diff options
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java')
-rw-r--r-- | openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java new file mode 100644 index 0000000000..9863d8f904 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java @@ -0,0 +1,194 @@ +package org.openecomp.sdc.securityutil.filters; + +import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; +import org.openecomp.sdc.securityutil.CipherUtilException; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.util.Arrays; +import java.util.List; +import java.util.concurrent.TimeUnit; +import java.util.stream.Collectors; + +public abstract class SessionValidationFilter implements Filter { + private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName()); + private ISessionValidationFilterConfiguration filterConfiguration; + private List<String> excludedUrls; + + public abstract ISessionValidationFilterConfiguration getFilterConfiguration(); + protected abstract Cookie addRoleToCookie(Cookie updatedCookie); + protected abstract boolean isRoleValid(Cookie cookie); + + @Override + public final void init(FilterConfig filterConfig) throws ServletException { + filterConfiguration = getFilterConfiguration(); + excludedUrls = filterConfiguration.getExcludedUrls(); + } + + @Override + public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + final HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; + final HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; + + long starTime = System.nanoTime(); + log.debug("SessionValidationFilter: Validation started, received request with URL {}", httpRequest.getRequestURL()); + + // request preprocessing + boolean isContinueProcessing = preProcessingRequest(servletRequest, servletResponse, filterChain, httpRequest, httpResponse); + List<Cookie> cookies = null; + + // request processing + if (isContinueProcessing) { + cookies = extractAuthenticationCookies(httpRequest.getCookies()); + isContinueProcessing = processRequest(httpRequest, httpResponse, cookies.get(0)); + } + + // response processing + if(isContinueProcessing){ + log.debug("SessionValidationFilter: Cookie from request {} is valid, passing request to session extension ...", httpRequest.getRequestURL()); + Cookie updatedCookie = processResponse(cookies.get(cookies.size()-1)); + + cleanResponceFromLeftoverCookies(httpResponse, cookies); + + // Use responce wrapper if servlet remove Cookie header from responce +// OutputStream out = httpResponse.getOutputStream(); +// ResponceWrapper responceWrapper = new ResponceWrapper(httpResponse); + + log.debug("SessionValidationFilter: request {} passed all validations, passing request to endpoint ...", httpRequest.getRequestURL()); + httpResponse.addCookie(updatedCookie); + filterChain.doFilter(servletRequest, httpResponse); + + // Use responce wrapper if servlet remove Cookie header from responce +// responceWrapper.addCookie(updatedCookie); +// httpResponse.setContentLength(responceWrapper.getData().length); +// out.write(responceWrapper.getData()); +// out.close(); + } + long durationSec = TimeUnit.NANOSECONDS.toSeconds(System.nanoTime() - starTime); + long durationMil = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - starTime); + log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), durationSec, durationMil); + } + + + private boolean preProcessingRequest(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException, ServletException { + + boolean isPreProcessingSucceeded = true; + if (isUrlFromWhiteList(httpRequest)) { + log.debug("SessionValidationFilter: URL {} excluded from access validation , passing request to endpoint ... ", httpRequest.getRequestURL()); + filterChain.doFilter(servletRequest, servletResponse); + isPreProcessingSucceeded = false; + + } else if (!isCookiePresent(httpRequest.getCookies())) { + //redirect to portal app + log.debug("SessionValidationFilter: Cookie from request {} is not valid, redirecting request to portal", httpRequest.getRequestURL()); + httpResponse.sendRedirect(filterConfiguration.getRedirectURL()); + isPreProcessingSucceeded = false; + } + return isPreProcessingSucceeded; + } + + private boolean processRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, Cookie cookie) throws IOException { + boolean isProcessSuccessful= true; + try { + if (AuthenticationCookieUtils.isSessionExpired(cookie, filterConfiguration)) { + //redirect to portal app + log.debug("SessionValidationFilter: Session is expired, redirecting request {} to portal", httpRequest.getRequestURL()); + httpResponse.sendRedirect(filterConfiguration.getRedirectURL()); + isProcessSuccessful = false; + } + } catch (CipherUtilException e) { + log.error("SessionValidationFilter: Cookie decryption error : {}", e.getMessage()); + log.debug("SessionValidationFilter: Cookie decryption error : {}", e.getMessage(), e); + isProcessSuccessful = false; + } + + if (!isRoleValid(cookie)) { + //redirect to portal app + log.debug("SessionValidationFilter: Role is not valid, redirecting request {} to portal", httpRequest.getRequestURL()); + httpResponse.sendRedirect(filterConfiguration.getRedirectURL()); + isProcessSuccessful = false; + } + return isProcessSuccessful; + } + + private Cookie processResponse(Cookie cookie) throws IOException, ServletException { + Cookie updatedCookie; + try { + updatedCookie = AuthenticationCookieUtils.updateSessionTime(cookie, filterConfiguration); + } catch (CipherUtilException e) { + log.error("SessionValidationFilter: Cookie cipher error ..."); + log.debug("SessionValidationFilter: Cookie cipher error : {}", e.getMessage(), e); + throw new ServletException(e.getMessage()); + } + updatedCookie = addRoleToCookie(updatedCookie); + return updatedCookie; + } + + private boolean isCookiePresent(Cookie[] cookies) { + if (cookies == null) { + return false; + } + String actualCookieName = filterConfiguration.getCookieName(); + boolean isPresent = Arrays.stream(cookies).anyMatch(c -> isCookieNameMatch(actualCookieName, c)); + if (!isPresent) { + log.error("SessionValidationFilter: Session Validation Cookie missing ..."); + return false; + } + return true; + } + + private List<Cookie> extractAuthenticationCookies(Cookie[] cookies) { + String actualCookieName = filterConfiguration.getCookieName(); + log.debug("SessionValidationFilter: Extracting authentication cookies, {} cookies in request", cookies.length); + List<Cookie> authenticationCookies = Arrays.stream(cookies).filter(c -> isCookieNameMatch(actualCookieName, c)).collect(Collectors.toList()); + log.debug("SessionValidationFilter: Extracted {} authentication cookies from request", authenticationCookies.size()); + if( authenticationCookies.size() > 1 ){ + authenticationCookies.forEach( cookie -> log.debug("SessionValidationFilter: Multiple cookies found cookie name, {} cookie value {}", cookie.getName(), cookie.getValue())); + } + return authenticationCookies; + } + + + // use contains for matching due issue with ecomp portal ( change cookie name, add prefix ), temp solution + private boolean isCookieNameMatch(String actualCookieName, Cookie c) { + return c.getName().contains(actualCookieName); + } + + private boolean isUrlFromWhiteList(HttpServletRequest httpRequest) { + if (httpRequest.getPathInfo() == null){ + final String servletPath = httpRequest.getServletPath().toLowerCase(); + log.debug("SessionValidationFilter: pathInfo is null, trying to check by servlet path white list validation -> ServletPath: {} ", servletPath); + return excludedUrls.stream(). + anyMatch( e -> servletPath.matches(e)); + } + String pathInfo = httpRequest.getPathInfo().toLowerCase(); + log.debug("SessionValidationFilter: white list validation -> PathInfo: {} ", pathInfo); + return excludedUrls.stream(). + anyMatch( e -> pathInfo.matches(e)); + } + + private void cleanResponceFromLeftoverCookies(HttpServletResponse httpResponse, List<Cookie> cookiesList) { + for (Cookie cookie:cookiesList){ + Cookie cleanCookie = AuthenticationCookieUtils.createUpdatedCookie(cookie, null, filterConfiguration); + cleanCookie.setMaxAge(0); + log.debug("SessionValidationFilter Cleaning Cookie cookie name: {} added to responce", cleanCookie.getName()); + httpResponse.addCookie(cleanCookie); + } + } + + @Override + public void destroy() { + + } +} |