2 * Copyright 2012-2016 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.onap.portalapp.portal.utils;
19 import javax.servlet.http.Cookie;
20 import javax.servlet.http.HttpServletRequest;
21 import javax.servlet.http.HttpServletResponse;
23 import org.onap.music.eelf.logging.EELFLoggerDelegate;
24 import org.onap.portalapp.music.service.MusicService;
25 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
26 import org.springframework.security.web.csrf.CsrfToken;
27 import org.springframework.security.web.csrf.CsrfTokenRepository;
28 import org.springframework.security.web.csrf.DefaultCsrfToken;
29 import org.springframework.util.StringUtils;
32 public final class MusicCookieCsrfTokenRepository implements CsrfTokenRepository {
33 static final String CSRF_COOKIE_NAME = "XSRF-TOKEN";
34 static final String CSRF_HEADER_NAME = "X-XSRF-TOKEN";
35 static final String CSRF_PARAMETER_NAME = "_csrf";
36 static final String EP_SERVICE = "EPService";
37 CookieCsrfTokenRepository cookieRepo = null;
38 private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicService.class);
40 public MusicCookieCsrfTokenRepository() {
43 public MusicCookieCsrfTokenRepository(CookieCsrfTokenRepository _cookieRepo) {
45 cookieRepo = _cookieRepo;
49 public CsrfToken generateToken(HttpServletRequest request) {
50 return cookieRepo.generateToken(request) ;
54 public void saveToken(CsrfToken token, HttpServletRequest request,
55 HttpServletResponse response) {
56 logger.debug(EELFLoggerDelegate.debugLogger, "initialize save csrf token ...");
57 cookieRepo.saveToken(token, request, response);
61 public CsrfToken loadToken(HttpServletRequest request) {
62 logger.debug(EELFLoggerDelegate.debugLogger, "initialize load csrf token ...");
63 CsrfToken cookieRepoToken = cookieRepo.loadToken(request);
64 if(cookieRepoToken==null){ // if cookieRepo does not has the token, check the cassandra for the values stored by other tomcats
65 try { // todo this part of the code needs to be replaced with out depending on EPService cookie
66 String sessionId = getSessionIdFromCookie(request);
67 String token = MusicService.getAttribute(CSRF_COOKIE_NAME, sessionId);
68 if (token==null || !StringUtils.hasLength(token))
70 cookieRepoToken = new DefaultCsrfToken(CSRF_HEADER_NAME, CSRF_PARAMETER_NAME , token);
71 } catch (Exception e) {
72 logger.error(EELFLoggerDelegate.errorLogger, "Error while calling csrf saveToken" , e);
75 return cookieRepoToken;
79 * Factory method to conveniently create an instance that has
80 * {@link #setCookieHttpOnly(boolean)} set to false.
82 * @return an instance of CookieCsrfTokenRepository with
83 * {@link #setCookieHttpOnly(boolean)} set to false
85 public static MusicCookieCsrfTokenRepository withHttpOnlyFalse() {
86 CookieCsrfTokenRepository result = new CookieCsrfTokenRepository();
87 result.setCookieHttpOnly(false);
88 return new MusicCookieCsrfTokenRepository(result);
91 private String getSessionIdFromCookie (HttpServletRequest request){
92 Cookie cookies[] = request.getCookies();
93 if (cookies != null) {
94 for (Cookie cookie : cookies) {
95 if (EP_SERVICE.equals(cookie.getName())) {
96 return cookie.getValue();