summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/UserApiServiceImpl.java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/UserApiServiceImpl.java')
-rw-r--r--ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/UserApiServiceImpl.java316
1 files changed, 316 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/UserApiServiceImpl.java
new file mode 100644
index 00000000..074419e6
--- /dev/null
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/UserApiServiceImpl.java
@@ -0,0 +1,316 @@
+
+
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+package org.onap.portalsdk.core.service;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
+import javax.naming.NamingException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.onap.portalsdk.core.command.PostSearchBean;
+import org.onap.portalsdk.core.command.support.SearchResult;
+import org.onap.portalsdk.core.domain.App;
+import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.domain.RoleFunction;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.domain.UserApp;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.util.CipherUtil;
+import org.onap.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessRole;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessRoleDescription;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail;
+import org.onap.portalsdk.external.authorization.exception.UserNotFoundException;
+import org.onap.portalsdk.external.authorization.service.AAFRestServiceImpl;
+import org.onap.portalsdk.external.authorization.service.AAFService;
+import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties;
+import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+
+@Service("userApiService")
+public class UserApiServiceImpl implements UserApiService {
+
+
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class);
+
+ @Autowired
+ private LoginExternalAuthService loginAAFService;
+
+ @Autowired
+ private LdapService ldapService;
+
+ @Autowired
+ private PostSearchService postSearchService;
+
+ @Autowired
+ private DataAccessService dataAccessService;
+
+ RestTemplate template = new RestTemplate();
+
+ @Autowired
+ private AppService appService;
+
+
+ private AAFService aafService = new AAFRestServiceImpl();
+
+ @Override
+ public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException {
+ User user = null;
+ try {
+ String namespace = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
+
+ HttpHeaders headers = getBasicAuthHeaders();
+ String userRoles = aafService.getUser(orgUserId, request, headers);
+ ObjectMapper mapper = new ObjectMapper();
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = setExternalAccessUserRoles(namespace, userRoles,
+ mapper);
+
+ if (userRoleDetailList.isEmpty()) {
+ throw new UserNotFoundException("User roles not found!");
+ } else {
+ user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request);
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e);
+ }
+ return user;
+
+ }
+
+ private List<ExternalAccessUserRoleDetail> setExternalAccessUserRoles(String namespace, String userRoles,
+ ObjectMapper mapper) throws IOException, JsonParseException, JsonMappingException, UserNotFoundException {
+ JSONObject userJsonObj;
+ JSONArray userJsonArray;
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
+ if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
+ userJsonObj = new JSONObject(userRoles);
+ userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD);
+ ExternalAccessUserRoleDetail userRoleDetail = null;
+ for (int i = 0; i < userJsonArray.length(); i++) {
+ JSONObject role = userJsonArray.getJSONObject(i);
+ if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
+ .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN)
+ && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME)
+ .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER)) {
+ ExternalAccessRoleDescription ecDesc = new ExternalAccessRoleDescription();
+ if (role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils
+ .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) {
+ ecDesc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION),
+ ExternalAccessRoleDescription.class);
+ }
+ List<ExternalAccessPerms> ecPerms = new ArrayList<>();
+ if (role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) {
+ JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS);
+ ecPerms = mapper.readValue(perms.toString(), TypeFactory.defaultInstance()
+ .constructCollectionType(List.class, ExternalAccessPerms.class));
+ }
+ ExternalAccessRole ecRole = new ExternalAccessRole(
+ role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), ecPerms, ecDesc);
+ userRoleDetail = new ExternalAccessUserRoleDetail(ecRole);
+ userRoleDetailList.add(userRoleDetail);
+ }
+ }
+ } else {
+ throw new UserNotFoundException("User roles not found!");
+ }
+ return userRoleDetailList;
+ }
+
+ private User convertAAFUserRolesToEcompSDKUser(List<ExternalAccessUserRoleDetail> userRoleDetailList,
+ String orgUserId, String namespace, HttpServletRequest request) throws Exception {
+ User user = loginAAFService.findUserWithoutPwd(orgUserId);
+ PostSearchBean postSearchBean = new PostSearchBean();
+ if (user == null) {
+ postSearchBean.setOrgUserId(orgUserId);
+ postSearchService.process(request, postSearchBean);
+ postSearchBean.setSearchResult(loadSearchResultData(postSearchBean));
+ user = (User) postSearchBean.getSearchResult().get(0);
+ user.setActive(true);
+ user.setLoginId(orgUserId);
+ dataAccessService.saveDomainObject(user, null);
+ }
+ App app = appService.getApp(1l);
+ try {
+ Set userApps = setUserApps(userRoleDetailList, namespace, user, app);
+ user.setUserApps(userApps);
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e);
+ throw e;
+ }
+
+ return user;
+ }
+
+ @SuppressWarnings({ "rawtypes", "unchecked" })
+ private Set setUserApps(List<ExternalAccessUserRoleDetail> userRoleDetailList, String namespace, User user,
+ App app) {
+ Set userApps = new TreeSet();
+ for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) {
+ ExternalAccessRole ecRole = userRoleDetail.getRole();
+ ExternalAccessRoleDescription roleDesc = ecRole.getDescription();
+ UserApp userApp = new UserApp();
+ Role role = new Role();
+ Set roleFunctions = new TreeSet<>();
+ if (roleDesc.getName() == null) {
+ role.setActive(true);
+ role.setName(ecRole.getName());
+ } else {
+ role.setActive(Boolean.valueOf(roleDesc.getActive()));
+ role.setId(Long.valueOf(roleDesc.getAppRoleId()));
+ role.setName(roleDesc.getName());
+ if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) {
+ role.setPriority(Integer.valueOf(roleDesc.getPriority()));
+ }
+ }
+ for (ExternalAccessPerms extPerm : ecRole.getPerms()) {
+ RoleFunction roleFunction = new RoleFunction();
+ roleFunction.setCode(extPerm.getInstance());
+ roleFunction.setAction(extPerm.getAction());
+ if (extPerm.getDescription() != null
+ && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getDescription());
+ } else if (extPerm.getDescription() == null
+ && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|"
+ + extPerm.getInstance() + "|" + extPerm.getAction());
+ } else if (extPerm.getDescription() == null
+ && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
+ }
+ if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
+ } else {
+ roleFunction.setType(extPerm.getType());
+ }
+ roleFunctions.add(roleFunction);
+ }
+ role.setRoleFunctions(roleFunctions);
+ userApp.setApp(app);
+ userApp.setRole(role);
+ userApp.setUserId(user.getId());
+ userApps.add(userApp);
+ }
+ return userApps;
+ }
+
+ @Override
+ public List<RoleFunction> getRoleFunctions(String orgUserId) throws Exception {
+ HttpHeaders headers = getBasicAuthHeaders();
+ return aafService.getRoleFunctions(orgUserId,headers);
+ }
+
+
+ private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) {
+ ResponseEntity<String> getResponse = template.exchange(
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}",
+ getResponse.getBody());
+ }
+ return getResponse;
+ }
+
+ private HttpHeaders getBasicAuthHeaders() throws Exception {
+ String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
+ String encryptedPass = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
+ String decryptedPass = decryptPass(encryptedPass);
+ return EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(userName, decryptedPass);
+ }
+
+ public static String decryptPass(String encrypted) throws Exception {
+ String result = "";
+ if (encrypted != null && encrypted.length() > 0) {
+ try {
+ result = CipherUtil.decryptPKC(encrypted,
+ SystemProperties.getProperty(SystemProperties.Decryption_Key));
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger,"decryptedPassword failed", e);
+ throw e;
+ }
+ }
+ return result;
+ }
+
+
+ private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException {
+ return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(),
+ searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(),
+ searchCriteria.getNewDataSize(), 1);
+ }
+
+ @Override
+ public ResponseEntity<String> checkUserExists(String username, String password) throws Exception {
+ String encryptedPass = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD);
+ String appPassword = decryptPass(encryptedPass);
+ return aafService.checkUserExists(username,password, appPassword);
+ }
+
+
+
+ @Override
+ public List<ExternalAccessPerms> getIfUserPermsExists(String username) throws Exception {
+ HttpHeaders headers = getBasicAuthHeaders();
+ return aafService.getIfUserPermsExists(username,headers);
+ }
+
+} \ No newline at end of file