1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
/*-
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
* you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Unless otherwise specified, all documentation contained herein is licensed
* under the Creative Commons License, Attribution 4.0 Intl. (the "License");
* you may not use this documentation except in compliance with the License.
* You may obtain a copy of the License at
*
* https://creativecommons.org/licenses/by/4.0/
*
* Unless required by applicable law or agreed to in writing, documentation
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ============LICENSE_END============================================
*
*
*/
package org.onap.portalapp.portal.utils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.music.eelf.logging.EELFLoggerDelegate;
import org.onap.portalapp.music.service.MusicService;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.util.StringUtils;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
import org.onap.portalsdk.core.onboarding.util.CipherUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
public final class MusicCookieCsrfTokenRepository implements CsrfTokenRepository {
static final String CSRF_COOKIE_NAME = "XSRF-TOKEN";
static final String CSRF_HEADER_NAME = "X-XSRF-TOKEN";
static final String CSRF_PARAMETER_NAME = "_csrf";
static final String EP_SERVICE = "EPService";
CookieCsrfTokenRepository cookieRepo = null;
private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicCookieCsrfTokenRepository.class);
public MusicCookieCsrfTokenRepository() {
}
public MusicCookieCsrfTokenRepository(CookieCsrfTokenRepository _cookieRepo) {
this();
cookieRepo = _cookieRepo;
}
@Override
public CsrfToken generateToken(HttpServletRequest request) {
return cookieRepo.generateToken(request) ;
}
@Override
public void saveToken(CsrfToken token, HttpServletRequest request,
HttpServletResponse response) {
logger.debug(EELFLoggerDelegate.debugLogger, "initialize save csrf token ...");
cookieRepo.saveToken(token, request, response);
}
@Override
public CsrfToken loadToken(HttpServletRequest request) {
logger.debug(EELFLoggerDelegate.debugLogger, "initialize load csrf token ...");
CsrfToken cookieRepoToken = cookieRepo.loadToken(request);
if(cookieRepoToken==null){ // if cookieRepo does not has the token, check the cassandra for the values stored by other tomcats
try { // todo this part of the code needs to be replaced with out depending on EPService cookie
String sessionId = getSessionIdFromCookie(request);
if(sessionId == null)
return null;
String token = MusicService.getAttribute(CSRF_COOKIE_NAME, sessionId);
if (token==null || !StringUtils.hasLength(token))
return null;
cookieRepoToken = new DefaultCsrfToken(CSRF_HEADER_NAME, CSRF_PARAMETER_NAME , token);
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "Error while calling csrf loadToken" , e);
}
}
return cookieRepoToken;
}
/**
* Factory method to conveniently create an instance that has
* {@link #setCookieHttpOnly(boolean)} set to false.
*
* @return an instance of CookieCsrfTokenRepository with
* {@link #setCookieHttpOnly(boolean)} set to false
*/
public static MusicCookieCsrfTokenRepository withHttpOnlyFalse() {
CookieCsrfTokenRepository result = new CookieCsrfTokenRepository();
result.setCookieHttpOnly(false);
return new MusicCookieCsrfTokenRepository(result);
}
private String getSessionIdFromCookie (HttpServletRequest request) throws JsonParseException, JsonMappingException, UnsupportedEncodingException, IOException, CipherUtilException{
Cookie cookies[] = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (EP_SERVICE.equals(cookie.getName())) {
ObjectMapper mapper = new ObjectMapper();
Map<String,String> epServiceCookieValueMap = mapper.readValue(URLDecoder.decode(cookie.getValue(), "UTF-8"),HashMap.class);
String sessionId = null;
if(epServiceCookieValueMap!=null) {
String multifactorauthfrontendurl = EPCommonSystemProperties.getProperty(EPCommonSystemProperties.MULTI_FACTOR_AUTH_FRONTEND_URL);
String encryptedJSessionId = epServiceCookieValueMap.get(multifactorauthfrontendurl);
if(encryptedJSessionId != null) {
sessionId = CipherUtil.decryptPKC(encryptedJSessionId);
}
}
return sessionId;
}
}
}
return null;
}
}
|
