gerrit.onap Code Review - portal/sdk.git/blob

   1 /*-
   2  * ================================================================================
   3  * eCOMP Portal SDK
   4  * ================================================================================
   5  * Copyright (C) 2017 AT&T Intellectual Property
   6  * ================================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ================================================================================
  19  */
  20 package org.openecomp.portalsdk.core.interceptor;
  21
  22 import java.net.URLEncoder;
  23
  24 import javax.servlet.http.HttpServletRequest;
  25 import javax.servlet.http.HttpServletResponse;
  26 import javax.servlet.http.HttpSession;
  27
  28 import org.openecomp.portalsdk.core.controller.FusionBaseController;
  29 import org.openecomp.portalsdk.core.domain.User;
  30 import org.openecomp.portalsdk.core.exception.SessionExpiredException;
  31 import org.openecomp.portalsdk.core.listener.CollaborateListBindingListener;
  32 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
  33 import org.openecomp.portalsdk.core.web.support.AppUtils;
  34 import org.openecomp.portalsdk.core.web.support.UserUtils;
  35 import org.springframework.web.method.HandlerMethod;
  36 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
  37
  38 public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
  39
  40         EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SessionTimeoutInterceptor.class);
  41
  42         public SessionTimeoutInterceptor() {
  43         }
  44
  45         /**
  46          * Checks all requests for valid session information. If not found,
  47          * redirects to a controller that will establish a valid session.
  48          */
  49         public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
  50                         throws Exception {
  51                 if (handler instanceof HandlerMethod) {
  52                         HandlerMethod method = (HandlerMethod) handler;
  53                         FusionBaseController controller = (FusionBaseController) method.getBean();
  54                         if (!controller.isAccessible() && !controller.isRESTfulCall()) {
  55                                 try {
  56                                         // getSession() throws SessionExpiredException
  57                                         HttpSession session = AppUtils.getSession(request);
  58                                         User user = UserUtils.getUserSession(request);
  59                                         // check if user is logging out
  60                                         if (request.getRequestURI().indexOf("logout.htm") > -1) {
  61                                                 session.removeAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME);
  62                                                 throw new SessionExpiredException();
  63                                         } else if (user == null) {
  64                                                 // Jump to the redirection code
  65                                                 throw new Exception("preHandle: user not found in session");
  66                                         } else {
  67                                                 // session binding listener will add this value to the
  68                                                 // map, and with session replication the listener will
  69                                                 // fire in all tomcat instances
  70                                                 session.setAttribute(CollaborateListBindingListener.SESSION_ATTR_NAME,
  71                                                                 new CollaborateListBindingListener(user.getOrgUserId()));
  72                                         }
  73                                 } catch (Exception ex) {
  74                                         // get the path within the webapp that the user requested (no host name etc.)
  75                                         final String forwardUrl = request.getRequestURI().substring(request.getContextPath().length() + 1)
  76                                                         + (request.getQueryString() == null ? "" : "?" + request.getQueryString());
  77                                         final String forwardUrlParm = "forwardURL=" + URLEncoder.encode(forwardUrl, "UTF-8");
  78                                         final String singleSignonPrefix = "/single_signon.htm?";
  79                                         if (ex instanceof SessionExpiredException) {
  80                                                 // Session is expired; send to portal.
  81                                                 // Redirect to an absolute path in the webapp; e.g., "/context/single_signon.htm"
  82                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix + "redirectToPortal=Yes&" + forwardUrlParm;
  83                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: session is expired, redirecting to {}",
  84                                                                 redirectUrl);
  85                                                 response.sendRedirect(redirectUrl);
  86                                                 return false;
  87                                         } else {
  88                                                 // Other issue; do not send to portal.
  89                                                 // Redirect to an absolute path in the webapp; e.g., "/context/single_signon.htm"
  90                                                 final String redirectUrl = request.getContextPath() + singleSignonPrefix + forwardUrlParm;
  91                                                 logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: took exception {}, redirecting to {}",
  92                                                                 ex.getMessage(), redirectUrl);
  93                                                 response.sendRedirect(redirectUrl);
  94                                                 return false;
  95                                         }
  96                                 }
  97                         }
  98                 }
  99
 100                 return super.preHandle(request, response, handler);
 101         }
 102
 103 }