1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/*-
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the “License”);
* you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Unless otherwise specified, all documentation contained herein is licensed
* under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
* you may not use this documentation except in compliance with the License.
* You may obtain a copy of the License at
*
* https://creativecommons.org/licenses/by/4.0/
*
* Unless required by applicable law or agreed to in writing, documentation
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ============LICENSE_END============================================
*
* ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.openecomp.portalapp.authentication;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.openecomp.portalapp.command.EPLoginBean;
import org.openecomp.portalapp.portal.service.EPLoginService;
import org.openecomp.portalapp.portal.service.EPRoleFunctionService;
import org.openecomp.portalapp.portal.utils.EPSystemProperties;
import org.openecomp.portalapp.util.EPUserUtils;
import org.openecomp.portalapp.util.SessionCookieUtil;
import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.openecomp.portalsdk.core.menu.MenuProperties;
import org.openecomp.portalsdk.core.onboarding.exception.PortalAPIException;
import org.openecomp.portalsdk.core.util.SystemProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.ModelAndView;
public class SimpleLoginStrategy extends org.openecomp.portalsdk.core.auth.LoginStrategy implements LoginStrategy{
@Autowired
private EPLoginService loginService;
@Autowired
private EPRoleFunctionService ePRoleFunctionService;
private static final String GLOBAL_LOCATION_KEY = "Location";
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SimpleLoginStrategy.class);
public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception{
logger.info("Attempting 'Simple' Login");
//check both authentication cookie and authentication header
String orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response);
if (!StringUtils.isEmpty(orgUserId)) {
// package the userid in the login form for processing
EPLoginBean commandBean = new EPLoginBean();
commandBean.setOrgUserId(orgUserId);
commandBean = loginService.findUser(commandBean, (String)request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), null);
// in case authentication has passed but user is not in the ECOMP data base, return a Guest User to the home page.
if (commandBean.getUser() == null) {
}
else {
// store the currently logged in user's information in the session
EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), "", ePRoleFunctionService);
logger.info(EELFLoggerDelegate.debugLogger, commandBean.getUser().getOrgUserId() + " exists in the the system.");
}
logger.info(EELFLoggerDelegate.errorLogger, request.getContextPath());
SessionCookieUtil.preSetUp(request, response);
return true;
} else {
// in case authentication cookie is missing, send 401 UNAUTHORIZED to client and it will redirect to Logon
try {
String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM);
String loginUrl = SystemProperties.getProperty(EPSystemProperties.LOGIN_URL_NO_RET_VAL);
logger.info(EELFLoggerDelegate.errorLogger, "Authentication Mechanism: '" + authentication + "'.");
if (authentication == null || authentication.equals("") || authentication.trim().equals("BOTH")) {
logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'.");
response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm");
}else {
logger.info(EELFLoggerDelegate.errorLogger, "No cookies are found, redirecting the request to '" + loginUrl + "'.");
response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
response.setHeader(GLOBAL_LOCATION_KEY, loginUrl); //returnUrl + "/index.htm");
}
} catch(Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "login failed", e);
}
}
return false;
}
@Override
public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
String message = "Method not implmented; Cannot be called";
logger.error(EELFLoggerDelegate.errorLogger, message);
throw new Exception(message);
}
@Override
public String getUserId(HttpServletRequest request) throws PortalAPIException {
String message = "Method not implmented; Cannot be called";
logger.error(EELFLoggerDelegate.errorLogger, message);
throw new PortalAPIException(message);
}
}
|
