
+ private RestApiRequestBuilder restApiRequestBuilder;
- @SuppressWarnings("unused")
- private MenuBuilder menuBuilder;
+ @Autowired
+ private UserService userService;
@Override
- public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams)
- throws Exception {
+ public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, @SuppressWarnings("rawtypes") HashMap additionalParams) throws Exception {
return findUser(bean, menuPropertiesFilename, additionalParams, true);
}
+ @Override
@SuppressWarnings("rawtypes")
public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams,
boolean matchPassword) throws Exception {
- User user = null;
- User userCopy = null;
- if (bean.getUserid() != null && bean.getUserid() != null) {
- user = (User) findUser(bean);
+ User user;
+ if (bean.getUserid() != null) {
+ user = findUser(bean);
} else {
if (matchPassword)
- user = (User) findUser(bean.getLoginId(), bean.getLoginPwd());
+ user = findUser(bean.getLoginId(), bean.getLoginPwd());
else
- user = (User) findUserWithoutPwd(bean.getLoginId());
+ user = findUserWithoutPwd(bean.getLoginId());
}
if (user != null) {
-
if (AppUtils.isApplicationLocked()
&& !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {
bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);
@@ -82,15 +74,20 @@ public class LoginServiceCentralizedImpl extends FusionService implements LoginS
// this will be a snapshot of the user's information as
// retrieved from the database
- userCopy = (User) user.clone();
+ User userCopy = null;
+ try {
+ userCopy = (User) user.clone();
+ } catch (CloneNotSupportedException ex) {
+ // Never happens
+ logger.error(EELFLoggerDelegate.errorLogger, "findUser failed", ex);
+ }
- User appuser = getUser(userCopy);
+ User appuser = findUserWithoutPwd(user.getLoginId());
appuser.setLastLoginDate(new Date());
// update the last logged in date for the user
- // user.setLastLoginDate(new Date());
- getDataAccessService().saveDomainObject(appuser, additionalParams);
+ dataAccessService.saveDomainObject(appuser, additionalParams);
// update the audit log of the user
// Check for the client device type and set log attributes
@@ -117,6 +114,7 @@ public class LoginServiceCentralizedImpl extends FusionService implements LoginS
private boolean userHasActiveRoles(User user) {
boolean hasActiveRole = false;
+ @SuppressWarnings("rawtypes")
Iterator roles = user.getRoles().iterator();
while (roles.hasNext()) {
Role role = (Role) roles.next();
@@ -128,72 +126,43 @@ public class LoginServiceCentralizedImpl extends FusionService implements LoginS
return hasActiveRole;
}
- @SuppressWarnings("null")
- public User findUser(LoginBean bean) throws Exception {
- User user = null;
+ private User findUser(LoginBean bean) throws Exception {
String repsonse = restApiRequestBuilder.getViaREST("/user/" + bean.getUserid(), true, bean.getUserid());
- user = userService.userMapper(repsonse);
+ User user = userService.userMapper(repsonse);
user.setId(getUserIdByOrgUserId(user.getOrgUserId()));
return user;
}
-
- public Long getUserIdByOrgUserId(String orgUserId) {
- Map<String, String> params = new HashMap<String, String>();
+
+ private Long getUserIdByOrgUserId(String orgUserId) {
+ Map<String, String> params = new HashMap<>();
params.put("orgUserId", orgUserId);
@SuppressWarnings("rawtypes")
- List list = getDataAccessService().executeNamedQuery("getUserIdByorgUserId", params, null);
+ List list = dataAccessService.executeNamedQuery("getUserIdByorgUserId", params, null);
Long userId = null;
if (list != null && !list.isEmpty())
userId = (Long) list.get(0);
return userId;
}
-
-
- public User findUser(String loginId, String password) {
- List list = null;
-
- StringBuffer criteria = new StringBuffer();
- criteria.append(" where login_id = '").append(loginId).append("'").append(" and login_pwd = '").append(password)
- .append("'");
-
- list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
- return (list == null || list.size() == 0) ? null : (User) list.get(0);
+ @SuppressWarnings("rawtypes")
+ private User findUser(String loginId, String password) {
+ Map<String,String> params = new HashMap<>();
+ params.put("login_id", loginId);
+ params.put("login_pwd", password);
+ List list = dataAccessService.executeNamedQuery("getUserByLoginIdLoginPwd", params, new HashMap());
+ return (list == null || list.isEmpty()) ? null : (User) list.get(0);
}
+ @SuppressWarnings("rawtypes")
private User findUserWithoutPwd(String loginId) {
- List list = null;
- StringBuffer criteria = new StringBuffer();
- criteria.append(" where login_id = '").append(loginId).append("'");
- list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
- return (list == null || list.size() == 0) ? null : (User) list.get(0);
- }
-
- public DataAccessService getDataAccessService() {
- return dataAccessService;
+ Map<String,String> params = new HashMap<>();
+ params.put("login_id", loginId);
+ List list = dataAccessService.executeNamedQuery("getUserByLoginId", params, new HashMap());
+ return (list == null || list.isEmpty()) ? null : (User) list.get(0);
}
- public void setDataAccessService(DataAccessService dataAccessService) {
- this.dataAccessService = dataAccessService;
- }
-
- public MenuBuilder getMenuBuilder() {
+ private MenuBuilder getMenuBuilder() {
return new MenuBuilder();
}
- public void setMenuBuilder(MenuBuilder menuBuilder) {
- this.menuBuilder = menuBuilder;
- }
-
- public User getUser(User user) {
- List list = null;
-
- StringBuffer criteria = new StringBuffer();
- criteria.append(" where login_id = '").append(user.getLoginId()).append("'");
-
- list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
- return (list == null || list.size() == 0) ? null : (User) list.get(0);
-
- }
-
}
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java
index a38a16ff..9ba7dcf8 100644
--- a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java
@@ -1,6 +1,6 @@
/*-
* ================================================================================
- * eCOMP Portal SDK
+ * ECOMP Portal SDK
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property
* ================================================================================
@@ -24,11 +24,13 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import org.openecomp.portalsdk.core.command.LoginBean;
import org.openecomp.portalsdk.core.domain.Role;
import org.openecomp.portalsdk.core.domain.User;
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.openecomp.portalsdk.core.menu.MenuBuilder;
import org.openecomp.portalsdk.core.service.support.FusionService;
import org.openecomp.portalsdk.core.util.SystemProperties;
@@ -40,161 +42,128 @@ import org.springframework.transaction.annotation.Transactional;
@Transactional
public class LoginServiceImpl extends FusionService implements LoginService {
- @SuppressWarnings("unused")
- private MenuBuilder menuBuilder;
-
- @Autowired
- private DataAccessService dataAccessService;
-
- @SuppressWarnings("rawtypes")
- public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams ) throws Exception {
- return findUser(bean, menuPropertiesFilename, additionalParams, true);
- }
-
- @SuppressWarnings("rawtypes")
- public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams, boolean matchPassword) throws Exception {
- User user = null;
- User userCopy = null;
-
- if (bean.getUserid() != null && bean.getUserid() != null) {
- user = (User)findUser(bean);
- }
- else {
- if (matchPassword)
- user = (User)findUser(bean.getLoginId(), bean.getLoginPwd());
- else
- user = (User)findUserWithoutPwd(bean.getLoginId());
- }
-
- if (user != null) {
-
- // raise an error if the application is locked and the user does not have system administrator privileges
- if (AppUtils.isApplicationLocked() && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {
- bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);
- }
-
- // raise an error if the user is inactive
- if (!user.getActive()) {
- bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
- }
-
- // raise an error if no active roles exist for the user
-// boolean hasActiveRole = false;
-// Iterator roles = user.getRoles().iterator();
-// while (roles.hasNext()) {
-// Role role = (Role)roles.next();
-// if (role.getActive()) {
-// hasActiveRole = true;
-// break;
-// }
-// }
-
-// if (!hasActiveRole) {
-// bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
-// }
- if (!userHasActiveRoles(user)) {
- bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
- }
- // only login the user if no errors have occurred
- if (bean.getLoginErrorMessage() == null) {
-
- // this will be a snapshot of the user's information as retrieved from the database
- userCopy = (User)user.clone();
-
- // update the last logged in date for the user
- user.setLastLoginDate(new Date());
- getDataAccessService().saveDomainObject(user, additionalParams);
-
- // update the audit log of the user
- //Check for the client device type and set log attributes appropriately
-
-
- // save the above changes to the User and their audit trail
-
- // create the application menu based on the user's privileges
- Set appMenu = getMenuBuilder().getMenu(SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME),dataAccessService);
- bean.setMenu(appMenu != null?appMenu:new HashSet());
- Set businessDirectMenu = getMenuBuilder().getMenu(SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME),dataAccessService);
- bean.setBusinessDirectMenu(businessDirectMenu != null?businessDirectMenu:new HashSet());
-
- bean.setUser(userCopy);
- }
-
- }
-
- return bean;
- }
-
- private boolean userHasActiveRoles(User user) {
- boolean hasActiveRole = false;
- @SuppressWarnings("rawtypes")
- Iterator roles = user.getRoles().iterator();
- while (roles.hasNext()) {
- Role role = (Role)roles.next();
- if (role.getActive()) {
- hasActiveRole = true;
- break;
- }
- }
- return hasActiveRole;
- }
-
- @SuppressWarnings("rawtypes")
- public User findUser(String loginId, String password) {
- List list = null;
-
- StringBuffer criteria = new StringBuffer();
- criteria.append(" where login_id = '").append(loginId).append("'")
- .append(" and login_pwd = '").append(password).append("'");
-
- list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceImpl.class);
- return (list == null || list.size() == 0) ? null : (User)list.get(0);
- }
-
- @SuppressWarnings("rawtypes")
- private User findUserWithoutPwd(String loginId) {
- List list = null;
+ @Autowired
+ private DataAccessService dataAccessService;
- StringBuffer criteria = new StringBuffer();
- criteria.append(" where login_id = '").append(loginId).append("'");
-
- list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
-
- return (list == null || list.size() == 0) ? null : (User)list.get(0);
- }
-
- @SuppressWarnings("rawtypes")
- public User findUser(LoginBean bean) {
- List list = null;
-
- StringBuffer criteria = new StringBuffer();
- criteria.append(" where org_user_id = '").append(bean.getUserid()).append("'");
-
- list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
+ @Override
+ @SuppressWarnings("rawtypes")
+ public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams) {
+ return findUser(bean, menuPropertiesFilename, additionalParams, true);
+ }
- return (list == null || list.size() == 0) ? null : (User)list.get(0);
- }
+ @Override
+ @SuppressWarnings("rawtypes")
+ public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams,
+ boolean matchPassword) {
+
+ User user;
+ if (bean.getUserid() != null && bean.getUserid() != null) {
+ user = findUser(bean);
+ } else {
+ if (matchPassword)
+ user = findUser(bean.getLoginId(), bean.getLoginPwd());
+ else
+ user = findUserWithoutPwd(bean.getLoginId());
+ }
+ if (user != null) {
+ // raise an error if the application is locked and the user does not have system
+ // administrator privileges
+ if (AppUtils.isApplicationLocked()
+ && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {
+ bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);
+ }
+
+ // raise an error if the user is inactive
+ if (!user.getActive()) {
+ bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
+ }
+
+ if (!userHasActiveRoles(user)) {
+ bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
+ }
+ // only login the user if no errors have occurred
+ if (bean.getLoginErrorMessage() == null) {
+
+ // this will be a snapshot of the user's information as retrieved from the
+ // database
+ User userCopy = null;
+ try {
+ userCopy = (User) user.clone();
+ } catch (CloneNotSupportedException ex) {
+ // Never happens
+ logger.error(EELFLoggerDelegate.errorLogger, "findUser failed", ex);
+ }
+
+ // update the last logged in date for the user
+ user.setLastLoginDate(new Date());
+ dataAccessService.saveDomainObject(user, additionalParams);
+
+ // update the audit log of the user
+ // Check for the client device type and set log attributes appropriately
+
+ // save the above changes to the User and their audit trail
+
+ // create the application menu based on the user's privileges
+ Set appMenu = getMenuBuilder().getMenu(
+ SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME), dataAccessService);
+ bean.setMenu(appMenu != null ? appMenu : new HashSet());
+ Set businessDirectMenu = getMenuBuilder().getMenu(
+ SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME),
+ dataAccessService);
+ bean.setBusinessDirectMenu(businessDirectMenu != null ? businessDirectMenu : new HashSet());
+
+ bean.setUser(userCopy);
+ }
- public MenuBuilder getMenuBuilder() {
- return new MenuBuilder();
- }
+ }
+ return bean;
+ }
- public void setMenuBuilder(MenuBuilder menuBuilder) {
- this.menuBuilder = menuBuilder;
- }
+ private boolean userHasActiveRoles(User user) {
+ boolean hasActiveRole = false;
+ @SuppressWarnings("rawtypes")
+ Iterator roles = user.getRoles().iterator();
+ while (roles.hasNext()) {
+ Role role = (Role) roles.next();
+ if (role.getActive()) {
+ hasActiveRole = true;
+ break;
+ }
+ }
+ return hasActiveRole;
+ }
-
- public DataAccessService getDataAccessService() {
- return dataAccessService;
+ @SuppressWarnings("rawtypes")
+ private User findUser(String loginId, String password) {
+ Map<String, String> params = new HashMap<>();
+ params.put("login_id", loginId);
+ params.put("login_pwd", password);
+ List list = dataAccessService.executeNamedQuery("getUserByLoginIdLoginPwd", params, new HashMap());
+ return (list == null || list.isEmpty()) ? null : (User) list.get(0);
}
+ @SuppressWarnings("rawtypes")
+ private User findUserWithoutPwd(String loginId) {
+ Map<String, String> params = new HashMap<>();
+ params.put("login_id", loginId);
+ List list = dataAccessService.executeNamedQuery("getUserByLoginId", params, new HashMap());
+ return (list == null || list.isEmpty()) ? null : (User) list.get(0);
+ }
- public void setDataAccessService(DataAccessService dataAccessService) {
- this.dataAccessService = dataAccessService;
+ @SuppressWarnings("rawtypes")
+ private User findUser(LoginBean bean) {
+ Map<String, String> params = new HashMap<>();
+ params.put("org_user_id", bean.getUserid());
+ List list = dataAccessService.executeNamedQuery("getUserByOrgUserId", params, new HashMap());
+ return (list == null || list.isEmpty()) ? null : (User) list.get(0);
}
+ private MenuBuilder getMenuBuilder() {
+ return new MenuBuilder();
+ }
}
diff --git a/ecomp-sdk/epsdk-fw/README.md b/ecomp-sdk/epsdk-fw/README.md
index eb6010eb..7898ab99 100644
--- a/ecomp-sdk/epsdk-fw/README.md
+++ b/ecomp-sdk/epsdk-fw/README.md
@@ -29,6 +29,9 @@ nor does it require Spring.
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- No changes
+
Version 1.3.1, 15 October 2017
- No changes
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 82523288..ddd362d1 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-workflow/README.md b/ecomp-sdk/epsdk-workflow/README.md
index bcf46834..065f685e 100644
--- a/ecomp-sdk/epsdk-workflow/README.md
+++ b/ecomp-sdk/epsdk-workflow/README.md
@@ -11,6 +11,9 @@ schedulers, workflows and R Cloud integration.
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- No changes
+
Version 1.3.1, 15 October 2017
- No changes
diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml
index 5a8ff45a..9ac5f205 100644
--- a/ecomp-sdk/epsdk-workflow/pom.xml
+++ b/ecomp-sdk/epsdk-workflow/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml
index d6a0d98b..f694c417 100644
--- a/ecomp-sdk/pom.xml
+++ b/ecomp-sdk/pom.xml
@@ -6,7 +6,7 @@
<!-- ECOMP Portal SDK Maven parent project -->
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
<packaging>pom</packaging>
<name>portal-sdk</name>
<url>https://wiki.onap.org/display/DW/Portal</url>