Code Review / portal / sdk.git / blob
? search:


809266d4b0c1175b4d464f3897c6ab65b828033f
[portal/sdk.git] /
1 /*
2  * ============LICENSE_START==========================================
3  * ONAP Portal SDK
4  * ===================================================================
5  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6  * ===================================================================
7  *
8  * Unless otherwise specified, all software contained herein is licensed
9  * under the Apache License, Version 2.0 (the "License");
10  * you may not use this software except in compliance with the License.
11  * You may obtain a copy of the License at
12  *
13  *             http://www.apache.org/licenses/LICENSE-2.0
14  *
15  * Unless required by applicable law or agreed to in writing, software
16  * distributed under the License is distributed on an "AS IS" BASIS,
17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  * See the License for the specific language governing permissions and
19  * limitations under the License.
20  *
21  * Unless otherwise specified, all documentation contained herein is licensed
22  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23  * you may not use this documentation except in compliance with the License.
24  * You may obtain a copy of the License at
25  *
26  *             https://creativecommons.org/licenses/by/4.0/
27  *
28  * Unless required by applicable law or agreed to in writing, documentation
29  * distributed under the License is distributed on an "AS IS" BASIS,
30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31  * See the License for the specific language governing permissions and
32  * limitations under the License.
33  *
34  * ============LICENSE_END============================================
35  *
36  * ECOMP is a trademark and service mark of AT&T Intellectual Property.
37  */
38 package org.onap.portalsdk.core.interceptor;
39
40 import java.net.URLEncoder;
41
42 import javax.servlet.http.HttpServletRequest;
43 import javax.servlet.http.HttpServletResponse;
44 import javax.servlet.http.HttpSession;
45
46 import org.onap.portalsdk.core.controller.FusionBaseController;
47 import org.onap.portalsdk.core.domain.User;
48 import org.onap.portalsdk.core.exception.SessionExpiredException;
49 import org.onap.portalsdk.core.listener.CollaborateListBindingListener;
50 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
51 import org.onap.portalsdk.core.web.support.AppUtils;
52 import org.onap.portalsdk.core.web.support.UserUtils;
53 import org.springframework.web.method.HandlerMethod;
54 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
55
56 public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
57
58         private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SessionTimeoutInterceptor.class);
59         
60         /**
61          * Checks all requests for valid session information. If not found, redirects to
62          * a controller that will establish a valid session.
63          */
64         @Override
65         public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
66                         throws Exception {
67                 if (handler instanceof HandlerMethod) {
68                         HandlerMethod method = (HandlerMethod) handler;
69                         FusionBaseController controller = (FusionBaseController) method.getBean();
70                         if (!controller.isAccessible() && !controller.isRESTfulCall()) {
71                                 try {
72                                         // getSession() throws SessionExpiredException
73                                         HttpSession session = AppUtils.getSession(request);
74                                         User user = UserUtils.getUserSession(request);
75                                         // check if user is logging out
76                                         if (request.getRequestURI().indexOf("logout.htm") > -1) {
77                                                 session.removeAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME);
78                                                 throw new SessionExpiredException();
79                                         } else if (user == null) {
80                                                 // Jump to the redirection code
81                                                 throw new Exception("preHandle: user not found in session");
82                                         } else {
83                                                 // session binding listener will add this value to the
84                                                 // map, and with session replication the listener will
85                                                 // fire in all tomcat instances
86                                                 session.setAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME,
87                                                                 new CollaborateListBindingListener(user.getOrgUserId()));
88                                         }
89                                 } catch (Exception ex) {
90                                         // get the path within the webapp that the user requested (no host name etc.)
91                                         final String forwardUrl = request.getRequestURI().substring(request.getContextPath().length() + 1)
92                                                         + (request.getQueryString() == null ? "" : "?" + request.getQueryString());
93                                         final String forwardUrlParm = "forwardURL=" + URLEncoder.encode(forwardUrl, "UTF-8");
94                                         final String singleSignonPrefix = "/single_signon.htm?";
95                                         if (ex instanceof SessionExpiredException) {
96                                                 // Session is expired; send to portal.
97                                                 // Redirect to an absolute path in the webapp; e.g.,
98                                                 // "/context/single_signon.htm"
99                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix
100                                                                 + "redirectToPortal=Yes&" + forwardUrlParm;
101                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: session is expired, redirecting to {}",
102                                                                 redirectUrl);
103                                                 response.sendRedirect(redirectUrl);
104                                                 return false;
105                                         } else {
106                                                 // Other issue; do not send to portal.
107                                                 // Redirect to an absolute path in the webapp; e.g.,
108                                                 // "/context/single_signon.htm"
109                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix + forwardUrlParm;
110                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: took exception {}, redirecting to {}",
111                                                                 ex.getMessage(), redirectUrl);
112                                                 response.sendRedirect(redirectUrl);
113                                                 return false;
114                                         }
115                                 }
116                         }
117                 }
118
119                 return super.preHandle(request, response, handler);
120         }
121
122 }
ARCHIVED- 2022-02-15 at the request of the project