diff options
author | st782s <statta@research.att.com> | 2018-11-20 07:31:32 -0500 |
---|---|---|
committer | st782s <statta@research.att.com> | 2018-11-20 07:31:32 -0500 |
commit | 7246eabfd23d6cadc9f658f666df62b93f30ed70 (patch) | |
tree | f60963a0eb52e3bf645491afa5c6ed9477dc28c7 /ecomp-sdk/epsdk-aaf/src/main | |
parent | ace477c7097f4dc48498916ba2e024a81513ed93 (diff) |
CADI Integration
Issue-ID: PORTAL-474
System to system authorization using CADI
Change-Id: I76487f8155a36fca8283669fe5e28ec7d5aec91d
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-aaf/src/main')
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java | 225 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFService.java (renamed from ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java) | 45 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java | 80 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java | 254 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java | 385 | ||||
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java | 16 |
6 files changed, 235 insertions, 770 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java new file mode 100644 index 00000000..f37af6fa --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java @@ -0,0 +1,225 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.json.JSONArray; +import org.json.JSONObject; +import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; +//import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.web.client.RestTemplate; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; + +public class AAFRestServiceImpl implements AAFService { + + private static final String PASSCODE = "password"; + + private static final String ID = "id"; + + private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/"; + + private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/"; + + private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate"; + RestTemplate template = new RestTemplate(); + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AAFRestServiceImpl.class); + + @Override + public String getUser(String orgUserId, HttpServletRequest request, HttpHeaders headers) throws Exception { + + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}", + orgUserId); + String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getUserRoles: Finished GET user app roles from external auth system and body: {}", + getResponse.getBody()); + } + String userRoles = getResponse.getBody(); + return userRoles; + + } + + @Override + public ResponseEntity<String> checkUserExists(String username, String password, String appPass) throws Exception { + username = changeIfUserDomainNotAppended(username); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password); + String appUsername = EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); + JSONObject credentials = new JSONObject(); + credentials.put(ID, appUsername); + credentials.put(PASSCODE, appPass); + HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers); + logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}", + username); + ResponseEntity<String> getResponse = template + .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "checkUserExists: Finished POST from external auth system to validate credentials and status: {}", + getResponse.getStatusCode().value()); + } + return getResponse; + } + + private String changeIfUserDomainNotAppended(String username) { + if (!EcompExternalAuthUtils.validate(username)) { + username = username + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + } + return username; + } + + @Override + public List<ExternalAccessPerms> getIfUserPermsExists(String username, HttpHeaders headers) throws Exception { + + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, + "getIfUserPermsExists: Connecting to external auth system for user {}", username); + username = changeIfUserDomainNotAppended(username); + String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username; + ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint); + return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody()); + } + + private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) { + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}", + getResponse.getBody()); + } + return getResponse; + } + + private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms) + throws IOException, JsonParseException, JsonMappingException { + JSONObject userPermsJsonObj = null; + JSONArray userPermsJsonArray = null; + List<ExternalAccessPerms> extPermsList = new ArrayList<>(); + if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userPermsJsonObj = new JSONObject(userPerms); + userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); + for (int i = 0; i < userPermsJsonArray.length(); i++) { + JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); + if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE) + .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { + ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); + extPermsList.add(perm); + } + } + } + return extPermsList; + } + + @Override + public List<RoleFunction> getRoleFunctions(String orgUserId, HttpHeaders headers) throws Exception { + ObjectMapper mapper = new ObjectMapper(); + + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}", + orgUserId); + String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getRoleFunctions: Finished GET user perms from external system and body: {}", + getResponse.getBody()); + } + String userPerms = getResponse.getBody(); + List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms); + return convertToRoleFunctionList(extPermsList); + } + + private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) { + List<RoleFunction> roleFunctions = new ArrayList<>(); + String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + for (ExternalAccessPerms extPerm : extPermsList) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + return roleFunctions; + } + +}
\ No newline at end of file diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFService.java index 3d112268..758c0647 100644 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFService.java @@ -1,3 +1,4 @@ + /*- * ============LICENSE_START========================================== * ONAP Portal SDK @@ -42,46 +43,18 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import org.onap.portalsdk.core.domain.RoleFunction; -import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; -import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; +import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; -public interface UserApiService { +public interface AAFService { - /** - * Gets list of all roles associated to user from external system - * - * @param orgUserId - * @return - * @throws Exception - */ - User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException; - /** - * - * @param OrgUserId - * @return - */ - List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception; + public String getUser(String orgUserId, HttpServletRequest request,HttpHeaders headers) throws Exception; - /** - * Check if user exist in external auth system - * - * @param username - * @param password - * @return Response<String> - * @throws Exception - */ - ResponseEntity<String> checkUserExists(String username, String password) throws Exception; + public ResponseEntity<String> checkUserExists(String username, String password, String appPassword) throws Exception; - /** - * Get if user has any perms - * - * @param username - * @param password - * @return List<ExternalAccessPerms> - * @throws Exception - */ - List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception; -} + public List<ExternalAccessPerms> getIfUserPermsExists(String username,HttpHeaders headers) throws Exception ; + + List<RoleFunction> getRoleFunctions(String orgUserId,HttpHeaders headers) throws Exception; +}
\ No newline at end of file diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java deleted file mode 100644 index 0ad02460..00000000 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java +++ /dev/null @@ -1,80 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal SDK - * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalsdk.external.authorization.service; - -import java.io.IOException; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.portalsdk.core.command.LoginBean; -import org.onap.portalsdk.core.domain.User; - -public interface LoginExternalAuthService { - - /** - * validate user exists in the system - * @param bean - * @param menuPropertiesFilename - * @param additionalParams - * @return returns login user bean - * @throws IOException - */ - @SuppressWarnings("rawtypes") - LoginBean findUser(LoginBean bean, String menuPropertiesFilename, Map additionalParams, HttpServletRequest request) throws Exception; - - /** - * - * @param bean - * @param menuPropertiesFilename - * @param additionalParams - * @param matchPassword - * @return returns login user bean - * @throws IOException - */ - @SuppressWarnings("rawtypes") - LoginBean findUser(LoginBean bean, String menuPropertiesFilename, Map additionalParams, boolean matchPassword, HttpServletRequest request) - throws Exception; - - /** - * - * @param orgUserId - * @return - */ - User findUserWithoutPwd(String orgUserId); -} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java deleted file mode 100644 index 173e9e7d..00000000 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java +++ /dev/null @@ -1,254 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal SDK - * =================================================================== - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalsdk.external.authorization.service; - -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.portalsdk.core.command.LoginBean; -import org.onap.portalsdk.core.domain.Role; -import org.onap.portalsdk.core.domain.User; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.onap.portalsdk.core.menu.MenuBuilder; -import org.onap.portalsdk.core.service.DataAccessService; -import org.onap.portalsdk.core.service.LoginServiceCentralizedImpl; -import org.onap.portalsdk.core.util.SystemProperties; -import org.onap.portalsdk.core.web.support.AppUtils; -import org.onap.portalsdk.core.web.support.UserUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -@Service("loginExternalAuthService") -public class LoginExternalAuthServiceImpl implements LoginExternalAuthService { - - private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceCentralizedImpl.class); - - @Autowired - private DataAccessService dataAccessService; - - @Autowired - private UserApiService userApiService; - - @Override - public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, - @SuppressWarnings("rawtypes") Map additionalParams, HttpServletRequest request) throws Exception { - return findUser(bean, menuPropertiesFilename, additionalParams, true, request); - } - - @Override - @SuppressWarnings("rawtypes") - @Transactional - public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, Map additionalParams, - boolean matchPassword, HttpServletRequest request) throws Exception { - - User user; - if (bean.getUserid() != null) { - user = findUser(bean, request); - } else { - if (matchPassword) - user = findUser(bean.getLoginId(), bean.getLoginPwd()); - else - user = findUserWithoutPwd(bean.getLoginId()); - } - - if (user != null) { - if (AppUtils.isApplicationLocked() - && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) { - bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED); - } - - // raise an error if the user is inactive - if (!user.getActive()) { - bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE); - } - - if (!userHasActiveRoles(user)) { - bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE); - } - // only login the user if no errors have occurred - if (bean.getLoginErrorMessage() == null) { - - // this will be a snapshot of the user's information as - // retrieved from the database - User userCopy = null; - try { - userCopy = (User) user.clone(); - } catch (CloneNotSupportedException ex) { - // Never happens - logger.error(EELFLoggerDelegate.errorLogger, "findUser failed", ex); - } - - User appuser = findUserWithoutPwd(user.getLoginId()); - - if (appuser == null && userHasRoleFunctions(user)) { - createUserIfNecessary(user); - } else { - appuser.setLastLoginDate(new Date()); - - // update the last logged in date for the user - dataAccessService.saveDomainObject(appuser, additionalParams); - } - // update the audit log of the user - // Check for the client device type and set log attributes - // appropriately - - // save the above changes to the User and their audit trail - - // create the application menu based on the user's privileges - - Set appMenu = getMenuBuilder().getMenu( - SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME), dataAccessService); - bean.setMenu(appMenu != null ? appMenu : new HashSet()); - Set businessDirectMenu = getMenuBuilder().getMenu( - SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME), - dataAccessService); - bean.setBusinessDirectMenu(businessDirectMenu != null ? businessDirectMenu : new HashSet()); - - bean.setUser(userCopy); - } - } - - return bean; - } - - private void createUserIfNecessary(User user) { - logger.debug(EELFLoggerDelegate.debugLogger, "createUser: " + user.getOrgUserId()); - User user1 = new User(); - user1.setEmail(user.getEmail()); - user1.setEmail(user.getEmail()); - user1.setFirstName(user.getFirstName()); - user1.setHrid(user.getHrid()); - user1.setJobTitle(user.getJobTitle()); - user1.setLastName(user.getLastName()); - user1.setLoginId(user.getLoginId()); - user1.setOrgManagerUserId(user.getOrgManagerUserId()); - user1.setMiddleInitial(user.getMiddleInitial()); - user1.setOrgCode(user.getOrgCode()); - user1.setOrgId(user.getOrgId()); - user1.setPhone(user.getPhone()); - user1.setOrgUserId(user.getOrgUserId()); - user1.setActive(user.getActive()); - user1.setLastLoginDate(new Date()); - - try { - dataAccessService.saveDomainObject(user1, null); - logger.debug(EELFLoggerDelegate.debugLogger, "createdUser Successfully: " + user.getOrgUserId()); - } catch (Exception ex) { - logger.error(EELFLoggerDelegate.errorLogger, "createUserIfNecessary failed", ex); - } - - } - - private boolean userHasActiveRoles(User user) { - boolean hasActiveRole = false; - @SuppressWarnings("rawtypes") - Iterator roles = user.getRoles().iterator(); - while (roles.hasNext()) { - Role role = (Role) roles.next(); - if (role.getActive()) { - hasActiveRole = true; - break; - } - } - return hasActiveRole; - } - - private boolean userHasRoleFunctions(User user) { - boolean hasRoleFunctions = false; - @SuppressWarnings("rawtypes") - Iterator roles = user.getRoles().iterator(); - while (roles.hasNext()) { - Role role = (Role) roles.next(); - if (role.getActive() && role.getRoleFunctions() != null && !role.getRoleFunctions().isEmpty()) { - hasRoleFunctions = true; - break; - } - } - return hasRoleFunctions; - } - - private User findUser(LoginBean bean, HttpServletRequest request) throws Exception { - User user = userApiService.getUser(bean.getUserid(), request); - user.setId(getUserIdByOrgUserId(user.getOrgUserId())); - user.setLoginId(bean.getUserid()); - logger.debug(EELFLoggerDelegate.debugLogger, "findUser: Returning final user roles and permissions", user.toString()); - return user; - } - - private Long getUserIdByOrgUserId(String orgUserId) { - Map<String, String> params = new HashMap<>(); - params.put("orgUserId", orgUserId); - @SuppressWarnings("rawtypes") - List list = dataAccessService.executeNamedQuery("getUserIdByorgUserId", params, null); - Long userId = null; - if (list != null && !list.isEmpty()) - userId = (Long) list.get(0); - return userId; - } - - @SuppressWarnings("rawtypes") - private User findUser(String loginId, String password) { - Map<String, String> params = new HashMap<>(); - params.put("login_id", loginId); - params.put("login_pwd", password); - List list = dataAccessService.executeNamedQuery("getUserByLoginIdLoginPwd", params, new HashMap()); - return (list == null || list.isEmpty()) ? null : (User) list.get(0); - } - - @SuppressWarnings("rawtypes") - @Override - public User findUserWithoutPwd(String loginId) { - Map<String, String> params = new HashMap<>(); - params.put("org_user_id", loginId); - List list = dataAccessService.executeNamedQuery("getUserByOrgUserId", params, new HashMap()); - return (list == null || list.isEmpty()) ? null : (User) list.get(0); - } - - private MenuBuilder getMenuBuilder() { - return new MenuBuilder(); - } - -} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java deleted file mode 100644 index 14d8a5e2..00000000 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java +++ /dev/null @@ -1,385 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal SDK - * =================================================================== - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalsdk.external.authorization.service; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; -import java.util.TreeSet; - -import javax.naming.NamingException; -import javax.servlet.http.HttpServletRequest; - -import org.json.JSONArray; -import org.json.JSONObject; -import org.onap.portalsdk.core.command.PostSearchBean; -import org.onap.portalsdk.core.command.support.SearchResult; -import org.onap.portalsdk.core.domain.App; -import org.onap.portalsdk.core.domain.Role; -import org.onap.portalsdk.core.domain.RoleFunction; -import org.onap.portalsdk.core.domain.User; -import org.onap.portalsdk.core.domain.UserApp; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.onap.portalsdk.core.service.AppService; -import org.onap.portalsdk.core.service.DataAccessService; -import org.onap.portalsdk.core.service.LdapService; -import org.onap.portalsdk.core.service.PostSearchService; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessRole; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessRoleDescription; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail; -import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; -import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; -import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Service; -import org.springframework.web.client.RestTemplate; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.type.TypeFactory; - -@Service("userApiService") -public class UserApiServiceImpl implements UserApiService { - - private static final String PASSCODE = "password"; - - private static final String ID = "id"; - - private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/"; - - private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/"; - - private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate"; - - private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class); - - @Autowired - private LoginExternalAuthService loginAAFService; - - @Autowired - private LdapService ldapService; - - @Autowired - private PostSearchService postSearchService; - - @Autowired - private DataAccessService dataAccessService; - - RestTemplate template = new RestTemplate(); - - @Autowired - private AppService appService; - - @Override - public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException { - User user = null; - try { - String namespace = EcompExternalAuthProperties - .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); - HttpHeaders headers = getBasicAuthHeaders(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}", - orgUserId); - String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId - + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); - ResponseEntity<String> getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, - HttpMethod.GET, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getUserRoles: Finished GET user app roles from external auth system and body: {}", - getResponse.getBody()); - } - String userRoles = getResponse.getBody(); - ObjectMapper mapper = new ObjectMapper(); - List<ExternalAccessUserRoleDetail> userRoleDetailList = setExternalAccessUserRoles(namespace, userRoles, - mapper); - - if (userRoleDetailList.isEmpty()) { - throw new UserNotFoundException("User roles not found!"); - } else { - user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e); - } - return user; - - } - - private List<ExternalAccessUserRoleDetail> setExternalAccessUserRoles(String namespace, String userRoles, - ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException { - JSONObject userJsonObj; - JSONArray userJsonArray; - List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); - if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { - userJsonObj = new JSONObject(userRoles); - userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); - ExternalAccessUserRoleDetail userRoleDetail = null; - for (int i = 0; i < userJsonArray.length(); i++) { - JSONObject role = userJsonArray.getJSONObject(i); - if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) - .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) - && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) - .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)) { - ExternalAccessRoleDescription ecDesc = new ExternalAccessRoleDescription(); - if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils - .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { - ecDesc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), - ExternalAccessRoleDescription.class); - } - List<ExternalAccessPerms> ecPerms = new ArrayList<>(); - if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { - JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); - ecPerms = mapper.readValue(perms.toString(), TypeFactory.defaultInstance() - .constructCollectionType(List.class, ExternalAccessPerms.class)); - } - ExternalAccessRole ecRole = new ExternalAccessRole( - role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), ecPerms, ecDesc); - userRoleDetail = new ExternalAccessUserRoleDetail(ecRole); - userRoleDetailList.add(userRoleDetail); - } - } - } else { - throw new UserNotFoundException("User roles not found!"); - } - return userRoleDetailList; - } - - private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList, - String orgUserId, String namespace, HttpServletRequest request) throws Exception { - User user = loginAAFService.findUserWithoutPwd(orgUserId); - PostSearchBean postSearchBean = new PostSearchBean(); - if (user == null) { - postSearchBean.setOrgUserId(orgUserId); - postSearchService.process(request, postSearchBean); - postSearchBean.setSearchResult(loadSearchResultData(postSearchBean)); - user = (User) postSearchBean.getSearchResult().get(0); - user.setActive(true); - user.setLoginId(orgUserId); - dataAccessService.saveDomainObject(user, null); - } - App app = appService.getApp(1l); - try { - Set userApps = setUserApps(userRoleDetailList, namespace, user, app); - user.setUserApps(userApps); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); - throw e; - } - - return user; - } - - @SuppressWarnings({ "rawtypes", "unchecked" }) - private Set setUserApps(List<ExternalAccessUserRoleDetail> userRoleDetailList, String namespace, User user, - App app) { - Set userApps = new TreeSet(); - for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { - ExternalAccessRole ecRole = userRoleDetail.getRole(); - ExternalAccessRoleDescription roleDesc = ecRole.getDescription(); - UserApp userApp = new UserApp(); - Role role = new Role(); - Set roleFunctions = new TreeSet<>(); - if (roleDesc.getName() == null) { - role.setActive(true); - role.setName(ecRole.getName()); - } else { - role.setActive(Boolean.valueOf(roleDesc.getActive())); - role.setId(Long.valueOf(roleDesc.getAppRoleId())); - role.setName(roleDesc.getName()); - if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { - role.setPriority(Integer.valueOf(roleDesc.getPriority())); - } - } - for (ExternalAccessPerms extPerm : ecRole.getPerms()) { - RoleFunction roleFunction = new RoleFunction(); - roleFunction.setCode(extPerm.getInstance()); - roleFunction.setAction(extPerm.getAction()); - if (extPerm.getDescription() != null) { - roleFunction.setName(extPerm.getDescription()); - } - roleFunction.setType(extPerm.getType()); - roleFunctions.add(roleFunction); - } - role.setRoleFunctions(roleFunctions); - userApp.setApp(app); - userApp.setRole(role); - userApp.setUserId(user.getId()); - userApps.add(userApp); - } - return userApps; - } - - @Override - public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception { - ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = getBasicAuthHeaders(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}", - orgUserId); - String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId - + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); - ResponseEntity<String> getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, - HttpMethod.GET, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getRoleFunctions: Finished GET user perms from external system and body: {}", - getResponse.getBody()); - } - String userPerms = getResponse.getBody(); - List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms); - return convertToRoleFunctionList(extPermsList); - } - - private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms) - throws IOException, JsonParseException, JsonMappingException { - JSONObject userPermsJsonObj = null; - JSONArray userPermsJsonArray = null; - List<ExternalAccessPerms> extPermsList = new ArrayList<>(); - if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { - userPermsJsonObj = new JSONObject(userPerms); - userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); - for (int i = 0; i < userPermsJsonArray.length(); i++) { - JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); - if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE) - .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { - ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); - extPermsList.add(perm); - } - } - } - return extPermsList; - } - - private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) { - ResponseEntity<String> getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, - HttpMethod.GET, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}", - getResponse.getBody()); - } - return getResponse; - } - - private HttpHeaders getBasicAuthHeaders() throws Exception { - String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); - String encryptedPass = EcompExternalAuthProperties - .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD); - String decryptedPass = EcompExternalAuthUtils.decryptPass(encryptedPass); - return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass); - } - - private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) { - List<RoleFunction> roleFunctions = new ArrayList<>(); - String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); - for (ExternalAccessPerms extPerm : extPermsList) { - RoleFunction roleFunction = new RoleFunction(); - roleFunction.setCode(extPerm.getInstance()); - roleFunction.setAction(extPerm.getAction()); - if (extPerm.getDescription() != null) { - roleFunction.setName(extPerm.getDescription()); - } - roleFunction.setType(extPerm.getType()); - roleFunctions.add(roleFunction); - } - return roleFunctions; - } - - private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException { - return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(), - searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(), - searchCriteria.getNewDataSize(), 1); - } - - @Override - public ResponseEntity<String> checkUserExists(String username, String password) throws Exception { - username = changeIfUserDomainNotAppended(username); - HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password); - String appUsername = EcompExternalAuthProperties - .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); - String appPass = EcompExternalAuthUtils.decryptPass( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD)); - JSONObject credentials = new JSONObject(); - credentials.put(ID, appUsername); - credentials.put(PASSCODE, appPass); - HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers); - logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}", - username); - ResponseEntity<String> getResponse = template - .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) - + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "checkUserExists: Finished POST from external auth system to validate credentials and status: {}", - getResponse.getStatusCode().value()); - } - return getResponse; - } - - private String changeIfUserDomainNotAppended(String username) { - if (!EcompExternalAuthUtils.validate(username)) { - username = username - + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); - } - return username; - } - - @Override - public List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception { - HttpHeaders headers = getBasicAuthHeaders(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, - "getIfUserPermsExists: Connecting to external auth system for user {}", username); - username = changeIfUserDomainNotAppended(username); - String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username; - ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint); - return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody()); - } - -} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java index dc6559ab..8a2c1206 100644 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java @@ -44,8 +44,6 @@ import java.util.regex.Pattern; import javax.xml.bind.DatatypeConverter; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.onap.portalsdk.core.onboarding.util.CipherUtil; -import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -79,19 +77,7 @@ public class EcompExternalAuthUtils { return headers; } - public static String decryptPass(String encrypted) throws Exception { - String result = ""; - if (encrypted != null && encrypted.length() > 0) { - try { - result = CipherUtil.decryptPKC(encrypted, - SystemProperties.getProperty(SystemProperties.Decryption_Key)); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger,"decryptedPassword failed", e); - throw e; - } - } - return result; - } + /** * Validates, if given username has fully domain address |