diff options
Diffstat (limited to 'ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java')
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java | 385 |
1 files changed, 0 insertions, 385 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java deleted file mode 100644 index 14d8a5e2..00000000 --- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java +++ /dev/null @@ -1,385 +0,0 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal SDK - * =================================================================== - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. - * =================================================================== - * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * - */ -package org.onap.portalsdk.external.authorization.service; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Set; -import java.util.TreeSet; - -import javax.naming.NamingException; -import javax.servlet.http.HttpServletRequest; - -import org.json.JSONArray; -import org.json.JSONObject; -import org.onap.portalsdk.core.command.PostSearchBean; -import org.onap.portalsdk.core.command.support.SearchResult; -import org.onap.portalsdk.core.domain.App; -import org.onap.portalsdk.core.domain.Role; -import org.onap.portalsdk.core.domain.RoleFunction; -import org.onap.portalsdk.core.domain.User; -import org.onap.portalsdk.core.domain.UserApp; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; -import org.onap.portalsdk.core.service.AppService; -import org.onap.portalsdk.core.service.DataAccessService; -import org.onap.portalsdk.core.service.LdapService; -import org.onap.portalsdk.core.service.PostSearchService; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessRole; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessRoleDescription; -import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail; -import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; -import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; -import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Service; -import org.springframework.web.client.RestTemplate; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.type.TypeFactory; - -@Service("userApiService") -public class UserApiServiceImpl implements UserApiService { - - private static final String PASSCODE = "password"; - - private static final String ID = "id"; - - private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/"; - - private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/"; - - private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate"; - - private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class); - - @Autowired - private LoginExternalAuthService loginAAFService; - - @Autowired - private LdapService ldapService; - - @Autowired - private PostSearchService postSearchService; - - @Autowired - private DataAccessService dataAccessService; - - RestTemplate template = new RestTemplate(); - - @Autowired - private AppService appService; - - @Override - public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException { - User user = null; - try { - String namespace = EcompExternalAuthProperties - .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); - HttpHeaders headers = getBasicAuthHeaders(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}", - orgUserId); - String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId - + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); - ResponseEntity<String> getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, - HttpMethod.GET, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getUserRoles: Finished GET user app roles from external auth system and body: {}", - getResponse.getBody()); - } - String userRoles = getResponse.getBody(); - ObjectMapper mapper = new ObjectMapper(); - List<ExternalAccessUserRoleDetail> userRoleDetailList = setExternalAccessUserRoles(namespace, userRoles, - mapper); - - if (userRoleDetailList.isEmpty()) { - throw new UserNotFoundException("User roles not found!"); - } else { - user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e); - } - return user; - - } - - private List<ExternalAccessUserRoleDetail> setExternalAccessUserRoles(String namespace, String userRoles, - ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException { - JSONObject userJsonObj; - JSONArray userJsonArray; - List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>(); - if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { - userJsonObj = new JSONObject(userRoles); - userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); - ExternalAccessUserRoleDetail userRoleDetail = null; - for (int i = 0; i < userJsonArray.length(); i++) { - JSONObject role = userJsonArray.getJSONObject(i); - if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) - .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) - && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) - .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)) { - ExternalAccessRoleDescription ecDesc = new ExternalAccessRoleDescription(); - if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils - .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { - ecDesc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), - ExternalAccessRoleDescription.class); - } - List<ExternalAccessPerms> ecPerms = new ArrayList<>(); - if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { - JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); - ecPerms = mapper.readValue(perms.toString(), TypeFactory.defaultInstance() - .constructCollectionType(List.class, ExternalAccessPerms.class)); - } - ExternalAccessRole ecRole = new ExternalAccessRole( - role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), ecPerms, ecDesc); - userRoleDetail = new ExternalAccessUserRoleDetail(ecRole); - userRoleDetailList.add(userRoleDetail); - } - } - } else { - throw new UserNotFoundException("User roles not found!"); - } - return userRoleDetailList; - } - - private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList, - String orgUserId, String namespace, HttpServletRequest request) throws Exception { - User user = loginAAFService.findUserWithoutPwd(orgUserId); - PostSearchBean postSearchBean = new PostSearchBean(); - if (user == null) { - postSearchBean.setOrgUserId(orgUserId); - postSearchService.process(request, postSearchBean); - postSearchBean.setSearchResult(loadSearchResultData(postSearchBean)); - user = (User) postSearchBean.getSearchResult().get(0); - user.setActive(true); - user.setLoginId(orgUserId); - dataAccessService.saveDomainObject(user, null); - } - App app = appService.getApp(1l); - try { - Set userApps = setUserApps(userRoleDetailList, namespace, user, app); - user.setUserApps(userApps); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); - throw e; - } - - return user; - } - - @SuppressWarnings({ "rawtypes", "unchecked" }) - private Set setUserApps(List<ExternalAccessUserRoleDetail> userRoleDetailList, String namespace, User user, - App app) { - Set userApps = new TreeSet(); - for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { - ExternalAccessRole ecRole = userRoleDetail.getRole(); - ExternalAccessRoleDescription roleDesc = ecRole.getDescription(); - UserApp userApp = new UserApp(); - Role role = new Role(); - Set roleFunctions = new TreeSet<>(); - if (roleDesc.getName() == null) { - role.setActive(true); - role.setName(ecRole.getName()); - } else { - role.setActive(Boolean.valueOf(roleDesc.getActive())); - role.setId(Long.valueOf(roleDesc.getAppRoleId())); - role.setName(roleDesc.getName()); - if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { - role.setPriority(Integer.valueOf(roleDesc.getPriority())); - } - } - for (ExternalAccessPerms extPerm : ecRole.getPerms()) { - RoleFunction roleFunction = new RoleFunction(); - roleFunction.setCode(extPerm.getInstance()); - roleFunction.setAction(extPerm.getAction()); - if (extPerm.getDescription() != null) { - roleFunction.setName(extPerm.getDescription()); - } - roleFunction.setType(extPerm.getType()); - roleFunctions.add(roleFunction); - } - role.setRoleFunctions(roleFunctions); - userApp.setApp(app); - userApp.setRole(role); - userApp.setUserId(user.getId()); - userApps.add(userApp); - } - return userApps; - } - - @Override - public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception { - ObjectMapper mapper = new ObjectMapper(); - HttpHeaders headers = getBasicAuthHeaders(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}", - orgUserId); - String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId - + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); - ResponseEntity<String> getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, - HttpMethod.GET, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getRoleFunctions: Finished GET user perms from external system and body: {}", - getResponse.getBody()); - } - String userPerms = getResponse.getBody(); - List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms); - return convertToRoleFunctionList(extPermsList); - } - - private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms) - throws IOException, JsonParseException, JsonMappingException { - JSONObject userPermsJsonObj = null; - JSONArray userPermsJsonArray = null; - List<ExternalAccessPerms> extPermsList = new ArrayList<>(); - if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { - userPermsJsonObj = new JSONObject(userPerms); - userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); - for (int i = 0; i < userPermsJsonArray.length(); i++) { - JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); - if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE) - .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { - ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); - extPermsList.add(perm); - } - } - } - return extPermsList; - } - - private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) { - ResponseEntity<String> getResponse = template.exchange( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, - HttpMethod.GET, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}", - getResponse.getBody()); - } - return getResponse; - } - - private HttpHeaders getBasicAuthHeaders() throws Exception { - String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); - String encryptedPass = EcompExternalAuthProperties - .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD); - String decryptedPass = EcompExternalAuthUtils.decryptPass(encryptedPass); - return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass); - } - - private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) { - List<RoleFunction> roleFunctions = new ArrayList<>(); - String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); - for (ExternalAccessPerms extPerm : extPermsList) { - RoleFunction roleFunction = new RoleFunction(); - roleFunction.setCode(extPerm.getInstance()); - roleFunction.setAction(extPerm.getAction()); - if (extPerm.getDescription() != null) { - roleFunction.setName(extPerm.getDescription()); - } - roleFunction.setType(extPerm.getType()); - roleFunctions.add(roleFunction); - } - return roleFunctions; - } - - private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException { - return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(), - searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(), - searchCriteria.getNewDataSize(), 1); - } - - @Override - public ResponseEntity<String> checkUserExists(String username, String password) throws Exception { - username = changeIfUserDomainNotAppended(username); - HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password); - String appUsername = EcompExternalAuthProperties - .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); - String appPass = EcompExternalAuthUtils.decryptPass( - EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD)); - JSONObject credentials = new JSONObject(); - credentials.put(ID, appUsername); - credentials.put(PASSCODE, appPass); - HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers); - logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}", - username); - ResponseEntity<String> getResponse = template - .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) - + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class); - if (getResponse.getStatusCode().value() == 200) { - logger.debug(EELFLoggerDelegate.debugLogger, - "checkUserExists: Finished POST from external auth system to validate credentials and status: {}", - getResponse.getStatusCode().value()); - } - return getResponse; - } - - private String changeIfUserDomainNotAppended(String username) { - if (!EcompExternalAuthUtils.validate(username)) { - username = username - + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); - } - return username; - } - - @Override - public List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception { - HttpHeaders headers = getBasicAuthHeaders(); - HttpEntity<String> entity = new HttpEntity<>(headers); - logger.debug(EELFLoggerDelegate.debugLogger, - "getIfUserPermsExists: Connecting to external auth system for user {}", username); - username = changeIfUserDomainNotAppended(username); - String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username; - ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint); - return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody()); - } - -} |