2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.sdc.fe.servlets;
23 import java.io.IOException;
24 import java.util.Enumeration;
25 import java.util.List;
27 import javax.servlet.RequestDispatcher;
28 import javax.servlet.ServletException;
29 import javax.servlet.http.Cookie;
30 import javax.servlet.http.HttpServlet;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33 import javax.ws.rs.GET;
34 import javax.ws.rs.Path;
35 import javax.ws.rs.core.Context;
37 import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
38 import org.openecomp.portalsdk.core.onboarding.util.PortalApiConstants;
39 import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
40 import org.openecomp.sdc.common.config.EcompErrorName;
41 import org.openecomp.sdc.common.impl.MutableHttpServletRequest;
42 import org.openecomp.sdc.fe.Constants;
43 import org.openecomp.sdc.fe.config.Configuration;
44 import org.openecomp.sdc.fe.config.ConfigurationManager;
45 import org.openecomp.sdc.fe.config.FeEcompErrorManager;
46 import org.slf4j.Logger;
47 import org.slf4j.LoggerFactory;
50 * Root resource (exposed at "/" path)
53 public class PortalServlet extends HttpServlet {
55 private static Logger log = LoggerFactory.getLogger(PortalServlet.class.getName());
56 private static final long serialVersionUID = 1L;
57 public static final String MISSING_HEADERS_MSG = "Missing Headers In Request";
58 public static final String AUTHORIZATION_ERROR_MSG = "Autherization error";
59 public static final String NEW_LINE = System.getProperty("line.separator");
62 * Entry point from ECOMP portal
66 public void doGet(@Context final HttpServletRequest request, @Context final HttpServletResponse response) {
68 addRequestHeadersUsingWebseal(request, response);
69 } catch (Exception e) {
70 FeEcompErrorManager.getInstance().logFePortalServletError("Portal Servlet");
71 log.error("Error during getting portal page", e);
76 * Building new HTTP request and setting headers for the request The request
77 * will dispatch to index.html
81 * @throws ServletException
84 private void addRequestHeadersUsingWebseal(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
86 response.setContentType("text/html");
88 // Create new request object to dispatch
89 MutableHttpServletRequest mutableRequest = new MutableHttpServletRequest(request);
91 // Get configuration object (reads data from configuration.yaml)
92 Configuration configuration = getConfiguration(request);
94 // Check if we got header from webseal
95 String userId = request.getHeader(Constants.WEBSEAL_USER_ID_HEADER);
97 // Authentication via ecomp portal
99 String userIdFromCookie = getUserIdFromCookie(request);
100 if (("").equals(userIdFromCookie)) {
101 // This is probably a webseal request, so missing header in request should be printed.
102 response.sendError(HttpServletResponse.SC_USE_PROXY, MISSING_HEADERS_MSG);
104 userId = userIdFromCookie;
105 } catch (Exception e) {
106 response.sendError(HttpServletResponse.SC_USE_PROXY, AUTHORIZATION_ERROR_MSG);
110 // Replace webseal header with open source header
111 mutableRequest.putHeader(Constants.USER_ID, userId);
113 // Getting identification headers from configuration.yaml
114 // (identificationHeaderFields) and setting them to new request
116 List<List<String>> identificationHeaderFields = configuration.getIdentificationHeaderFields();
117 for (List<String> possibleHeadersToRecieve : identificationHeaderFields) {
118 String allowedHeaderToPass = possibleHeadersToRecieve.get(0);
119 setNewHeader(possibleHeadersToRecieve, allowedHeaderToPass, request, mutableRequest);
122 // Getting optional headers from configuration.yaml
123 // (optionalHeaderFields) and setting them to new request mutableRequest
124 List<List<String>> optionalHeaderFields = configuration.getOptionalHeaderFields();
125 for (List<String> possibleHeadersToRecieve : optionalHeaderFields) {
126 String allowedHeaderToPass = possibleHeadersToRecieve.get(0);
127 setNewHeader(possibleHeadersToRecieve, allowedHeaderToPass, request, mutableRequest);
130 // Print headers from original request for debug purposes
131 printHeaders(request);
133 // In case using webseal, validate all mandatory headers (identificationHeaderFields) are included in the new request (mutableRequest).
134 // Via ecomp portal do not need to check the headers.
135 boolean allHeadersExist = true;
136 if (null != request.getHeader(Constants.WEBSEAL_USER_ID_HEADER)) {
137 allHeadersExist = checkHeaders(mutableRequest);
140 if (allHeadersExist) {
141 addCookies(response, mutableRequest, getMandatoryHeaders(request));
142 addCookies(response, mutableRequest, getOptionalHeaders(request));
143 RequestDispatcher rd = request.getRequestDispatcher("index.html");
144 rd.forward(mutableRequest, response);
146 response.sendError(HttpServletResponse.SC_USE_PROXY, MISSING_HEADERS_MSG);
151 * Print all request headers to the log
155 private void printHeaders(HttpServletRequest request) {
157 if (log.isDebugEnabled()) {
158 StringBuilder builder = new StringBuilder();
159 String sessionId = "";
160 if (request.getSession() != null) {
161 String id = request.getSession().getId();
167 builder.append("Receiving request with headers:" + NEW_LINE);
168 log.debug("{}", request.getHeaderNames());
169 @SuppressWarnings("unchecked")
170 Enumeration<String> headerNames = request.getHeaderNames();
171 if (headerNames != null) {
172 while (headerNames.hasMoreElements()) {
173 String headerName = headerNames.nextElement();
174 String headerValue = request.getHeader(headerName);
175 builder.append("session " + sessionId + " header: name = " + headerName + ", value = " + headerValue + NEW_LINE);
179 log.debug(builder.toString());
185 * Add cookies (that where set in the new request headers) in the response
191 private void addCookies(HttpServletResponse response, HttpServletRequest request, String[] headers) {
192 for (int i = 0; i < headers.length; i++) {
193 String currHeader = headers[i];
194 String headerValue = request.getHeader(currHeader);
195 if (headerValue != null) {
196 response.addCookie(new Cookie(currHeader, headerValue));
202 * Get mandatory headers (identificationHeaderFields) String array, and
203 * checks that each header exists in the new request
208 private boolean checkHeaders(HttpServletRequest request) {
209 String[] mandatoryHeaders = getMandatoryHeaders(request);
211 boolean allHeadersExist = true;
212 for (int i = 0; i < mandatoryHeaders.length; i++) {
213 String headerValue = request.getHeader(mandatoryHeaders[i]);
214 if (headerValue == null) {
215 allHeadersExist = false;
219 return allHeadersExist;
223 * Get mandatory headers (identificationHeaderFields) from
224 * configuration.yaml file and return String[]
229 private String[] getMandatoryHeaders(HttpServletRequest request) {
230 Configuration configuration = getConfiguration(request);
231 List<List<String>> identificationHeaderFields = configuration.getIdentificationHeaderFields();
232 String[] mandatoryHeaders = new String[identificationHeaderFields.size()];
233 for (int i = 0; i < identificationHeaderFields.size(); i++) {
234 mandatoryHeaders[i] = identificationHeaderFields.get(i).get(0);
236 return mandatoryHeaders;
240 * Get optional headers (optionalHeaderFields) from configuration.yaml file
241 * and return String[]
246 private String[] getOptionalHeaders(HttpServletRequest request) {
247 Configuration configuration = getConfiguration(request);
248 List<List<String>> optionalHeaderFields = configuration.getOptionalHeaderFields();
249 String[] optionalHeaders = new String[optionalHeaderFields.size()];
250 for (int i = 0; i < optionalHeaderFields.size(); i++) {
251 optionalHeaders[i] = optionalHeaderFields.get(i).get(0);
253 return optionalHeaders;
257 * Return Configuration object to read from configuration.yaml
260 * @return Configuration
262 private Configuration getConfiguration(HttpServletRequest request) {
263 ConfigurationManager configManager = (ConfigurationManager) request.getSession().getServletContext().getAttribute(org.openecomp.sdc.common.api.Constants.CONFIGURATION_MANAGER_ATTR);
264 return configManager.getConfiguration();
267 private boolean setNewHeader(List<String> possibleOldHeaders, String newHeaderToSet, HttpServletRequest oldRequest, MutableHttpServletRequest newRequest) {
268 boolean newHeaderIsSet = false;
269 for (int i = 0; i < possibleOldHeaders.size() && !newHeaderIsSet; i++) {
270 String headerValue = oldRequest.getHeader(possibleOldHeaders.get(i));
271 if (headerValue != null) {
272 newRequest.putHeader(newHeaderToSet, headerValue);
273 newHeaderIsSet = true;
276 return newHeaderIsSet;
279 private static String getUserIdFromCookie(HttpServletRequest request) throws Exception {
281 Cookie[] cookies = request.getCookies();
282 Cookie userIdcookie = null;
284 for (Cookie cookie : cookies)
285 if (cookie.getName().equals(Constants.ECOMP_PORTAL_COOKIE))
286 userIdcookie = cookie;
287 if (userIdcookie != null) {
288 userId = CipherUtil.decrypt(userIdcookie.getValue(),
289 PortalApiProperties.getProperty(PortalApiConstants.Decryption_Key));