diff options
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java')
-rw-r--r-- | openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java | 165 |
1 files changed, 79 insertions, 86 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java index de235bff89..cf24874f38 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,18 +17,14 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - package org.openecomp.sdc.securityutil.filters; -import org.onap.logging.ref.slf4j.ONAPLogConstants; -import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; -import org.openecomp.sdc.securityutil.CipherUtilException; -import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.slf4j.MDC; -import org.apache.commons.lang.StringUtils; - +import java.io.IOException; +import java.util.Arrays; +import java.util.List; +import java.util.UUID; +import java.util.concurrent.TimeUnit; +import java.util.stream.Collectors; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -38,33 +34,70 @@ import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.Arrays; -import java.util.List; -import java.util.UUID; -import java.util.concurrent.TimeUnit; -import java.util.stream.Collectors; +import org.apache.commons.lang.StringUtils; +import org.onap.logging.ref.slf4j.ONAPLogConstants; +import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; +import org.openecomp.sdc.securityutil.CipherUtilException; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.slf4j.MDC; public abstract class SessionValidationFilter implements Filter { - private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName()); - private ISessionValidationFilterConfiguration filterConfiguration; - private List<String> excludedUrls; + private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName()); private static final String REQUEST_ID = ONAPLogConstants.MDCs.REQUEST_ID; private static final String ONAP_REQUEST_ID_HEADER = ONAPLogConstants.Headers.REQUEST_ID; private static final String REQUEST_ID_HEADER = "X-RequestID"; private static final String TRANSACTION_ID_HEADER = "X-TransactionId"; private static final String ECOMP_REQUEST_ID_HEADER = "X-ECOMP-RequestID"; - private static final String PARTNER_NAME = ONAPLogConstants.MDCs.PARTNER_NAME; private static final String USER_ID_HEADER = "USER_ID"; private static final String ONAP_PARTNER_NAME_HEADER = ONAPLogConstants.Headers.PARTNER_NAME; private static final String USER_AGENT_HEADER = "User-Agent"; private static final String UNKNOWN = "UNKNOWN"; + private ISessionValidationFilterConfiguration filterConfiguration; + private List<String> excludedUrls; + public static void fillMDCFromHeaders(HttpServletRequest httpServletRequest) { + fillRequestIdFromHeader(httpServletRequest); + fillPartnerNameFromHeader(httpServletRequest); + } + + private static void fillRequestIdFromHeader(HttpServletRequest httpServletRequest) { + if (MDC.get(REQUEST_ID) == null) { + if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER))) { + MDC.put(REQUEST_ID, httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER)); + } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(REQUEST_ID_HEADER))) { + MDC.put(REQUEST_ID, httpServletRequest.getHeader(REQUEST_ID_HEADER)); + } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(TRANSACTION_ID_HEADER))) { + MDC.put(REQUEST_ID, httpServletRequest.getHeader(TRANSACTION_ID_HEADER)); + } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER))) { + MDC.put(REQUEST_ID, httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER)); + } else { + MDC.put(REQUEST_ID, UUID.randomUUID().toString()); + } + } + } + + private static void fillPartnerNameFromHeader(HttpServletRequest httpServletRequest) { + if (MDC.get(PARTNER_NAME) == null) { + if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_ID_HEADER))) { + MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_ID_HEADER)); + } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER))) { + MDC.put(PARTNER_NAME, httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER)); + } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_AGENT_HEADER))) { + MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_AGENT_HEADER)); + } else { + MDC.put(PARTNER_NAME, UNKNOWN); + } + } + } public abstract ISessionValidationFilterConfiguration getFilterConfiguration(); + protected abstract Cookie addRoleToCookie(Cookie updatedCookie); + protected abstract boolean isRoleValid(Cookie cookie); @Override @@ -74,52 +107,52 @@ public abstract class SessionValidationFilter implements Filter { } @Override - public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) + throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; final HttpServletResponse httpResponse = (HttpServletResponse) servletResponse; - long startTime = System.nanoTime(); fillMDCFromHeaders(httpRequest); log.debug("SessionValidationFilter: Validation started, received request with URL {}", httpRequest.getRequestURL()); - // request preprocessing boolean isContinueProcessing = preProcessingRequest(servletRequest, servletResponse, filterChain, httpRequest, httpResponse, startTime); List<Cookie> cookies = null; Cookie extractedCookie = null; - // request processing if (isContinueProcessing) { cookies = extractAuthenticationCookies(httpRequest.getCookies()); extractedCookie = cookies.get(0); isContinueProcessing = processRequest(httpRequest, httpResponse, extractedCookie); } - // response processing - if(isContinueProcessing){ - log.debug("SessionValidationFilter: Cookie from request {} is valid, passing request to session extension ...", httpRequest.getRequestURL()); + if (isContinueProcessing) { + log.debug("SessionValidationFilter: Cookie from request {} is valid, passing request to session extension ...", + httpRequest.getRequestURL()); Cookie updatedCookie = processResponse(extractedCookie); cleanResponceFromLeftoverCookies(httpResponse, cookies); log.debug("SessionValidationFilter: request {} passed all validations, passing request to endpoint ...", httpRequest.getRequestURL()); httpResponse.addCookie(updatedCookie); long durationSec = TimeUnit.NANOSECONDS.toSeconds(System.nanoTime() - startTime); long durationMil = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startTime); - log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), durationSec, durationMil); + log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), + durationSec, durationMil); filterChain.doFilter(servletRequest, httpResponse); } } - - private boolean preProcessingRequest(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, HttpServletRequest httpRequest, HttpServletResponse httpResponse, long startTime) throws IOException, ServletException { - + private boolean preProcessingRequest(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, + HttpServletRequest httpRequest, HttpServletResponse httpResponse, long startTime) + throws IOException, ServletException { boolean isPreProcessingSucceeded = true; if (isUrlFromWhiteList(httpRequest)) { - log.debug("SessionValidationFilter: URL {} excluded from access validation , passing request to endpoint ... ", httpRequest.getRequestURL()); + log.debug("SessionValidationFilter: URL {} excluded from access validation , passing request to endpoint ... ", + httpRequest.getRequestURL()); long durationSec = TimeUnit.NANOSECONDS.toSeconds(System.nanoTime() - startTime); long durationMil = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startTime); - log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), durationSec, durationMil); + log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), + durationSec, durationMil); filterChain.doFilter(servletRequest, servletResponse); isPreProcessingSucceeded = false; - } else if (!isCookiePresent(httpRequest.getCookies())) { //redirect to portal app log.debug("SessionValidationFilter: Cookie from request {} is not valid, redirecting request to portal", httpRequest.getRequestURL()); @@ -130,7 +163,7 @@ public abstract class SessionValidationFilter implements Filter { } private boolean processRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, Cookie cookie) throws IOException { - boolean isProcessSuccessful= true; + boolean isProcessSuccessful = true; try { if (AuthenticationCookieUtils.isSessionExpired(cookie, filterConfiguration)) { //redirect to portal app @@ -143,7 +176,6 @@ public abstract class SessionValidationFilter implements Filter { log.debug("SessionValidationFilter: Cookie decryption error : {}", e.getMessage(), e); isProcessSuccessful = false; } - if (!isRoleValid(cookie)) { //redirect to portal app log.debug("SessionValidationFilter: Role is not valid, redirecting request {} to portal", httpRequest.getRequestURL()); @@ -184,33 +216,32 @@ public abstract class SessionValidationFilter implements Filter { log.debug("SessionValidationFilter: Extracting authentication cookies, {} cookies in request", cookies.length); List<Cookie> authenticationCookies = Arrays.stream(cookies).filter(c -> isCookieNameMatch(actualCookieName, c)).collect(Collectors.toList()); log.debug("SessionValidationFilter: Extracted {} authentication cookies from request", authenticationCookies.size()); - if( authenticationCookies.size() > 1 ){ - authenticationCookies.forEach( cookie -> log.debug("SessionValidationFilter: Multiple cookies found cookie name, {} cookie value {}", cookie.getName(), cookie.getValue())); + if (authenticationCookies.size() > 1) { + authenticationCookies.forEach(cookie -> log + .debug("SessionValidationFilter: Multiple cookies found cookie name, {} cookie value {}", cookie.getName(), cookie.getValue())); } return authenticationCookies; } - // use contains for matching due issue with ecomp portal ( change cookie name, add prefix ), temp solution private boolean isCookieNameMatch(String actualCookieName, Cookie c) { return c.getName().contains(actualCookieName); } private boolean isUrlFromWhiteList(HttpServletRequest httpRequest) { - if (httpRequest.getPathInfo() == null){ + if (httpRequest.getPathInfo() == null) { final String servletPath = httpRequest.getServletPath().toLowerCase(); - log.debug("SessionValidationFilter: pathInfo is null, trying to check by servlet path white list validation -> ServletPath: {} ", servletPath); - return excludedUrls.stream(). - anyMatch( e -> servletPath.matches(e)); + log.debug("SessionValidationFilter: pathInfo is null, trying to check by servlet path white list validation -> ServletPath: {} ", + servletPath); + return excludedUrls.stream().anyMatch(e -> servletPath.matches(e)); } String pathInfo = httpRequest.getPathInfo().toLowerCase(); log.debug("SessionValidationFilter: white list validation -> PathInfo: {} ", pathInfo); - return excludedUrls.stream(). - anyMatch( e -> pathInfo.matches(e)); + return excludedUrls.stream().anyMatch(e -> pathInfo.matches(e)); } private void cleanResponceFromLeftoverCookies(HttpServletResponse httpResponse, List<Cookie> cookiesList) { - for (Cookie cookie:cookiesList){ + for (Cookie cookie : cookiesList) { Cookie cleanCookie = AuthenticationCookieUtils.createUpdatedCookie(cookie, null, filterConfiguration); cleanCookie.setMaxAge(0); log.debug("SessionValidationFilter Cleaning Cookie cookie name: {} added to responce", cleanCookie.getName()); @@ -218,45 +249,7 @@ public abstract class SessionValidationFilter implements Filter { } } - public static void fillMDCFromHeaders(HttpServletRequest httpServletRequest) { - fillRequestIdFromHeader(httpServletRequest); - fillPartnerNameFromHeader(httpServletRequest); - - } - - private static void fillRequestIdFromHeader(HttpServletRequest httpServletRequest){ - if (MDC.get(REQUEST_ID) == null) { - if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER))) { - MDC.put(REQUEST_ID, httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER)); - } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(REQUEST_ID_HEADER))) { - MDC.put(REQUEST_ID, httpServletRequest.getHeader(REQUEST_ID_HEADER)); - } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(TRANSACTION_ID_HEADER))) { - MDC.put(REQUEST_ID, httpServletRequest.getHeader(TRANSACTION_ID_HEADER)); - } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER))) { - MDC.put(REQUEST_ID, httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER)); - } else { - MDC.put(REQUEST_ID, UUID.randomUUID().toString()); - } - } - } - - private static void fillPartnerNameFromHeader(HttpServletRequest httpServletRequest){ - if (MDC.get(PARTNER_NAME) == null) { - if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_ID_HEADER))) { - MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_ID_HEADER)); - } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER))) { - MDC.put(PARTNER_NAME, httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER)); - } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_AGENT_HEADER))) { - MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_AGENT_HEADER)); - } else { - MDC.put(PARTNER_NAME, UNKNOWN); - } - } - } - - @Override public void destroy() { - } } |