From c607da68bfb7f7440d5be7f0396609dc01eb0e90 Mon Sep 17 00:00:00 2001 From: sa282w Date: Tue, 1 May 2018 16:45:26 -0400 Subject: Changes for 2.4.0-SNAPSHOT Issue-ID: PORTAL-210 Included the pom changes for 2.4.0-SNAPSHOT, music and AAF changes. Change-Id: Ib1e1c2679271aa40eb3b50397724e8cdc5ffe01c Signed-off-by: sa282w --- .../authorization/domain/ExternalAccessPerms.java | 178 ++++++++++++ .../domain/ExternalAccessPermsDetail.java | 127 ++++++++ .../authorization/domain/ExternalAccessRole.java | 76 +++++ .../domain/ExternalAccessRolePerms.java | 66 +++++ .../authorization/domain/ExternalAccessUser.java | 65 +++++ .../domain/ExternalAccessUserRoleDetail.java | 104 +++++++ .../authorization/domain/ExternalAuthUserRole.java | 74 +++++ .../domain/ExternalRoleDescription.java | 150 ++++++++++ .../exception/UserNotFoundException.java | 47 +++ .../service/LoginExternalAuthService.java | 80 ++++++ .../service/LoginExternalAuthServiceImpl.java | 252 ++++++++++++++++ .../authorization/service/UserApiService.java | 66 +++++ .../authorization/service/UserApiServiceImpl.java | 319 +++++++++++++++++++++ .../util/EcompExternalAuthProperties.java | 123 ++++++++ .../authorization/util/EcompExternalAuthUtils.java | 139 +++++++++ 15 files changed, 1866 insertions(+) create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPerms.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPermsDetail.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRole.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRolePerms.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUser.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUserRoleDetail.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAuthUserRole.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalRoleDescription.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/exception/UserNotFoundException.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java create mode 100644 ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java (limited to 'ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external') diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPerms.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPerms.java new file mode 100644 index 00000000..80956e64 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPerms.java @@ -0,0 +1,178 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +import java.io.Serializable; + +public class ExternalAccessPerms implements Serializable, Comparable { + + /** + * + */ + private static final long serialVersionUID = -200964838466882602L; + private String type; + private String instance; + private String action; + private String description; + + public ExternalAccessPerms() { + super(); + } + + public ExternalAccessPerms(String type, String instance, String action, String description) { + super(); + this.type = type; + this.instance = instance; + this.action = action; + this.description = description; + } + + public ExternalAccessPerms(String type, String instance, String action) { + super(); + this.type = type; + this.instance = instance; + this.action = action; + } + + /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type + * the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * @return the instance + */ + public String getInstance() { + return instance; + } + + /** + * @param instance + * the instance to set + */ + public void setInstance(String instance) { + this.instance = instance; + } + + /** + * @return the action + */ + public String getAction() { + return action; + } + + /** + * @param action + * the action to set + */ + public void setAction(String action) { + this.action = action; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + @Override + public int compareTo(Object obj) { + ExternalAccessPerms other = (ExternalAccessPerms) obj; + + String c1 = getInstance(); + String c2 = other.getInstance(); + + return (c1 == null || c2 == null) ? 1 : c1.compareTo(c2); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((action == null) ? 0 : action.hashCode()); + result = prime * result + ((description == null) ? 0 : description.hashCode()); + result = prime * result + ((instance == null) ? 0 : instance.hashCode()); + result = prime * result + ((type == null) ? 0 : type.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + ExternalAccessPerms other = (ExternalAccessPerms) obj; + if (action == null) { + if (other.action != null) + return false; + } else if (!action.equals(other.action)) + return false; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (instance == null) { + if (other.instance != null) + return false; + } else if (!instance.equals(other.instance)) + return false; + if (type == null) { + if (other.type != null) + return false; + } else if (!type.equals(other.type)) + return false; + return true; + } + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPermsDetail.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPermsDetail.java new file mode 100644 index 00000000..fab7d2c0 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessPermsDetail.java @@ -0,0 +1,127 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +import java.util.List; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonRootName; + +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonRootName(value="perm") +public class ExternalAccessPermsDetail { + + private String type; + private String instance; + private String action; + private List roles; + private String description; + + + + public ExternalAccessPermsDetail() { + super(); + } + + /** + * @param type + * @param instance + * @param action + * @param roles + * @param description + */ + public ExternalAccessPermsDetail(String type, String instance, String action, List roles, + String description) { + super(); + this.type = type; + this.instance = instance; + this.action = action; + this.roles = roles; + this.description = description; + } + + /** + * @param type + * @param instance + * @param action + * @param description + */ + public ExternalAccessPermsDetail(String type, String instance, String action, + String description) { + super(); + this.type = type; + this.instance = instance; + this.action = action; + this.description = description; + } + + public String getType() { + return type; + } + public void setType(String type) { + this.type = type; + } + public String getInstance() { + return instance; + } + public void setInstance(String instance) { + this.instance = instance; + } + public String getAction() { + return action; + } + public void setAction(String action) { + this.action = action; + } + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + this.roles = roles; + } + + public String getDescription() { + return description; + } + public void setDescription(String description) { + this.description = description; + } + + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRole.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRole.java new file mode 100644 index 00000000..a14a4b5f --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRole.java @@ -0,0 +1,76 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +import java.io.Serializable; + +public class ExternalAccessRole implements Serializable { + + /** + * + */ + private static final long serialVersionUID = 3439986826362436339L; + public String name; + public String description; + + public ExternalAccessRole() { + + } + + public ExternalAccessRole(String name, String description) { + super(); + this.name = name; + this.description = description; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + public void setDescription(String description) { + this.description = description; + } + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRolePerms.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRolePerms.java new file mode 100644 index 00000000..f38b2f9f --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessRolePerms.java @@ -0,0 +1,66 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +public class ExternalAccessRolePerms { + + private ExternalAccessPerms perm; + private String role; + + + public ExternalAccessRolePerms(ExternalAccessPerms perm, String role) { + super(); + this.perm = perm; + this.role = role; + } + + public ExternalAccessPerms getPerm() { + return perm; + } + public void setPerm(ExternalAccessPerms perm) { + this.perm = perm; + } + public String getRole() { + return role; + } + public void setRole(String role) { + this.role = role; + } + + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUser.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUser.java new file mode 100644 index 00000000..3ca88991 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUser.java @@ -0,0 +1,65 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +public class ExternalAccessUser { + + private String user; + private String role; + + public ExternalAccessUser(String user, String role) { + super(); + this.user = user; + this.role = role; + } + + public String getUser() { + return user; + } + public void setUser(String user) { + this.user = user; + } + public String getRole() { + return role; + } + public void setRole(String role) { + this.role = role; + } + + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUserRoleDetail.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUserRoleDetail.java new file mode 100644 index 00000000..5106f387 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAccessUserRoleDetail.java @@ -0,0 +1,104 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +public class ExternalAccessUserRoleDetail { + + private String name; + private ExternalRoleDescription description; + + + /** + * + */ + public ExternalAccessUserRoleDetail() { + super(); + } + + public ExternalAccessUserRoleDetail(String name, ExternalRoleDescription description) { + super(); + this.name = name; + this.description = description; + } + + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + public ExternalRoleDescription getDescription() { + return description; + } + public void setDescription(ExternalRoleDescription description) { + this.description = description; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((description == null) ? 0 : description.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + ExternalAccessUserRoleDetail other = (ExternalAccessUserRoleDetail) obj; + if (description == null) { + if (other.description != null) + return false; + } else if (!description.equals(other.description)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + return true; + } + + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAuthUserRole.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAuthUserRole.java new file mode 100644 index 00000000..33e21f2c --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalAuthUserRole.java @@ -0,0 +1,74 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +import java.io.Serializable; + +public class ExternalAuthUserRole implements Serializable{ + + /** + * + */ + private static final long serialVersionUID = 5066251837431287376L; + + private String role; + private String user; + private String expiryDate; + + public String getRole() { + return role; + } + public void setRole(String role) { + this.role = role; + } + public String getUser() { + return user; + } + public void setUser(String user) { + this.user = user; + } + public String getExpiryDate() { + return expiryDate; + } + public void setExpiryDate(String expiryDate) { + this.expiryDate = expiryDate; + } + + + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalRoleDescription.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalRoleDescription.java new file mode 100644 index 00000000..d09db15d --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/domain/ExternalRoleDescription.java @@ -0,0 +1,150 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.domain; + +import java.util.List; + +public class ExternalRoleDescription { + + private String id; + private String name; + private String active; + private String priority; + private String appId; + private String appRoleId; + private List permissions; + + public String getId() { + return id; + } + public void setId(String id) { + this.id = id; + } + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + public String getActive() { + return active; + } + public void setActive(String active) { + this.active = active; + } + public String getPriority() { + return priority; + } + public void setPriority(String priority) { + this.priority = priority; + } + public String getAppId() { + return appId; + } + public void setAppId(String appId) { + this.appId = appId; + } + public String getAppRoleId() { + return appRoleId; + } + public void setAppRoleId(String appRoleId) { + this.appRoleId = appRoleId; + } + + public List getPermissions() { + return permissions; + } + public void setPermissions(List permissions) { + this.permissions = permissions; + } + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((active == null) ? 0 : active.hashCode()); + result = prime * result + ((appId == null) ? 0 : appId.hashCode()); + result = prime * result + ((appRoleId == null) ? 0 : appRoleId.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + ((priority == null) ? 0 : priority.hashCode()); + return result; + } + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + ExternalRoleDescription other = (ExternalRoleDescription) obj; + if (active == null) { + if (other.active != null) + return false; + } else if (!active.equals(other.active)) + return false; + if (appId == null) { + if (other.appId != null) + return false; + } else if (!appId.equals(other.appId)) + return false; + if (appRoleId == null) { + if (other.appRoleId != null) + return false; + } else if (!appRoleId.equals(other.appRoleId)) + return false; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (priority == null) { + if (other.priority != null) + return false; + } else if (!priority.equals(other.priority)) + return false; + return true; + } + + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/exception/UserNotFoundException.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/exception/UserNotFoundException.java new file mode 100644 index 00000000..8d15b44c --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/exception/UserNotFoundException.java @@ -0,0 +1,47 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.exception; + +public class UserNotFoundException extends Exception { + + private static final long serialVersionUID = 1616470595106815228L; + + public UserNotFoundException(String msg) { + super(msg); + } +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java new file mode 100644 index 00000000..8f387f98 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthService.java @@ -0,0 +1,80 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.io.IOException; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.portalsdk.core.command.LoginBean; +import org.onap.portalsdk.core.domain.User; + +public interface LoginExternalAuthService { + + /** + * validate user exists in the system + * @param bean + * @param menuPropertiesFilename + * @param additionalParams + * @return returns login user bean + * @throws IOException + */ + @SuppressWarnings("rawtypes") + LoginBean findUser(LoginBean bean, String menuPropertiesFilename, Map additionalParams, HttpServletRequest request) throws Exception; + + /** + * + * @param bean + * @param menuPropertiesFilename + * @param additionalParams + * @param matchPassword + * @return returns login user bean + * @throws IOException + */ + @SuppressWarnings("rawtypes") + LoginBean findUser(LoginBean bean, String menuPropertiesFilename, Map additionalParams, boolean matchPassword, HttpServletRequest request) + throws Exception; + + /** + * + * @param orgUserId + * @return + */ + User findUserWithoutPwd(String orgUserId); +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java new file mode 100644 index 00000000..d2ccfc2e --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/LoginExternalAuthServiceImpl.java @@ -0,0 +1,252 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.portalsdk.core.command.LoginBean; +import org.onap.portalsdk.core.domain.Role; +import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.menu.MenuBuilder; +import org.onap.portalsdk.core.service.DataAccessService; +import org.onap.portalsdk.core.service.LoginServiceCentralizedImpl; +import org.onap.portalsdk.core.util.SystemProperties; +import org.onap.portalsdk.core.web.support.AppUtils; +import org.onap.portalsdk.core.web.support.UserUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +@Service("loginExternalAuthService") +public class LoginExternalAuthServiceImpl implements LoginExternalAuthService { + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceCentralizedImpl.class); + + @Autowired + private DataAccessService dataAccessService; + + @Autowired + private UserApiService userApiService; + + @Override + public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, + @SuppressWarnings("rawtypes") Map additionalParams, HttpServletRequest request) throws Exception { + return findUser(bean, menuPropertiesFilename, additionalParams, true, request); + } + + @Override + @SuppressWarnings("rawtypes") + public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, Map additionalParams, + boolean matchPassword, HttpServletRequest request) throws Exception { + + User user; + if (bean.getUserid() != null) { + user = findUser(bean, request); + } else { + if (matchPassword) + user = findUser(bean.getLoginId(), bean.getLoginPwd()); + else + user = findUserWithoutPwd(bean.getLoginId()); + } + + if (user != null) { + if (AppUtils.isApplicationLocked() + && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) { + bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED); + } + + // raise an error if the user is inactive + if (!user.getActive()) { + bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE); + } + + if (!userHasActiveRoles(user)) { + bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE); + } + // only login the user if no errors have occurred + if (bean.getLoginErrorMessage() == null) { + + // this will be a snapshot of the user's information as + // retrieved from the database + User userCopy = null; + try { + userCopy = (User) user.clone(); + } catch (CloneNotSupportedException ex) { + // Never happens + logger.error(EELFLoggerDelegate.errorLogger, "findUser failed", ex); + } + + User appuser = findUserWithoutPwd(user.getLoginId()); + + if (appuser == null && userHasRoleFunctions(user)) { + createUserIfNecessary(user); + } else { + appuser.setLastLoginDate(new Date()); + + // update the last logged in date for the user + dataAccessService.saveDomainObject(appuser, additionalParams); + } + // update the audit log of the user + // Check for the client device type and set log attributes + // appropriately + + // save the above changes to the User and their audit trail + + // create the application menu based on the user's privileges + + Set appMenu = getMenuBuilder().getMenu( + SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME), dataAccessService); + bean.setMenu(appMenu != null ? appMenu : new HashSet()); + Set businessDirectMenu = getMenuBuilder().getMenu( + SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME), + dataAccessService); + bean.setBusinessDirectMenu(businessDirectMenu != null ? businessDirectMenu : new HashSet()); + + bean.setUser(userCopy); + } + } + + return bean; + } + + private void createUserIfNecessary(User user) { + logger.debug(EELFLoggerDelegate.debugLogger, "createUser: " + user.getOrgUserId()); + User user1 = new User(); + user1.setEmail(user.getEmail()); + user1.setEmail(user.getEmail()); + user1.setFirstName(user.getFirstName()); + user1.setHrid(user.getHrid()); + user1.setJobTitle(user.getJobTitle()); + user1.setLastName(user.getLastName()); + user1.setLoginId(user.getLoginId()); + user1.setOrgManagerUserId(user.getOrgManagerUserId()); + user1.setMiddleInitial(user.getMiddleInitial()); + user1.setOrgCode(user.getOrgCode()); + user1.setOrgId(user.getOrgId()); + user1.setPhone(user.getPhone()); + user1.setOrgUserId(user.getOrgUserId()); + user1.setActive(user.getActive()); + user1.setLastLoginDate(new Date()); + + try { + dataAccessService.saveDomainObject(user1, null); + logger.debug(EELFLoggerDelegate.debugLogger, "createdUser Successfully: " + user.getOrgUserId()); + } catch (Exception ex) { + logger.error(EELFLoggerDelegate.errorLogger, "createUserIfNecessary failed", ex); + } + + } + + private boolean userHasActiveRoles(User user) { + boolean hasActiveRole = false; + @SuppressWarnings("rawtypes") + Iterator roles = user.getRoles().iterator(); + while (roles.hasNext()) { + Role role = (Role) roles.next(); + if (role.getActive()) { + hasActiveRole = true; + break; + } + } + return hasActiveRole; + } + + private boolean userHasRoleFunctions(User user) { + boolean hasRoleFunctions = false; + @SuppressWarnings("rawtypes") + Iterator roles = user.getRoles().iterator(); + while (roles.hasNext()) { + Role role = (Role) roles.next(); + if (role.getActive() && role.getRoleFunctions() != null && !role.getRoleFunctions().isEmpty()) { + hasRoleFunctions = true; + break; + } + } + return hasRoleFunctions; + } + + private User findUser(LoginBean bean, HttpServletRequest request) throws Exception { + User user = userApiService.getUser(bean.getUserid(), request); + user.setId(getUserIdByOrgUserId(user.getOrgUserId())); + user.setLoginId(bean.getUserid()); + logger.debug(EELFLoggerDelegate.debugLogger, "findUser: Returning final user roles and permissions", user.toString()); + return user; + } + + private Long getUserIdByOrgUserId(String orgUserId) { + Map params = new HashMap<>(); + params.put("orgUserId", orgUserId); + @SuppressWarnings("rawtypes") + List list = dataAccessService.executeNamedQuery("getUserIdByorgUserId", params, null); + Long userId = null; + if (list != null && !list.isEmpty()) + userId = (Long) list.get(0); + return userId; + } + + @SuppressWarnings("rawtypes") + private User findUser(String loginId, String password) { + Map params = new HashMap<>(); + params.put("login_id", loginId); + params.put("login_pwd", password); + List list = dataAccessService.executeNamedQuery("getUserByLoginIdLoginPwd", params, new HashMap()); + return (list == null || list.isEmpty()) ? null : (User) list.get(0); + } + + @SuppressWarnings("rawtypes") + @Override + public User findUserWithoutPwd(String loginId) { + Map params = new HashMap<>(); + params.put("org_user_id", loginId); + List list = dataAccessService.executeNamedQuery("getUserByOrgUserId", params, new HashMap()); + return (list == null || list.isEmpty()) ? null : (User) list.get(0); + } + + private MenuBuilder getMenuBuilder() { + return new MenuBuilder(); + } + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java new file mode 100644 index 00000000..6eb312b6 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiService.java @@ -0,0 +1,66 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; + +public interface UserApiService { + + /** + * Gets list of all roles associated to user from external system + * + * @param orgUserId + * @return + * @throws Exception + */ + User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException; + + /** + * + * @param OrgUserId + * @return + */ + List getRoleFunctions(String orgUserId) throws Exception; + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java new file mode 100644 index 00000000..8425f7da --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/UserApiServiceImpl.java @@ -0,0 +1,319 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.TreeSet; + +import javax.naming.NamingException; +import javax.servlet.http.HttpServletRequest; + +import org.json.JSONArray; +import org.json.JSONObject; +import org.onap.portalsdk.core.command.PostSearchBean; +import org.onap.portalsdk.core.command.support.SearchResult; +import org.onap.portalsdk.core.domain.App; +import org.onap.portalsdk.core.domain.Role; +import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.domain.User; +import org.onap.portalsdk.core.domain.UserApp; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.service.AppService; +import org.onap.portalsdk.core.service.DataAccessService; +import org.onap.portalsdk.core.service.LdapService; +import org.onap.portalsdk.core.service.PostSearchService; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail; +import org.onap.portalsdk.external.authorization.domain.ExternalRoleDescription; +import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Service; +import org.springframework.web.client.RestTemplate; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.TypeFactory; + +@Service("userApiService") +public class UserApiServiceImpl implements UserApiService { + + private static final String AAF_GET_USER_ROLES_ENDPOINT = "roles/user/"; + + private static final String AAF_GET_USER_PERMS_ENDPOINT = "perms/user/"; + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class); + + @Autowired + private LoginExternalAuthService loginAAFService; + + @Autowired + private LdapService ldapService; + + @Autowired + private PostSearchService postSearchService; + + @Autowired + private DataAccessService dataAccessService; + + RestTemplate template = new RestTemplate(); + + @Autowired + private AppService appService; + + @Override + public User getUser(String orgUserId, HttpServletRequest request) + throws UserNotFoundException { + User user = null; + try { + String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external system for user {}", + orgUserId); + String endPoint = AAF_GET_USER_ROLES_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, + String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getUserRoles: Finished GET unp ser roles from external system and body: {}", + getResponse.getBody()); + } + String userRoles = getResponse.getBody(); + JSONObject userJsonObj = null; + JSONArray userJsonArray = null; + ObjectMapper mapper = new ObjectMapper(); + List userRoleDetailList = new ArrayList<>(); + if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userJsonObj = new JSONObject(userRoles); + userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); + ExternalAccessUserRoleDetail userRoleDetail = null; + for (int i = 0; i < userJsonArray.length(); i++) { + JSONObject role = userJsonArray.getJSONObject(i); + if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME).endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) + && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) + .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER) + && EcompExternalAuthUtils.checkNameSpaceMatching(role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), + namespace)) { + ExternalRoleDescription desc = new ExternalRoleDescription(); + if(role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) + && EcompExternalAuthUtils + .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { + desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), + ExternalRoleDescription.class); + } + if(role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { + JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); + List permsList = mapper.readValue(perms.toString(), TypeFactory + .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class)); + desc.setPermissions(permsList); + } + userRoleDetail = new ExternalAccessUserRoleDetail( + role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc); + userRoleDetailList.add(userRoleDetail); + } + } + } else { + throw new UserNotFoundException("User roles not found!"); + } + + if (userRoleDetailList.isEmpty()) { + throw new UserNotFoundException("User roles not found!"); + } else { + user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e); + } + return user; + + } + + @SuppressWarnings({ "rawtypes", "unchecked" }) + private User convertAAFUserRolesToEcompSDKUser(List userRoleDetailList, + String orgUserId, String namespace, HttpServletRequest request) + throws Exception { + User user = loginAAFService.findUserWithoutPwd(orgUserId); + PostSearchBean postSearchBean = new PostSearchBean(); + if (user == null) { + postSearchBean.setOrgUserId(orgUserId); + postSearchService.process(request, postSearchBean); + postSearchBean.setSearchResult(loadSearchResultData(postSearchBean)); + user = (User) postSearchBean.getSearchResult().get(0); + user.setActive(true); + user.setLoginId(orgUserId); + dataAccessService.saveDomainObject(user, null); + } + App app = appService.getApp(1l); + try { + Set userApps = new TreeSet(); + for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { + ExternalRoleDescription roleDesc = userRoleDetail.getDescription(); + UserApp userApp = new UserApp(); + Role role = new Role(); + Set roleFunctions = new TreeSet<>(); + if (roleDesc != null) { + if (roleDesc.getName() == null) { + role.setActive(true); + role.setName(userRoleDetail.getName().substring(namespace.length() + 1)); + } else { + role.setActive(Boolean.valueOf(roleDesc.getActive())); + role.setId(Long.valueOf(roleDesc.getAppRoleId())); + role.setName(roleDesc.getName()); + if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { + role.setPriority(Integer.valueOf(roleDesc.getPriority())); + } + } + for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + + extPerm.getInstance() + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName( + extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + } + role.setRoleFunctions(roleFunctions); + userApp.setApp(app); + userApp.setRole(role); + userApp.setUserId(user.getId()); + userApps.add(userApp); + } + user.setUserApps(userApps); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); + throw e; + } + + return user; + } + + @Override + public List getRoleFunctions(String orgUserId) throws Exception { + ObjectMapper mapper = new ObjectMapper(); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); + HttpEntity entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external system for user {}", + orgUserId); + String endPoint = AAF_GET_USER_PERMS_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, + String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getRoleFunctions: Finished GET user perms from external system and body: {}", + getResponse.getBody()); + } + String userPerms = getResponse.getBody(); + JSONObject userPermsJsonObj = null; + JSONArray userPermsJsonArray = null; + List extPermsList = new ArrayList<>(); + if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userPermsJsonObj = new JSONObject(userPerms); + userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); + for (int i = 0; i < userPermsJsonArray.length(); i++) { + JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); + if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE).endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { + ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); + extPermsList.add(perm); + } + } + } + return convertToRoleFunctionList(extPermsList); + } + + private List convertToRoleFunctionList(List extPermsList) { + List roleFunctions = new ArrayList<>(); + String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + for (ExternalAccessPerms extPerm : extPermsList) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + return roleFunctions; + } + + private SearchResult loadSearchResultData(PostSearchBean searchCriteria) + throws NamingException { + return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(), + searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(), + searchCriteria.getNewDataSize(), 1); + } + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java new file mode 100644 index 00000000..a680a672 --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthProperties.java @@ -0,0 +1,123 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.util; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; + + +public class EcompExternalAuthProperties { + + public static final String EXTERNAL_AUTH_USER_NAME = "extern_auth_user_name"; + + public static final String EXTERNAL_AUTH_PASSWORD = "extern_auth_password"; + + public static final String EXTERNAL_AUTH_URL = "extern_auth_url"; + + public static final String EXTERNAL_AUTH_USER_DOMAIN = "extern_auth_user_domain"; + + public static final String EXTERNAL_AUTH_NAMESPACE = "extern_auth_namespace"; + + private EcompExternalAuthProperties(){} + + private static Properties properties; + + private static String propertyFileName = "external-auth.properties"; + + private static final Object lockObject = new Object(); + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EcompExternalAuthProperties.class); + + /** + * Gets the property value for the specified key. If a value is found, leading + * and trailing space is trimmed. + * + * @param property + * Property key + * @return Value for the named property; null if the property file was not + * loaded or the key was not found. + */ + public static String getProperty(String property) { + if (properties == null) { + synchronized (lockObject) { + try { + if (!initialize()) { + logger.error(EELFLoggerDelegate.errorLogger,"Failed to read property file " + propertyFileName); + return null; + } + } catch (IOException e) { + logger.error(EELFLoggerDelegate.errorLogger,"Failed to read property file " + propertyFileName ,e); + return null; + } + } + } + String value = properties.getProperty(property); + if (value != null) + value = value.trim(); + return value; + } + + /** + * Reads properties from a portal.properties file on the classpath. + * + * Clients do NOT need to call this method. Clients MAY call this method to test + * whether the properties file can be loaded successfully. + * + * @return True if properties were successfully loaded, else false. + * @throws IOException + * On failure + */ + private static boolean initialize() throws IOException { + if (properties != null) + return true; + InputStream in = EcompExternalAuthProperties.class.getClassLoader().getResourceAsStream(propertyFileName); + if (in == null) + return false; + properties = new Properties(); + try { + properties.load(in); + } finally { + in.close(); + } + return true; + } + +} diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java new file mode 100644 index 00000000..56b1527e --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/util/EcompExternalAuthUtils.java @@ -0,0 +1,139 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.util; + +import java.io.IOException; + +import javax.xml.bind.DatatypeConverter; + +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.onboarding.util.CipherUtil; +import org.onap.portalsdk.core.util.SystemProperties; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; + +import com.fasterxml.jackson.databind.ObjectMapper; + +public class EcompExternalAuthUtils { + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EcompExternalAuthUtils.class); + + @Autowired + CipherUtil cipherUtil; + + public static final String EXT_EMPTY_JSON_STRING = "{}"; + public static final String EXT_ROLE_FIELD = "role"; + public static final String EXT_PERM_FIELD = "perm"; + public static final String EXT_PERM_FIELD_TYPE = "type"; + public static final String EXT_PERM_ACCESS = ".access"; + public static final String EXT_ROLE_FIELD_NAME = "name"; + public static final String EXT_NULL_VALUE = "null"; + public static final String EXT_FIELD_DESCRIPTION = "description"; + public static final String EXT_FIELD_PERMS = "perms"; + public static final String EXT_ROLE_FIELD_OWNER = ".owner"; + public static final String EXT_ROLE_FIELD_ADMIN = ".admin"; + + public static HttpHeaders base64encodeKeyForAAFBasicAuth() throws Exception { + String userName = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); + String encryptedPass = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_PASSWORD); + String decryptedPass = decryptPass(encryptedPass); + String usernamePass = userName + ":" + decryptedPass; + String encToBase64 = String.valueOf((DatatypeConverter.printBase64Binary(usernamePass.getBytes()))); + HttpHeaders headers = new HttpHeaders(); + headers.add("Authorization", "Basic " + encToBase64); + headers.setContentType(MediaType.APPLICATION_JSON); + return headers; + } + + private static String decryptPass(String encrypted) throws Exception { + String result = ""; + if (encrypted != null && encrypted.length() > 0) { + try { + result = CipherUtil.decryptPKC(encrypted, + SystemProperties.getProperty(SystemProperties.Decryption_Key)); + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger,"decryptedPassword failed", e); + throw e; + } + } + return result; + } + + /** + * + * It checks whether the namespace is matching or not + * + * @param permTypeVal + * @param appNamespaceVal + * @return true or false + */ + public static boolean checkNameSpaceMatching(String permTypeVal, String appNamespaceVal) { + String[] typeNamespace = permTypeVal.split("\\."); + String[] appNamespace = appNamespaceVal.split("\\."); + boolean isNamespaceMatching = true; + if (appNamespace.length <= typeNamespace.length) { + for (int k = 0; k < appNamespace.length; k++) { + if (!appNamespace[k].equals(typeNamespace[k])) + isNamespaceMatching = false; + } + + } else { + isNamespaceMatching = false; + } + return isNamespaceMatching; + } + + /** + * + * It validates whether given string is JSON or not + * + * @param jsonInString + * @return true or false + */ + public static boolean isJSONValid(String jsonInString ) { + try { + final ObjectMapper mapper = new ObjectMapper(); + mapper.readTree(jsonInString); + return true; + } catch (IOException e) { + logger.error(EELFLoggerDelegate.errorLogger, "Failed to parse Json!", e); + return false; + } + } +} -- cgit 1.2.3-korg