CADI Integration

Issue-ID: PORTAL-474

System to system authorization using CADI

Change-Id: I76487f8155a36fca8283669fe5e28ec7d5aec91d
Signed-off-by: st782s <statta@research.att.com>

1 files changed, 0 insertions, 385 deletions

diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
deleted file mode 100644
index 14d8a5e2..00000000
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
+++ /dev/null
@@ -1,385 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal SDK
- * ===================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-package org.onap.portalsdk.external.authorization.service;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
-
-import javax.naming.NamingException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.json.JSONArray;
-import org.json.JSONObject;
-import org.onap.portalsdk.core.command.PostSearchBean;
-import org.onap.portalsdk.core.command.support.SearchResult;
-import org.onap.portalsdk.core.domain.App;
-import org.onap.portalsdk.core.domain.Role;
-import org.onap.portalsdk.core.domain.RoleFunction;
-import org.onap.portalsdk.core.domain.User;
-import org.onap.portalsdk.core.domain.UserApp;
-import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.service.AppService;
-import org.onap.portalsdk.core.service.DataAccessService;
-import org.onap.portalsdk.core.service.LdapService;
-import org.onap.portalsdk.core.service.PostSearchService;
-import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms;
-import org.onap.portalsdk.external.authorization.domain.ExternalAccessRole;
-import org.onap.portalsdk.external.authorization.domain.ExternalAccessRoleDescription;
-import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail;
-import org.onap.portalsdk.external.authorization.exception.UserNotFoundException;
-import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties;
-import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.ResponseEntity;
-import org.springframework.stereotype.Service;
-import org.springframework.web.client.RestTemplate;
-
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.type.TypeFactory;
-
-@Service("userApiService")
-public class UserApiServiceImpl implements UserApiService {
-
-	private static final String PASSCODE = "password";
-
-	private static final String ID = "id";
-
-	private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/";
-
-	private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/";
-
-	private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate";
-
-	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class);
-
-	@Autowired
-	private LoginExternalAuthService loginAAFService;
-
-	@Autowired
-	private LdapService ldapService;
-
-	@Autowired
-	private PostSearchService postSearchService;
-
-	@Autowired
-	private DataAccessService dataAccessService;
-
-	RestTemplate template = new RestTemplate();
-
-	@Autowired
-	private AppService appService;
-
-	@Override
-	public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException {
-		User user = null;
-		try {
-			String namespace = EcompExternalAuthProperties
-					.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
-			HttpHeaders headers = getBasicAuthHeaders();
-			HttpEntity<String> entity = new HttpEntity<>(headers);
-			logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}",
-					orgUserId);
-			String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId
-					+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
-			ResponseEntity<String> getResponse = template.exchange(
-					EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
-					HttpMethod.GET, entity, String.class);
-			if (getResponse.getStatusCode().value() == 200) {
-				logger.debug(EELFLoggerDelegate.debugLogger,
-						"getUserRoles: Finished GET user app roles from external auth system and body: {}",
-						getResponse.getBody());
-			}
-			String userRoles = getResponse.getBody();
-			ObjectMapper mapper = new ObjectMapper();
-			List<ExternalAccessUserRoleDetail> userRoleDetailList = setExternalAccessUserRoles(namespace, userRoles,
-					mapper);
-
-			if (userRoleDetailList.isEmpty()) {
-				throw new UserNotFoundException("User roles not found!");
-			} else {
-				user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request);
-			}
-		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e);
-		}
-		return user;
-
-	}
-
-	private List<ExternalAccessUserRoleDetail> setExternalAccessUserRoles(String namespace, String userRoles,
-			ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException {
-		JSONObject userJsonObj;
-		JSONArray userJsonArray;
-		List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
-		if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
-			userJsonObj = new JSONObject(userRoles);
-			userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD);
-			ExternalAccessUserRoleDetail userRoleDetail = null;
-			for (int i = 0; i < userJsonArray.length(); i++) {
-				JSONObject role = userJsonArray.getJSONObject(i);
-				if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
-						.endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN)
-						&& !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
-								.endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)) {
-					ExternalAccessRoleDescription ecDesc = new ExternalAccessRoleDescription();
-					if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils
-							.isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) {
-						ecDesc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION),
-								ExternalAccessRoleDescription.class);
-					}
-					List<ExternalAccessPerms> ecPerms = new ArrayList<>();
-					if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) {
-						JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS);
-						ecPerms = mapper.readValue(perms.toString(), TypeFactory.defaultInstance()
-								.constructCollectionType(List.class, ExternalAccessPerms.class));
-					}
-					ExternalAccessRole ecRole = new ExternalAccessRole(
-							role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), ecPerms, ecDesc);
-					userRoleDetail = new ExternalAccessUserRoleDetail(ecRole);
-					userRoleDetailList.add(userRoleDetail);
-				}
-			}
-		} else {
-			throw new UserNotFoundException("User roles not found!");
-		}
-		return userRoleDetailList;
-	}
-
-	private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList,
-			String orgUserId, String namespace, HttpServletRequest request) throws Exception {
-		User user = loginAAFService.findUserWithoutPwd(orgUserId);
-		PostSearchBean postSearchBean = new PostSearchBean();
-		if (user == null) {
-			postSearchBean.setOrgUserId(orgUserId);
-			postSearchService.process(request, postSearchBean);
-			postSearchBean.setSearchResult(loadSearchResultData(postSearchBean));
-			user = (User) postSearchBean.getSearchResult().get(0);
-			user.setActive(true);
-			user.setLoginId(orgUserId);
-			dataAccessService.saveDomainObject(user, null);
-		}
-		App app = appService.getApp(1l);
-		try {
-			Set userApps = setUserApps(userRoleDetailList, namespace, user, app);
-			user.setUserApps(userApps);
-		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e);
-			throw e;
-		}
-
-		return user;
-	}
-
-	@SuppressWarnings({ "rawtypes", "unchecked" })
-	private Set setUserApps(List<ExternalAccessUserRoleDetail> userRoleDetailList, String namespace, User user,
-			App app) {
-		Set userApps = new TreeSet();
-		for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) {
-			ExternalAccessRole ecRole = userRoleDetail.getRole();
-			ExternalAccessRoleDescription roleDesc = ecRole.getDescription();
-			UserApp userApp = new UserApp();
-			Role role = new Role();
-			Set roleFunctions = new TreeSet<>();
-			if (roleDesc.getName() == null) {
-				role.setActive(true);
-				role.setName(ecRole.getName());
-			} else {
-				role.setActive(Boolean.valueOf(roleDesc.getActive()));
-				role.setId(Long.valueOf(roleDesc.getAppRoleId()));
-				role.setName(roleDesc.getName());
-				if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) {
-					role.setPriority(Integer.valueOf(roleDesc.getPriority()));
-				}
-			}
-			for (ExternalAccessPerms extPerm : ecRole.getPerms()) {
-				RoleFunction roleFunction = new RoleFunction();
-				roleFunction.setCode(extPerm.getInstance());
-				roleFunction.setAction(extPerm.getAction());
-				if (extPerm.getDescription() != null) {
-					roleFunction.setName(extPerm.getDescription());
-				}
-				roleFunction.setType(extPerm.getType());
-				roleFunctions.add(roleFunction);
-			}
-			role.setRoleFunctions(roleFunctions);
-			userApp.setApp(app);
-			userApp.setRole(role);
-			userApp.setUserId(user.getId());
-			userApps.add(userApp);
-		}
-		return userApps;
-	}
-
-	@Override
-	public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception {
-		ObjectMapper mapper = new ObjectMapper();
-		HttpHeaders headers = getBasicAuthHeaders();
-		HttpEntity<String> entity = new HttpEntity<>(headers);
-		logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}",
-				orgUserId);
-		String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId
-				+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
-		ResponseEntity<String> getResponse = template.exchange(
-				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
-				HttpMethod.GET, entity, String.class);
-		if (getResponse.getStatusCode().value() == 200) {
-			logger.debug(EELFLoggerDelegate.debugLogger,
-					"getRoleFunctions: Finished GET user perms from external system and body: {}",
-					getResponse.getBody());
-		}
-		String userPerms = getResponse.getBody();
-		List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms);
-		return convertToRoleFunctionList(extPermsList);
-	}
-
-	private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms)
-			throws IOException, JsonParseException, JsonMappingException {
-		JSONObject userPermsJsonObj = null;
-		JSONArray userPermsJsonArray = null;
-		List<ExternalAccessPerms> extPermsList = new ArrayList<>();
-		if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
-			userPermsJsonObj = new JSONObject(userPerms);
-			userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD);
-			for (int i = 0; i < userPermsJsonArray.length(); i++) {
-				JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i);
-				if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE)
-						.endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
-					ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class);
-					extPermsList.add(perm);
-				}
-			}
-		}
-		return extPermsList;
-	}
-
-	private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) {
-		ResponseEntity<String> getResponse = template.exchange(
-				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
-				HttpMethod.GET, entity, String.class);
-		if (getResponse.getStatusCode().value() == 200) {
-			logger.debug(EELFLoggerDelegate.debugLogger,
-					"getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}",
-					getResponse.getBody());
-		}
-		return getResponse;
-	}
-
-	private HttpHeaders getBasicAuthHeaders() throws Exception {
-		String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
-		String encryptedPass = EcompExternalAuthProperties
-				.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
-		String decryptedPass = EcompExternalAuthUtils.decryptPass(encryptedPass);
-		return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass);
-	}
-
-	private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) {
-		List<RoleFunction> roleFunctions = new ArrayList<>();
-		String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
-		for (ExternalAccessPerms extPerm : extPermsList) {
-			RoleFunction roleFunction = new RoleFunction();
-			roleFunction.setCode(extPerm.getInstance());
-			roleFunction.setAction(extPerm.getAction());
-			if (extPerm.getDescription() != null) {
-				roleFunction.setName(extPerm.getDescription());
-			}
-			roleFunction.setType(extPerm.getType());
-			roleFunctions.add(roleFunction);
-		}
-		return roleFunctions;
-	}
-
-	private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException {
-		return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(),
-				searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(),
-				searchCriteria.getNewDataSize(), 1);
-	}
-
-	@Override
-	public ResponseEntity<String> checkUserExists(String username, String password) throws Exception {
-		username = changeIfUserDomainNotAppended(username);
-		HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password);
-		String appUsername = EcompExternalAuthProperties
-				.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
-		String appPass = EcompExternalAuthUtils.decryptPass(
-				EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD));
-		JSONObject credentials = new JSONObject();
-		credentials.put(ID, appUsername);
-		credentials.put(PASSCODE, appPass);
-		HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers);
-		logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}",
-				username);
-		ResponseEntity<String> getResponse = template
-				.exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL)
-						+ EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class);
-		if (getResponse.getStatusCode().value() == 200) {
-			logger.debug(EELFLoggerDelegate.debugLogger,
-					"checkUserExists: Finished POST from external auth system to validate credentials and status: {}",
-					getResponse.getStatusCode().value());
-		}
-		return getResponse;
-	}
-
-	private String changeIfUserDomainNotAppended(String username) {
-		if (!EcompExternalAuthUtils.validate(username)) {
-			username = username
-					+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
-		}
-		return username;
-	}
-
-	@Override
-	public List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception {
-		HttpHeaders headers = getBasicAuthHeaders();
-		HttpEntity<String> entity = new HttpEntity<>(headers);
-		logger.debug(EELFLoggerDelegate.debugLogger,
-				"getIfUserPermsExists: Connecting to external auth system for user {}", username);
-		username = changeIfUserDomainNotAppended(username);
-		String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username;
-		ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint);
-		return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody());
-	}
-
-}