Add restriction filter to onboarding

Change-Id: Ief36760c8d89ac3443c8b12bfdef09c2f83abfc3
Issue-ID: SDC-2039
Signed-off-by: Yuli Shlosberg <ys9693@att.com>

4 files changed, 263 insertions, 0 deletions

diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
index 3b8924594d..18ec957acf 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
@@ -192,6 +192,12 @@
             <artifactId>togglz-servlet</artifactId>
             <version>${togglz.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.openecomp.sdc</groupId>
+            <artifactId>openecomp-sdc-security-util</artifactId>
+            <version>${project.version}</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 
 
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java
new file mode 100644
index 0000000000..9b03f638a6
--- /dev/null
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java
@@ -0,0 +1,97 @@
+package org.openecomp.server.configuration;
+
+import java.util.List;
+
+public class CookieConfig {
+
+    String securityKey = "";
+    long maxSessionTimeOut = 600*1000;
+    long sessionIdleTimeOut = 30*1000;
+    String cookieName = "AuthenticationCookie";
+    String redirectURL = "portal_url";
+    List<String> excludedUrls;
+    List<String> onboardingExcludedUrls;
+    String domain = "";
+    String path = "";
+    boolean isHttpOnly = true;
+
+    public String getSecurityKey() {
+        return securityKey;
+    }
+
+    public void setSecurityKey(String securityKey) {
+        this.securityKey = securityKey;
+    }
+
+    public long getMaxSessionTimeOut() {
+        return maxSessionTimeOut;
+    }
+
+    public void setMaxSessionTimeOut(long maxSessionTimeOut) {
+        this.maxSessionTimeOut = maxSessionTimeOut;
+    }
+
+    public long getSessionIdleTimeOut() {
+        return sessionIdleTimeOut;
+    }
+
+    public void setSessionIdleTimeOut(long sessionIdleTimeOut) {
+        this.sessionIdleTimeOut = sessionIdleTimeOut;
+    }
+
+    public String getCookieName() {
+        return cookieName;
+    }
+
+    public void setCookieName(String cookieName) {
+        this.cookieName = cookieName;
+    }
+
+    public String getRedirectURL() {
+        return redirectURL;
+    }
+
+    public void setRedirectURL(String redirectURL) {
+        this.redirectURL = redirectURL;
+    }
+
+    public List<String> getExcludedUrls() {
+        return excludedUrls;
+    }
+
+    public void setExcludedUrls(List<String> excludedUrls) {
+        this.excludedUrls = excludedUrls;
+    }
+
+    public String getDomain() {
+        return domain;
+    }
+
+    public void setDomain(String domain) {
+        this.domain = domain;
+    }
+
+    public String getPath() {
+        return path;
+    }
+
+    public void setPath(String path) {
+        this.path = path;
+    }
+
+    public boolean isHttpOnly() {
+        return isHttpOnly;
+    }
+
+    public void setIsHttpOnly(boolean isHttpOnly) {
+        this.isHttpOnly = isHttpOnly;
+    }
+
+    public List<String> getOnboardingExcludedUrls() {
+        return onboardingExcludedUrls;
+    }
+
+    public void setOnboardingExcludedUrls(List<String> onboardingExcludedUrls) {
+        this.onboardingExcludedUrls = onboardingExcludedUrls;
+    }
+}
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java
new file mode 100644
index 0000000000..02ee236ae8
--- /dev/null
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java
@@ -0,0 +1,150 @@
+package org.openecomp.server.filters;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.onap.sdc.tosca.services.YamlUtil;
+import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
+import org.openecomp.sdc.securityutil.filters.SessionValidationFilter;
+import org.openecomp.server.configuration.CookieConfig;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
+import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException;
+
+import javax.servlet.http.Cookie;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class RestrictionAccessFilter extends SessionValidationFilter {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(RestrictionAccessFilter.class);
+    private static final String CONFIG_FILE_PROPERTY = "configuration.yaml";
+    private static final String CONFIG_SECTION = "authCookie";
+
+    private static class Configuration implements ISessionValidationFilterConfiguration {
+        private static Configuration instance;
+        private String securityKey;
+        private long maxSessionTimeOut;
+        private long sessionIdleTimeOut;
+        private String cookieName;
+        private String redirectURL;
+        private List<String> excludedUrls;
+        private String cookieDomain;
+        private String cookiePath;
+        private boolean isCookieHttpOnly;
+
+
+        private Configuration() {
+            try {
+
+                String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY),
+                        "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY);
+
+                Object config = getAuthenticationConfiguration(file);
+                ObjectMapper mapper = new ObjectMapper();
+                CookieConfig cookieConfig = mapper.convertValue(config, CookieConfig.class);
+                this.securityKey = cookieConfig.getSecurityKey();
+                this.maxSessionTimeOut = cookieConfig.getMaxSessionTimeOut();
+                this.sessionIdleTimeOut = cookieConfig.getSessionIdleTimeOut();
+                this.cookieName = cookieConfig.getCookieName();
+                this.redirectURL = cookieConfig.getRedirectURL();
+                this.excludedUrls = cookieConfig.getOnboardingExcludedUrls();
+                this.cookieDomain = cookieConfig.getDomain();
+                this.cookiePath = cookieConfig.getPath();
+                this.isCookieHttpOnly = cookieConfig.isHttpOnly();
+
+            } catch (Exception e) {
+                LOGGER.warn("Failed to load configuration. ", e);
+            }
+
+        }
+
+        public static Configuration getInstance() {
+            if (instance == null) {
+                instance = new Configuration();
+            }
+            return instance;
+        }
+
+        private static Object getAuthenticationConfiguration(String file) throws IOException {
+
+            Map<?, ?> configuration = Objects.requireNonNull(readConfigurationFile(file), "Configuration cannot be empty");
+            Object authenticationConfig = configuration.get(CONFIG_SECTION);
+            if (authenticationConfig == null) {
+                throw new EntryNotConfiguredException(CONFIG_SECTION + " section");
+            }
+
+            return authenticationConfig;
+        }
+
+        private static Map<?, ?> readConfigurationFile(String file) throws IOException {
+
+            try (InputStream fileInput = new FileInputStream(file)) {
+                YamlUtil yamlUtil = new YamlUtil();
+                return yamlUtil.yamlToMap(fileInput);
+            }
+        }
+
+        @Override
+        public String getSecurityKey() {
+            return securityKey;
+        }
+
+        @Override
+        public long getMaxSessionTimeOut() {
+            return maxSessionTimeOut;
+        }
+
+        @Override
+        public long getSessionIdleTimeOut() {
+            return sessionIdleTimeOut;
+        }
+
+        @Override
+        public String getCookieName() {
+            return cookieName;
+        }
+
+        @Override
+        public String getCookieDomain() {
+            return cookieDomain;
+        }
+
+        @Override
+        public String getCookiePath() {
+            return cookiePath;
+        }
+
+        @Override
+        public boolean isCookieHttpOnly() {
+            return isCookieHttpOnly;
+        }
+
+        @Override
+        public String getRedirectURL() {
+            return redirectURL;
+        }
+
+        @Override
+        public List<String> getExcludedUrls() {
+            return excludedUrls;
+        }
+    }
+
+    @Override
+    public ISessionValidationFilterConfiguration getFilterConfiguration() {
+        return Configuration.getInstance();
+    }
+
+    @Override
+    protected Cookie addRoleToCookie(Cookie cookie) {
+        return cookie;
+    }
+
+    @Override
+    protected boolean isRoleValid(Cookie cookie) {
+        return true;
+    }
+}
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
index b98ae4e82d..2b1b9893b3 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
@@ -53,6 +53,16 @@
     </filter>
 
     <filter>
+        <filter-name>RestrictionAccessFilter</filter-name>
+        <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class>
+        <async-supported>true</async-supported>
+    </filter>
+    <filter-mapping>
+        <filter-name>RestrictionAccessFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <filter>
         <filter-name>AuthN</filter-name>
         <filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class>
     </filter>