diff options
| author |   vasraz <vasyl.razinkov@est.tech> | 2021-10-21 17:32:16 +0100 |
|---|---|---|
| committer |   Michael Morris <michael.morris@est.tech> | 2021-11-15 11:50:33 +0000 |
| commit | b08ac296b31f001c946b1371f213ac302ff9c12e (patch) | |
| tree | 3be6bcc7c025a82ec15fc35061f5f0e7dc024aeb /utils | |
| parent | 7353fb39790b51c593cb0f72c6ab46d906758244 (diff) | |
Fix critical cross site scripting
Change-Id: I66a220f71a2e950055107a725191b46bcbe8c6a6
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3607
Issue-ID: SDC-3755
Diffstat (limited to 'utils')
7 files changed, 518 insertions, 546 deletions
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml index 02f2bdc22c..e9801c9402 100644 --- a/utils/webseal-simulator/pom.xml +++ b/utils/webseal-simulator/pom.xml @@ -1,273 +1,282 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - <modelVersion>4.0.0</modelVersion> - <artifactId>webseal-simulator</artifactId> - <packaging>war</packaging> + <modelVersion>4.0.0</modelVersion> + <artifactId>webseal-simulator</artifactId> + <packaging>war</packaging> - <parent> - <groupId>org.openecomp.sdc</groupId> - <artifactId>sdc-main</artifactId> - <version>1.10.0-SNAPSHOT</version> - <relativePath>../../</relativePath> - </parent> + <parent> + <groupId>org.openecomp.sdc</groupId> + <artifactId>sdc-main</artifactId> + <version>1.10.0-SNAPSHOT</version> + <relativePath>../../</relativePath> + </parent> - <properties> - <maven.build.timestamp.format>yyyyMMdd'T'HHmmss'Z'</maven.build.timestamp.format> - <nexus.proxy>https://nexus.onap.org</nexus.proxy> - <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <sonar.skip>true</sonar.skip> - </properties> + <properties> + <maven.build.timestamp.format>yyyyMMdd'T'HHmmss'Z'</maven.build.timestamp.format> + <nexus.proxy>https://nexus.onap.org</nexus.proxy> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <sonar.skip>true</sonar.skip> + </properties> - <dependencies> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - <version>2.5</version> - <scope>compile</scope> - </dependency> + <dependencies> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + <version>${javax.servlet.version}</version> + </dependency> - <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient</artifactId> - <version>${httpclient.version}</version> - </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>${httpclient.version}</version> + </dependency> - <dependency> - <groupId>commons-logging</groupId> - <artifactId>commons-logging-api</artifactId> - <version>1.0.4</version> - </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging-api</artifactId> + <version>1.0.4</version> + </dependency> - <dependency> - <groupId>commons-io</groupId> - <artifactId>commons-io</artifactId> - <version>${commons.io.version}</version> - </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>${commons.io.version}</version> + </dependency> - <dependency> - <groupId>commons-codec</groupId> - <artifactId>commons-codec</artifactId> - <version>${commons-codec}</version> - <scope>compile</scope> - </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>${commons-codec}</version> + <scope>compile</scope> + </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-proxy</artifactId> - <version>${jetty.version}</version> - <scope>compile</scope> - <exclusions> - <exclusion> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-http</artifactId> - </exclusion> - </exclusions> - </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-proxy</artifactId> + <version>${jetty.version}</version> + <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-http</artifactId> + </exclusion> + </exclusions> + </dependency> - <dependency> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-servlets</artifactId> - <version>${jetty.version}</version> - <scope>compile</scope> - <exclusions> - <exclusion> - <groupId>org.eclipse.jetty</groupId> - <artifactId>jetty-http</artifactId> - </exclusion> - </exclusions> - </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-servlets</artifactId> + <version>${jetty.version}</version> + <scope>compile</scope> + <exclusions> + <exclusion> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-http</artifactId> + </exclusion> + </exclusions> + </dependency> - <!-- Proxy servlet --> - <dependency> - <groupId>com.typesafe</groupId> - <artifactId>config</artifactId> - <version>1.0.2</version> - <scope>compile</scope> - </dependency> - <dependency> - <groupId>org.openecomp.sdc</groupId> - <artifactId>openecomp-sdc-logging-api</artifactId> - <version>${project.version}</version> - </dependency> + <!-- Proxy servlet --> + <dependency> + <groupId>com.typesafe</groupId> + <artifactId>config</artifactId> + <version>1.0.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.openecomp.sdc</groupId> + <artifactId>openecomp-sdc-logging-api</artifactId> + <version>${project.version}</version> + <exclusions> + <exclusion> + <groupId>org.powermock</groupId> + <artifactId>powermock-module-junit4</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> - </dependencies> - <build> - <finalName>WSSimulator-${project.version}</finalName> - <plugins> - <plugin> - <groupId>com.github.sylvainlaurent.maven</groupId> - <artifactId>yaml-json-validator-maven-plugin</artifactId> - <executions> - <execution> - <id>validate</id> - <phase>validate</phase> - <goals> - <goal>validate</goal> - </goals> - <configuration> - <validationSets> - <validationSet> - <includes> - <include>src/main/resources/**/*.y*ml</include> - <include>src/test/resources/**/*.y*ml</include> - </includes> - </validationSet> - <validationSet> - <includes> - <include>src/main/resources/**/*.json</include> - <include>src/test/resources/**/*.json</include> - </includes> - </validationSet> - </validationSets> - <skip>${skipYamlJsonValidator}</skip> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> + <build> + <finalName>WSSimulator-${project.version}</finalName> + <plugins> + <plugin> + <groupId>com.github.sylvainlaurent.maven</groupId> + <artifactId>yaml-json-validator-maven-plugin</artifactId> + <executions> + <execution> + <id>validate</id> + <phase>validate</phase> + <goals> + <goal>validate</goal> + </goals> + <configuration> + <validationSets> + <validationSet> + <includes> + <include>src/main/resources/**/*.y*ml</include> + <include>src/test/resources/**/*.y*ml</include> + </includes> + </validationSet> + <validationSet> + <includes> + <include>src/main/resources/**/*.json</include> + <include>src/test/resources/**/*.json</include> + </includes> + </validationSet> + </validationSets> + <skip>${skipYamlJsonValidator}</skip> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> - <repositories> - <!-- LF repositories --> - <repository> - <id>ecomp-releases</id> - <name>Release Repository</name> - <url>${nexus.proxy}/content/repositories/releases/</url> - </repository> - <repository> - <id>ecomp-snapshots</id> - <name>Snapshots Repository</name> - <url>${nexus.proxy}/content/repositories/snapshots/</url> - </repository> - <repository> - <id>ecomp-public</id> - <name>Public Repository</name> - <url>${nexus.proxy}/content/repositories/public/</url> - </repository> - <!-- LF repositories END--> - </repositories> + <repositories> + <!-- LF repositories --> + <repository> + <id>ecomp-releases</id> + <name>Release Repository</name> + <url>${nexus.proxy}/content/repositories/releases/</url> + </repository> + <repository> + <id>ecomp-snapshots</id> + <name>Snapshots Repository</name> + <url>${nexus.proxy}/content/repositories/snapshots/</url> + </repository> + <repository> + <id>ecomp-public</id> + <name>Public Repository</name> + <url>${nexus.proxy}/content/repositories/public/</url> + </repository> + <!-- LF repositories END--> + </repositories> - <profiles> - <profile> - <id>docker</id> - <activation> - <activeByDefault>false</activeByDefault> - </activation> - <build> - <plugins> + <profiles> + <profile> + <id>docker</id> + <activation> + <activeByDefault>false</activeByDefault> + </activation> + <build> + <plugins> - <plugin> - <artifactId>maven-clean-plugin</artifactId> - <version>3.0.0</version> - <executions> - <execution> - <id>clean-static-files</id> - <phase>clean</phase> - <goals> - <goal>clean</goal> - </goals> - <configuration> - <filesets> - <fileset> - <directory>${project.basedir}/sdc-simulator</directory> - <includes> - <include>*.war</include> - </includes> - <followSymlinks>false</followSymlinks> - </fileset> - </filesets> - </configuration> - </execution> - </executions> - </plugin> + <plugin> + <artifactId>maven-clean-plugin</artifactId> + <version>3.0.0</version> + <executions> + <execution> + <id>clean-static-files</id> + <phase>clean</phase> + <goals> + <goal>clean</goal> + </goals> + <configuration> + <filesets> + <fileset> + <directory>${project.basedir}/sdc-simulator</directory> + <includes> + <include>*.war</include> + </includes> + <followSymlinks>false</followSymlinks> + </fileset> + </filesets> + </configuration> + </execution> + </executions> + </plugin> - <plugin> - <artifactId>maven-resources-plugin</artifactId> - <executions> - <execution> - <id>copy-resources-simulator</id> - <phase>verify</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${project.basedir}/sdc-simulator</outputDirectory> - <resources> - <resource> - <directory>${project.basedir}/target</directory> - <includes> - <include>WSSimulator*.war</include> - </includes> - </resource> - </resources> - </configuration> - </execution> - </executions> - </plugin> + <plugin> + <artifactId>maven-resources-plugin</artifactId> + <executions> + <execution> + <id>copy-resources-simulator</id> + <phase>verify</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <outputDirectory>${project.basedir}/sdc-simulator + </outputDirectory> + <resources> + <resource> + <directory>${project.basedir}/target</directory> + <includes> + <include>WSSimulator*.war</include> + </includes> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - <configuration> - <verbose>${verbose}</verbose> - <apiVersion>${docker.api.version}</apiVersion> - <registry>nexus3.onap.org:10001</registry> - <authConfig> - <pull> - <username>docker</username> - <password>docker</password> - </pull> - </authConfig> - <images> - <!-- Build simulator image --> - <image> - <name>onap/sdc-simulator</name> - <alias>sdc-simulator</alias> - <build> - <cleanup>try</cleanup> - <dockerFileDir>${basedir}${file.separator}sdc-simulator</dockerFileDir> - <tags> - <tag>latest</tag> - <tag> - ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-STAGING-latest - </tag> - <tag>${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-${maven.build.timestamp}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <executions> - <execution> - <id>clean-images</id> - <phase>pre-clean</phase> - <goals> - <goal>remove</goal> - </goals> - </execution> - <execution> - <id>generate-images</id> - <phase>install</phase> - <goals> - <goal>build</goal> - </goals> - </execution> - <execution> - <id>push-images</id> - <phase>deploy</phase> - <goals> - <goal>push</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> + <plugin> + <groupId>io.fabric8</groupId> + <artifactId>docker-maven-plugin</artifactId> + <configuration> + <verbose>${verbose}</verbose> + <apiVersion>${docker.api.version}</apiVersion> + <registry>nexus3.onap.org:10001</registry> + <authConfig> + <pull> + <username>docker</username> + <password>docker</password> + </pull> + </authConfig> + <images> + <!-- Build simulator image --> + <image> + <name>onap/sdc-simulator</name> + <alias>sdc-simulator</alias> + <build> + <cleanup>try</cleanup> + <dockerFileDir>${basedir}${file.separator}sdc-simulator + </dockerFileDir> + <tags> + <tag>latest</tag> + <tag> + ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-STAGING-latest + </tag> + <tag> + ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-${maven.build.timestamp} + </tag> + </tags> + </build> + </image> + </images> + </configuration> + <executions> + <execution> + <id>clean-images</id> + <phase>pre-clean</phase> + <goals> + <goal>remove</goal> + </goals> + </execution> + <execution> + <id>generate-images</id> + <phase>install</phase> + <goals> + <goal>build</goal> + </goals> + </execution> + <execution> + <id>push-images</id> + <phase>deploy</phase> + <goals> + <goal>push</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + </profiles> </project> diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb index 4cdd4fbfba..f6e634481f 100644 --- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb +++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb @@ -10,14 +10,6 @@ lastName="Santana" role="Designer" email="csantana@sdc.com" - }, - { - userId="op0001" - password="123123a" - firstName="Aretha" - lastName="Franklin" - role="Ops" - email="afranklin@sdc.com" }, { userId="jh0003" @@ -34,14 +26,6 @@ lastName="Depp" role="Tester" email="tester@sdc.com" - }, - { - userId="gv0001" - password="123123a" - firstName="David" - lastName="Shadmi" - role="Governor" - email="governor@sdc.com" } ] } diff --git a/utils/webseal-simulator/sdc-simulator/startup.sh b/utils/webseal-simulator/sdc-simulator/startup.sh index e8774be9f0..49fdf3ef16 100644 --- a/utils/webseal-simulator/sdc-simulator/startup.sh +++ b/utils/webseal-simulator/sdc-simulator/startup.sh @@ -1,14 +1,13 @@ #!/bin/sh JAVA_OPTIONS=" $JAVA_OPTIONS \ - -Xdebug -agentlib:jdwp=transport=dt_socket,address=5000,server=y,suspend=n -Xmx128m -Xms128m -Xss1m \ - -Dconfig.home=$JETTY_BASE/config/sdc-simulator \ - -Dlog.home=$JETTY_BASE/logs \ - -Dlogback.configurationFile=$JETTY_BASE/config/sdc-simulator/logback.xml \ - -Djavax.net.ssl.trustStore=$JETTY_BASE/etc/org.onap.sdc.trust.jks \ - -Djavax.net.ssl.trustStorePassword=z+KEj;t+,KN^iimSiS89e#p0 \ - -Djetty.console-capture.dir=$JETTY_BASE/logs" - + -Xdebug -agentlib:jdwp=transport=dt_socket,address=*:5000,server=y,suspend=n -Xmx128m -Xms128m -Xss1m \ + -Dconfig.home=$JETTY_BASE/config/sdc-simulator \ + -Dlog.home=$JETTY_BASE/logs \ + -Dlogback.configurationFile=$JETTY_BASE/config/sdc-simulator/logback.xml \ + -Djavax.net.ssl.trustStore=$JETTY_BASE/etc/org.onap.sdc.trust.jks \ + -Djavax.net.ssl.trustStorePassword=z+KEj;t+,KN^iimSiS89e#p0 \ + -Djetty.console-capture.dir=$JETTY_BASE/logs" cd $JETTY_BASE/chef-solo chef-solo -c solo.rb -E ${ENVNAME} @@ -16,4 +15,3 @@ chef-solo -c solo.rb -E ${ENVNAME} cd $JETTY_HOME java $JAVA_OPTIONS -jar "${JETTY_HOME}/start.jar" - diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java index 3d4e772006..32d8c2916d 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,149 +20,137 @@ package org.openecomp.sdc.webseal.simulator; -import org.openecomp.sdc.webseal.simulator.conf.Conf; - -import javax.servlet.ServletConfig; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Collection; +import java.util.Iterator; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Collection; -import java.util.Iterator; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; +import org.openecomp.sdc.webseal.simulator.conf.Conf; public class Login extends HttpServlet { - private static final long serialVersionUID = 1L; - - @Override - public void init(final ServletConfig config) throws ServletException { - super.init(config); - } - - @Override - protected void doGet(final HttpServletRequest request, final HttpServletResponse response) - throws ServletException, IOException { - - if (null != request.getParameter("userId")) { - doPost(request, response); - return; - } - System.out.println("about to build login page"); - response.setContentType("text/html"); - PrintWriter writer = response.getWriter(); - - Collection<User> allUsers = Conf.getInstance().getUsers().values(); - writer.println("<html>"); - - writer.println("<head>"); - writer.println("<style>"); - writer.println("body {padding: 40px; font-family: Arial; font-size: 14px;}"); - writer.println("h1 {background-color: #DDDDDD; padding: 4px 10px;}"); - writer.println("h2 {margin-top: 20px;}"); - writer.println(".label {width: 100px; float:left;}"); - writer.println(".break {display: block; margin-bottom: 10px;}"); - writer.println("tr {padding: 4px 10px;}"); - writer.println("th {padding: 4px 10px; text-align: left; background-color: #dddddd;}"); - writer.println("td {padding: 4px 10px; text-align: left;}"); - writer.println("</style>"); - writer.println("</head>"); - - writer.println("<body>"); - - writer.println("<h1>Webseal simulator</h1>"); - writer.println("<h2>Login:</h2>"); - - writer.println("<form action=\"\" method=\"post\">"); - writer.println(" <div class='label'>User id:</div>"); - writer.println(" <input type='text' name='userId'>"); - writer.println(" <div class='break'></div>"); - - writer.println(" <div class='label'>Password:</div>"); - writer.println(" <input type='password' name='password'>"); - writer.println(" <div class='break'></div>"); - - writer.println(" <input type='submit' value='Login'>"); - writer.println(" <label name='message'></label>"); - writer.println("</form>"); - - writer.println("<hr/>"); - writer.println("<h2>Quick links:</h2>"); - writer.println("<table>"); - writer.println("<tr>"); - writer.println("<th>full name</th>"); - writer.println("<th>user id</th>"); - writer.println("<th>role</th>"); - writer.println("<th>action</th>"); - writer.println("</tr>"); - Iterator<User> iterator = allUsers.iterator(); - while (iterator.hasNext()) { - User user = iterator.next(); - writer.println("<tr>"); - writer.println("<td>" + user.getUserRef() + "</td>"); - writer.println("<td>" + user.getUserId() + "</td>"); - writer.println("<td>" + user.getRole() + "</td>"); - writer.println("<td>" + user.getUserCreateRef() + "</td>"); - writer.println("</tr>"); - } - writer.println("</table>"); - - writer.println("<a href='create?all=true' target='resultFrame'>Create All</a>"); - writer.println("<hr/><iframe name='resultFrame' width='400' height='300'></iframe>"); - - writer.println("</body>"); - writer.println("</html>"); - - } - - public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - - String userId = request.getParameter("userId"); - String password = request.getParameter("password"); - request.setAttribute("message", "OK"); - - System.out.println("Login -> doPost userId=" + userId); - User user = getUser(userId, password); - if (user == null) { - response.sendError(500, "ERROR: userId or password incorrect"); -// doGet(request, response); - } else { - System.out.println("Login -> doPost redirect to /sdc1 (to proxy)"); - Cookie cookieUser = new Cookie("HTTP_IV_USER", user.getUserId()); - Cookie cookieUserId = new Cookie("USER_ID", user.getUserId()); - Cookie cookieFirstName = new Cookie("HTTP_CSP_FIRSTNAME", user.getFirstName()); - Cookie cookieEmail = new Cookie("HTTP_CSP_EMAIL", user.getEmail()); - Cookie cookieLastName = new Cookie("HTTP_CSP_LASTNAME", user.getLastName()); - Cookie cookieRemoteAddress = new Cookie("HTTP_IV_REMOTE_ADDRESS", "0.0.0.0"); - Cookie cookieWsType = new Cookie("HTTP_CSP_WSTYPE", "Intranet"); - response.addCookie(cookieUser); - response.addCookie(cookieUserId); - response.addCookie(cookieFirstName); - response.addCookie(cookieEmail); - response.addCookie(cookieLastName); - response.addCookie(cookieRemoteAddress); - response.addCookie(cookieWsType); - response.addCookie(new Cookie(Conf.getInstance().getPortalCookieName(), "portal")); - response.sendRedirect("/sdc1"); - } - - } - - private User getUser(String userId, String password) { - User user = Conf.getInstance().getUsers().get(userId); - if (user == null) { - return null; - } - if (!password.equals(user.getPassword())) { - return null; - } - return user; - } - - @Override - public String getServletInfo() { - return "Http Proxy Servlet"; - } + private static final long serialVersionUID = 1L; + private static final Logger logger = LoggerFactory.getLogger(Login.class); + + @Override + protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException { + + if (null != request.getParameter("userId")) { + doPost(request, response); + return; + } + logger.info("about to build login page"); + response.setContentType("text/html"); + PrintWriter writer = response.getWriter(); + + Collection<User> allUsers = Conf.getInstance().getUsers().values(); + writer.println("<html>"); + + writer.println("<head>"); + writer.println("<style>"); + writer.println("body {padding: 40px; font-family: Arial; font-size: 14px;}"); + writer.println("h1 {background-color: #DDDDDD; padding: 4px 10px;}"); + writer.println("h2 {margin-top: 20px;}"); + writer.println(".label {width: 100px; float:left;}"); + writer.println(".break {display: block; margin-bottom: 10px;}"); + writer.println("tr {padding: 4px 10px;}"); + writer.println("th {padding: 4px 10px; text-align: left; background-color: #dddddd;}"); + writer.println("td {padding: 4px 10px; text-align: left;}"); + writer.println("</style>"); + writer.println("</head>"); + + writer.println("<body>"); + + writer.println("<h1>Webseal simulator</h1>"); + writer.println("<h2>Login:</h2>"); + + writer.println("<form action=\"\" method=\"post\">"); + writer.println(" <div class='label'>User id:</div>"); + writer.println(" <input type='text' name='userId'>"); + writer.println(" <div class='break'></div>"); + + writer.println(" <div class='label'>Password:</div>"); + writer.println(" <input type='password' name='password'>"); + writer.println(" <div class='break'></div>"); + + writer.println(" <input type='submit' value='Login'>"); + writer.println(" <label name='message'></label>"); + writer.println("</form>"); + + writer.println("<hr/>"); + writer.println("<h2>Quick links:</h2>"); + writer.println("<table>"); + writer.println("<tr>"); + writer.println("<th>full name</th>"); + writer.println("<th>user id</th>"); + writer.println("<th>role</th>"); + writer.println("<th>action</th>"); + writer.println("</tr>"); + Iterator<User> iterator = allUsers.iterator(); + while (iterator.hasNext()) { + User user = iterator.next(); + writer.println("<tr>"); + writer.println("<td>" + user.getUserRef() + "</td>"); + writer.println("<td>" + user.getUserId() + "</td>"); + writer.println("<td>" + user.getRole() + "</td>"); + writer.println("<td>" + user.getUserCreateRef() + "</td>"); + writer.println("</tr>"); + } + writer.println("</table>"); + + writer.println("<a href='create?all=true' target='resultFrame'>Create All</a>"); + writer.println("<hr/><iframe name='resultFrame' width='400' height='300'></iframe>"); + + writer.println("</body>"); + writer.println("</html>"); + + } + + @Override + public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + + String userId = request.getParameter("userId"); + String password = request.getParameter("password"); + request.setAttribute("message", "OK"); + + logger.info("Login -> doPost userId={}", userId); + User user = getUser(userId, password); + if (user == null) { + response.sendError(500, "ERROR: userId or password incorrect"); + } else { + logger.info("Login -> doPost redirect to /sdc1 (to proxy)"); + response.addCookie(new Cookie("HTTP_IV_USER", user.getUserId())); + response.addCookie(new Cookie("USER_ID", user.getUserId())); + response.addCookie(new Cookie("HTTP_CSP_FIRSTNAME", user.getFirstName())); + response.addCookie(new Cookie("HTTP_CSP_EMAIL", user.getEmail())); + response.addCookie(new Cookie("HTTP_CSP_LASTNAME", user.getLastName())); + response.addCookie(new Cookie("HTTP_IV_REMOTE_ADDRESS", "0.0.0.0")); + response.addCookie(new Cookie("HTTP_CSP_WSTYPE", "Intranet")); + response.addCookie(new Cookie(Conf.getInstance().getPortalCookieName(), "portal")); + response.sendRedirect("/sdc1"); + } + + } + + private User getUser(String userId, String password) { + User user = Conf.getInstance().getUsers().get(userId); + if (user == null) { + return null; + } + if (!password.equals(user.getPassword())) { + return null; + } + return user; + } + + @Override + public String getServletInfo() { + return "Http Proxy Servlet"; + } } diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java index ea4203dcc1..51d6796c4c 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,8 +20,43 @@ package org.openecomp.sdc.webseal.simulator; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.UnsupportedEncodingException; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLEncoder; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Enumeration; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.zip.GZIPInputStream; +import javax.net.ssl.SSLContext; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import lombok.AllArgsConstructor; +import lombok.Getter; import org.apache.http.Header; -import org.apache.http.client.methods.*; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpDelete; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.methods.HttpPut; +import org.apache.http.client.methods.HttpRequestBase; +import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.socket.ConnectionSocketFactory; @@ -35,54 +70,31 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.ssl.SSLContextBuilder; -import org.openecomp.sdc.logging.api.Logger; -import org.openecomp.sdc.logging.api.LoggerFactory; import org.openecomp.sdc.webseal.simulator.conf.Conf; -import javax.net.ssl.SSLContext; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletInputStream; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.UnsupportedEncodingException; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.URLEncoder; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.util.*; -import java.util.stream.Collectors; -import java.util.zip.GZIPInputStream; - public class SdcProxy extends HttpServlet { private static final long serialVersionUID = 1L; - private static URL url; + private static final Set<String> RESERVED_HEADERS = + Arrays.stream(ReservedHeaders.values()).map(ReservedHeaders::getValue).collect(Collectors.toSet()); + private static final String USER_ID = "USER_ID"; + private static final String HTTP_IV_USER = "HTTP_IV_USER"; + private static final String SDC1 = "/sdc1"; + private static final String ONBOARDING = "/onboarding/"; + private static final String SCRIPTS = "/scripts"; + private static final String STYLES = "/styles"; + private static final String LANGUAGES = "/languages"; + private static final String CONFIGURATIONS = "/configurations"; + private URL url; private CloseableHttpClient httpClient; private Conf conf; - private final String SDC1 = "/sdc1"; - private final String ONBOARDING = "/onboarding/"; - private final String SCRIPTS = "/scripts"; - private final String STYLES = "/styles"; - private final String LANGUAGES = "/languages"; - private final String CONFIGURATIONS = "/configurations"; - private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet()); - - private static final Logger logger = LoggerFactory.getLogger(SdcProxy.class); + @Override public void init(ServletConfig config) throws ServletException { super.init(config); conf = Conf.getInstance(); try { - String feHost = conf.getFeHost(); - url = new URL(feHost); + url = new URL(conf.getFeHost()); } catch (MalformedURLException me) { throw new ServletException("Proxy URL is invalid", me); } @@ -94,10 +106,12 @@ public class SdcProxy extends HttpServlet { } } + @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { proxy(request, response, MethodEnum.GET); } + @Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String userId = request.getParameter("userId"); @@ -105,7 +119,7 @@ public class SdcProxy extends HttpServlet { // Already sign-in if (userId == null) { - userId = request.getHeader("USER_ID"); + userId = request.getHeader(USER_ID); } System.out.println("SdcProxy -> doPost userId=" + userId); @@ -117,25 +131,25 @@ public class SdcProxy extends HttpServlet { view.forward(mutableRequest, response); } else { System.out.println("SdcProxy -> doPost going to doGet"); - request.setAttribute("HTTP_IV_USER", userId); + request.setAttribute(HTTP_IV_USER, userId); proxy(request, response, MethodEnum.POST); } } + @Override public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { proxy(request, response, MethodEnum.PUT); } + @Override public void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { proxy(request, response, MethodEnum.DELETE); } - private synchronized void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException, UnsupportedEncodingException { + private synchronized void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException { Map<String, String[]> requestParameters = request.getParameterMap(); String userIdHeader = getUseridFromRequest(request); - User user = getUser(userIdHeader); - // new request - forward to login page if (userIdHeader == null) { System.out.print("Going to login"); @@ -143,17 +157,19 @@ public class SdcProxy extends HttpServlet { return; } + final User user = getUser(userIdHeader); + String uri = getUri(request, requestParameters); HttpRequestBase httpMethod = createHttpMethod(request, methodEnum, uri); addHeadersToMethod(httpMethod, user, request); - try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)){; + try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)) { response.setStatus(closeableHttpResponse.getStatusLine().getStatusCode()); if (request.getRequestURI().indexOf(".svg") > -1) { response.setContentType("image/svg+xml"); } - if(closeableHttpResponse.getEntity() != null) { + if (closeableHttpResponse.getEntity() != null) { InputStream responseBodyStream = closeableHttpResponse.getEntity().getContent(); Header contentEncodingHeader = closeableHttpResponse.getLastHeader("Content-Encoding"); if (contentEncodingHeader != null && contentEncodingHeader.getValue().equalsIgnoreCase("gzip")) { @@ -194,8 +210,7 @@ public class SdcProxy extends HttpServlet { suffix = alignUrlProxy(suffix); } StringBuilder query = alignUrlParameters(requestParameters); - String uri = String.format("%s%s", new Object[]{this.url.toString() + suffix, query.toString()}); - return uri; + return String.format("%s%s", url.toString() + suffix, query.toString()); } private HttpRequestBase createHttpMethod(HttpServletRequest request, MethodEnum methodEnum, String uri) throws IOException { @@ -228,20 +243,20 @@ public class SdcProxy extends HttpServlet { private ContentType getContentType(HttpServletRequest request) { String contentTypeStr = request.getContentType(); - if (contentTypeStr == null ){ - contentTypeStr = request.getHeader("contentType"); - } + if (contentTypeStr == null) { + contentTypeStr = request.getHeader("contentType"); + } ContentType contentType = ContentType.parse(contentTypeStr); return ContentType.create(contentType.getMimeType()); } private String getUseridFromRequest(HttpServletRequest request) { - String userIdHeader = request.getHeader("USER_ID"); + String userIdHeader = request.getHeader(USER_ID); if (userIdHeader != null) { return userIdHeader; } - Object o = request.getAttribute("HTTP_IV_USER"); + Object o = request.getAttribute(HTTP_IV_USER); if (o != null) { return o.toString(); } @@ -249,7 +264,7 @@ public class SdcProxy extends HttpServlet { if (cookies != null) { for (int i = 0; i < cookies.length; ++i) { - if (cookies[i].getName().equals("USER_ID")) { + if (cookies[i].getName().equals(USER_ID)) { userIdHeader = cookies[i].getValue(); } } @@ -257,7 +272,7 @@ public class SdcProxy extends HttpServlet { return userIdHeader; } - private static void addHeadersToMethod(HttpUriRequest proxyMethod, User user, HttpServletRequest request) { + private void addHeadersToMethod(HttpUriRequest proxyMethod, User user, HttpServletRequest request) { proxyMethod.setHeader(ReservedHeaders.HTTP_IV_USER.name(), user.getUserId()); proxyMethod.setHeader(ReservedHeaders.USER_ID.name(), user.getUserId()); @@ -266,19 +281,19 @@ public class SdcProxy extends HttpServlet { proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_LASTNAME.name(), user.getLastName()); proxyMethod.setHeader(ReservedHeaders.HTTP_IV_REMOTE_ADDRESS.name(), "0.0.0.0"); proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_WSTYPE.name(), "Intranet"); - proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_EMAIL.name(), "me@mail.com"); - - Enumeration<String> headerNames = request.getHeaderNames(); - while (headerNames.hasMoreElements()) { - String headerName = headerNames.nextElement(); - if (!RESERVED_HEADERS.contains(headerName)) { - Enumeration<String> headers = request.getHeaders(headerName); - while (headers.hasMoreElements()) { - String headerValue = headers.nextElement(); - proxyMethod.setHeader(headerName, headerValue); - } - } - } + proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_EMAIL.name(), "me@mail.com"); + + Enumeration<String> headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String headerName = headerNames.nextElement(); + if (!RESERVED_HEADERS.contains(headerName)) { + Enumeration<String> headers = request.getHeaders(headerName); + while (headers.hasMoreElements()) { + String headerValue = headers.nextElement(); + proxyMethod.setHeader(headerName, headerValue); + } + } + } } private String alignUrlProxy(String requestURI) { @@ -301,19 +316,16 @@ public class SdcProxy extends HttpServlet { return SDC1 + requestURI; } - private static StringBuilder alignUrlParameters(Map<String, String[]> requestParameters) throws UnsupportedEncodingException { - StringBuilder query = new StringBuilder(); - for (String name : requestParameters.keySet()) { - for (String value : (String[]) requestParameters.get(name)) { + private StringBuilder alignUrlParameters(Map<String, String[]> requestParameters) throws UnsupportedEncodingException { + final var query = new StringBuilder(); + for (final Entry<String, String[]> entry : requestParameters.entrySet()) { + for (final String value : entry.getValue()) { if (query.length() == 0) { query.append("?"); } else { query.append("&"); } - name = URLEncoder.encode(name, "UTF-8"); - value = URLEncoder.encode(value, "UTF-8"); - - query.append(String.format("&%s=%s", new Object[]{name, value})); + query.append(String.format("&%s=%s", URLEncoder.encode(entry.getKey(), "UTF-8"), URLEncoder.encode(value, "UTF-8"))); } } return query; @@ -327,38 +339,36 @@ public class SdcProxy extends HttpServlet { outputStream.flush(); } + @Override public String getServletInfo() { return "Http Proxy Servlet"; } - enum ReservedHeaders { - HTTP_IV_USER("HTTP_IV_USER"), USER_ID("USER_ID"), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL("HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE("HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length"); - - private String value; - - ReservedHeaders(String value) { - this.value = value; - } - - public String getValue() { - return value; - } - } - - - private static CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException { - SSLContextBuilder builder = new SSLContextBuilder(); + private CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException { + final var builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContext.getDefault(), - NoopHostnameVerifier.INSTANCE); + NoopHostnameVerifier.INSTANCE); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() - .register("http", new PlainConnectionSocketFactory()) - .register("https", sslsf) - .build(); + .register("http", new PlainConnectionSocketFactory()) + .register("https", sslsf) + .build(); PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry); return HttpClients.custom() - .setSSLSocketFactory(sslsf) - .setConnectionManager(cm) - .build(); + .setSSLSocketFactory(sslsf) + .setConnectionManager(cm) + .build(); + } + + @AllArgsConstructor + @Getter + enum ReservedHeaders { + HTTP_IV_USER(SdcProxy.HTTP_IV_USER), USER_ID(SdcProxy.USER_ID), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL( + "HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE( + "HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length"); + + private final String value; + } + } diff --git a/utils/webseal-simulator/src/main/resources/webseal.conf b/utils/webseal-simulator/src/main/resources/webseal.conf index 7065725ab1..c711a73113 100644 --- a/utils/webseal-simulator/src/main/resources/webseal.conf +++ b/utils/webseal-simulator/src/main/resources/webseal.conf @@ -11,14 +11,6 @@ email="csantana@sdc.com" }, { - userId="op0001" - password="123123a" - firstName="Aretha" - lastName="Franklin" - role="Ops" - email="afranklin@sdc.com" - }, - { userId="jh0003" password="123123a" firstName="Jimmy" @@ -35,14 +27,6 @@ email="tester@sdc.com" }, { - userId="gv0001" - password="123123a" - firstName="David" - lastName="Shadmi" - role="Governor" - email="governor@sdc.com" - }, - { userId="pm0001" password="123123a" firstName="Teddy" diff --git a/utils/webseal-simulator/src/main/webapp/login.html b/utils/webseal-simulator/src/main/webapp/login.html index 2f6a324fcf..4d9eccb670 100644 --- a/utils/webseal-simulator/src/main/webapp/login.html +++ b/utils/webseal-simulator/src/main/webapp/login.html @@ -1,5 +1,5 @@ <!-- - ~ Copyright © 2016-2018 European Support Limited + ~ Copyright (C) 2016-2018 European Support Limited ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. @@ -13,22 +13,21 @@ ~ See the License for the specific language governing permissions and ~ limitations under the License. --> - -<html> + +<!DOCTYPE html> +<html lang="en"> +<head><title>Login page</title></head> <body> Login - - <form action="access" method="post"> - UserId:<br> - <input type="text" name="userId" > - <br> - PASSWORD:<br> - <input type="password" name="password" > - <br><br> - <input type="submit" value="Submit"> - - <label name="message"/> + <label>UserId:<br> + <input type="text" name="userId"> + </label> + <label>PASSWORD:<br> + <input type="password" name="password"> + </label> + <input type="submit" value="Submit"> + + <label name="message"></label> </form> </body> -</html>
\ No newline at end of file |