diff options
Diffstat (limited to 'ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java')
| -rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java | 319 |
1 files changed, 319 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java new file mode 100644 index 00000000..8425f7da --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java @@ -0,0 +1,319 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.TreeSet; + +import javax.naming.NamingException; +import javax.servlet.http.HttpServletRequest; + +import org.json.JSONArray; +import org.json.JSONObject; +import org.onap.portalsdk.core.command.PostSearchBean; +import org.onap.portalsdk.core.command.support.SearchResult; +import org.onap.portalsdk.core.domain.App; +import org.onap.portalsdk.core.domain.Role; +import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.service.AppService; +import org.onap.portalsdk.core.service.DataAccessService; +import org.onap.portalsdk.core.service.LdapService; +import org.onap.portalsdk.core.service.PostSearchService; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail; +import org.onap.portalsdk.external.authorization.domain.ExternalRoleDescription; +import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Service; +import org.springframework.web.client.RestTemplate; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.TypeFactory; + +@Service("userApiService") +public class UserApiServiceImpl implements UserApiService { + + private static final String AAF_GET_USER_ROLES_ENDPOINT = "roles/user/"; + + private static final String AAF_GET_USER_PERMS_ENDPOINT = "perms/user/"; + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class); + + @Autowired + private LoginExternalAuthService loginAAFService; + + @Autowired + private LdapService ldapService; + + @Autowired + private PostSearchService postSearchService; + + @Autowired + private DataAccessService dataAccessService; + + RestTemplate template = new RestTemplate(); + + @Autowired + private AppService appService; + + @Override + public User getUser(String orgUserId, HttpServletRequest request) + throws UserNotFoundException { + User user = null; + try { + String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external system for user {}", + orgUserId); + String endPoint = AAF_GET_USER_ROLES_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, + String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getUserRoles: Finished GET unp ser roles from external system and body: {}", + getResponse.getBody()); + } + String userRoles = getResponse.getBody(); + JSONObject userJsonObj = null; + JSONArray userJsonArray = null; + ObjectMapper mapper = new ObjectMapper(); + List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); + if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userJsonObj = new JSONObject(userRoles); + userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); + ExternalAccessUserRoleDetail userRoleDetail = null; + for (int i = 0; i < userJsonArray.length(); i++) { + JSONObject role = userJsonArray.getJSONObject(i); + if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME).endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) + && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) + .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER) + && EcompExternalAuthUtils.checkNameSpaceMatching(role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), + namespace)) { + ExternalRoleDescription desc = new ExternalRoleDescription(); + if(role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) + && EcompExternalAuthUtils + .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { + desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), + ExternalRoleDescription.class); + } + if(role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { + JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); + List<ExternalAccessPerms> permsList = mapper.readValue(perms.toString(), TypeFactory + .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class)); + desc.setPermissions(permsList); + } + userRoleDetail = new ExternalAccessUserRoleDetail( + role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc); + userRoleDetailList.add(userRoleDetail); + } + } + } else { + throw new UserNotFoundException("User roles not found!"); + } + + if (userRoleDetailList.isEmpty()) { + throw new UserNotFoundException("User roles not found!"); + } else { + user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e); + } + return user; + + } + + @SuppressWarnings({ "rawtypes", "unchecked" }) + private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList, + String orgUserId, String namespace, HttpServletRequest request) + throws Exception { + User user = loginAAFService.findUserWithoutPwd(orgUserId); + PostSearchBean postSearchBean = new PostSearchBean(); + if (user == null) { + postSearchBean.setOrgUserId(orgUserId); + postSearchService.process(request, postSearchBean); + postSearchBean.setSearchResult(loadSearchResultData(postSearchBean)); + user = (User) postSearchBean.getSearchResult().get(0); + user.setActive(true); + user.setLoginId(orgUserId); + dataAccessService.saveDomainObject(user, null); + } + App app = appService.getApp(1l); + try { + Set userApps = new TreeSet(); + for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { + ExternalRoleDescription roleDesc = userRoleDetail.getDescription(); + UserApp userApp = new UserApp(); + Role role = new Role(); + Set roleFunctions = new TreeSet<>(); + if (roleDesc != null) { + if (roleDesc.getName() == null) { + role.setActive(true); + role.setName(userRoleDetail.getName().substring(namespace.length() + 1)); + } else { + role.setActive(Boolean.valueOf(roleDesc.getActive())); + role.setId(Long.valueOf(roleDesc.getAppRoleId())); + role.setName(roleDesc.getName()); + if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { + role.setPriority(Integer.valueOf(roleDesc.getPriority())); + } + } + for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + + extPerm.getInstance() + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName( + extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + } + role.setRoleFunctions(roleFunctions); + userApp.setApp(app); + userApp.setRole(role); + userApp.setUserId(user.getId()); + userApps.add(userApp); + } + user.setUserApps(userApps); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); + throw e; + } + + return user; + } + + @Override + public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception { + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external system for user {}", + orgUserId); + String endPoint = AAF_GET_USER_PERMS_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, + String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getRoleFunctions: Finished GET user perms from external system and body: {}", + getResponse.getBody()); + } + String userPerms = getResponse.getBody(); + JSONObject userPermsJsonObj = null; + JSONArray userPermsJsonArray = null; + List<ExternalAccessPerms> extPermsList = new ArrayList<>(); + if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userPermsJsonObj = new JSONObject(userPerms); + userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); + for (int i = 0; i < userPermsJsonArray.length(); i++) { + JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); + if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE).endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { + ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); + extPermsList.add(perm); + } + } + } + return convertToRoleFunctionList(extPermsList); + } + + private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) { + List<RoleFunction> roleFunctions = new ArrayList<>(); + String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + for (ExternalAccessPerms extPerm : extPermsList) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + return roleFunctions; + } + + private SearchResult loadSearchResultData(PostSearchBean searchCriteria) + throws NamingException { + return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(), + searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(), + searchCriteria.getNewDataSize(), 1); + } + +} |