diff options
Diffstat (limited to 'catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java')
-rw-r--r-- | catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java | 212 |
1 files changed, 93 insertions, 119 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java index 18c6a645c4..64b8cb1e69 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java @@ -17,9 +17,20 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.fe.servlets; +import java.io.IOException; +import java.util.Enumeration; +import java.util.List; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.core.Context; import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; import org.onap.portalsdk.core.onboarding.util.CipherUtil; import org.onap.sdc.security.AuthenticationCookie; @@ -31,32 +42,51 @@ import org.openecomp.sdc.fe.config.Configuration; import org.openecomp.sdc.fe.config.ConfigurationManager; import org.openecomp.sdc.fe.config.FeEcompErrorManager; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.core.Context; -import java.io.IOException; -import java.util.Enumeration; -import java.util.List; - /** * Root resource (exposed at "/" path) */ @Path("/") public class PortalServlet extends HttpServlet { - private static Logger log = Logger.getLogger(PortalServlet.class.getName()); - private static final long serialVersionUID = 1L; - public static final String MISSING_HEADERS_MSG = "Missing Headers In Request"; + private static final long serialVersionUID = 1L; private static final String AUTHORIZATION_ERROR_MSG = "Autherization error"; private static final String NEW_LINE = System.getProperty("line.separator"); + private static Logger log = Logger.getLogger(PortalServlet.class.getName()); + + private static String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException { + String userId = ""; + Cookie[] cookies = request.getCookies(); + Cookie userIdcookie = null; + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(Constants.ECOMP_PORTAL_COOKIE)) { + userIdcookie = cookie; + } + } + } + if (userIdcookie != null) { + userId = CipherUtil.decrypt(userIdcookie.getValue()); + } + return userId; + } + private static String getValueFromCookie(HttpServletRequest request, String cookieName) { + String value = ""; + Cookie[] cookies = request.getCookies(); + Cookie valueFromCookie = null; + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().endsWith(cookieName)) { + valueFromCookie = cookie; + } + } + } + if (valueFromCookie != null) { + value = valueFromCookie.getValue(); + } + return value; + } /** * Entry point from ECOMP portal @@ -74,24 +104,20 @@ public class PortalServlet extends HttpServlet { } /** - * Building new HTTP request and setting headers for the request The request - * will dispatch to index.html + * Building new HTTP request and setting headers for the request The request will dispatch to index.html * * @param request * @param response * @throws ServletException * @throws IOException */ - private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException { - + private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response) + throws ServletException, IOException { response.setContentType("text/html"); - // Create new request object to dispatch MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request); - // Get configuration object (reads data from configuration.yaml) Configuration configuration = getConfiguration(request); - // Check if we got header from webseal String userId = request.getHeader(Constants.WEBSEAL_USER_ID_HEADER); if (null == userId) { @@ -108,49 +134,43 @@ public class PortalServlet extends HttpServlet { log.error("Error during adding request header", e); } } - // Replace webseal header with open source header mutableRequest.putHeader(Constants.USER_ID, userId); - - - - - // Getting identification headers from configuration.yaml + // (identificationHeaderFields) and setting them to new request + // mutableRequest List<List<String>> identificationHeaderFields = configuration.getIdentificationHeaderFields(); for (List<String> possibleHeadersToRecieve : identificationHeaderFields) { String allowedHeaderToPass = possibleHeadersToRecieve.get(0); setNewHeader(possibleHeadersToRecieve, allowedHeaderToPass, request, mutableRequest); } - // Getting optional headers from configuration.yaml + // (optionalHeaderFields) and setting them to new request mutableRequest List<List<String>> optionalHeaderFields = configuration.getOptionalHeaderFields(); for (List<String> possibleHeadersToRecieve : optionalHeaderFields) { String allowedHeaderToPass = possibleHeadersToRecieve.get(0); setNewHeader(possibleHeadersToRecieve, allowedHeaderToPass, request, mutableRequest); } - // Print headers from original request for debug purposes printHeaders(request); - // In case using webseal, validate all mandatory headers (identificationHeaderFields) are included in the new request (mutableRequest). + // Via ecomp portal do not need to check the headers. boolean allHeadersExist = true; if (null != request.getHeader(Constants.WEBSEAL_USER_ID_HEADER)) { allHeadersExist = checkHeaders(mutableRequest); } - if (allHeadersExist) { addCookies(response, mutableRequest, getMandatoryHeaders(request)); addCookies(response, mutableRequest, getOptionalHeaders(request)); - getValueFromCookie(request, Constants.HTTP_CSP_FIRSTNAME ); - getValueFromCookie(request, Constants.HTTP_CSP_LASTNAME); + getValueFromCookie(request, Constants.HTTP_CSP_FIRSTNAME); + getValueFromCookie(request, Constants.HTTP_CSP_LASTNAME); + //To be fixed - //To be fixed - //addAuthCookie(response, userId, firstNameFromCookie, lastNameFromCookie); + //addAuthCookie(response, userId, firstNameFromCookie, lastNameFromCookie); RequestDispatcher rd = request.getRequestDispatcher("index.html"); rd.forward(mutableRequest, response); } else { @@ -158,37 +178,32 @@ public class PortalServlet extends HttpServlet { } } - boolean addAuthCookie(HttpServletResponse response, String userId, String firstName, String lastName) throws IOException { - boolean isBuildCookieCompleted = true; - Cookie authCookie = null; - Configuration.CookieConfig confCookie = - ConfigurationManager.getConfigurationManager().getConfiguration().getAuthCookie(); - - //create authentication and send it to encryption - - String encryptedCookie = ""; - try { + boolean addAuthCookie(HttpServletResponse response, String userId, String firstName, String lastName) throws IOException { + boolean isBuildCookieCompleted = true; + Cookie authCookie = null; + Configuration.CookieConfig confCookie = ConfigurationManager.getConfigurationManager().getConfiguration().getAuthCookie(); + //create authentication and send it to encryption + String encryptedCookie = ""; + try { AuthenticationCookie authenticationCookie = new AuthenticationCookie(userId, firstName, lastName); - String cookieAsJson = RepresentationUtils.toRepresentation(authenticationCookie); - encryptedCookie = org.onap.sdc.security.CipherUtil.encryptPKC(cookieAsJson, confCookie.getSecurityKey()); - } catch (Exception e) { - isBuildCookieCompleted=false; - log.error(" Cookie Encryption failed ", e); - } - - authCookie = new Cookie(confCookie.getCookieName(), encryptedCookie); - authCookie.setPath(confCookie.getPath()); - authCookie.setDomain(confCookie.getDomain()); - authCookie.setHttpOnly(true); - - // add generated cookie to response - if (isBuildCookieCompleted) { - response.addCookie(authCookie); - return true; - } - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, AUTHORIZATION_ERROR_MSG); - return false; - } + String cookieAsJson = RepresentationUtils.toRepresentation(authenticationCookie); + encryptedCookie = org.onap.sdc.security.CipherUtil.encryptPKC(cookieAsJson, confCookie.getSecurityKey()); + } catch (Exception e) { + isBuildCookieCompleted = false; + log.error(" Cookie Encryption failed ", e); + } + authCookie = new Cookie(confCookie.getCookieName(), encryptedCookie); + authCookie.setPath(confCookie.getPath()); + authCookie.setDomain(confCookie.getDomain()); + authCookie.setHttpOnly(true); + // add generated cookie to response + if (isBuildCookieCompleted) { + response.addCookie(authCookie); + return true; + } + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, AUTHORIZATION_ERROR_MSG); + return false; + } /** * Print all request headers to the log @@ -196,7 +211,6 @@ public class PortalServlet extends HttpServlet { * @param request */ private void printHeaders(HttpServletRequest request) { - if (log.isDebugEnabled()) { StringBuilder builder = new StringBuilder(); String sessionId = ""; @@ -206,11 +220,9 @@ public class PortalServlet extends HttpServlet { sessionId = id; } } - builder.append("Receiving request with headers:" + NEW_LINE); log.debug("{}", request.getHeaderNames()); - @SuppressWarnings("unchecked") - Enumeration<String> headerNames = request.getHeaderNames(); + @SuppressWarnings("unchecked") Enumeration<String> headerNames = request.getHeaderNames(); if (headerNames != null) { while (headerNames.hasMoreElements()) { String headerName = headerNames.nextElement(); @@ -218,15 +230,13 @@ public class PortalServlet extends HttpServlet { builder.append("session " + sessionId + " header: name = " + headerName + ", value = " + headerValue + NEW_LINE); } } - log.debug(builder.toString()); } - } /** - * Add cookies (that where set in the new request headers) in the response - * Using DefaultHTTPUtilities Object to prevent CRLF injection in HTTP headers. + * Add cookies (that where set in the new request headers) in the response Using DefaultHTTPUtilities Object to prevent CRLF injection in HTTP + * headers. * * @param response * @param request @@ -245,15 +255,13 @@ public class PortalServlet extends HttpServlet { } /** - * Get mandatory headers (identificationHeaderFields) String array, and - * checks that each header exists in the new request + * Get mandatory headers (identificationHeaderFields) String array, and checks that each header exists in the new request * * @param request * @return boolean */ private boolean checkHeaders(HttpServletRequest request) { String[] mandatoryHeaders = getMandatoryHeaders(request); - boolean allHeadersExist = true; for (int i = 0; i < mandatoryHeaders.length; i++) { String headerValue = request.getHeader(mandatoryHeaders[i]); @@ -266,8 +274,7 @@ public class PortalServlet extends HttpServlet { } /** - * Get mandatory headers (identificationHeaderFields) from - * configuration.yaml file and return String[] + * Get mandatory headers (identificationHeaderFields) from configuration.yaml file and return String[] * * @param request * @return String[] @@ -283,8 +290,7 @@ public class PortalServlet extends HttpServlet { } /** - * Get optional headers (optionalHeaderFields) from configuration.yaml file - * and return String[] + * Get optional headers (optionalHeaderFields) from configuration.yaml file and return String[] * * @param request * @return String[] @@ -306,11 +312,13 @@ public class PortalServlet extends HttpServlet { * @return Configuration */ private Configuration getConfiguration(HttpServletRequest request) { - ConfigurationManager configManager = (ConfigurationManager) request.getSession().getServletContext().getAttribute(org.openecomp.sdc.common.api.Constants.CONFIGURATION_MANAGER_ATTR); + ConfigurationManager configManager = (ConfigurationManager) request.getSession().getServletContext() + .getAttribute(org.openecomp.sdc.common.api.Constants.CONFIGURATION_MANAGER_ATTR); return configManager.getConfiguration(); } - private boolean setNewHeader(List<String> possibleOldHeaders, String newHeaderToSet, HttpServletRequest oldRequest, MutableHttpServletRequest newRequest) { + private boolean setNewHeader(List<String> possibleOldHeaders, String newHeaderToSet, HttpServletRequest oldRequest, + MutableHttpServletRequest newRequest) { boolean newHeaderIsSet = false; for (int i = 0; i < possibleOldHeaders.size() && !newHeaderIsSet; i++) { String headerValue = oldRequest.getHeader(possibleOldHeaders.get(i)); @@ -321,38 +329,4 @@ public class PortalServlet extends HttpServlet { } return newHeaderIsSet; } - - private static String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException { - String userId = ""; - Cookie[] cookies = request.getCookies(); - Cookie userIdcookie = null; - if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(Constants.ECOMP_PORTAL_COOKIE)) { - userIdcookie = cookie; - } - } - } - if (userIdcookie != null) { - userId = CipherUtil.decrypt(userIdcookie.getValue()); - } - return userId; - } - - private static String getValueFromCookie(HttpServletRequest request, String cookieName) { - String value = ""; - Cookie[] cookies = request.getCookies(); - Cookie valueFromCookie = null; - if (cookies != null) - for (Cookie cookie : cookies) { - if (cookie.getName().endsWith(cookieName)) { - valueFromCookie = cookie; - } - } - if (valueFromCookie != null) { - value = valueFromCookie.getValue(); - } - - return value; - } } |