aboutsummaryrefslogtreecommitdiffstats
path: root/epsdk-app-onap/src/main/java/org/onap
diff options
context:
space:
mode:
authorOfir Sonsino <os0695@att.com>2018-02-20 18:03:30 +0200
committerOfir Sonsino <os0695@intl.att.com>2018-02-27 14:47:52 +0200
commitefedea1c5d80532f5b1180d57c8dafce5dcb302a (patch)
treec4bdefe8758b01f31c9e91a9ded0ab989daeb5e2 /epsdk-app-onap/src/main/java/org/onap
parentb94bd70f1595fad9546c3506393613f68504f495 (diff)
org.onap migration
Change-Id: I5e2d01a6da21d4003c910b5fe0702b35c2089a77 Issue-ID: VID-86 Signed-off-by: Ofir Sonsino <os0695@intl.att.com>
Diffstat (limited to 'epsdk-app-onap/src/main/java/org/onap')
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java208
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java44
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java59
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java108
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/lm/FusionLicenseManagerImpl.java70
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/lm/LicenseableClassImpl.java62
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java123
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/Register.java68
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/RegistryAdapter.java59
-rw-r--r--epsdk-app-onap/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java72
10 files changed, 478 insertions, 395 deletions
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
index 1583bc92d..2d222f0dc 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
@@ -1,41 +1,57 @@
-/*-
- * ================================================================================
- * ECOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.portalapp.conf;
import java.util.ArrayList;
import java.util.List;
-import javax.annotation.PostConstruct;
+
import javax.sql.DataSource;
import org.onap.portalapp.login.LoginStrategyImpl;
import org.onap.portalapp.scheduler.RegistryAdapter;
-import org.openecomp.portalsdk.core.auth.LoginStrategy;
-import org.openecomp.portalsdk.core.conf.AppConfig;
-import org.openecomp.portalsdk.core.conf.Configurable;
-import org.openecomp.portalsdk.core.lm.FusionLicenseManager;
-import org.openecomp.portalsdk.core.lm.FusionLicenseManagerUtils;
-//import org.openecomp.portalsdk.core.lm.LicenseableClassImpl;
-import org.openecomp.portalsdk.core.objectcache.AbstractCacheManager;
-import org.openecomp.portalsdk.core.service.DataAccessService;
-import org.openecomp.portalsdk.core.util.CacheManager;
-import org.openecomp.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.auth.LoginStrategy;
+import org.onap.portalsdk.core.conf.AppConfig;
+import org.onap.portalsdk.core.conf.Configurable;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.objectcache.AbstractCacheManager;
+import org.onap.portalsdk.core.service.DataAccessService;
+import org.onap.portalsdk.core.util.CacheManager;
+import org.onap.portalsdk.core.util.SystemProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
@@ -44,11 +60,6 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.PropertySource;
-import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
-import org.springframework.core.io.Resource;
-import org.springframework.jdbc.datasource.init.DataSourceInitializer;
-import org.springframework.jdbc.datasource.init.DatabasePopulator;
-import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.scheduling.quartz.SchedulerFactoryBean;
@@ -56,15 +67,18 @@ import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-import org.openecomp.portalsdk.core.service.DataAccessService;
-import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.springframework.core.io.Resource;
+import org.springframework.jdbc.datasource.init.DataSourceInitializer;
+import org.springframework.jdbc.datasource.init.DatabasePopulator;
+import org.springframework.jdbc.datasource.init.ResourceDatabasePopulator;
+
/**
- * ECOMP Portal SDK sample application. ECOMP Portal SDK core AppConfig class to
+ * ONAP Portal SDK sample application. Extends core AppConfig class to
* reuse interceptors, view resolvers and other features defined there.
*/
@Configuration
@EnableWebMvc
-@ComponentScan(basePackages = {"org.openecomp", "org.onap"})
+@ComponentScan(basePackages = {"org.onap"})
@PropertySource(value = { "${container.classpath:}/WEB-INF/conf/app/test.properties" }, ignoreResourceNotFound = true)
@Profile("src")
@EnableAsync
@@ -72,47 +86,47 @@ import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
public class ExternalAppConfig extends AppConfig implements Configurable {
private RegistryAdapter schedulerRegistryAdapter;
- /** The Constant LOG. */
- private static final EELFLoggerDelegate LOG = EELFLoggerDelegate.getLogger(ExternalAppConfig.class);
-
- /** The vid schema script. */
- @Value("classpath:vid-schema.sql")
- private Resource vidSchemaScript;
-
- /** The vid data script. */
- @Value("classpath:vid-data.sql")
- private Resource vidDataScript;
-
- /**
- * The Class InnerConfiguration.
- */
+ /** The Constant LOG. */
+ private static final EELFLoggerDelegate LOG = EELFLoggerDelegate.getLogger(ExternalAppConfig.class);
+
+ /** The vid schema script. */
+ @Value("classpath:vid-schema.sql")
+ private Resource vidSchemaScript;
+
+ /** The vid data script. */
+ @Value("classpath:vid-data.sql")
+ private Resource vidDataScript;
+
+ /**
+ * The Class InnerConfiguration.
+ */
@Configuration
@Import(SystemProperties.class)
static class InnerConfiguration {
}
/**
- * View resolver.
- *
- * @return the view resolver
- * @see org.openecomp.portalsdk.core.conf.AppConfig#viewResolver()
+ * @see org.onap.portalsdk.core.conf.AppConfig#viewResolver()
*/
+ @Override
public ViewResolver viewResolver() {
return super.viewResolver();
}
/**
- * @see org.openecomp.portalsdk.core.conf.AppConfig#addResourceHandlers(ResourceHandlerRegistry)
+ * @see org.onap.portalsdk.core.conf.AppConfig#addResourceHandlers(ResourceHandlerRegistry)
*
* @param registry
*/
+ @Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
super.addResourceHandlers(registry);
}
/**
- * @see org.openecomp.portalsdk.core.conf.AppConfig#dataAccessService()
+ * @see org.onap.portalsdk.core.conf.AppConfig#dataAccessService()
*/
+ @Override
public DataAccessService dataAccessService() {
// Echo the JDBC URL to assist developers when starting the app.
System.out.println("ExternalAppConfig: " + SystemProperties.DB_CONNECTIONURL + " is "
@@ -126,8 +140,9 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
*
* @return List of String, size 1
*/
+ @Override
public List<String> addTileDefinitions() {
- List<String> definitions = new ArrayList<String>();
+ List<String> definitions = new ArrayList<>();
definitions.add("/WEB-INF/defs/definitions.xml");
return definitions;
}
@@ -154,30 +169,6 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
return new CacheManager();
}
-
-
-
- /**
- * Creates and returns a new instance of a {@link FusionLicenseManager}.
- *
- * @return New instance of {@link FusionLicenseManager}.
- */
-// @Bean
-// public FusionLicenseManager fusionLicenseManager() {
-// return new FusionLicenseManagerImpl();
-// }
-
- /**
- * Creates and returns a new instance of a
- * {@link FusionLicenseManagerUtils}.
- *
- * @return New instance of {@link FusionLicenseManagerUtils}.
- */
-// @Bean
-// public FusionLicenseManagerUtils fusionLicenseManagerUtils() {
-// return new FusionLicenseManagerUtils();
-// }
-
/**
* Creates and returns a new instance of a {@link SchedulerFactoryBean} and
* populates it with triggers.
@@ -195,36 +186,38 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
return scheduler;
}
- /**
- * Data source initializer.
- *
- * @param dataSource the data source
- * @return the data source initializer
- */
- @Bean
- public DataSourceInitializer dataSourceInitializer(DataSource dataSource) {
-
- LOG.info("Initializing VID data source");
-
- final DataSourceInitializer initializer = new DataSourceInitializer();
- initializer.setDataSource(dataSource);
- initializer.setDatabasePopulator(databasePopulator());
- return initializer;
- }
/**
- * Database populator.
- *
- * @return the database populator
- */
- public DatabasePopulator databasePopulator() {
- LOG.info("Populating VID data source");
-
- final ResourceDatabasePopulator populator = new ResourceDatabasePopulator();
- populator.addScript(vidSchemaScript);
- populator.addScript(vidDataScript);
- return populator;
- }
+ * Data source initializer.
+ *
+ * @param dataSource the data source
+ * @return the data source initializer
+ */
+ @Bean
+ public DataSourceInitializer dataSourceInitializer(DataSource dataSource) {
+
+ LOG.info("Initializing VID data source");
+
+ final DataSourceInitializer initializer = new DataSourceInitializer();
+ initializer.setDataSource(dataSource);
+ initializer.setDatabasePopulator(databasePopulator());
+ return initializer;
+ }
+
+ /**
+ * Database populator.
+ *
+ * @return the database populator
+ */
+ public DatabasePopulator databasePopulator() {
+ LOG.info("Populating VID data source");
+
+ final ResourceDatabasePopulator populator = new ResourceDatabasePopulator();
+ populator.addScript(vidSchemaScript);
+ populator.addScript(vidDataScript);
+ return populator;
+ }
+
/**
* Sets the scheduler registry adapter.
@@ -236,13 +229,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
this.schedulerRegistryAdapter = schedulerRegistryAdapter;
}
- /**
- * Creates the LoginStrategy
- * @return instance of LoginStrategy
- */
@Bean
public LoginStrategy loginStrategy() {
-
return new LoginStrategyImpl();
}
}
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
index 347bb51e1..c8fbc4347 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/ExternalAppInitializer.java
@@ -1,25 +1,43 @@
-/*-
- * ================================================================================
- * ECOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.portalapp.conf;
-import org.openecomp.portalsdk.core.conf.AppInitializer;
+import org.onap.portalsdk.core.conf.AppInitializer;
public class ExternalAppInitializer extends AppInitializer {
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
index 3116346ee..0c91ff0a0 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/conf/HibernateMappingLocations.java
@@ -1,41 +1,52 @@
-/*-
- * ================================================================================
- * ECOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.portalapp.conf;
+import org.onap.portalsdk.core.conf.HibernateMappingLocatable;
import org.springframework.context.annotation.Profile;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.stereotype.Component;
-import org.openecomp.portalsdk.core.conf.HibernateMappingLocatable;
-
@Component
@Profile("src")
public class HibernateMappingLocations implements HibernateMappingLocatable {
- /*
- * (non-Javadoc)
- *
- * @see org.openecomp.portalsdk.core.conf.HibernateMappingLocatable#
- * getMappingLocations()
- */
@Override
public Resource[] getMappingLocations() {
return new Resource[] { new ClassPathResource("../fusion/orm/Fusion.hbm.xml"),
@@ -43,15 +54,9 @@ public class HibernateMappingLocations implements HibernateMappingLocatable {
new ClassPathResource("../fusion/orm/RNoteBookIntegration.hbm.xml") };
}
- /*
- * (non-Javadoc)
- *
- * @see org.openecomp.portalsdk.core.conf.HibernateMappingLocatable#
- * getPackagesToScan()
- */
@Override
public String[] getPackagesToScan() {
- return new String[] { "org.openecomp", "org.onap" };
+ return new String[] { "org.onap" };
}
}
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
new file mode 100644
index 000000000..71ab7359a
--- /dev/null
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -0,0 +1,108 @@
+
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.portalapp.filter;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringUtils;
+import org.onap.portalapp.util.SecurityXssValidator;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.util.ContentCachingRequestWrapper;
+import org.springframework.web.util.ContentCachingResponseWrapper;
+import org.springframework.web.util.WebUtils;
+
+public class SecurityXssFilter extends OncePerRequestFilter {
+
+ private static final String BAD_REQUEST = "BAD_REQUEST";
+
+ private SecurityXssValidator validator = SecurityXssValidator.getInstance();
+
+ private static String getRequestData(final HttpServletRequest request) throws UnsupportedEncodingException {
+ String payload = null;
+ ContentCachingRequestWrapper wrapper = WebUtils.getNativeRequest(request, ContentCachingRequestWrapper.class);
+ if (wrapper != null) {
+ byte[] buf = wrapper.getContentAsByteArray();
+ if (buf.length > 0) {
+ payload = new String(buf, 0, buf.length, wrapper.getCharacterEncoding());
+ }
+ }
+ return payload;
+ }
+
+ private static String getResponseData(final HttpServletResponse response) throws IOException {
+ String payload = null;
+ ContentCachingResponseWrapper wrapper = WebUtils.getNativeResponse(response,
+ ContentCachingResponseWrapper.class);
+ if (wrapper != null) {
+ byte[] buf = wrapper.getContentAsByteArray();
+ if (buf.length > 0) {
+ payload = new String(buf, 0, buf.length, wrapper.getCharacterEncoding());
+ wrapper.copyBodyToResponse();
+ }
+ }
+ return payload;
+ }
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws ServletException, IOException {
+
+ if (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT")) {
+
+ HttpServletRequest requestToCache = new ContentCachingRequestWrapper(request);
+ HttpServletResponse responseToCache = new ContentCachingResponseWrapper(response);
+ filterChain.doFilter(requestToCache, responseToCache);
+ String requestData = getRequestData(requestToCache);
+ String responseData = getResponseData(responseToCache);
+ if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) {
+ throw new SecurityException(BAD_REQUEST);
+ }
+
+ } else {
+ filterChain.doFilter(request, response);
+ }
+
+ }
+}
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/lm/FusionLicenseManagerImpl.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/lm/FusionLicenseManagerImpl.java
deleted file mode 100644
index 75569d4c5..000000000
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/lm/FusionLicenseManagerImpl.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package org.onap.portalapp.lm;
-
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.ServletContext;
-
-import org.openecomp.portalsdk.core.lm.FusionLicenseManager;
-import org.springframework.stereotype.Component;
-
-/*
- * Please note that this class is not being used; its a dummy stub to have a qualifying bean for the interface.
- */
-
-@Component
-public class FusionLicenseManagerImpl implements FusionLicenseManager {
-
- @Override
- public void initKeyStoreParam() {
-
- }
-
- @Override
- public void initCipherParam() {
-
- }
-
- @Override
- public void initLicenseParam() {
-
- }
-
- @Override
- public void doInitWork() {
-
- }
-
- @Override
- public int installLicense() {
- return 0;
- }
-
- @Override
- public synchronized int verifyLicense(ServletContext context) {
- return 0;
- }
-
- @Override
- public void generateLicense(Map<String, String> clientInfoMap, List<String> ipAddressList) throws Exception {
-
- }
-
- @Override
- public String nvl(String s) {
- return null;
- }
-
- @Override
- public Date getExpiredDate() {
- return null;
- }
-
- @Override
- public void setExpiredDate(Date expiredDate) {
-
- }
-
-
-}
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/lm/LicenseableClassImpl.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/lm/LicenseableClassImpl.java
deleted file mode 100644
index 856d8e0ed..000000000
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/lm/LicenseableClassImpl.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*-
- * ================================================================================
- * eCOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ================================================================================
- */
-package org.onap.portalapp.lm;
-
-import java.io.FileNotFoundException;
-import java.io.InputStream;
-
-import org.openecomp.portalsdk.core.lm.LicenseableClass;
-
-/*
- * Please note that this class is not being used; its a dummy stub to have a qualifying bean for the interface.
- */
-
-public class LicenseableClassImpl implements LicenseableClass {
-
- public String getApplicationName() {
- return "";
- }
-
- public InputStream getPublicKeystoreAsInputStream() throws FileNotFoundException {
- return null;
- }
-
- public String getAlias() {
- return "";
- }
-
- public String getKeyPasswd() {
- return "";
- }
-
- public String getPublicKeystorePassword() {
- return "";
- }
-
- public String getCipherParamPassword() {
- return "";
- }
-
- @SuppressWarnings("rawtypes")
- public Class getClassToLicense() {
- return this.getClass();
- }
-}
-
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
index b04202290..729cfd1fd 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/login/LoginStrategyImpl.java
@@ -1,69 +1,130 @@
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
package org.onap.portalapp.login;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.openecomp.portalsdk.core.auth.LoginStrategy;
-import org.openecomp.portalsdk.core.onboarding.exception.PortalAPIException;
-import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
-import org.openecomp.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.onap.portalsdk.core.auth.LoginStrategy;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
+import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
+import org.onap.portalsdk.core.onboarding.util.CipherUtil;
+import org.onap.portalsdk.core.util.SystemProperties;
import org.springframework.web.servlet.ModelAndView;
+/**
+ * Implements basic single-signon login strategy for open-source applications
+ * when users start at Portal. Extracts an encrypted user ID sent by Portal.
+ */
public class LoginStrategyImpl extends LoginStrategy {
-
+
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginStrategyImpl.class);
+
+ /**
+ * login for open source is same as external login in the non-open-source
+ * version.
+ */
@Override
public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
- //'login' for opensource is same as 'external' login.
return doExternalLogin(request, response);
}
-
+
@Override
public String getUserId(HttpServletRequest request) throws PortalAPIException {
// Check ECOMP Portal cookie
- if (!isLoginCookieExist(request))
+ Cookie ep = getCookie(request, EP_SERVICE);
+ if (ep == null) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "getUserId: no EP_SERVICE cookie, returning null");
return null;
+ }
String userid = null;
try {
userid = getUserIdFromCookie(request);
} catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ logger.error(EELFLoggerDelegate.errorLogger, "getUserId failed", e);
}
- return userid;
+ return userid;
}
- private static String getUserIdFromCookie(HttpServletRequest request) throws Exception {
+ /**
+ * Searches the request for the user-ID cookie and decrypts the value using a
+ * key configured in properties
+ *
+ * @param request
+ * HttpServletRequest
+ * @return User ID
+ * @throws CipherUtilException
+ * On any failure to decrypt
+ */
+ private String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException {
String userId = "";
- Cookie[] cookies = request.getCookies();
- Cookie userIdcookie = null;
- if (cookies != null)
- for (Cookie cookie : cookies)
- if (cookie.getName().equals(USER_ID))
- userIdcookie = cookie;
- if(userIdcookie!=null){
- userId = CipherUtil.decrypt(userIdcookie.getValue());
+ Cookie userIdCookie = getCookie(request, USER_ID);
+ if (userIdCookie != null) {
+ final String cookieValue = userIdCookie.getValue();
+ if (!SystemProperties.containsProperty(SystemProperties.Decryption_Key))
+ throw new IllegalStateException("Failed to find property " + SystemProperties.Decryption_Key);
+ final String decryptionKey = SystemProperties.getProperty(SystemProperties.Decryption_Key);
+ userId = CipherUtil.decrypt(cookieValue, decryptionKey);
+ logger.debug(EELFLoggerDelegate.debugLogger, "getUserIdFromCookie: decrypted as {}", userId);
}
return userId;
-
- }
-
- private static boolean isLoginCookieExist(HttpServletRequest request) {
- Cookie ep = getCookie(request, EP_SERVICE);
- return (ep != null);
}
-
- private static Cookie getCookie(HttpServletRequest request, String cookieName) {
+
+ /**
+ * Searches the request for the named cookie.
+ *
+ * @param request
+ * HttpServletRequest
+ * @param cookieName
+ * Name of desired cookie
+ * @return Cookie if found; otherwise null.
+ */
+ private Cookie getCookie(HttpServletRequest request, String cookieName) {
Cookie[] cookies = request.getCookies();
if (cookies != null)
for (Cookie cookie : cookies)
if (cookie.getName().equals(cookieName))
return cookie;
-
return null;
}
-
}
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/Register.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/Register.java
index 165f3318d..d1a2c51a5 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/Register.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/Register.java
@@ -1,31 +1,48 @@
-/*-
- * ================================================================================
- * ECOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.portalapp.scheduler;
import java.util.ArrayList;
import java.util.List;
-import org.openecomp.portalapp.scheduler.LogRegistry;
-import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.openecomp.portalsdk.core.scheduler.Registerable;
-import org.openecomp.portalsdk.core.util.SystemProperties;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.scheduler.Registerable;
+import org.onap.portalsdk.core.util.SystemProperties;
import org.quartz.Trigger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.DependsOn;
@@ -35,10 +52,10 @@ import org.springframework.stereotype.Component;
@DependsOn({ "logRegistry", "systemProperties" })
public class Register implements Registerable {
- EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(Register.class);
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(Register.class);
- private List<Trigger> scheduleTriggers = new ArrayList<Trigger>();
- Trigger trigger[] = new Trigger[1];
+ private List<Trigger> scheduleTriggers = new ArrayList<>();
+ Trigger[] trigger = new Trigger[1];
@Autowired
private LogRegistry logRegistry;
@@ -50,15 +67,12 @@ public class Register implements Registerable {
@Override
public void registerTriggers() {
- // if the property value is not available; the cron will not be added
- // and can be ignored. its safe to ignore the exceptions
- try {
- if (SystemProperties.getProperty(SystemProperties.LOG_CRON) != null)
- getScheduleTriggers().add(logRegistry.getTrigger());
- } catch (IllegalStateException ies) {
- logger.info(EELFLoggerDelegate.debugLogger, ("Log Cron not available"));
+ // if the property value is not available; the cron will not be added.
+ if (SystemProperties.containsProperty(SystemProperties.LOG_CRON)) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "Adding log registry for cron property {}", SystemProperties.getProperty(SystemProperties.LOG_CRON));
+ getScheduleTriggers().add(logRegistry.getTrigger());
}
-
}
public List<Trigger> getScheduleTriggers() {
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/RegistryAdapter.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/RegistryAdapter.java
index 2cb5d89fe..9f8f7279a 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/RegistryAdapter.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/scheduler/RegistryAdapter.java
@@ -1,21 +1,39 @@
-/*-
- * ================================================================================
- * ECOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.portalapp.scheduler;
@@ -23,8 +41,8 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
-import org.openecomp.portalsdk.core.scheduler.Registerable;
-import org.openecomp.portalsdk.workflow.services.WorkflowScheduleService;
+import org.onap.portalsdk.core.scheduler.Registerable;
+import org.onap.portalsdk.workflow.services.WorkflowScheduleService;
import org.quartz.Trigger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.quartz.SchedulerFactoryBean;
@@ -41,20 +59,15 @@ public class RegistryAdapter {
private SchedulerFactoryBean schedulerBean;
- Trigger trigger[] = new Trigger[1];
+ Trigger [] trigger = new Trigger[1];
public Trigger[] getTriggers() {
-
registry.registerTriggers();
-
- List<Trigger> allTriggers = new ArrayList<Trigger>();
-
+ List<Trigger> allTriggers = new ArrayList<>();
List<Trigger> coreTriggers = addCoreTriggers();
final Trigger[] extTriggerArray = registry.getTriggers();
-
allTriggers.addAll(Arrays.asList(extTriggerArray));
allTriggers.addAll(coreTriggers);
-
return allTriggers.toArray(trigger);
}
@@ -65,8 +78,8 @@ public class RegistryAdapter {
return triggers;
}
- public void setSchedulerBean(SchedulerFactoryBean _schedulerBean) {
- schedulerBean = _schedulerBean;
+ public void setSchedulerBean(final SchedulerFactoryBean schedulerBean) {
+ this.schedulerBean = schedulerBean;
}
public SchedulerFactoryBean getSchedulerBean() {
diff --git a/epsdk-app-onap/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java b/epsdk-app-onap/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java
index e3dbdf82d..076e6fd7d 100644
--- a/epsdk-app-onap/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java
+++ b/epsdk-app-onap/src/main/java/org/onap/portalapp/service/AdminAuthExtension.java
@@ -1,30 +1,47 @@
-/*-
- * ================================================================================
- * ECOMP Portal SDK
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ================================================================================
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.portalapp.service;
import java.util.Set;
-import org.openecomp.portalapp.service.IAdminAuthExtension;
-import org.openecomp.portalsdk.core.domain.Role;
-import org.openecomp.portalsdk.core.domain.User;
-import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -36,30 +53,21 @@ import org.springframework.transaction.annotation.Transactional;
*/
public class AdminAuthExtension implements IAdminAuthExtension {
- EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminAuthExtension.class);
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminAuthExtension.class);
- /*
- * (non-Javadoc)
- * @see org.openecomp.portalapp.service.IAdminAuthExtension#saveUserExtension(org.openecomp.portalsdk.core.domain.User)
- */
+ @Override
public void saveUserExtension(User user) {
- logger.debug("saveUserExtension");
+ logger.debug(EELFLoggerDelegate.debugLogger, "saveUserExtension");
}
- /*
- * (non-Javadoc)
- * @see org.openecomp.portalapp.service.IAdminAuthExtension#editUserExtension(org.openecomp.portalsdk.core.domain.User)
- */
+ @Override
public void editUserExtension(User user) {
- logger.debug("editUserExtension");
+ logger.debug(EELFLoggerDelegate.debugLogger, "editUserExtension");
}
- /*
- * (non-Javadoc)
- * @see org.openecomp.portalapp.service.IAdminAuthExtension#saveUserRoleExtension(java.util.Set, org.openecomp.portalsdk.core.domain.User)
- */
+ @Override
public void saveUserRoleExtension(Set<Role> roles, User user) {
- logger.debug("saveUserRoleExtension");
+ logger.debug(EELFLoggerDelegate.debugLogger, "saveUserRoleExtension");
}
}