gerrit.onap Code Review - portal/sdk.git/blob

   1 /*-
   2  * ================================================================================
   3  * ECOMP Portal SDK
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ================================================================================
  19  */
  20 package org.openecomp.portalapp.controller.core;
  21
  22 import java.net.URLDecoder;
  23 import java.net.URLEncoder;
  24 import java.util.HashMap;
  25 import java.util.List;
  26 import java.util.Map;
  27
  28 import javax.servlet.http.Cookie;
  29 import javax.servlet.http.HttpServletRequest;
  30 import javax.servlet.http.HttpSession;
  31
  32 import org.openecomp.portalsdk.core.auth.LoginStrategy;
  33 import org.openecomp.portalsdk.core.command.LoginBean;
  34 import org.openecomp.portalsdk.core.controller.UnRestrictedBaseController;
  35 import org.openecomp.portalsdk.core.domain.RoleFunction;
  36 import org.openecomp.portalsdk.core.domain.User;
  37 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
  38 import org.openecomp.portalsdk.core.menu.MenuProperties;
  39 import org.openecomp.portalsdk.core.onboarding.listener.PortalTimeoutHandler;
  40 import org.openecomp.portalsdk.core.onboarding.util.PortalApiConstants;
  41 import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
  42 import org.openecomp.portalsdk.core.service.LoginService;
  43 import org.openecomp.portalsdk.core.service.RoleService;
  44 import org.openecomp.portalsdk.core.util.SystemProperties;
  45 import org.openecomp.portalsdk.core.web.support.AppUtils;
  46 import org.openecomp.portalsdk.core.web.support.UserUtils;
  47 import org.springframework.beans.factory.annotation.Autowired;
  48 import org.springframework.stereotype.Controller;
  49 import org.springframework.web.bind.annotation.RequestMapping;
  50 import org.springframework.web.bind.annotation.RequestMethod;
  51 import org.springframework.web.servlet.ModelAndView;
  52 import org.springframework.web.util.WebUtils;
  53
  54 @Controller
  55 @RequestMapping("/")
  56 public class SingleSignOnController extends UnRestrictedBaseController {
  57
  58         private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SingleSignOnController.class);
  59
  60         @Autowired
  61         private LoginService loginService;
  62
  63         @Autowired
  64         private LoginStrategy loginStrategy;
  65
  66         private String viewName;
  67         private String welcomeView;
  68
  69         public String getWelcomeView() {
  70                 return welcomeView;
  71         }
  72
  73         public void setWelcomeView(String welcomeView) {
  74                 this.welcomeView = welcomeView;
  75         }
  76
  77         @Autowired
  78         RoleService roleService;
  79
  80         /**
  81          * Handles requests directed to the single sign-on page by the session
  82          * timeout interceptor.
  83          *
  84          * @param request
  85          * @return Redirect to an appropriate address
  86          * @throws Exception
  87          */
  88         @RequestMapping(value = { "/single_signon.htm" }, method = RequestMethod.GET)
  89         public ModelAndView singleSignOnLogin(HttpServletRequest request) throws Exception {
  90
  91                 Map<String, String> model = new HashMap<String, String>();
  92                 HashMap<String, String> additionalParamsMap = new HashMap<String, String>();
  93                 LoginBean commandBean = new LoginBean();
  94
  95                 // SessionTimeoutInterceptor sets these parameters
  96                 String forwardURL = URLDecoder.decode(request.getParameter("forwardURL"), "UTF-8");
  97                 String redirectToPortal = request.getParameter("redirectToPortal");
  98
  99                 if (isLoginCookieExist(request) && redirectToPortal == null) {
 100                         HttpSession session = null;
 101                         session = AppUtils.getSession(request);
 102                         User user = UserUtils.getUserSession(request);
 103                         if (session == null || user == null) {
 104
 105                                 final String authMech = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM);
 106                                 String userId = loginStrategy.getUserId(request);
 107                                 commandBean.setUserid(userId);
 108                                 commandBean = getLoginService().findUser(commandBean,
 109                                                 (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY),
 110                                                 additionalParamsMap);
 111                                 List<RoleFunction> roleFunctionList=  roleService.getRoleFunctions(user.getLoginId());
 112                                 if (commandBean.getUser() == null) {
 113                                         String loginErrorMessage = (commandBean.getLoginErrorMessage() != null)
 114                                                         ? commandBean.getLoginErrorMessage()
 115                                                         : SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_NOT_FOUND;
 116                                         model.put(LoginStrategy.ERROR_MESSAGE_KEY, SystemProperties.getProperty(loginErrorMessage));
 117                                         final String redirectUrl = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL)
 118                                                         + "?noUserError=Yes";
 119                                         logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: user is null, redirect URL is {}",
 120                                                         redirectUrl);
 121                                         return new ModelAndView("redirect:" + redirectUrl);
 122                                 } else {
 123                                         // store the user's information in the session
 124                                         String loginMethod;
 125                                         if (null == authMech || "".equals(authMech) || "BOTH".equals(authMech)) {
 126                                                 loginMethod = SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_CSP);
 127                                         } else if ("CSP".equals(authMech)) {
 128                                                 loginMethod = SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_CSP);
 129                                         } else {
 130                                                 loginMethod = SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_WEB_JUNCTION);
 131                                         }
 132                                         UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
 133                                                         commandBean.getBusinessDirectMenu(), loginMethod, roleFunctionList);
 134                                         initateSessionMgtHandler(request);
 135                                         logger.debug(EELFLoggerDelegate.debugLogger,
 136                                                         "singleSignOnLogin: create new user session for expired user {}; user {} exists in the system",
 137                                                         userId, commandBean.getUser().getOrgUserId());
 138                                         return new ModelAndView("redirect:" + forwardURL);
 139                                 }
 140                         } // user is null or session is null
 141                         else {
 142                                 // both user and session are non-null.
 143                                 logger.info(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: redirecting to the forwardURL {}",
 144                                                 forwardURL);
 145                                 return new ModelAndView("redirect:" + forwardURL);
 146                         }
 147
 148                 } else {
 149                         /*
 150                          * Login cookie not found, or redirect-to-portal parameter was
 151                          * found.
 152                          *
 153                          * Redirect the user to the portal with a suitable return URL. The
 154                          * forwardURL parameter that arrives as a parameter is a partial
 155                          * (not absolute) request path for a page in the application. The
 156                          * challenge here is to compute the correct absolute path for the
 157                          * original request so the portal can redirect the user back to the
 158                          * right place. If the application sits behind WebJunction, or if
 159                          * separate FE-BE hosts are used, then the URL yielded by the
 160                          * request has a host name that is not reachable by the user.
 161                          */
 162                         String returnToAppUrl = null;
 163                         if (SystemProperties.containsProperty(SystemProperties.APP_BASE_URL)) {
 164                                 // New feature as of 1610, release 3.3.3:
 165                                 // application can publish a base URL in system.properties
 166                                 String appUrl = SystemProperties.getProperty(SystemProperties.APP_BASE_URL);
 167                                 returnToAppUrl = appUrl + (appUrl.endsWith("/") ? "" : "/") + forwardURL;
 168                                 logger.debug(EELFLoggerDelegate.debugLogger,
 169                                                 "singleSignOnLogin: using app base URL {} and redirectURL {}", appUrl, returnToAppUrl);
 170                         } else {
 171                                 // Be backward compatible with applications that don't need this
 172                                 // feature.
 173                                 // This is the controller for the single_signon.htm page, so the
 174                                 // replace
 175                                 // should always find the specified token.
 176                                 returnToAppUrl = ((HttpServletRequest) request).getRequestURL().toString().replace("single_signon.htm",
 177                                                 forwardURL);
 178                                 logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: computed redirectURL {}",
 179                                                 returnToAppUrl);
 180                         }
 181                         final String encodedReturnToAppUrl = URLEncoder.encode(returnToAppUrl, "UTF-8");
 182                         // Also send the application's UEB key so Portal can block URL
 183                         // reflection attacks.
 184                         final String uebAppKey = PortalApiProperties.getProperty(PortalApiConstants.UEB_APP_KEY);
 185                         final String url = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
 186                         final String portalUrl = url.substring(0, url.lastIndexOf('/')) + "/process_csp";
 187                         final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
 188                         logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
 189                                         redirectUrl);
 190                         return new ModelAndView("redirect:" + redirectUrl);
 191                 }
 192         }
 193
 194         protected void initateSessionMgtHandler(HttpServletRequest request) {
 195                 String portalJSessionId = getPortalJSessionId(request);
 196                 String jSessionId = getJessionId(request);
 197                 PortalTimeoutHandler.sessionCreated(portalJSessionId, jSessionId, AppUtils.getSession(request));
 198         }
 199
 200         public boolean isLoginCookieExist(HttpServletRequest request) {
 201                 Cookie ep = WebUtils.getCookie(request, LoginStrategy.EP_SERVICE);
 202                 return (ep != null);
 203         }
 204
 205         public String getPortalJSessionId(HttpServletRequest request) {
 206                 Cookie ep = WebUtils.getCookie(request, LoginStrategy.EP_SERVICE);
 207                 return ep.getValue();
 208         }
 209
 210         public String getJessionId(HttpServletRequest request) {
 211                 return request.getSession().getId();
 212         }
 213
 214         public String getViewName() {
 215                 return viewName;
 216         }
 217
 218         public void setViewName(String viewName) {
 219                 this.viewName = viewName;
 220         }
 221
 222         public LoginService getLoginService() {
 223                 return loginService;
 224         }
 225
 226         public void setLoginService(LoginService loginService) {
 227                 this.loginService = loginService;
 228         }
 229
 230 }