gerrit.onap Code Review - portal/sdk.git/blob

   1 /*
   2  * ============LICENSE_START==========================================
   3  * ONAP Portal SDK
   4  * ===================================================================
   5  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * ===================================================================
   7  *
   8  * Unless otherwise specified, all software contained herein is licensed
   9  * under the Apache License, Version 2.0 (the “License”);
  10  * you may not use this software except in compliance with the License.
  11  * You may obtain a copy of the License at
  12  *
  13  *             http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  *
  21  * Unless otherwise specified, all documentation contained herein is licensed
  22  * under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
  23  * you may not use this documentation except in compliance with the License.
  24  * You may obtain a copy of the License at
  25  *
  26  *             https://creativecommons.org/licenses/by/4.0/
  27  *
  28  * Unless required by applicable law or agreed to in writing, documentation
  29  * distributed under the License is distributed on an "AS IS" BASIS,
  30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  31  * See the License for the specific language governing permissions and
  32  * limitations under the License.
  33  *
  34  * ============LICENSE_END============================================
  35  *
  36  * ECOMP is a trademark and service mark of AT&T Intellectual Property.
  37  */
  38 package org.onap.portalsdk.core.interceptor;
  39
  40 import java.net.URLEncoder;
  41
  42 import javax.servlet.http.HttpServletRequest;
  43 import javax.servlet.http.HttpServletResponse;
  44 import javax.servlet.http.HttpSession;
  45
  46 import org.onap.portalsdk.core.controller.FusionBaseController;
  47 import org.onap.portalsdk.core.domain.User;
  48 import org.onap.portalsdk.core.exception.SessionExpiredException;
  49 import org.onap.portalsdk.core.listener.CollaborateListBindingListener;
  50 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
  51 import org.onap.portalsdk.core.web.support.AppUtils;
  52 import org.onap.portalsdk.core.web.support.UserUtils;
  53 import org.springframework.web.method.HandlerMethod;
  54 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
  55
  56 public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
  57
  58         private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SessionTimeoutInterceptor.class);
  59
  60         public SessionTimeoutInterceptor() {
  61         }
  62
  63         /**
  64          * Checks all requests for valid session information. If not found,
  65          * redirects to a controller that will establish a valid session.
  66          */
  67         public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
  68                         throws Exception {
  69                 if (handler instanceof HandlerMethod) {
  70                         HandlerMethod method = (HandlerMethod) handler;
  71                         FusionBaseController controller = (FusionBaseController) method.getBean();
  72                         if (!controller.isAccessible() && !controller.isRESTfulCall()) {
  73                                 try {
  74                                         // getSession() throws SessionExpiredException
  75                                         HttpSession session = AppUtils.getSession(request);
  76                                         User user = UserUtils.getUserSession(request);
  77                                         // check if user is logging out
  78                                         if (request.getRequestURI().indexOf("logout.htm") > -1) {
  79                                                 session.removeAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME);
  80                                                 throw new SessionExpiredException();
  81                                         } else if (user == null) {
  82                                                 // Jump to the redirection code
  83                                                 throw new Exception("preHandle: user not found in session");
  84                                         } else {
  85                                                 // session binding listener will add this value to the
  86                                                 // map, and with session replication the listener will
  87                                                 // fire in all tomcat instances
  88                                                 session.setAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME,
  89                                                                 new CollaborateListBindingListener(user.getOrgUserId()));
  90                                         }
  91                                 } catch (Exception ex) {
  92                                         // get the path within the webapp that the user requested (no host name etc.)
  93                                         final String forwardUrl = request.getRequestURI().substring(request.getContextPath().length() + 1)
  94                                                         + (request.getQueryString() == null ? "" : "?" + request.getQueryString());
  95                                         final String forwardUrlParm = "forwardURL=" + URLEncoder.encode(forwardUrl, "UTF-8");
  96                                         final String singleSignonPrefix = "/single_signon.htm?";
  97                                         if (ex instanceof SessionExpiredException) {
  98                                                 // Session is expired; send to portal.
  99                                                 // Redirect to an absolute path in the webapp; e.g., "/context/single_signon.htm"
 100                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix + "redirectToPortal=Yes&" + forwardUrlParm;
 101                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: session is expired, redirecting to {}",
 102                                                                 redirectUrl);
 103                                                 response.sendRedirect(redirectUrl);
 104                                                 return false;
 105                                         } else {
 106                                                 // Other issue; do not send to portal.
 107                                                 // Redirect to an absolute path in the webapp; e.g., "/context/single_signon.htm"
 108                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix + forwardUrlParm;
 109                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: took exception {}, redirecting to {}",
 110                                                                 ex.getMessage(), redirectUrl);
 111                                                 response.sendRedirect(redirectUrl);
 112                                                 return false;
 113                                         }
 114                                 }
 115                         }
 116                 }
 117
 118                 return super.preHandle(request, response, handler);
 119         }
 120
 121 }