summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-aaf
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-aaf')
-rw-r--r--ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java21
-rw-r--r--ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java308
-rw-r--r--ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java2
-rw-r--r--ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java24
-rw-r--r--ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java46
-rw-r--r--ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java16
6 files changed, 291 insertions, 126 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java
index 14aeaf5e..3d112268 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java
@@ -43,7 +43,9 @@ import javax.servlet.http.HttpServletRequest;
import org.onap.portalsdk.core.domain.RoleFunction;
import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms;
import org.onap.portalsdk.external.authorization.exception.UserNotFoundException;
+import org.springframework.http.ResponseEntity;
public interface UserApiService {
@@ -63,4 +65,23 @@ public interface UserApiService {
*/
List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception;
+ /**
+ * Check if user exist in external auth system
+ *
+ * @param username
+ * @param password
+ * @return Response<String>
+ * @throws Exception
+ */
+ ResponseEntity<String> checkUserExists(String username, String password) throws Exception;
+
+ /**
+ * Get if user has any perms
+ *
+ * @param username
+ * @param password
+ * @return List<ExternalAccessPerms>
+ * @throws Exception
+ */
+ List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception;
}
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
index fb320c17..bfe9808b 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java
@@ -37,6 +37,7 @@
*/
package org.onap.portalsdk.external.authorization.service;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
@@ -73,15 +74,23 @@ import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.type.TypeFactory;
@Service("userApiService")
public class UserApiServiceImpl implements UserApiService {
- private static final String AAF_GET_USER_ROLES_ENDPOINT = "roles/user/";
+ private static final String PASSCODE = "password";
- private static final String AAF_GET_USER_PERMS_ENDPOINT = "perms/user/";
+ private static final String ID = "id";
+
+ private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/";
+
+ private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/";
+
+ private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate";
private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class);
@@ -103,62 +112,29 @@ public class UserApiServiceImpl implements UserApiService {
private AppService appService;
@Override
- public User getUser(String orgUserId, HttpServletRequest request)
- throws UserNotFoundException {
+ public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException {
User user = null;
try {
- String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
- HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+ String namespace = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
+ HttpHeaders headers = getBasicAuthHeaders();
HttpEntity<String> entity = new HttpEntity<>(headers);
- logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external system for user {}",
+ logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}",
orgUserId);
- String endPoint = AAF_GET_USER_ROLES_ENDPOINT + orgUserId
+ String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
ResponseEntity<String> getResponse = template.exchange(
- EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity,
- String.class);
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
if (getResponse.getStatusCode().value() == 200) {
logger.debug(EELFLoggerDelegate.debugLogger,
- "getUserRoles: Finished GET unp ser roles from external system and body: {}",
+ "getUserRoles: Finished GET unp ser roles from external auth system and body: {}",
getResponse.getBody());
}
String userRoles = getResponse.getBody();
- JSONObject userJsonObj = null;
- JSONArray userJsonArray = null;
ObjectMapper mapper = new ObjectMapper();
- List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
- if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
- userJsonObj = new JSONObject(userRoles);
- userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD);
- ExternalAccessUserRoleDetail userRoleDetail = null;
- for (int i = 0; i < userJsonArray.length(); i++) {
- JSONObject role = userJsonArray.getJSONObject(i);
- if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME).endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN)
- && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
- .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)
- && EcompExternalAuthUtils.checkNameSpaceMatching(role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME),
- namespace)) {
- ExternalRoleDescription desc = new ExternalRoleDescription();
- if(role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION)
- && EcompExternalAuthUtils
- .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) {
- desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION),
- ExternalRoleDescription.class);
- }
- if(role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) {
- JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS);
- List<ExternalAccessPerms> permsList = mapper.readValue(perms.toString(), TypeFactory
- .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class));
- desc.setPermissions(permsList);
- }
- userRoleDetail = new ExternalAccessUserRoleDetail(
- role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc);
- userRoleDetailList.add(userRoleDetail);
- }
- }
- } else {
- throw new UserNotFoundException("User roles not found!");
- }
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = setExterbalAccessUserRoles(namespace, userRoles,
+ mapper);
if (userRoleDetailList.isEmpty()) {
throw new UserNotFoundException("User roles not found!");
@@ -172,10 +148,48 @@ public class UserApiServiceImpl implements UserApiService {
}
- @SuppressWarnings({ "rawtypes", "unchecked" })
+ private List<ExternalAccessUserRoleDetail> setExterbalAccessUserRoles(String namespace, String userRoles,
+ ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException {
+ JSONObject userJsonObj;
+ JSONArray userJsonArray;
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
+ if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
+ userJsonObj = new JSONObject(userRoles);
+ userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD);
+ ExternalAccessUserRoleDetail userRoleDetail = null;
+ for (int i = 0; i < userJsonArray.length(); i++) {
+ JSONObject role = userJsonArray.getJSONObject(i);
+ if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
+ .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN)
+ && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
+ .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)
+ && EcompExternalAuthUtils.checkNameSpaceMatching(
+ role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), namespace)) {
+ ExternalRoleDescription desc = new ExternalRoleDescription();
+ if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils
+ .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) {
+ desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION),
+ ExternalRoleDescription.class);
+ }
+ if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) {
+ JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS);
+ List<ExternalAccessPerms> permsList = mapper.readValue(perms.toString(), TypeFactory
+ .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class));
+ desc.setPermissions(permsList);
+ }
+ userRoleDetail = new ExternalAccessUserRoleDetail(
+ role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc);
+ userRoleDetailList.add(userRoleDetail);
+ }
+ }
+ } else {
+ throw new UserNotFoundException("User roles not found!");
+ }
+ return userRoleDetailList;
+ }
+
private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList,
- String orgUserId, String namespace, HttpServletRequest request)
- throws Exception {
+ String orgUserId, String namespace, HttpServletRequest request) throws Exception {
User user = loginAAFService.findUserWithoutPwd(orgUserId);
PostSearchBean postSearchBean = new PostSearchBean();
if (user == null) {
@@ -189,56 +203,7 @@ public class UserApiServiceImpl implements UserApiService {
}
App app = appService.getApp(1l);
try {
- Set userApps = new TreeSet();
- for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) {
- ExternalRoleDescription roleDesc = userRoleDetail.getDescription();
- UserApp userApp = new UserApp();
- Role role = new Role();
- Set roleFunctions = new TreeSet<>();
- if (roleDesc != null) {
- if (roleDesc.getName() == null) {
- role.setActive(true);
- role.setName(userRoleDetail.getName().substring(namespace.length() + 1));
- } else {
- role.setActive(Boolean.valueOf(roleDesc.getActive()));
- role.setId(Long.valueOf(roleDesc.getAppRoleId()));
- role.setName(roleDesc.getName());
- if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) {
- role.setPriority(Integer.valueOf(roleDesc.getPriority()));
- }
- }
- if (roleDesc.getPermissions() != null) {
- for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) {
- RoleFunction roleFunction = new RoleFunction();
- roleFunction.setCode(extPerm.getInstance());
- roleFunction.setAction(extPerm.getAction());
- if (extPerm.getDescription() != null
- && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
- roleFunction.setName(extPerm.getDescription());
- } else if (extPerm.getDescription() == null
- && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
- roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|"
- + extPerm.getInstance() + "|" + extPerm.getAction());
- } else if (extPerm.getDescription() == null
- && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
- roleFunction.setName(
- extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
- }
- if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
- roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
- } else {
- roleFunction.setType(extPerm.getType());
- }
- roleFunctions.add(roleFunction);
- }
- }
- }
- role.setRoleFunctions(roleFunctions);
- userApp.setApp(app);
- userApp.setRole(role);
- userApp.setUserId(user.getId());
- userApps.add(userApp);
- }
+ Set userApps = setUserApps(userRoleDetailList, namespace, user, app);
user.setUserApps(userApps);
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e);
@@ -248,24 +213,86 @@ public class UserApiServiceImpl implements UserApiService {
return user;
}
+ @SuppressWarnings({ "rawtypes", "unchecked" })
+ private Set setUserApps(List<ExternalAccessUserRoleDetail> userRoleDetailList, String namespace, User user,
+ App app) {
+ Set userApps = new TreeSet();
+ for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) {
+ ExternalRoleDescription roleDesc = userRoleDetail.getDescription();
+ UserApp userApp = new UserApp();
+ Role role = new Role();
+ Set roleFunctions = new TreeSet<>();
+ if (roleDesc != null) {
+ if (roleDesc.getName() == null) {
+ role.setActive(true);
+ role.setName(userRoleDetail.getName().substring(namespace.length() + 1));
+ } else {
+ role.setActive(Boolean.valueOf(roleDesc.getActive()));
+ role.setId(Long.valueOf(roleDesc.getAppRoleId()));
+ role.setName(roleDesc.getName());
+ if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) {
+ role.setPriority(Integer.valueOf(roleDesc.getPriority()));
+ }
+ }
+ if (roleDesc.getPermissions() != null) {
+ for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) {
+ RoleFunction roleFunction = new RoleFunction();
+ roleFunction.setCode(extPerm.getInstance());
+ roleFunction.setAction(extPerm.getAction());
+ if (extPerm.getDescription() != null
+ && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getDescription());
+ } else if (extPerm.getDescription() == null
+ && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|"
+ + extPerm.getInstance() + "|" + extPerm.getAction());
+ } else if (extPerm.getDescription() == null
+ && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(
+ extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
+ }
+ if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
+ } else {
+ roleFunction.setType(extPerm.getType());
+ }
+ roleFunctions.add(roleFunction);
+ }
+ }
+ }
+ role.setRoleFunctions(roleFunctions);
+ userApp.setApp(app);
+ userApp.setRole(role);
+ userApp.setUserId(user.getId());
+ userApps.add(userApp);
+ }
+ return userApps;
+ }
+
@Override
public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception {
ObjectMapper mapper = new ObjectMapper();
- HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+ HttpHeaders headers = getBasicAuthHeaders();
HttpEntity<String> entity = new HttpEntity<>(headers);
- logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external system for user {}",
+ logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}",
orgUserId);
- String endPoint = AAF_GET_USER_PERMS_ENDPOINT + orgUserId
+ String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
ResponseEntity<String> getResponse = template.exchange(
- EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity,
- String.class);
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
if (getResponse.getStatusCode().value() == 200) {
logger.debug(EELFLoggerDelegate.debugLogger,
"getRoleFunctions: Finished GET user perms from external system and body: {}",
getResponse.getBody());
}
String userPerms = getResponse.getBody();
+ List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms);
+ return convertToRoleFunctionList(extPermsList);
+ }
+
+ private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms)
+ throws IOException, JsonParseException, JsonMappingException {
JSONObject userPermsJsonObj = null;
JSONArray userPermsJsonArray = null;
List<ExternalAccessPerms> extPermsList = new ArrayList<>();
@@ -274,13 +301,34 @@ public class UserApiServiceImpl implements UserApiService {
userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD);
for (int i = 0; i < userPermsJsonArray.length(); i++) {
JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i);
- if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE).endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
+ if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE)
+ .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class);
extPermsList.add(perm);
}
}
}
- return convertToRoleFunctionList(extPermsList);
+ return extPermsList;
+ }
+
+ private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) {
+ ResponseEntity<String> getResponse = template.exchange(
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}",
+ getResponse.getBody());
+ }
+ return getResponse;
+ }
+
+ private HttpHeaders getBasicAuthHeaders() throws Exception {
+ String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
+ String encryptedPass = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
+ String decryptedPass = EcompExternalAuthUtils.decryptPass(encryptedPass);
+ return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass);
}
private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) {
@@ -311,11 +359,55 @@ public class UserApiServiceImpl implements UserApiService {
return roleFunctions;
}
- private SearchResult loadSearchResultData(PostSearchBean searchCriteria)
- throws NamingException {
+ private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException {
return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(),
searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(),
searchCriteria.getNewDataSize(), 1);
}
+ @Override
+ public ResponseEntity<String> checkUserExists(String username, String password) throws Exception {
+ username = changeIfUserDomainNotAppended(username);
+ HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password);
+ String appUsername = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
+ String appPass = EcompExternalAuthUtils.decryptPass(
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD));
+ JSONObject credentials = new JSONObject();
+ credentials.put(ID, appUsername);
+ credentials.put(PASSCODE, appPass);
+ HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}",
+ username);
+ ResponseEntity<String> getResponse = template.exchange(EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL)
+ + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "checkUserExists: Finished POST from external auth system to validate credentials and status: {}",
+ getResponse.getStatusCode().value());
+ }
+ return getResponse;
+ }
+
+ private String changeIfUserDomainNotAppended(String username) {
+ if (!EcompExternalAuthUtils.validate(username)) {
+ username = username + EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
+ }
+ return username;
+ }
+
+ @Override
+ public List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception {
+ HttpHeaders headers = getBasicAuthHeaders();
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getIfUserPermsExists: Connecting to external auth system for user {}", username);
+ username = changeIfUserDomainNotAppended(username);
+ String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username;
+ ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint);
+ return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody());
+ }
+
}
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java
index 87d4c1fd..d5d04326 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java
@@ -51,6 +51,8 @@ public class EcompExternalAuthProperties {
public static final String EXTERNAL_AUTH_PASSWORD = "extern_auth_password";
public static final String EXTERNAL_AUTH_URL = "extern_auth_url";
+
+ public static final String EXTERNAL_AUTH_VALIDATE_CREDENTIALS_URL = "extern_auth_validate_creds_url";
public static final String EXTERNAL_AUTH_USER_DOMAIN = "extern_auth_user_domain";
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java
index 6f4ff29a..dc6559ab 100644
--- a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java
@@ -38,6 +38,8 @@
package org.onap.portalsdk.external.authorization.util;
import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.xml.bind.DatatypeConverter;
@@ -65,11 +67,11 @@ public class EcompExternalAuthUtils {
public static final String EXT_ROLE_FIELD_OWNER = ".owner";
public static final String EXT_ROLE_FIELD_ADMIN = ".admin";
- public static HttpHeaders base64encodeKeyForAAFBasicAuth() throws Exception {
- String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
- String encryptedPass = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
- String decryptedPass = decryptPass(encryptedPass);
- String usernamePass = userName + ":" + decryptedPass;
+ public static final Pattern VALID_USER_DOMAIN_ADDRESS_REGEX =
+ Pattern.compile("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$", Pattern.CASE_INSENSITIVE);
+
+ public static HttpHeaders base64encodeKeyForAAFBasicAuth(String username, String password) throws Exception {
+ String usernamePass = username + ":" + password;
String encToBase64 = String.valueOf((DatatypeConverter.printBase64Binary(usernamePass.getBytes())));
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization", "Basic " + encToBase64);
@@ -77,7 +79,7 @@ public class EcompExternalAuthUtils {
return headers;
}
- private static String decryptPass(String encrypted) throws Exception {
+ public static String decryptPass(String encrypted) throws Exception {
String result = "";
if (encrypted != null && encrypted.length() > 0) {
try {
@@ -92,6 +94,16 @@ public class EcompExternalAuthUtils {
}
/**
+ * Validates, if given username has fully domain address
+ * @param String
+ * @return true or false
+ */
+ public static boolean validate(String username) {
+ Matcher matcher = VALID_USER_DOMAIN_ADDRESS_REGEX.matcher(username);
+ return matcher.find();
+ }
+
+ /**
*
* It checks whether the namespace is matching or not
*
diff --git a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java
index d93b03c1..9836c5f1 100644
--- a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java
+++ b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImplTest.java
@@ -37,6 +37,7 @@
*/
package org.onap.portalsdk.external.authorization.service;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -83,6 +84,7 @@ import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.RestTemplate;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -132,7 +134,7 @@ public class UserApiServiceImplTest {
PowerMockito.mockStatic(SystemProperties.class);
Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE))
.thenReturn("com.test.app2");
- Mockito.when(EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth()).thenReturn(new HttpHeaders());
+ Mockito.when(EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(Matchers.anyString(), Matchers.anyString())).thenReturn(new HttpHeaders());
Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN))
.thenReturn("@test.com");
MockitoAnnotations.initMocks(this);
@@ -286,6 +288,15 @@ public class UserApiServiceImplTest {
@Test
public void getRoleFunctionsTest() throws Exception {
+ JSONObject mockJsonObjectPerms = mockUserPerms();
+ ResponseEntity<String> response = new ResponseEntity<>(mockJsonObjectPerms.toString(), HttpStatus.OK);
+ Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
+ Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(response);
+ List<RoleFunction> actual = UserApiServiceImpl.getRoleFunctions("test123");
+ assertNotNull(actual);
+ }
+
+ private JSONObject mockUserPerms() {
JSONObject mockJsonObjectPerms = new JSONObject();
JSONObject mockJsonObjectPerm1 = new JSONObject();
JSONObject mockJsonObjectPerm2 = new JSONObject();
@@ -304,10 +315,39 @@ public class UserApiServiceImplTest {
permsList.add(mockJsonObjectPerm1);
permsList.add(mockJsonObjectPerm2);
mockJsonObjectPerms.put("perm", permsList);
+ return mockJsonObjectPerms;
+ }
+
+ @Test
+ public void checkUserExistsTest() throws Exception {
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST),
+ Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(response);
+ ResponseEntity<String> actual = UserApiServiceImpl.checkUserExists("test", "test");
+ assertNotNull(actual);
+ }
+
+ @Test(expected = HttpClientErrorException.class)
+ public void checkUserExistsExceptionTest() throws Exception {
+ Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.POST),
+ Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenThrow(new HttpClientErrorException(HttpStatus.UNAUTHORIZED));
+ UserApiServiceImpl.checkUserExists("test", "test");
+ }
+
+ @Test
+ public void getIfUserPermsExistsTest() throws Exception {
+ JSONObject mockJsonObjectPerms = mockUserPerms();
ResponseEntity<String> response = new ResponseEntity<>(mockJsonObjectPerms.toString(), HttpStatus.OK);
Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenReturn(response);
- List<RoleFunction> actual = UserApiServiceImpl.getRoleFunctions("test123");
- assertNotNull(actual);
+ UserApiServiceImpl.getIfUserPermsExists("test123@test.com");
+ }
+
+ @Test(expected = HttpClientErrorException.class)
+ public void getIfUserPermsExistsInvalidUserTest() throws Exception {
+ Mockito.when(template.exchange(Matchers.anyString(), Matchers.eq(HttpMethod.GET),
+ Matchers.<HttpEntity<String>>any(), Matchers.eq(String.class))).thenThrow(new HttpClientErrorException(HttpStatus.UNAUTHORIZED));
+ UserApiServiceImpl.getIfUserPermsExists("test1");
}
+
}
diff --git a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java
index b35a1cda..4357b0a5 100644
--- a/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java
+++ b/ecomp-sdk/epsdk-aaf/src/test/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtilsTest.java
@@ -41,20 +41,21 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import javax.xml.bind.DatatypeConverter;
+
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.onap.portalsdk.core.onboarding.util.CipherUtil;
-import org.onap.portalsdk.core.util.SystemProperties;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.springframework.http.HttpHeaders;
@RunWith(PowerMockRunner.class)
-@PrepareForTest({ EcompExternalAuthProperties.class, CipherUtil.class })
+@PrepareForTest({ EcompExternalAuthProperties.class, CipherUtil.class, DatatypeConverter.class })
public class EcompExternalAuthUtilsTest {
public static final String EXT_EMPTY_JSON_STRING = "{}";
@@ -73,6 +74,7 @@ public class EcompExternalAuthUtilsTest {
public void setup() {
PowerMockito.mockStatic(EcompExternalAuthProperties.class);
PowerMockito.mockStatic(CipherUtil.class);
+ PowerMockito.mockStatic(DatatypeConverter.class);
Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME))
.thenReturn("test_username");
Mockito.when(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD))
@@ -82,19 +84,15 @@ public class EcompExternalAuthUtilsTest {
@Test
public void base64encodeKeyForAAFBasicAuthTest() throws Exception {
- Mockito.when(
- CipherUtil.decryptPKC("test_password", SystemProperties.getProperty(SystemProperties.Decryption_Key)))
- .thenReturn("test_decrypted_password");
- HttpHeaders actual = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+ HttpHeaders actual = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth("test", "test");
assertNotNull(actual);
}
@Test(expected = NullPointerException.class)
public void base64encodeKeyForAAFBasicAuthDecryptPassExceptionTest() throws Exception {
- Mockito.when(
- CipherUtil.decryptPKC("test_password", SystemProperties.getProperty(SystemProperties.Decryption_Key)))
+ Mockito.when(DatatypeConverter.printBase64Binary("test:test".getBytes()))
.thenThrow(new NullPointerException());
- EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth();
+ EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth("test", "test");
}
@Test