+ public void bulkUploadRoleFunc(UploadRoleFunctionExtSystem data, EPApp app) throws Exception {
+ ObjectMapper mapper = new ObjectMapper();
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+ try {
+ ExternalAccessRolePerms extRolePerms;
+ ExternalAccessPerms extPerms;
+ extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + data.getType(),
+ EcompPortalUtils.encodeFunctionCode(data.getInstance()), data.getAction());
+ String appNameSpace = "";
+ if (data.getIsGlobalRolePartnerFunc()) {
+ appNameSpace = epAppService.getApp(1l).getNameSpace();
+ } else {
+ appNameSpace = app.getNameSpace();
+ }
+ extRolePerms = new ExternalAccessRolePerms(extPerms, appNameSpace + "." + data.getRoleName()
+ .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
+ String updateRolePerms = mapper.writeValueAsString(extRolePerms);
+ HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
+ updateRoleFunctionInExternalSystem(updateRolePerms, entity);
+ } catch (HttpClientErrorException e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "HttpClientErrorException - Failed to add role function in external central auth system", e);
+ EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
+ throw e;
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "addFunctionInExternalSystem: Failed to add role fucntion in external central auth system", e);
+ throw e;
+ }
+ }
+
+ private void updateRoleFunctionInExternalSystem(String updateRolePerms, HttpEntity<String> entity) {
+ logger.debug(EELFLoggerDelegate.debugLogger, "bulkUploadRoleFunc: {} for POST: {}",
+ CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
+ ResponseEntity<String> addPermResponse = template.exchange(
+ SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
+ HttpMethod.POST, entity, String.class);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "bulkUploadRoleFunc: Finished adding permission for POST: {} and status code: {} ",
+ addPermResponse.getStatusCode().value(), updateRolePerms);
+ }
+
+ @Override
+ public void syncApplicationUserRolesFromExtAuthSystem(String loginId) throws Exception {
+ String name = "";
+ if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
+ name = loginId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
+ }
+ HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+ HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
+ ResponseEntity<String> getResponse = getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
+ List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
+ String res = getResponse.getBody();
+ JSONObject jsonObj = null;
+ JSONArray extRoles = null;
+ if (!res.equals("{}")) {
+ jsonObj = new JSONObject(res);
+ extRoles = jsonObj.getJSONArray("role");
+ }
+ updateUserRolesInLocal(userRoleDetailList, extRoles, loginId);
+ }
+
+ @SuppressWarnings("unchecked")
+ private void updateUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, JSONArray extRoles,
+ String loginId) throws InvalidUserException {
+ HashMap<String, String> userParams = new HashMap<>();
+ userParams.put("orgUserId", loginId);
+ // Get all centralized applications existing user roles from local
+ List<CentralizedAppRoles> currentUserAppRoles = dataAccessService
+ .executeNamedQuery("getUserCentralizedAppRoles", userParams, null);
+ EPUser user = getUser(loginId).get(0);
+ // Get all centralized applications roles from local
+ HashMap<String, CentralizedAppRoles> cenAppRolesMap = getCentralizedAppRoleList();
+ HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = getCurrentUserCentralizedAppRoles(
+ currentUserAppRoles);
+ // Get all centralized applications + admin role from local
+ HashMap<String, EPApp> centralisedAppsMap = getCentralizedAdminAppsInfo();
+ if (extRoles != null) {
+ ExternalAccessUserRoleDetail userRoleDetail = null;
+ for (int i = 0; i < extRoles.length(); i++) {
+ if (!extRoles.getJSONObject(i).getString("name").endsWith(ADMIN)
+ && !extRoles.getJSONObject(i).getString("name").endsWith(OWNER)) {
+ userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"),
+ null);
+ userRoleDetailList.add(userRoleDetail);
+ }
+ }
+ addUserRolesInLocal(userRoleDetailList, user, cenAppRolesMap, currentCentralizedUserAppRolesMap,
+ centralisedAppsMap);
+ }
+ }
+
+ private void addUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, EPUser user,
+ HashMap<String, CentralizedAppRoles> cenAppRolesMap,
+ HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap,
+ HashMap<String, EPApp> centralisedAppsMap) {
+ for (ExternalAccessUserRoleDetail extUserRoleDetail : userRoleDetailList) {
+ try {
+ // check if user already has role in local
+ if (!currentCentralizedUserAppRolesMap.containsKey(extUserRoleDetail.getName())) {
+ CentralizedAppRoles getCenAppRole = cenAppRolesMap.get(extUserRoleDetail.getName());
+ if (getCenAppRole != null) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "addUserRolesInLocal: Adding user role from external auth system {}",
+ extUserRoleDetail.toString());
+ EPUserApp userApp = new EPUserApp();
+ EPApp app = new EPApp();
+ app.setId(getCenAppRole.getAppId());
+ EPRole epRole = new EPRole();
+ epRole.setId(getCenAppRole.getRoleId());
+ userApp.setApp(app);
+ userApp.setUserId(user.getId());
+ userApp.setRole(epRole);
+ dataAccessService.saveDomainObject(userApp, null);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "addUserRolesInLocal: Finished user role from external auth system {}",
+ extUserRoleDetail.toString());
+ } else if (getCenAppRole == null // check if user has app
+ // account admin role
+ && extUserRoleDetail.getName().endsWith(PortalConstants.ADMIN_ROLE.replaceAll(
+ EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) {
+ EPApp app = centralisedAppsMap.get(extUserRoleDetail.getName());
+ if (app != null) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "addUserRolesInLocal: Adding user role from external auth system {}",
+ extUserRoleDetail.toString());
+ EPUserApp userApp = new EPUserApp();
+ EPRole epRole = new EPRole();
+ epRole.setId(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
+ userApp.setApp(app);
+ userApp.setUserId(user.getId());
+ userApp.setRole(epRole);
+ dataAccessService.saveDomainObject(userApp, null);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "addUserRolesInLocal: Finished user role from external auth system {}",
+ extUserRoleDetail.toString());
+ }
+ }
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger,
+ "addUserRolesInLocal - Failed to update user role in local from external auth system {} ",
+ extUserRoleDetail.toString(), e);
+ }
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private HashMap<String, EPApp> getCentralizedAdminAppsInfo() {
+ List<EPApp> centralizedApps = dataAccessService.executeNamedQuery("getCentralizedApps", null, null);
+ HashMap<String, EPApp> centralisedAppsMap = new HashMap<>();
+ for (EPApp cenApp : centralizedApps) {
+ centralisedAppsMap.put(
+ cenApp.getNameSpace() + "."
+ + PortalConstants.ADMIN_ROLE.replaceAll(
+ EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
+ cenApp);
+ }
+ return centralisedAppsMap;