gerrit.onap Code Review - portal/sdk.git/blob

   1 /*-
   2  * ================================================================================
   3  * ECOMP Portal SDK
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ================================================================================
  19  */
  20 package org.openecomp.portalapp.controller.core;
  21
  22 import java.net.URLDecoder;
  23 import java.net.URLEncoder;
  24 import java.util.HashMap;
  25 import java.util.Map;
  26
  27 import javax.servlet.http.Cookie;
  28 import javax.servlet.http.HttpServletRequest;
  29 import javax.servlet.http.HttpSession;
  30
  31 import org.openecomp.portalsdk.core.auth.LoginStrategy;
  32 import org.openecomp.portalsdk.core.command.LoginBean;
  33 import org.openecomp.portalsdk.core.controller.UnRestrictedBaseController;
  34 import org.openecomp.portalsdk.core.domain.User;
  35 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
  36 import org.openecomp.portalsdk.core.menu.MenuProperties;
  37 import org.openecomp.portalsdk.core.onboarding.listener.PortalTimeoutHandler;
  38 import org.openecomp.portalsdk.core.onboarding.util.PortalApiConstants;
  39 import org.openecomp.portalsdk.core.onboarding.util.PortalApiProperties;
  40 import org.openecomp.portalsdk.core.service.LoginService;
  41 import org.openecomp.portalsdk.core.util.SystemProperties;
  42 import org.openecomp.portalsdk.core.web.support.AppUtils;
  43 import org.openecomp.portalsdk.core.web.support.UserUtils;
  44 import org.springframework.beans.factory.annotation.Autowired;
  45 import org.springframework.stereotype.Controller;
  46 import org.springframework.web.bind.annotation.RequestMapping;
  47 import org.springframework.web.bind.annotation.RequestMethod;
  48 import org.springframework.web.servlet.ModelAndView;
  49 import org.springframework.web.util.WebUtils;
  50
  51 @Controller
  52 @RequestMapping("/")
  53 public class SingleSignOnController extends UnRestrictedBaseController {
  54
  55         private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SingleSignOnController.class);
  56
  57         @Autowired
  58         private LoginService loginService;
  59
  60         @Autowired
  61         private LoginStrategy loginStrategy;
  62
  63         private String viewName;
  64         private String welcomeView;
  65
  66         public String getWelcomeView() {
  67                 return welcomeView;
  68         }
  69
  70         public void setWelcomeView(String welcomeView) {
  71                 this.welcomeView = welcomeView;
  72         }
  73
  74         /**
  75          * Handles requests directed to the single sign-on page by the session
  76          * timeout interceptor.
  77          *
  78          * @param request
  79          * @return Redirect to an appropriate address
  80          * @throws Exception
  81          */
  82         @RequestMapping(value = { "/single_signon.htm" }, method = RequestMethod.GET)
  83         public ModelAndView singleSignOnLogin(HttpServletRequest request) throws Exception {
  84
  85                 Map<String, String> model = new HashMap<String, String>();
  86                 HashMap<String, String> additionalParamsMap = new HashMap<String, String>();
  87                 LoginBean commandBean = new LoginBean();
  88
  89                 // SessionTimeoutInterceptor sets these parameters
  90                 String forwardURL = URLDecoder.decode(request.getParameter("forwardURL"), "UTF-8");
  91                 String redirectToPortal = request.getParameter("redirectToPortal");
  92
  93                 if (isLoginCookieExist(request) && redirectToPortal == null) {
  94                         HttpSession session = null;
  95                         session = AppUtils.getSession(request);
  96                         User user = UserUtils.getUserSession(request);
  97                         if (session == null || user == null) {
  98
  99                                 final String authMech = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM);
 100                                 String userId = loginStrategy.getUserId(request);
 101                                 commandBean.setUserid(userId);
 102                                 commandBean = getLoginService().findUser(commandBean,
 103                                                 (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY),
 104                                                 additionalParamsMap);
 105                                 if (commandBean.getUser() == null) {
 106                                         String loginErrorMessage = (commandBean.getLoginErrorMessage() != null)
 107                                                         ? commandBean.getLoginErrorMessage()
 108                                                         : SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_NOT_FOUND;
 109                                         model.put(LoginStrategy.ERROR_MESSAGE_KEY, SystemProperties.getProperty(loginErrorMessage));
 110                                         final String redirectUrl = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL)
 111                                                         + "?noUserError=Yes";
 112                                         logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: user is null, redirect URL is {}",
 113                                                         redirectUrl);
 114                                         return new ModelAndView("redirect:" + redirectUrl);
 115                                 } else {
 116                                         // store the user's information in the session
 117                                         String loginMethod;
 118                                         if (null == authMech || "".equals(authMech) || "BOTH".equals(authMech)) {
 119                                                 loginMethod = SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_CSP);
 120                                         } else if ("CSP".equals(authMech)) {
 121                                                 loginMethod = SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_CSP);
 122                                         } else {
 123                                                 loginMethod = SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_WEB_JUNCTION);
 124                                         }
 125                                         UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
 126                                                         commandBean.getBusinessDirectMenu(), loginMethod);
 127                                         initateSessionMgtHandler(request);
 128                                         logger.debug(EELFLoggerDelegate.debugLogger,
 129                                                         "singleSignOnLogin: create new user session for expired user {}; user {} exists in the system",
 130                                                         userId, commandBean.getUser().getOrgUserId());
 131                                         return new ModelAndView("redirect:" + forwardURL);
 132                                 }
 133                         } // user is null or session is null
 134                         else {
 135                                 // both user and session are non-null.
 136                                 logger.info(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: redirecting to the forwardURL {}",
 137                                                 forwardURL);
 138                                 return new ModelAndView("redirect:" + forwardURL);
 139                         }
 140
 141                 } else {
 142                         /*
 143                          * Login cookie not found, or redirect-to-portal parameter was
 144                          * found.
 145                          *
 146                          * Redirect the user to the portal with a suitable return URL. The
 147                          * forwardURL parameter that arrives as a parameter is a partial
 148                          * (not absolute) request path for a page in the application. The
 149                          * challenge here is to compute the correct absolute path for the
 150                          * original request so the portal can redirect the user back to the
 151                          * right place. If the application sits behind WebJunction, or if
 152                          * separate FE-BE hosts are used, then the URL yielded by the
 153                          * request has a host name that is not reachable by the user.
 154                          */
 155                         String returnToAppUrl = null;
 156                         if (SystemProperties.containsProperty(SystemProperties.APP_BASE_URL)) {
 157                                 // New feature as of 1610, release 3.3.3:
 158                                 // application can publish a base URL in system.properties
 159                                 String appUrl = SystemProperties.getProperty(SystemProperties.APP_BASE_URL);
 160                                 returnToAppUrl = appUrl + (appUrl.endsWith("/") ? "" : "/") + forwardURL;
 161                                 logger.debug(EELFLoggerDelegate.debugLogger,
 162                                                 "singleSignOnLogin: using app base URL {} and redirectURL {}", appUrl, returnToAppUrl);
 163                         } else {
 164                                 // Be backward compatible with applications that don't need this
 165                                 // feature.
 166                                 // This is the controller for the single_signon.htm page, so the
 167                                 // replace
 168                                 // should always find the specified token.
 169                                 returnToAppUrl = ((HttpServletRequest) request).getRequestURL().toString().replace("single_signon.htm",
 170                                                 forwardURL);
 171                                 logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: computed redirectURL {}",
 172                                                 returnToAppUrl);
 173                         }
 174                         final String encodedReturnToAppUrl = URLEncoder.encode(returnToAppUrl, "UTF-8");
 175                         // Also send the application's UEB key so Portal can block URL
 176                         // reflection attacks.
 177                         final String uebAppKey = PortalApiProperties.getProperty(PortalApiConstants.UEB_APP_KEY);
 178                         final String url = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
 179                         final String portalUrl = url.substring(0, url.lastIndexOf('/')) + "/process_csp";
 180                         final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
 181                         logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
 182                                         redirectUrl);
 183                         return new ModelAndView("redirect:" + redirectUrl);
 184                 }
 185         }
 186
 187         protected void initateSessionMgtHandler(HttpServletRequest request) {
 188                 String portalJSessionId = getPortalJSessionId(request);
 189                 String jSessionId = getJessionId(request);
 190                 PortalTimeoutHandler.sessionCreated(portalJSessionId, jSessionId, AppUtils.getSession(request));
 191         }
 192
 193         public boolean isLoginCookieExist(HttpServletRequest request) {
 194                 Cookie ep = WebUtils.getCookie(request, LoginStrategy.EP_SERVICE);
 195                 return (ep != null);
 196         }
 197
 198         public String getPortalJSessionId(HttpServletRequest request) {
 199                 Cookie ep = WebUtils.getCookie(request, LoginStrategy.EP_SERVICE);
 200                 return ep.getValue();
 201         }
 202
 203         public String getJessionId(HttpServletRequest request) {
 204                 return request.getSession().getId();
 205         }
 206
 207         public String getViewName() {
 208                 return viewName;
 209         }
 210
 211         public void setViewName(String viewName) {
 212                 this.viewName = viewName;
 213         }
 214
 215         public LoginService getLoginService() {
 216                 return loginService;
 217         }
 218
 219         public void setLoginService(LoginService loginService) {
 220                 this.loginService = loginService;
 221         }
 222
 223 }