From 6beb446925c967aca92f5513adf36c5db77c00d6 Mon Sep 17 00:00:00 2001
From: TATTAVARADA <statta@research.att.com>
Date: Thu, 27 Apr 2017 07:53:18 -0400
Subject: [PORTAL-7] Rebase

This rebasing includes common libraries and common overlays projects
abstraction of components

Change-Id: Ia1efa4deacdc5701e6205104ac021a6c80ed60ba
Signed-off-by: st782s <statta@research.att.com>
---
 .../core/interceptor/ResourceInterceptor.java      | 167 +++++++++++++++++++++
 .../interceptor/SessionTimeoutInterceptor.java     | 103 +++++++++++++
 2 files changed, 270 insertions(+)
 create mode 100644 ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/ResourceInterceptor.java
 create mode 100644 ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/SessionTimeoutInterceptor.java

(limited to 'ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor')

diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/ResourceInterceptor.java b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/ResourceInterceptor.java
new file mode 100644
index 00000000..ec6e4b6c
--- /dev/null
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/ResourceInterceptor.java
@@ -0,0 +1,167 @@
+/*-
+ * ================================================================================
+ * eCOMP Portal SDK
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ================================================================================
+ */
+package org.openecomp.portalsdk.core.interceptor;
+
+import java.net.HttpURLConnection;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.openecomp.portalsdk.core.controller.FusionBaseController;
+import org.openecomp.portalsdk.core.domain.App;
+import org.openecomp.portalsdk.core.exception.UrlAccessRestrictedException;
+import org.openecomp.portalsdk.core.logging.format.AlarmSeverityEnum;
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.openecomp.portalsdk.core.objectcache.AbstractCacheManager;
+import org.openecomp.portalsdk.core.onboarding.listener.PortalTimeoutHandler;
+import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
+import org.openecomp.portalsdk.core.onboarding.util.PortalApiConstants;
+import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.openecomp.portalsdk.core.service.DataAccessService;
+import org.openecomp.portalsdk.core.service.LoginService;
+import org.openecomp.portalsdk.core.service.WebServiceCallService;
+import org.openecomp.portalsdk.core.util.SystemProperties;
+import org.openecomp.portalsdk.core.web.support.UserUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+public class ResourceInterceptor extends HandlerInterceptorAdapter {
+	public static final String APP_METADATA = "APP.METADATA";
+
+	EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ResourceInterceptor.class);
+
+	@Autowired
+	private DataAccessService dataAccessService;
+	@Autowired
+	private LoginService loginService;
+	@Autowired
+	private WebServiceCallService webServiceCallService;
+
+	private AbstractCacheManager cacheManager;
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+			throws Exception {
+		String uri = request.getRequestURI();
+		String url = uri.substring(uri.indexOf("/", 1) + 1);
+		logger.info(EELFLoggerDelegate.debugLogger, "Url - " + url);
+		logger.info(EELFLoggerDelegate.debugLogger, "lastIndexOf - " + uri.substring(uri.lastIndexOf("/") + 1));
+		if (handler instanceof HandlerMethod) {
+			HandlerMethod method = (HandlerMethod) handler;
+			FusionBaseController controller = (FusionBaseController) method.getBean();
+			if (!controller.isAccessible()) {
+				if (controller.isRESTfulCall()) {
+					// check user authentication for RESTful calls
+					String secretKey = null;
+					try {
+						if (!webServiceCallService.verifyRESTCredential(secretKey, request.getHeader("username"),
+								request.getHeader("password"))) {
+							logger.error(EELFLoggerDelegate.errorLogger, "Error accesing RESTful service. Un-authorized",AlarmSeverityEnum.MINOR);
+							throw new UrlAccessRestrictedException();
+						}
+					} catch (Exception e) {
+						logger.error(EELFLoggerDelegate.errorLogger, "Error authenticating RESTful service :" + e,AlarmSeverityEnum.MINOR);
+						//throw new UrlAccessRestrictedException();
+						 HttpSession httpSession = request.getSession();
+						    ((HttpServletResponse) response).setStatus(HttpURLConnection.HTTP_UNAUTHORIZED);
+						    return false;
+					}
+				}
+				if (!UserUtils.isUrlAccessible(request, url)) {
+					logger.error(EELFLoggerDelegate.errorLogger, "Error accesing URL. Un-authorized",AlarmSeverityEnum.MINOR);
+					throw new UrlAccessRestrictedException();
+				}
+			}
+		}
+
+		logger.debug("successfully authorized rest call");
+		logger.info(EELFLoggerDelegate.debugLogger, "successfully authorized rest call");
+		handleSessionUpdates(request);
+		logger.debug("handled session updates for synchronization");
+		logger.info(EELFLoggerDelegate.debugLogger, "handled session updates for synchronization");
+		return super.preHandle(request, response, handler);
+	}
+
+	/**
+	 * 
+	 * @param request
+	 */
+	protected void handleSessionUpdates(HttpServletRequest request) {
+
+		App app = null;
+		Object appObj = getCacheManager().getObject(APP_METADATA);
+		if (appObj == null) {
+			app = findApp();
+			getCacheManager().putObject(APP_METADATA, app);
+
+		} else {
+			app = (App) appObj;
+		}
+
+		String ecompRestURL = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REST_URL);
+		String decreptedPwd = "";
+		try {
+			decreptedPwd = CipherUtil.decrypt(app.getAppPassword(),
+					SystemProperties.getProperty(SystemProperties.Decryption_Key));
+		} catch (Exception e) {
+			logger.error(EELFLoggerDelegate.errorLogger, "Could not decrypt Password" + e.getMessage(),AlarmSeverityEnum.MINOR);
+		}
+
+		PortalTimeoutHandler.handleSessionUpdatesNative(request, app.getUsername(), decreptedPwd,
+				PortalApiProperties.getProperty(PortalApiConstants.UEB_APP_KEY), ecompRestURL, null);
+	}
+
+	public App findApp() {
+		List<?> list = null;
+		StringBuffer criteria = new StringBuffer();
+		criteria.append(" where id = 1");
+		list = getDataAccessService().getList(App.class, criteria.toString(), null, null);
+		return (list == null || list.size() == 0) ? null : (App) list.get(0);
+	}
+
+	public DataAccessService getDataAccessService() {
+		return dataAccessService;
+	}
+
+	public void setDataAccessService(DataAccessService dataAccessService) {
+		this.dataAccessService = dataAccessService;
+	}
+
+	public LoginService getLoginService() {
+		return loginService;
+	}
+
+	public void setLoginService(LoginService loginService) {
+		this.loginService = loginService;
+	}
+
+	@Autowired
+	public void setCacheManager(AbstractCacheManager cacheManager) {
+		this.cacheManager = cacheManager;
+	}
+
+	public AbstractCacheManager getCacheManager() {
+		return cacheManager;
+	}
+
+}
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/SessionTimeoutInterceptor.java b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
new file mode 100644
index 00000000..e28ce866
--- /dev/null
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
@@ -0,0 +1,103 @@
+/*-
+ * ================================================================================
+ * eCOMP Portal SDK
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ================================================================================
+ */
+package org.openecomp.portalsdk.core.interceptor;
+
+import java.net.URLEncoder;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.openecomp.portalsdk.core.controller.FusionBaseController;
+import org.openecomp.portalsdk.core.domain.User;
+import org.openecomp.portalsdk.core.exception.SessionExpiredException;
+import org.openecomp.portalsdk.core.listener.CollaborateListBindingListener;
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.openecomp.portalsdk.core.web.support.AppUtils;
+import org.openecomp.portalsdk.core.web.support.UserUtils;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
+
+	EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SessionTimeoutInterceptor.class);
+
+	public SessionTimeoutInterceptor() {
+	}
+
+	/**
+	 * Checks all requests for valid session information. If not found,
+	 * redirects to a controller that will establish a valid session.
+	 */
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+			throws Exception {
+		if (handler instanceof HandlerMethod) {
+			HandlerMethod method = (HandlerMethod) handler;
+			FusionBaseController controller = (FusionBaseController) method.getBean();
+			if (!controller.isAccessible() && !controller.isRESTfulCall()) {
+				try {
+					// getSession() throws SessionExpiredException
+					HttpSession session = AppUtils.getSession(request);
+					User user = UserUtils.getUserSession(request);
+					// check if user is logging out
+					if (request.getRequestURI().indexOf("logout.htm") > -1) {
+						session.removeAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME);
+						throw new SessionExpiredException();
+					} else if (user == null) {
+						// Jump to the redirection code
+						throw new Exception("preHandle: user not found in session");
+					} else {
+						// session binding listener will add this value to the
+						// map, and with session replication the listener will 
+						// fire in all tomcat instances
+						session.setAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME,
+								new CollaborateListBindingListener(user.getOrgUserId()));
+					}
+				} catch (Exception ex) {
+					// get the path within the webapp that the user requested (no host name etc.)
+					final String forwardUrl = request.getRequestURI().substring(request.getContextPath().length() + 1)
+							+ (request.getQueryString() == null ? "" : "?" + request.getQueryString());
+					final String forwardUrlParm = "forwardURL=" + URLEncoder.encode(forwardUrl, "UTF-8");
+					final String singleSignonPrefix = "/single_signon.htm?";
+					if (ex instanceof SessionExpiredException) {
+						// Session is expired; send to portal.
+						// Redirect to an absolute path in the webapp; e.g., "/context/single_signon.htm"
+						final String redirectUrl = request.getContextPath() + singleSignonPrefix + "redirectToPortal=Yes&" + forwardUrlParm;
+						logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: session is expired, redirecting to {}",
+								redirectUrl);
+						response.sendRedirect(redirectUrl);
+						return false;
+					} else {
+						// Other issue; do not send to portal.
+						// Redirect to an absolute path in the webapp; e.g., "/context/single_signon.htm"
+						final String redirectUrl = request.getContextPath() + singleSignonPrefix + forwardUrlParm;
+						logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: took exception {}, redirecting to {}",
+								ex.getMessage(), redirectUrl);
+						response.sendRedirect(redirectUrl);
+						return false;
+					}
+				} 
+			}
+		}
+
+		return super.preHandle(request, response, handler);
+	}
+
+}
-- 
cgit 1.2.3-korg