/*- * ============LICENSE_START========================================== * ONAP Portal SDK * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); * you may not use this software except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Unless otherwise specified, all documentation contained herein is licensed * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); * you may not use this documentation except in compliance with the License. * You may obtain a copy of the License at * * https://creativecommons.org/licenses/by/4.0/ * * Unless required by applicable law or agreed to in writing, documentation * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ============LICENSE_END============================================ * * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ package org.onap.portalsdk.external.authorization.service; import java.util.ArrayList; import java.util.List; import java.util.Set; import java.util.TreeSet; import javax.naming.NamingException; import javax.servlet.http.HttpServletRequest; import org.json.JSONArray; import org.json.JSONObject; import org.onap.portalsdk.core.command.PostSearchBean; import org.onap.portalsdk.core.command.support.SearchResult; import org.onap.portalsdk.core.domain.App; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.core.domain.UserApp; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.service.AppService; import org.onap.portalsdk.core.service.DataAccessService; import org.onap.portalsdk.core.service.LdapService; import org.onap.portalsdk.core.service.PostSearchService; import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; import org.onap.portalsdk.external.authorization.domain.ExternalAccessUserRoleDetail; import org.onap.portalsdk.external.authorization.domain.ExternalRoleDescription; import org.onap.portalsdk.external.authorization.exception.UserNotFoundException; import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Service; import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.type.TypeFactory; @Service("userApiService") public class UserApiServiceImpl implements UserApiService { private static final String AAF_GET_USER_ROLES_ENDPOINT = "roles/user/"; private static final String AAF_GET_USER_PERMS_ENDPOINT = "perms/user/"; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserApiServiceImpl.class); @Autowired private LoginExternalAuthService loginAAFService; @Autowired private LdapService ldapService; @Autowired private PostSearchService postSearchService; @Autowired private DataAccessService dataAccessService; RestTemplate template = new RestTemplate(); @Autowired private AppService appService; @Override public User getUser(String orgUserId, HttpServletRequest request) throws UserNotFoundException { User user = null; try { String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); HttpEntity entity = new HttpEntity<>(headers); logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external system for user {}", orgUserId); String endPoint = AAF_GET_USER_ROLES_ENDPOINT + orgUserId + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); ResponseEntity getResponse = template.exchange( EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Finished GET unp ser roles from external system and body: {}", getResponse.getBody()); } String userRoles = getResponse.getBody(); JSONObject userJsonObj = null; JSONArray userJsonArray = null; ObjectMapper mapper = new ObjectMapper(); List userRoleDetailList = new ArrayList<>(); if (!userRoles.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { userJsonObj = new JSONObject(userRoles); userJsonArray = userJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_ROLE_FIELD); ExternalAccessUserRoleDetail userRoleDetail = null; for (int i = 0; i < userJsonArray.length(); i++) { JSONObject role = userJsonArray.getJSONObject(i); if (!role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME).endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_ADMIN) && !role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME) .endsWith(EcompExternalAuthUtils.EXT_ROLE_FIELD_OWNER) && EcompExternalAuthUtils.checkNameSpaceMatching(role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), namespace)) { ExternalRoleDescription desc = new ExternalRoleDescription(); if(role.has(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION) && EcompExternalAuthUtils .isJSONValid(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION))) { desc = mapper.readValue(role.getString(EcompExternalAuthUtils.EXT_FIELD_DESCRIPTION), ExternalRoleDescription.class); } if(role.has(EcompExternalAuthUtils.EXT_FIELD_PERMS)) { JSONArray perms = role.getJSONArray(EcompExternalAuthUtils.EXT_FIELD_PERMS); List permsList = mapper.readValue(perms.toString(), TypeFactory .defaultInstance().constructCollectionType(List.class, ExternalAccessPerms.class)); desc.setPermissions(permsList); } userRoleDetail = new ExternalAccessUserRoleDetail( role.getString(EcompExternalAuthUtils.EXT_ROLE_FIELD_NAME), desc); userRoleDetailList.add(userRoleDetail); } } } else { throw new UserNotFoundException("User roles not found!"); } if (userRoleDetailList.isEmpty()) { throw new UserNotFoundException("User roles not found!"); } else { user = convertAAFUserRolesToEcompSDKUser(userRoleDetailList, orgUserId, namespace, request); } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getUser: Failed! ", e); } return user; } @SuppressWarnings({ "rawtypes", "unchecked" }) private User convertAAFUserRolesToEcompSDKUser(List userRoleDetailList, String orgUserId, String namespace, HttpServletRequest request) throws Exception { User user = loginAAFService.findUserWithoutPwd(orgUserId); PostSearchBean postSearchBean = new PostSearchBean(); if (user == null) { postSearchBean.setOrgUserId(orgUserId); postSearchService.process(request, postSearchBean); postSearchBean.setSearchResult(loadSearchResultData(postSearchBean)); user = (User) postSearchBean.getSearchResult().get(0); user.setActive(true); user.setLoginId(orgUserId); dataAccessService.saveDomainObject(user, null); } App app = appService.getApp(1l); try { Set userApps = new TreeSet(); for (ExternalAccessUserRoleDetail userRoleDetail : userRoleDetailList) { ExternalRoleDescription roleDesc = userRoleDetail.getDescription(); UserApp userApp = new UserApp(); Role role = new Role(); Set roleFunctions = new TreeSet<>(); if (roleDesc != null) { if (roleDesc.getName() == null) { role.setActive(true); role.setName(userRoleDetail.getName().substring(namespace.length() + 1)); } else { role.setActive(Boolean.valueOf(roleDesc.getActive())); role.setId(Long.valueOf(roleDesc.getAppRoleId())); role.setName(roleDesc.getName()); if (!roleDesc.getPriority().equals(EcompExternalAuthUtils.EXT_NULL_VALUE)) { role.setPriority(Integer.valueOf(roleDesc.getPriority())); } } if (roleDesc.getPermissions() != null) { for (ExternalAccessPerms extPerm : roleDesc.getPermissions()) { RoleFunction roleFunction = new RoleFunction(); roleFunction.setCode(extPerm.getInstance()); roleFunction.setAction(extPerm.getAction()); if (extPerm.getDescription() != null && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getDescription()); } else if (extPerm.getDescription() == null && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); } else if (extPerm.getDescription() == null && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName( extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); } if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); } else { roleFunction.setType(extPerm.getType()); } roleFunctions.add(roleFunction); } } } role.setRoleFunctions(roleFunctions); userApp.setApp(app); userApp.setRole(role); userApp.setUserId(user.getId()); userApps.add(userApp); } user.setUserApps(userApps); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e); throw e; } return user; } @Override public List getRoleFunctions(String orgUserId) throws Exception { ObjectMapper mapper = new ObjectMapper(); HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(); HttpEntity entity = new HttpEntity<>(headers); logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external system for user {}", orgUserId); String endPoint = AAF_GET_USER_PERMS_ENDPOINT + orgUserId + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); ResponseEntity getResponse = template.exchange( EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Finished GET user perms from external system and body: {}", getResponse.getBody()); } String userPerms = getResponse.getBody(); JSONObject userPermsJsonObj = null; JSONArray userPermsJsonArray = null; List extPermsList = new ArrayList<>(); if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { userPermsJsonObj = new JSONObject(userPerms); userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); for (int i = 0; i < userPermsJsonArray.length(); i++) { JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE).endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); extPermsList.add(perm); } } } return convertToRoleFunctionList(extPermsList); } private List convertToRoleFunctionList(List extPermsList) { List roleFunctions = new ArrayList<>(); String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); for (ExternalAccessPerms extPerm : extPermsList) { RoleFunction roleFunction = new RoleFunction(); roleFunction.setCode(extPerm.getInstance()); roleFunction.setAction(extPerm.getAction()); if (extPerm.getDescription() != null && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getDescription()); } else if (extPerm.getDescription() == null && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); } else if (extPerm.getDescription() == null && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); } if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); } else { roleFunction.setType(extPerm.getType()); } roleFunctions.add(roleFunction); } return roleFunctions; } private SearchResult loadSearchResultData(PostSearchBean searchCriteria) throws NamingException { return ldapService.searchPost(searchCriteria.getUser(), searchCriteria.getSortBy1(), searchCriteria.getSortBy2(), searchCriteria.getSortBy3(), searchCriteria.getPageNo(), searchCriteria.getNewDataSize(), 1); } }