*/
package org.onap.portalapp.portal.interceptor;
-import java.util.ArrayList;
-import java.util.List;
+import java.util.HashMap;
import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.mockito.internal.stubbing.answers.ThrowsException;
import org.onap.aaf.cadi.CadiWrap;
import org.onap.portalapp.controller.sessionmgt.SessionCommunicationController;
import org.onap.portalapp.portal.controller.BasicAuthenticationController;
import org.onap.portalapp.portal.controller.WebAnalyticsExtAppController;
import org.onap.portalapp.portal.domain.BasicAuthCredentials;
import org.onap.portalapp.portal.domain.EPApp;
-import org.onap.portalapp.portal.domain.EPEndpoint;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice;
import org.onap.portalapp.portal.logging.format.EPAppMessagesEnum;
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.AppsCacheService;
import org.onap.portalapp.portal.service.BasicAuthenticationCredentialService;
-import org.onap.portalapp.portal.service.ExternalAccessRolesService;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.service.RemoteWebServiceCallService;
SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME));
//RoleAdmin check is being added because the role belongs to partner application
//inorder to access portal api's, bypassing this with isRoleAdmin Check
- if ((matchRoleFunctions(portalApiPath, allRoleFunctions)
- && !matchRoleFunctions(portalApiPath, roleFunctions)) && !adminRolesService.isRoleAdmin(user)) {
+ if ((EPUserUtils.matchRoleFunctions(portalApiPath, allRoleFunctions)
+ && !EPUserUtils.matchRoleFunctions(portalApiPath, roleFunctions)) && !adminRolesService.isRoleAdmin(user)) {
logger.error(EELFLoggerDelegate.errorLogger,
"preHandle: User {} not authorized for path {} ", user.getOrgUserId(),
portalApiPath);
logger.debug(EELFLoggerDelegate.debugLogger, "Entering in the loop as the uri contains auxapi : {}");
String nameSpace=PortalApiProperties.getProperty(PortalApiConstants.AUTH_NAMESPACE);
logger.debug(EELFLoggerDelegate.debugLogger, "namespace form the portal properties : {}",nameSpace);
- Boolean accessallowed=AuthUtil.isAccessAllowed(request, nameSpace);
+ Boolean accessallowed=AuthUtil.isAccessAllowed(request, nameSpace, new HashMap<>());
logger.debug(EELFLoggerDelegate.debugLogger, "AccessAllowed for the request and namespace : {}",accessallowed);
if(accessallowed){
logger.debug(EELFLoggerDelegate.debugLogger, "AccessAllowed is allowed: {}",accessallowed);
throw new Exception("Invalid credentials!");
}
else {
- final String appUsername = application.getUsername();
+ final String appUsername = application.getAppBasicAuthUsername();
logger.debug(EELFLoggerDelegate.debugLogger, "appUsername : {}",appUsername);
String[] accountNamePassword = EcompPortalUtils.getUserNamePassword(authHeader);
}catch(ClassCastException e){
logger.debug(EELFLoggerDelegate.debugLogger, "Entering in the classcastexception block if the UN is not the mechid : {}");
-
+ String secretKey = null;
// Unauthorized access due to missing HTTP Authorization request header
if (authHeader == null) {
+ if (remoteWebServiceCallService.verifyRESTCredential(secretKey, request.getHeader(EPCommonSystemProperties.UEB_KEY),
+ request.getHeader("username"), request.getHeader("password"))) {
+ return true;
+ }
final String msg = "no authorization found";
logger.debug(EELFLoggerDelegate.debugLogger, "checkBasicAuth: {}", msg);
sendErrorResponse(response, HttpServletResponse.SC_UNAUTHORIZED, msg);
throw new Exception("Invalid credentials!");
}
else {
- final String appUsername = application.getUsername();
- final String dbDecryptedPwd = CipherUtil.decryptPKC(application.getAppPassword());
+ final String appUsername = application.getAppBasicAuthUsername();
+ final String dbDecryptedPwd = CipherUtil.decryptPKC(application.getAppBasicAuthPassword());
if (appUsername.equals(accountNamePassword[0]) && dbDecryptedPwd.equals(accountNamePassword[1])) {
return true;
}
return result;
}
- private Boolean matchRoleFunctions(String portalApiPath, Set<? extends String> roleFunctions) {
- String[] path = portalApiPath.split("/");
- List<String> roleFunList = new ArrayList<>();
- if (path.length > 1) {
- roleFunList = roleFunctions.stream().filter(item -> item.startsWith(path[0])).collect(Collectors.toList());
- if (roleFunList.size() >= 1) {
- for (String roleFunction : roleFunList) {
- String[] roleFunctionArray = roleFunction.split("/");
- boolean b = true;
- if (roleFunctionArray.length == path.length) {
- for (int i = 0; i < roleFunctionArray.length; i++) {
- if (b) {
- if (!roleFunctionArray[i].equals("*")) {
- Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE);
- Matcher m = p.matcher(roleFunctionArray[i]);
- b = m.matches();
-
- }
- }
- }
- if (b)
- return b;
- }
- }
- }
- } else {
- for (String roleFunction : roleFunctions) {
- if (portalApiPath.matches(roleFunction))
- return true;
- }
- }
- return false;
- }
-
-
-
protected void handleSessionUpdates(HttpServletRequest request) {
PortalTimeoutHandler.handleSessionUpdatesNative(request, null, null, null, null, manageService);
}
Code Review / portal.git / blobdiff