summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org
diff options
context:
space:
mode:
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org')
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookie.java47
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java32
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java26
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtilException.java5
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationCookieConfiguration.java10
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationFilterConfiguration.java12
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/Passwords.java319
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/RepresentationUtils.java10
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/FilterServletOutputStream.java16
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/ResponceWrapper.java27
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SampleFilter.java97
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java165
12 files changed, 370 insertions, 396 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookie.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookie.java
index 56a4965381..4627fcee14 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookie.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookie.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,22 +17,21 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil;
import java.util.Set;
-
-public class AuthenticationCookie {
+public class AuthenticationCookie {
private String userID;
private Set<String> roles;
private long maxSessionTime;
private long currentSessionTime;
- public AuthenticationCookie(){ }
+ public AuthenticationCookie() {
+ }
- public AuthenticationCookie(AuthenticationCookie authenticationCookie){
+ public AuthenticationCookie(AuthenticationCookie authenticationCookie) {
this.userID = authenticationCookie.userID;
this.roles = authenticationCookie.roles;
this.maxSessionTime = authenticationCookie.maxSessionTime;
@@ -41,10 +40,11 @@ public class AuthenticationCookie {
/**
* Create new cookie with max_session_time and current_session_time started with same value
+ *
* @param userId
*/
public AuthenticationCookie(String userId) {
- this.userID =userId;
+ this.userID = userId;
long currentTimeMilliSec = System.currentTimeMillis();
this.maxSessionTime = currentTimeMilliSec;
this.currentSessionTime = currentTimeMilliSec;
@@ -74,7 +74,6 @@ public class AuthenticationCookie {
this.maxSessionTime = maxSessionTime;
}
-
public long getCurrentSessionTime() {
return currentSessionTime;
}
@@ -85,14 +84,22 @@ public class AuthenticationCookie {
@Override
public boolean equals(Object o) {
- if (this == o) return true;
- if (!(o instanceof AuthenticationCookie)) return false;
-
+ if (this == o) {
+ return true;
+ }
+ if (!(o instanceof AuthenticationCookie)) {
+ return false;
+ }
AuthenticationCookie that = (AuthenticationCookie) o;
-
- if (getMaxSessionTime() != that.getMaxSessionTime()) return false;
- if (getCurrentSessionTime() != that.getCurrentSessionTime()) return false;
- if (getUserID() != null ? !getUserID().equals(that.getUserID()) : that.getUserID() != null) return false;
+ if (getMaxSessionTime() != that.getMaxSessionTime()) {
+ return false;
+ }
+ if (getCurrentSessionTime() != that.getCurrentSessionTime()) {
+ return false;
+ }
+ if (getUserID() != null ? !getUserID().equals(that.getUserID()) : that.getUserID() != null) {
+ return false;
+ }
return getRoles() != null ? getRoles().containsAll(that.getRoles()) : that.getRoles() == null;
}
@@ -107,11 +114,7 @@ public class AuthenticationCookie {
@Override
public String toString() {
- return "AuthenticationCookie{" +
- "userID='" + userID + '\'' +
- ", roles=" + roles +
- ", maxSessionTime=" + maxSessionTime +
- ", currentSessionTime=" + currentSessionTime +
- '}';
+ return "AuthenticationCookie{" + "userID='" + userID + '\'' + ", roles=" + roles + ", maxSessionTime=" + maxSessionTime
+ + ", currentSessionTime=" + currentSessionTime + '}';
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
index f0a33da8a7..d71c8593f3 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,16 +17,14 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil;
+import java.io.IOException;
+import javax.servlet.http.Cookie;
import org.openecomp.sdc.securityutil.filters.SessionValidationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.servlet.http.Cookie;
-import java.io.IOException;
-
public class AuthenticationCookieUtils {
private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
@@ -43,10 +41,12 @@ public class AuthenticationCookieUtils {
* @throws CipherUtilException
* @throws IOException
*/
- public static Cookie updateSessionTime(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration) throws CipherUtilException, IOException {
+ public static Cookie updateSessionTime(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration)
+ throws CipherUtilException, IOException {
AuthenticationCookie authenticationCookie = getAuthenticationCookie(cookie, filterConfiguration);
long newTime = System.currentTimeMillis();
- log.debug("SessionValidationFilter: Going to set new session time in cookie, old value: {}, new value: {}", authenticationCookie.getCurrentSessionTime(), newTime);
+ log.debug("SessionValidationFilter: Going to set new session time in cookie, old value: {}, new value: {}",
+ authenticationCookie.getCurrentSessionTime(), newTime);
authenticationCookie.setCurrentSessionTime(newTime);
String encryptedCookie = getEncryptedCookie(authenticationCookie, filterConfiguration);
return createUpdatedCookie(cookie, encryptedCookie, filterConfiguration);
@@ -54,13 +54,14 @@ public class AuthenticationCookieUtils {
/**
* Create new Cookie object with same attributes as original cookie
+ *
* @param cookie
* @param encryptedCookie
* @param cookieConfiguration
* @return
*/
public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) {
- Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie );
+ Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie);
updatedCookie.setSecure(true);
updatedCookie.setPath(cookieConfiguration.getCookiePath());
updatedCookie.setDomain(cookieConfiguration.getCookieDomain());
@@ -77,7 +78,8 @@ public class AuthenticationCookieUtils {
* @throws IOException
* @throws CipherUtilException
*/
- public static String getEncryptedCookie(AuthenticationCookie authenticationCookie, ISessionValidationFilterConfiguration filterConfiguration) throws IOException, CipherUtilException {
+ public static String getEncryptedCookie(AuthenticationCookie authenticationCookie, ISessionValidationFilterConfiguration filterConfiguration)
+ throws IOException, CipherUtilException {
String changedCookieJson = RepresentationUtils.toRepresentation(authenticationCookie);
return CipherUtil.encryptPKC(changedCookieJson, filterConfiguration.getSecurityKey());
}
@@ -90,7 +92,8 @@ public class AuthenticationCookieUtils {
* @return
* @throws CipherUtilException
*/
- public static AuthenticationCookie getAuthenticationCookie(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration) throws CipherUtilException {
+ public static AuthenticationCookie getAuthenticationCookie(Cookie cookie, ISessionValidationFilterConfiguration filterConfiguration)
+ throws CipherUtilException {
String originalCookieJson = CipherUtil.decryptPKC(cookie.getValue(), filterConfiguration.getSecurityKey());
return RepresentationUtils.fromRepresentation(originalCookieJson, AuthenticationCookie.class);
}
@@ -108,7 +111,8 @@ public class AuthenticationCookieUtils {
long sessionExpirationDate = authenticationCookie.getMaxSessionTime() + filterConfiguration.getMaxSessionTimeOut();
long sessionTime = authenticationCookie.getCurrentSessionTime();
long currentTime = System.currentTimeMillis();
- log.debug("SessionValidationFilter: Checking if session expired: session time: {}, expiration time: {}, current time: {}", sessionTime, sessionExpirationDate, currentTime);
+ log.debug("SessionValidationFilter: Checking if session expired: session time: {}, expiration time: {}, current time: {}", sessionTime,
+ sessionExpirationDate, currentTime);
return currentTime > sessionExpirationDate || isSessionIdle(sessionTime, currentTime, filterConfiguration);
}
@@ -123,8 +127,8 @@ public class AuthenticationCookieUtils {
private static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
long currentIdleTime = currentTime - sessionTimeValue;
long maxIdleTime = filterConfiguration.getSessionIdleTimeOut();
- log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime, currentIdleTime, maxIdleTime);
+ log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime,
+ currentIdleTime, maxIdleTime);
return currentIdleTime >= maxIdleTime;
}
-
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java
index 71ac6151f7..d69471e398 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java
@@ -17,7 +17,6 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil;
import java.security.SecureRandom;
@@ -31,18 +30,17 @@ import org.slf4j.LoggerFactory;
public class CipherUtil {
- private static Logger log = LoggerFactory.getLogger(CipherUtil.class.getName());
+ public static final int GCM_TAG_LENGTH = 16;
+ public static final int GCM_IV_LENGTH = 12;
private static final String ALGORITHM = "AES";
private static final String ALGORITHM_DETAILS = ALGORITHM + "/GCM/NoPadding";
private static final String CIPHER_PROVIDER = "SunJCE";
-
- public static final int GCM_TAG_LENGTH = 16;
- public static final int GCM_IV_LENGTH = 12;
-
private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
private static final String ALGORITHM_NAME = "SHA1PRNG";
+ private static Logger log = LoggerFactory.getLogger(CipherUtil.class.getName());
- private CipherUtil() {}
+ private CipherUtil() {
+ }
/**
* Encrypt the text using the secret key in key.properties file
@@ -59,11 +57,9 @@ public class CipherUtil {
cipher = Cipher.getInstance(ALGORITHM_DETAILS, CIPHER_PROVIDER);
SecureRandom secureRandom = SecureRandom.getInstance(ALGORITHM_NAME);
secureRandom.nextBytes(iv);
- GCMParameterSpec spec =
- new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, iv);
+ GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, iv);
cipher.init(Cipher.ENCRYPT_MODE, getSecretKeySpec(base64key), spec);
finalByte = cipher.doFinal(value.getBytes());
-
} catch (Exception ex) {
log.error("encrypt failed", ex);
throw new CipherUtilException(ex);
@@ -74,12 +70,10 @@ public class CipherUtil {
/**
* Decrypts the text using the secret key in key.properties file.
*
- * @param message The encrypted string that must be decrypted using the ONAP Portal Encryption
- * Key
+ * @param message The encrypted string that must be decrypted using the ONAP Portal Encryption Key
* @return The String decrypted
* @throws CipherUtilException if any decryption step fails
*/
-
public static String decryptPKC(String message, String base64key) throws CipherUtilException {
byte[] encryptedMessage = Base64.decodeBase64(message);
Cipher cipher;
@@ -87,12 +81,10 @@ public class CipherUtil {
try {
cipher = Cipher.getInstance(ALGORITHM_DETAILS, CIPHER_PROVIDER);
byte[] initVector = Arrays.copyOfRange(encryptedMessage, 0, GCM_IV_LENGTH);
- GCMParameterSpec spec =
- new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, initVector);
+ GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, initVector);
byte[] realData = subarray(encryptedMessage, GCM_IV_LENGTH, encryptedMessage.length);
cipher.init(Cipher.DECRYPT_MODE, getSecretKeySpec(base64key), spec);
decrypted = cipher.doFinal(realData);
-
} catch (Exception ex) {
log.error("decrypt failed", ex);
throw new CipherUtilException(ex);
@@ -129,11 +121,9 @@ public class CipherUtil {
if (startIndexInclusive < 0) {
startIndexInclusive = 0;
}
-
if (endIndexExclusive > array.length) {
endIndexExclusive = array.length;
}
-
int newSize = endIndexExclusive - startIndexInclusive;
if (newSize <= 0) {
return EMPTY_BYTE_ARRAY;
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtilException.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtilException.java
index 5b1a602b58..9e202de3c4 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtilException.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtilException.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -42,5 +42,4 @@ public class CipherUtilException extends Exception {
public CipherUtilException(Throwable cause) {
super(cause);
}
-
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationCookieConfiguration.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationCookieConfiguration.java
index d684238db1..5371d0174f 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationCookieConfiguration.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationCookieConfiguration.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,16 +17,18 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil;
/**
- * Configuration for Cookie object , have to be same over all components of application
+ * Configuration for Cookie object , have to be same over all components of application
*/
public interface ISessionValidationCookieConfiguration {
String getCookieName();
+
String getCookieDomain();
+
String getCookiePath();
+
boolean isCookieHttpOnly();
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationFilterConfiguration.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationFilterConfiguration.java
index ccae39423e..25e5683ebf 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationFilterConfiguration.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/ISessionValidationFilterConfiguration.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,7 +17,6 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil;
import java.util.List;
@@ -25,9 +24,12 @@ import java.util.List;
public interface ISessionValidationFilterConfiguration extends ISessionValidationCookieConfiguration {
String getSecurityKey();
+
long getMaxSessionTimeOut();
+
long getSessionIdleTimeOut(); // max idle time for session
+
String getRedirectURL();
- List<String> getExcludedUrls(); // comma separated URLs, like this "/config,/configmgr,/rest,/kibanaProxy"
-}
+ List<String> getExcludedUrls(); // comma separated URLs, like this "/config,/configmgr,/rest,/kibanaProxy"
+}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/Passwords.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/Passwords.java
index e10bd81d0f..bbaece44a2 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/Passwords.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/Passwords.java
@@ -7,9 +7,9 @@ package org.openecomp.sdc.securityutil;/*-
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,170 +18,171 @@ package org.openecomp.sdc.securityutil;/*-
* ============LICENSE_END=========================================================
*/
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
-
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class Passwords {
- private static Logger log = LoggerFactory.getLogger( Passwords.class.getName());
- private static final Random RANDOM = new SecureRandom();
- private static final int SALT = 0;
- private static final int HASH = 1;
- private static final String HASH_ALGORITHM = "SHA-256";
-
- /**
- * static utility class
- */
- private Passwords() {
- }
-
- /**
- * the method calculates a hash with a generated salt for the given password
- *
- * @param password
- * @return a "salt:hash" value
- */
- public static String hashPassword(String password) {
- if (password!=null){
- byte[] salt = getNextSalt();
- byte byteData[] = hash(salt, password.getBytes());
- if (byteData != null) {
- return toHex(salt) + ":" + toHex(byteData);
- }
- }
- return null;
- }
-
- /**
- * the method checks if the given password matches the calculated hash
- *
- * @param password
- * @param expectedHash
- * @return
- */
- public static boolean isExpectedPassword(String password, String expectedHash) {
- if (password==null && expectedHash==null)
- return true;
- if (password==null || expectedHash==null) //iff exactly 1 is null
- return false;
- if (!expectedHash.contains(":")){
- log.error("invalid password expecting hash at the prefix of the password (ex. e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0)\n" +
- "\t\t\t");
- return false;
- }
- String[] params = expectedHash.split(":");
- return isExpectedPassword(password, params[SALT], params[HASH]);
- }
-
- /**
- * the method checks if the given password matches the calculated hash
- *
- * @param password
- * @param salt
- * @param hash
- * the hash generated using the salt
- * @return true if the password matched the hash
- */
- public static boolean isExpectedPassword(String password, String salt, String hash) {
- if ( password == null && hash == null )
- return true;
- if ( salt == null ){
- log.error("salt must be initialized");
- return false;
- }
- //unintialized params
- if ( password == null || hash == null )
- return false;
- byte[] saltBytes = fromHex(salt);
- byte[] hashBytes = fromHex(hash);
-
- byte byteData[] = hash(saltBytes, password.getBytes());
- if (byteData != null) {
- return Arrays.equals(byteData, hashBytes);
- }
- return false;
- }
-
- public static void main(String[] args) {
- if (args.length > 1 || args.length > 0) {
- System.out.println("[" + hashPassword(args[0]) + "]");
- } else {
- System.out.println("no passward passed.");
- }
-
- }
-
- /**
- * Returns a random salt to be used to hash a password.
- *
- * @return a 16 bytes random salt
- */
- private static byte[] getNextSalt() {
- byte[] salt = new byte[16];
- RANDOM.nextBytes(salt);
- return salt;
- }
-
- /**
- * hase's the salt and value using the chosen algorithm
- *
- * @param salt
- * @param password
- * @return an array of bytes resulting from the hash
- */
- private static byte[] hash(byte[] salt, byte[] password) {
- MessageDigest md;
- byte[] byteData = null;
- try {
- md = MessageDigest.getInstance(HASH_ALGORITHM);
- md.update(salt);
- md.update(password);
- byteData = md.digest();
- } catch (NoSuchAlgorithmException e) {
- System.out.println("invalid algorithm name");
- }
- return byteData;
- }
-
- /**
- * Converts a string of hexadecimal characters into a byte array.
- *
- * @param hex
- * the hex string
- * @return the hex string decoded into a byte array
- */
- private static byte[] fromHex(String hex) {
- if ( hex == null )
- return null;
- byte[] binary = new byte[hex.length() / 2];
- for (int i = 0; i < binary.length; i++) {
- binary[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16);
- }
- return binary;
- }
-
- /**
- * Converts a byte array into a hexadecimal string.
- *
- * @param array
- * the byte array to convert
- * @return a length*2 character string encoding the byte array
- */
- private static String toHex(byte[] array) {
- BigInteger bi = new BigInteger(1, array);
- String hex = bi.toString(16);
- int paddingLength = (array.length * 2) - hex.length();
- if (paddingLength > 0)
- return String.format("%0" + paddingLength + "d", 0) + hex;
- else
- return hex;
- }
+ private static final Random RANDOM = new SecureRandom();
+ private static final int SALT = 0;
+ private static final int HASH = 1;
+ private static final String HASH_ALGORITHM = "SHA-256";
+ private static Logger log = LoggerFactory.getLogger(Passwords.class.getName());
+
+ /**
+ * static utility class
+ */
+ private Passwords() {
+ }
+
+ /**
+ * the method calculates a hash with a generated salt for the given password
+ *
+ * @param password
+ * @return a "salt:hash" value
+ */
+ public static String hashPassword(String password) {
+ if (password != null) {
+ byte[] salt = getNextSalt();
+ byte byteData[] = hash(salt, password.getBytes());
+ if (byteData != null) {
+ return toHex(salt) + ":" + toHex(byteData);
+ }
+ }
+ return null;
+ }
+
+ /**
+ * the method checks if the given password matches the calculated hash
+ *
+ * @param password
+ * @param expectedHash
+ * @return
+ */
+ public static boolean isExpectedPassword(String password, String expectedHash) {
+ if (password == null && expectedHash == null) {
+ return true;
+ }
+ if (password == null || expectedHash == null) //iff exactly 1 is null
+ {
+ return false;
+ }
+ if (!expectedHash.contains(":")) {
+ log.error(
+ "invalid password expecting hash at the prefix of the password (ex. e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0)\n"
+ + "\t\t\t");
+ return false;
+ }
+ String[] params = expectedHash.split(":");
+ return isExpectedPassword(password, params[SALT], params[HASH]);
+ }
+
+ /**
+ * the method checks if the given password matches the calculated hash
+ *
+ * @param password
+ * @param salt
+ * @param hash the hash generated using the salt
+ * @return true if the password matched the hash
+ */
+ public static boolean isExpectedPassword(String password, String salt, String hash) {
+ if (password == null && hash == null) {
+ return true;
+ }
+ if (salt == null) {
+ log.error("salt must be initialized");
+ return false;
+ }
+ //unintialized params
+ if (password == null || hash == null) {
+ return false;
+ }
+ byte[] saltBytes = fromHex(salt);
+ byte[] hashBytes = fromHex(hash);
+ byte byteData[] = hash(saltBytes, password.getBytes());
+ if (byteData != null) {
+ return Arrays.equals(byteData, hashBytes);
+ }
+ return false;
+ }
+
+ public static void main(String[] args) {
+ if (args.length > 1 || args.length > 0) {
+ System.out.println("[" + hashPassword(args[0]) + "]");
+ } else {
+ System.out.println("no passward passed.");
+ }
+ }
+
+ /**
+ * Returns a random salt to be used to hash a password.
+ *
+ * @return a 16 bytes random salt
+ */
+ private static byte[] getNextSalt() {
+ byte[] salt = new byte[16];
+ RANDOM.nextBytes(salt);
+ return salt;
+ }
+
+ /**
+ * hase's the salt and value using the chosen algorithm
+ *
+ * @param salt
+ * @param password
+ * @return an array of bytes resulting from the hash
+ */
+ private static byte[] hash(byte[] salt, byte[] password) {
+ MessageDigest md;
+ byte[] byteData = null;
+ try {
+ md = MessageDigest.getInstance(HASH_ALGORITHM);
+ md.update(salt);
+ md.update(password);
+ byteData = md.digest();
+ } catch (NoSuchAlgorithmException e) {
+ System.out.println("invalid algorithm name");
+ }
+ return byteData;
+ }
+
+ /**
+ * Converts a string of hexadecimal characters into a byte array.
+ *
+ * @param hex the hex string
+ * @return the hex string decoded into a byte array
+ */
+ private static byte[] fromHex(String hex) {
+ if (hex == null) {
+ return null;
+ }
+ byte[] binary = new byte[hex.length() / 2];
+ for (int i = 0; i < binary.length; i++) {
+ binary[i] = (byte) Integer.parseInt(hex.substring(2 * i, 2 * i + 2), 16);
+ }
+ return binary;
+ }
+
+ /**
+ * Converts a byte array into a hexadecimal string.
+ *
+ * @param array the byte array to convert
+ * @return a length*2 character string encoding the byte array
+ */
+ private static String toHex(byte[] array) {
+ BigInteger bi = new BigInteger(1, array);
+ String hex = bi.toString(16);
+ int paddingLength = (array.length * 2) - hex.length();
+ if (paddingLength > 0) {
+ return String.format("%0" + paddingLength + "d", 0) + hex;
+ } else {
+ return hex;
+ }
+ }
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/RepresentationUtils.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/RepresentationUtils.java
index 7fece5fda0..f47e61213e 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/RepresentationUtils.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/RepresentationUtils.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,18 +17,16 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
+import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.IOException;
-
public class RepresentationUtils {
private static final Logger log = LoggerFactory.getLogger(RepresentationUtils.class.getName());
@@ -41,7 +39,6 @@ public class RepresentationUtils {
* @throws IOException
*/
public static <T> String toRepresentation(T elementToRepresent) throws IOException {
-
ObjectMapper mapper = new ObjectMapper();
mapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
@@ -67,7 +64,6 @@ public class RepresentationUtils {
} catch (Exception e) {
log.error("Error when parsing JSON of object of type {}", clazz.getSimpleName(), e);
} // return null in case of exception
-
return object;
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/FilterServletOutputStream.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/FilterServletOutputStream.java
index 30414e38b7..c5dbabfb30 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/FilterServletOutputStream.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/FilterServletOutputStream.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,14 +17,13 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil.filters;
-import javax.servlet.ServletOutputStream;
-import javax.servlet.WriteListener;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.OutputStream;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
public class FilterServletOutputStream extends ServletOutputStream {
@@ -38,12 +37,12 @@ public class FilterServletOutputStream extends ServletOutputStream {
stream.write(b);
}
- public void write(byte[] b) throws IOException {
+ public void write(byte[] b) throws IOException {
stream.write(b);
}
- public void write(byte[] b, int off, int len) throws IOException {
- stream.write(b,off,len);
+ public void write(byte[] b, int off, int len) throws IOException {
+ stream.write(b, off, len);
}
@Override
@@ -53,6 +52,5 @@ public class FilterServletOutputStream extends ServletOutputStream {
@Override
public void setWriteListener(WriteListener writeListener) {
-
}
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/ResponceWrapper.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/ResponceWrapper.java
index dd4576e811..5ef821e542 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/ResponceWrapper.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/ResponceWrapper.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,19 +17,16 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil.filters;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintWriter;
import javax.servlet.ServletOutputStream;
-import javax.servlet.WriteListener;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
-import java.io.ByteArrayOutputStream;
-import java.io.CharArrayWriter;
-import java.io.IOException;
-import java.io.PrintWriter;
public class ResponceWrapper extends HttpServletResponseWrapper {
+
private ByteArrayOutputStream output;
private int contentLength;
private String contentType;
@@ -51,23 +48,21 @@ public class ResponceWrapper extends HttpServletResponseWrapper {
return new PrintWriter(getOutputStream(), true);
}
+ public int getContentLength() {
+ return contentLength;
+ }
+
public void setContentLength(int length) {
this.contentLength = length;
super.setContentLength(length);
}
- public int getContentLength() {
- return contentLength;
+ public String getContentType() {
+ return contentType;
}
public void setContentType(String type) {
this.contentType = type;
super.setContentType(type);
}
-
-
- public String getContentType() {
- return contentType;
-
- }
}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SampleFilter.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SampleFilter.java
index e54a08af6f..81cc4cd49d 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SampleFilter.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SampleFilter.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,29 +17,39 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil.filters;
-
-import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
-
-import javax.servlet.http.Cookie;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import javax.servlet.http.Cookie;
+import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
public class SampleFilter extends SessionValidationFilter {
+ @Override
+ public ISessionValidationFilterConfiguration getFilterConfiguration() {
+ return Configuration.getInstance();
+ }
+
+ @Override
+ protected Cookie addRoleToCookie(Cookie updatedCookie) {
+ return updatedCookie;
+ }
+
+ @Override
+ protected boolean isRoleValid(Cookie cookie) {
+ return true;
+ }
+
private static class Configuration implements ISessionValidationFilterConfiguration {
private static Configuration instance;
-
private String securityKey;
private long maxSessionTimeOut;
private long sessionIdleTimeOut;
private String redirectURL;
private List<String> excludedUrls;
-
private String cookieName;
private String cookieDomain;
private String cookiePath;
@@ -48,40 +58,19 @@ public class SampleFilter extends SessionValidationFilter {
private Configuration() {
//security key should be exactly 16 characters long clear text and then encoded to base64
this.securityKey = "AGLDdG4D04BKm2IxIWEr8o==";
- this.maxSessionTimeOut = 24L*60L*60L*1000L;
- this.sessionIdleTimeOut = 60L*60L*1000L;
+ this.maxSessionTimeOut = 24L * 60L * 60L * 1000L;
+ this.sessionIdleTimeOut = 60L * 60L * 1000L;
this.redirectURL = "https://www.e-access.att.com/ecomp_portal_ist/ecompportal/process_csp";
- this.excludedUrls = new ArrayList<>(Arrays.asList("/config","/configmgr","/rest","/kibanaProxy","/healthcheck","/upload.*"));
-
+ this.excludedUrls = new ArrayList<>(Arrays.asList("/config", "/configmgr", "/rest", "/kibanaProxy", "/healthcheck", "/upload.*"));
this.cookieName = "kuku";
this.cookieDomain = "";
this.cookiePath = "/";
this.isCookieHttpOnly = true;
}
- public void setSecurityKey(String securityKey) {
- this.securityKey = securityKey;
- }
-
- public void setMaxSessionTimeOut(long maxSessionTimeOut) {
- this.maxSessionTimeOut = maxSessionTimeOut;
- }
-
- public void setCookieName(String cookieName) {
- this.cookieName = cookieName;
- }
-
- public void setRedirectURL(String redirectURL) {
- this.redirectURL = redirectURL;
- }
-
- public void setExcludedUrls(List<String> excludedUrls) {
- this.excludedUrls = excludedUrls;
- }
-
- public static Configuration getInstance(){
- if (instance == null ){
- instance = new Configuration();
+ public static Configuration getInstance() {
+ if (instance == null) {
+ instance = new Configuration();
}
return instance;
}
@@ -91,11 +80,19 @@ public class SampleFilter extends SessionValidationFilter {
return securityKey;
}
+ public void setSecurityKey(String securityKey) {
+ this.securityKey = securityKey;
+ }
+
@Override
public long getMaxSessionTimeOut() {
return maxSessionTimeOut;
}
+ public void setMaxSessionTimeOut(long maxSessionTimeOut) {
+ this.maxSessionTimeOut = maxSessionTimeOut;
+ }
+
@Override
public long getSessionIdleTimeOut() {
return sessionIdleTimeOut;
@@ -106,6 +103,10 @@ public class SampleFilter extends SessionValidationFilter {
return cookieName;
}
+ public void setCookieName(String cookieName) {
+ this.cookieName = cookieName;
+ }
+
@Override
public String getCookieDomain() {
return cookieDomain;
@@ -126,27 +127,17 @@ public class SampleFilter extends SessionValidationFilter {
return redirectURL;
}
+ public void setRedirectURL(String redirectURL) {
+ this.redirectURL = redirectURL;
+ }
+
@Override
public List<String> getExcludedUrls() {
return excludedUrls;
}
- }
-
- @Override
- public ISessionValidationFilterConfiguration getFilterConfiguration() {
- return Configuration.getInstance();
- }
-
- @Override
- protected Cookie addRoleToCookie(Cookie updatedCookie) {
- return updatedCookie;
- }
- @Override
- protected boolean isRoleValid(Cookie cookie) {
- return true;
+ public void setExcludedUrls(List<String> excludedUrls) {
+ this.excludedUrls = excludedUrls;
+ }
}
-
}
-
-
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java
index de235bff89..cf24874f38 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilter.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,18 +17,14 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
package org.openecomp.sdc.securityutil.filters;
-import org.onap.logging.ref.slf4j.ONAPLogConstants;
-import org.openecomp.sdc.securityutil.AuthenticationCookieUtils;
-import org.openecomp.sdc.securityutil.CipherUtilException;
-import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.slf4j.MDC;
-import org.apache.commons.lang.StringUtils;
-
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -38,33 +34,70 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
+import org.apache.commons.lang.StringUtils;
+import org.onap.logging.ref.slf4j.ONAPLogConstants;
+import org.openecomp.sdc.securityutil.AuthenticationCookieUtils;
+import org.openecomp.sdc.securityutil.CipherUtilException;
+import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
public abstract class SessionValidationFilter implements Filter {
- private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
- private ISessionValidationFilterConfiguration filterConfiguration;
- private List<String> excludedUrls;
+ private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
private static final String REQUEST_ID = ONAPLogConstants.MDCs.REQUEST_ID;
private static final String ONAP_REQUEST_ID_HEADER = ONAPLogConstants.Headers.REQUEST_ID;
private static final String REQUEST_ID_HEADER = "X-RequestID";
private static final String TRANSACTION_ID_HEADER = "X-TransactionId";
private static final String ECOMP_REQUEST_ID_HEADER = "X-ECOMP-RequestID";
-
private static final String PARTNER_NAME = ONAPLogConstants.MDCs.PARTNER_NAME;
private static final String USER_ID_HEADER = "USER_ID";
private static final String ONAP_PARTNER_NAME_HEADER = ONAPLogConstants.Headers.PARTNER_NAME;
private static final String USER_AGENT_HEADER = "User-Agent";
private static final String UNKNOWN = "UNKNOWN";
+ private ISessionValidationFilterConfiguration filterConfiguration;
+ private List<String> excludedUrls;
+ public static void fillMDCFromHeaders(HttpServletRequest httpServletRequest) {
+ fillRequestIdFromHeader(httpServletRequest);
+ fillPartnerNameFromHeader(httpServletRequest);
+ }
+
+ private static void fillRequestIdFromHeader(HttpServletRequest httpServletRequest) {
+ if (MDC.get(REQUEST_ID) == null) {
+ if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER))) {
+ MDC.put(REQUEST_ID, httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER));
+ } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(REQUEST_ID_HEADER))) {
+ MDC.put(REQUEST_ID, httpServletRequest.getHeader(REQUEST_ID_HEADER));
+ } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(TRANSACTION_ID_HEADER))) {
+ MDC.put(REQUEST_ID, httpServletRequest.getHeader(TRANSACTION_ID_HEADER));
+ } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER))) {
+ MDC.put(REQUEST_ID, httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER));
+ } else {
+ MDC.put(REQUEST_ID, UUID.randomUUID().toString());
+ }
+ }
+ }
+
+ private static void fillPartnerNameFromHeader(HttpServletRequest httpServletRequest) {
+ if (MDC.get(PARTNER_NAME) == null) {
+ if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_ID_HEADER))) {
+ MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_ID_HEADER));
+ } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER))) {
+ MDC.put(PARTNER_NAME, httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER));
+ } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_AGENT_HEADER))) {
+ MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_AGENT_HEADER));
+ } else {
+ MDC.put(PARTNER_NAME, UNKNOWN);
+ }
+ }
+ }
public abstract ISessionValidationFilterConfiguration getFilterConfiguration();
+
protected abstract Cookie addRoleToCookie(Cookie updatedCookie);
+
protected abstract boolean isRoleValid(Cookie cookie);
@Override
@@ -74,52 +107,52 @@ public abstract class SessionValidationFilter implements Filter {
}
@Override
- public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+ public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+ throws IOException, ServletException {
final HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
final HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
-
long startTime = System.nanoTime();
fillMDCFromHeaders(httpRequest);
log.debug("SessionValidationFilter: Validation started, received request with URL {}", httpRequest.getRequestURL());
-
// request preprocessing
boolean isContinueProcessing = preProcessingRequest(servletRequest, servletResponse, filterChain, httpRequest, httpResponse, startTime);
List<Cookie> cookies = null;
Cookie extractedCookie = null;
-
// request processing
if (isContinueProcessing) {
cookies = extractAuthenticationCookies(httpRequest.getCookies());
extractedCookie = cookies.get(0);
isContinueProcessing = processRequest(httpRequest, httpResponse, extractedCookie);
}
-
// response processing
- if(isContinueProcessing){
- log.debug("SessionValidationFilter: Cookie from request {} is valid, passing request to session extension ...", httpRequest.getRequestURL());
+ if (isContinueProcessing) {
+ log.debug("SessionValidationFilter: Cookie from request {} is valid, passing request to session extension ...",
+ httpRequest.getRequestURL());
Cookie updatedCookie = processResponse(extractedCookie);
cleanResponceFromLeftoverCookies(httpResponse, cookies);
log.debug("SessionValidationFilter: request {} passed all validations, passing request to endpoint ...", httpRequest.getRequestURL());
httpResponse.addCookie(updatedCookie);
long durationSec = TimeUnit.NANOSECONDS.toSeconds(System.nanoTime() - startTime);
long durationMil = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startTime);
- log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), durationSec, durationMil);
+ log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(),
+ durationSec, durationMil);
filterChain.doFilter(servletRequest, httpResponse);
}
}
-
- private boolean preProcessingRequest(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, HttpServletRequest httpRequest, HttpServletResponse httpResponse, long startTime) throws IOException, ServletException {
-
+ private boolean preProcessingRequest(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain,
+ HttpServletRequest httpRequest, HttpServletResponse httpResponse, long startTime)
+ throws IOException, ServletException {
boolean isPreProcessingSucceeded = true;
if (isUrlFromWhiteList(httpRequest)) {
- log.debug("SessionValidationFilter: URL {} excluded from access validation , passing request to endpoint ... ", httpRequest.getRequestURL());
+ log.debug("SessionValidationFilter: URL {} excluded from access validation , passing request to endpoint ... ",
+ httpRequest.getRequestURL());
long durationSec = TimeUnit.NANOSECONDS.toSeconds(System.nanoTime() - startTime);
long durationMil = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startTime);
- log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(), durationSec, durationMil);
+ log.debug("SessionValidationFilter: Validation ended, running time for URL {} is: {} seconds {} miliseconds", httpRequest.getPathInfo(),
+ durationSec, durationMil);
filterChain.doFilter(servletRequest, servletResponse);
isPreProcessingSucceeded = false;
-
} else if (!isCookiePresent(httpRequest.getCookies())) {
//redirect to portal app
log.debug("SessionValidationFilter: Cookie from request {} is not valid, redirecting request to portal", httpRequest.getRequestURL());
@@ -130,7 +163,7 @@ public abstract class SessionValidationFilter implements Filter {
}
private boolean processRequest(HttpServletRequest httpRequest, HttpServletResponse httpResponse, Cookie cookie) throws IOException {
- boolean isProcessSuccessful= true;
+ boolean isProcessSuccessful = true;
try {
if (AuthenticationCookieUtils.isSessionExpired(cookie, filterConfiguration)) {
//redirect to portal app
@@ -143,7 +176,6 @@ public abstract class SessionValidationFilter implements Filter {
log.debug("SessionValidationFilter: Cookie decryption error : {}", e.getMessage(), e);
isProcessSuccessful = false;
}
-
if (!isRoleValid(cookie)) {
//redirect to portal app
log.debug("SessionValidationFilter: Role is not valid, redirecting request {} to portal", httpRequest.getRequestURL());
@@ -184,33 +216,32 @@ public abstract class SessionValidationFilter implements Filter {
log.debug("SessionValidationFilter: Extracting authentication cookies, {} cookies in request", cookies.length);
List<Cookie> authenticationCookies = Arrays.stream(cookies).filter(c -> isCookieNameMatch(actualCookieName, c)).collect(Collectors.toList());
log.debug("SessionValidationFilter: Extracted {} authentication cookies from request", authenticationCookies.size());
- if( authenticationCookies.size() > 1 ){
- authenticationCookies.forEach( cookie -> log.debug("SessionValidationFilter: Multiple cookies found cookie name, {} cookie value {}", cookie.getName(), cookie.getValue()));
+ if (authenticationCookies.size() > 1) {
+ authenticationCookies.forEach(cookie -> log
+ .debug("SessionValidationFilter: Multiple cookies found cookie name, {} cookie value {}", cookie.getName(), cookie.getValue()));
}
return authenticationCookies;
}
-
// use contains for matching due issue with ecomp portal ( change cookie name, add prefix ), temp solution
private boolean isCookieNameMatch(String actualCookieName, Cookie c) {
return c.getName().contains(actualCookieName);
}
private boolean isUrlFromWhiteList(HttpServletRequest httpRequest) {
- if (httpRequest.getPathInfo() == null){
+ if (httpRequest.getPathInfo() == null) {
final String servletPath = httpRequest.getServletPath().toLowerCase();
- log.debug("SessionValidationFilter: pathInfo is null, trying to check by servlet path white list validation -> ServletPath: {} ", servletPath);
- return excludedUrls.stream().
- anyMatch( e -> servletPath.matches(e));
+ log.debug("SessionValidationFilter: pathInfo is null, trying to check by servlet path white list validation -> ServletPath: {} ",
+ servletPath);
+ return excludedUrls.stream().anyMatch(e -> servletPath.matches(e));
}
String pathInfo = httpRequest.getPathInfo().toLowerCase();
log.debug("SessionValidationFilter: white list validation -> PathInfo: {} ", pathInfo);
- return excludedUrls.stream().
- anyMatch( e -> pathInfo.matches(e));
+ return excludedUrls.stream().anyMatch(e -> pathInfo.matches(e));
}
private void cleanResponceFromLeftoverCookies(HttpServletResponse httpResponse, List<Cookie> cookiesList) {
- for (Cookie cookie:cookiesList){
+ for (Cookie cookie : cookiesList) {
Cookie cleanCookie = AuthenticationCookieUtils.createUpdatedCookie(cookie, null, filterConfiguration);
cleanCookie.setMaxAge(0);
log.debug("SessionValidationFilter Cleaning Cookie cookie name: {} added to responce", cleanCookie.getName());
@@ -218,45 +249,7 @@ public abstract class SessionValidationFilter implements Filter {
}
}
- public static void fillMDCFromHeaders(HttpServletRequest httpServletRequest) {
- fillRequestIdFromHeader(httpServletRequest);
- fillPartnerNameFromHeader(httpServletRequest);
-
- }
-
- private static void fillRequestIdFromHeader(HttpServletRequest httpServletRequest){
- if (MDC.get(REQUEST_ID) == null) {
- if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER))) {
- MDC.put(REQUEST_ID, httpServletRequest.getHeader(ONAP_REQUEST_ID_HEADER));
- } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(REQUEST_ID_HEADER))) {
- MDC.put(REQUEST_ID, httpServletRequest.getHeader(REQUEST_ID_HEADER));
- } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(TRANSACTION_ID_HEADER))) {
- MDC.put(REQUEST_ID, httpServletRequest.getHeader(TRANSACTION_ID_HEADER));
- } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER))) {
- MDC.put(REQUEST_ID, httpServletRequest.getHeader(ECOMP_REQUEST_ID_HEADER));
- } else {
- MDC.put(REQUEST_ID, UUID.randomUUID().toString());
- }
- }
- }
-
- private static void fillPartnerNameFromHeader(HttpServletRequest httpServletRequest){
- if (MDC.get(PARTNER_NAME) == null) {
- if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_ID_HEADER))) {
- MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_ID_HEADER));
- } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER))) {
- MDC.put(PARTNER_NAME, httpServletRequest.getHeader(ONAP_PARTNER_NAME_HEADER));
- } else if (StringUtils.isNotEmpty(httpServletRequest.getHeader(USER_AGENT_HEADER))) {
- MDC.put(PARTNER_NAME, httpServletRequest.getHeader(USER_AGENT_HEADER));
- } else {
- MDC.put(PARTNER_NAME, UNKNOWN);
- }
- }
- }
-
-
@Override
public void destroy() {
-
}
}