2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017-2018 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.aai.sparky.security;
23 import java.util.ArrayList;
24 import java.util.List;
26 import javax.servlet.http.Cookie;
27 import javax.servlet.http.HttpServletRequest;
29 import org.onap.aai.cl.api.Logger;
30 import org.onap.aai.cl.eelf.LoggerFactory;
31 import org.onap.aai.sparky.logging.AaiUiMsgs;
32 import org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl;
33 import org.onap.aai.sparky.security.portal.config.PortalAuthenticationConfig;
34 import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
35 import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
36 import org.onap.portalsdk.core.restful.domain.EcompRole;
39 * Provides authentication services for onboarded ECOMP applications.
41 public class EcompSso {
43 public static final String EP_SERVICE = "EPService";
44 public static final String CSP_COOKIE_NAME = "csp_cookie_name";
45 public static final String CSP_GATE_KEEPER_PROD_KEY = "csp_gate_keeper_prod_key";
46 public static final String ONAP_ENABLED = "ONAP_ENABLED";
47 private static EcompSso eCompSso = new EcompSso();
48 private PortalRestAPICentralServiceImpl portalRestCentralImpl = new PortalRestAPICentralServiceImpl();
49 private static final Logger LOG = LoggerFactory.getInstance().getLogger(EcompSso.class);
52 * Searches the request for a cookie with the specified name.
56 * @return Cookie, or null if not found.
58 public static Cookie getCookie(HttpServletRequest request, String cookieName) {
59 Cookie[] cookies = request.getCookies();
61 for (Cookie cookie : cookies) {
62 if (cookie.getName().equals(cookieName)) {
71 * Validates whether the ECOMP Portal sign-on process has completed, which relies the AT&T Global
72 * Log On single-sign on process. Checks for the ECOMP cookie (see {@link #EP_SERVICE}). If found,
73 * then searches for a CSP cookie; if not found, for a WebJunction header.
76 * @return ATT UID if the ECOMP cookie is present and the sign-on process established an ATT UID;
79 public static String validateEcompSso(HttpServletRequest request) {
81 boolean isOnapEnabled = PortalAuthenticationConfig.getInstance().getIsOnapEnabled();
83 final String cookieName = PortalAuthenticationConfig.getInstance().getUserIdCookieName();
85 if (cookieName == null) {
86 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to load cookie");
89 Cookie csp = getCookie(request, cookieName);
91 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to get cookie " + cookieName);
94 final String cspCookieEncrypted = csp.getValue();
97 uid = PortalAuthenticationConfig.getInstance().getCookieDecryptor()
98 .decryptCookie(cspCookieEncrypted);
99 } catch (ClassNotFoundException e) {
100 LOG.error(AaiUiMsgs.DECRYPTION_ERROR, "Unable to find the Cookie Decryptor Class");
105 String[] cspFields = getCspData(request);
106 if (cspFields != null && cspFields.length > 5)
108 } catch (Exception t) {
109 LOG.info(AaiUiMsgs.LOGIN_FILTER_INFO,
110 "getLoginIdFromCookie failed " + t.getLocalizedMessage());
113 boolean validated = eCompSso.validateUserAccess(uid);
115 LOG.debug(AaiUiMsgs.DEBUG_GENERIC, "Unable to grant user access to application");
122 * Searches the specified request for the CSP cookie, decodes it and parses it to a String array.
125 * @return Array of String as parsed from the cookie; null if the cookie is not present; empty
126 * array if the cookie could not be decoded.
128 private static String[] getCspData(HttpServletRequest request) {
129 final String cookieName = PortalApiProperties.getProperty(CSP_COOKIE_NAME);
130 if (cookieName == null) {
131 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
132 "getCspData: Failed to get property " + CSP_COOKIE_NAME);
135 Cookie csp = getCookie(request, cookieName);
137 LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG, "getCspData failed to get cookie " + cookieName);
140 final String cspCookieEncrypted = csp.getValue();
142 String cspCookieDecrypted = null;
144 cspCookieDecrypted = PortalAuthenticationConfig.getInstance().getCookieDecryptor()
145 .decryptCookie(cspCookieEncrypted);
146 return cspCookieDecrypted.split("\\|");
148 } catch (ClassNotFoundException e) {
149 LOG.error(AaiUiMsgs.DECRYPTION_ERROR, "Unable to find the Cookie Decryptor Class");
155 public boolean validateUserAccess(String uid) {
156 boolean hasAccess = false;
157 ArrayList<String> appRoles = PortalAuthenticationConfig.getInstance().getAppRoles();
159 List<EcompRole> userRoles = null;
161 userRoles = portalRestCentralImpl.getUserRoles(uid);
162 } catch (PortalAPIException e) {
163 LOG.error(AaiUiMsgs.ERROR_GENERIC, "Unable to get user roles from Portal");
165 if (userRoles == null || appRoles.isEmpty()) {
166 LOG.debug(AaiUiMsgs.DEBUG_GENERIC, " Role list is either null or empty");
169 for (EcompRole userRole : userRoles) {
170 if (appRoles.contains(userRole.getName())) {