-/*-\r
- * ================================================================================\r
- * ECOMP Portal\r
- * ================================================================================\r
- * Copyright (C) 2017 AT&T Intellectual Property\r
- * ================================================================================\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- * \r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- * \r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- * ================================================================================\r
- */\r
-package org.openecomp.portalapp.portal.service;\r
-\r
-import java.util.List;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-\r
-import org.apache.commons.codec.binary.Base64;\r
-import org.openecomp.portalapp.portal.domain.EPUser;\r
-import org.openecomp.portalapp.portal.domain.MicroserviceData;\r
-import org.openecomp.portalapp.portal.domain.MicroserviceParameter;\r
-import org.openecomp.portalapp.portal.domain.WidgetCatalog;\r
-import org.openecomp.portalapp.portal.domain.WidgetCatalogParameter;\r
-import org.openecomp.portalapp.portal.domain.WidgetServiceHeaders;\r
-import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog;\r
-import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;\r
-import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;\r
-import org.openecomp.portalsdk.core.util.SystemProperties;\r
-import org.springframework.beans.factory.annotation.Autowired;\r
-import org.springframework.context.annotation.EnableAspectJAutoProxy;\r
-import org.springframework.http.HttpEntity;\r
-import org.springframework.http.HttpHeaders;\r
-import org.springframework.http.HttpMethod;\r
-import org.springframework.http.MediaType;\r
-import org.springframework.http.ResponseEntity;\r
-import org.springframework.stereotype.Service;\r
-import org.springframework.web.client.HttpClientErrorException;\r
-import org.springframework.web.client.RestTemplate;\r
-\r
-@Service("microserviceProxyService")\r
-@EnableAspectJAutoProxy\r
-@EPMetricsLog\r
-public class MicroserviceProxyServiceImpl implements MicroserviceProxyService {\r
-\r
- EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MicroserviceProxyServiceImpl.class);\r
- private static final String BASIC_AUTH = "Basic Authentication";\r
- private static final String NO_AUTH = "No Authentication";\r
- private static final String COOKIE_AUTH = "Cookie based Authentication";\r
- private static final String QUESTION_MARK = "?";\r
- private static final String ADD_MARK = "&";\r
-\r
- String whatService = "widgets-service";\r
-\r
- @Autowired\r
- private ConsulHealthService consulHealthService;\r
- \r
- @Autowired\r
- MicroserviceService microserviceService;\r
-\r
- @Autowired\r
- WidgetParameterService widgetParameterService;\r
-\r
- RestTemplate template = new RestTemplate();\r
-\r
- @Override\r
- public String proxyToDestination(long serviceId, EPUser user, HttpServletRequest request) throws Exception {\r
-\r
- String response = null;\r
- \r
- // get the microservice object by the id\r
- MicroserviceData data = microserviceService.getMicroserviceDataById(serviceId);\r
-\r
- // No such microservice available\r
- if (data == null) {\r
- return response;\r
- }\r
- List<MicroserviceParameter> params = data.getParameterList();\r
- if (data.getSecurityType().equals(NO_AUTH)) {\r
- HttpHeaders headers = new HttpHeaders();\r
- headers.setContentType(MediaType.APPLICATION_JSON);\r
- HttpEntity<String> entity = new HttpEntity<String>(headers);\r
-\r
- String url = microserviceUrlConverter(data, params);\r
- response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();\r
-\r
- } else if (data.getSecurityType().equals(BASIC_AUTH)) {\r
- // encoding the username and password\r
- String plainCreds = data.getUsername() + ":" + decryptedPassword(data.getPassword());\r
- byte[] plainCredsBytes = plainCreds.getBytes();\r
- byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);\r
- String base64Creds = new String(base64CredsBytes);\r
-\r
- HttpHeaders headers = new HttpHeaders();\r
- headers.add("Authorization", "Basic " + base64Creds);\r
- headers.setContentType(MediaType.APPLICATION_JSON);\r
- HttpEntity<String> entity = new HttpEntity<String>(headers);\r
-\r
- String url = microserviceUrlConverter(data, params);\r
- response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();\r
- } else if (data.getSecurityType().equals(COOKIE_AUTH)) {\r
- HttpHeaders headers = new HttpHeaders();\r
- headers.setContentType(MediaType.APPLICATION_JSON);\r
- String rawCookie = request.getHeader("Cookie");\r
- headers.add("Cookie", rawCookie);\r
- HttpEntity<String> entity = new HttpEntity<String>(headers);\r
-\r
- String url = microserviceUrlConverter(data, params);\r
- response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();\r
- }\r
- return response;\r
- }\r
- \r
- @Override\r
- public String proxyToDestinationByWidgetId(long widgetId, EPUser user, HttpServletRequest request) throws Exception {\r
-\r
- String response = null;\r
- \r
- ResponseEntity<Long> ans = (ResponseEntity<Long>) template.exchange(\r
- "https://" + consulHealthService.getServiceLocation(whatService)\r
- + "/widget/microservices/widgetCatalog/parameters/" + widgetId,\r
- HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), Long.class);\r
- Long serviceId = ans.getBody();\r
- \r
- // get the microservice object by the id\r
- MicroserviceData data = microserviceService.getMicroserviceDataById(serviceId);\r
-\r
- // No such microservice available\r
- if (data == null) {\r
- return response;\r
- }\r
-\r
- List<MicroserviceParameter> params = data.getParameterList();\r
-\r
- for (MicroserviceParameter p : params) {\r
- WidgetCatalogParameter userValue = widgetParameterService.getUserParamById(widgetId, user.getId(), p.getId());\r
- if (userValue != null)\r
- p.setPara_value(userValue.getUser_value());\r
- }\r
-\r
- if (data.getSecurityType().equals(NO_AUTH)) {\r
- HttpHeaders headers = new HttpHeaders();\r
- headers.setContentType(MediaType.APPLICATION_JSON);\r
- HttpEntity<String> entity = new HttpEntity<String>(headers);\r
-\r
- String url = microserviceUrlConverter(data, params);\r
- try {\r
- response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();\r
- } catch (HttpClientErrorException e) {\r
- throw e;\r
- }\r
- } else if (data.getSecurityType().equals(BASIC_AUTH)) {\r
- // encoding the username and password\r
- String plainCreds = data.getUsername() + ":" + decryptedPassword(data.getPassword());\r
- byte[] plainCredsBytes = plainCreds.getBytes();\r
- byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);\r
- String base64Creds = new String(base64CredsBytes);\r
-\r
- HttpHeaders headers = new HttpHeaders();\r
- headers.add("Authorization", "Basic " + base64Creds);\r
- headers.setContentType(MediaType.APPLICATION_JSON);\r
- HttpEntity<String> entity = new HttpEntity<String>(headers);\r
-\r
- String url = microserviceUrlConverter(data, params);\r
- try {\r
- response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();\r
- } catch (HttpClientErrorException e) {\r
- throw e;\r
- }\r
- } else if (data.getSecurityType().equals(COOKIE_AUTH)) {\r
- HttpHeaders headers = new HttpHeaders();\r
- headers.setContentType(MediaType.APPLICATION_JSON);\r
- String rawCookie = request.getHeader("Cookie");\r
- headers.add("Cookie", rawCookie);\r
- HttpEntity<String> entity = new HttpEntity<String>(headers);\r
-\r
- String url = microserviceUrlConverter(data, params);\r
- try {\r
- response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();\r
- } catch (HttpClientErrorException e) {\r
- throw e;\r
- }\r
- }\r
- return response;\r
- }\r
-\r
- private String decryptedPassword(String encryptedPwd) throws Exception {\r
- String result = "";\r
- if (encryptedPwd != null & encryptedPwd.length() > 0) {\r
- try {\r
- result = CipherUtil.decrypt(encryptedPwd,\r
- SystemProperties.getProperty(SystemProperties.Decryption_Key));\r
- } catch (Exception e) {\r
- logger.error(EELFLoggerDelegate.errorLogger, "decryptedPassword failed", e);\r
- throw e;\r
- }\r
- }\r
- return result;\r
- }\r
-\r
- private String microserviceUrlConverter(MicroserviceData data, List<MicroserviceParameter> params) {\r
- String url = data.getUrl();\r
- for (int i = 0; i < params.size(); i++) {\r
- if (i == 0) {\r
- url += QUESTION_MARK;\r
- }\r
- url += params.get(i).getPara_key() + "=" + params.get(i).getPara_value();\r
- if (i != (params.size() - 1)) {\r
- url += ADD_MARK;\r
- }\r
- }\r
- return url;\r
- }\r
-\r
-}\r
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the “License”);
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.openecomp.portalapp.portal.service;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.binary.Base64;
+import org.openecomp.portalapp.portal.domain.EPUser;
+import org.openecomp.portalapp.portal.domain.MicroserviceData;
+import org.openecomp.portalapp.portal.domain.MicroserviceParameter;
+import org.openecomp.portalapp.portal.domain.WidgetCatalogParameter;
+import org.openecomp.portalapp.portal.domain.WidgetServiceHeaders;
+import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog;
+import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
+import org.openecomp.portalsdk.core.util.SystemProperties;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.RestTemplate;
+
+@Service("microserviceProxyService")
+@EnableAspectJAutoProxy
+@EPMetricsLog
+public class MicroserviceProxyServiceImpl implements MicroserviceProxyService {
+
+ private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MicroserviceProxyServiceImpl.class);
+
+ private static final String BASIC_AUTH = "Basic Authentication";
+ private static final String NO_AUTH = "No Authentication";
+ private static final String COOKIE_AUTH = "Cookie based Authentication";
+ private static final String QUESTION_MARK = "?";
+ private static final String ADD_MARK = "&";
+
+ @Autowired
+ private ConsulHealthService consulHealthService;
+ @Autowired
+ MicroserviceService microserviceService;
+ @Autowired
+ WidgetParameterService widgetParameterService;
+
+ private String whatService = "widgets-service";
+
+ private RestTemplate template = new RestTemplate();
+
+ @Override
+ public String proxyToDestination(long serviceId, EPUser user, HttpServletRequest request) throws Exception {
+ // get the microservice object by the id
+ MicroserviceData data = microserviceService.getMicroserviceDataById(serviceId);
+ // No such microservice available
+ if (data == null) {
+ // can we return a better response than null?
+ return null;
+ }
+ return authenticateAndRespond(data, request, composeParams(data, user));
+ }
+
+ @Override
+ public String proxyToDestinationByWidgetId(long widgetId, EPUser user, HttpServletRequest request)
+ throws Exception {
+ @SuppressWarnings({ "rawtypes", "unchecked" })
+ ResponseEntity<Long> ans = (ResponseEntity<Long>) template.exchange(
+ EcompPortalUtils.widgetMsProtocol() + "://"
+ + consulHealthService.getServiceLocation(whatService,
+ SystemProperties.getProperty("microservices.widget.local.port"))
+ + "/widget/microservices/widgetCatalog/parameters/" + widgetId,
+ HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), Long.class);
+ Long serviceId = ans.getBody();
+ // get the microservice object by the id
+ MicroserviceData data = microserviceService.getMicroserviceDataById(serviceId);
+ // No such microservice available
+ if (data == null)
+ return null;
+
+ List<MicroserviceParameter> params = composeParams(data, user);
+ for (MicroserviceParameter p : params) {
+ WidgetCatalogParameter userValue = widgetParameterService.getUserParamById(widgetId, user.getId(),
+ p.getId());
+ if (userValue != null)
+ p.setPara_value(userValue.getUser_value());
+ }
+ return authenticateAndRespond(data, request, params);
+ }
+
+ private String authenticateAndRespond(MicroserviceData data, HttpServletRequest request,
+ List<MicroserviceParameter> params) throws HttpClientErrorException, IllegalArgumentException {
+ String response = null;
+ if (data.getSecurityType().equals(NO_AUTH)) {
+ HttpEntity<String> entity = new HttpEntity<String>(headersForNoAuth());
+ String url = microserviceUrlConverter(data, params);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "authenticateAndRespond: Before making no authentication call: {}", url);
+ response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();
+ logger.debug(EELFLoggerDelegate.debugLogger, "authenticateAndRespond: No authentication call response: {}",
+ response);
+ } else if (data.getSecurityType().equals(BASIC_AUTH)) {
+ // encoding the username and password
+ String plainCreds = null;
+ try {
+ plainCreds = data.getUsername() + ":" + decryptedPassword(data.getPassword());
+ } catch (Exception e) {
+ logger.error("authenticateAndRespond failed to decrypt password", e);
+ throw new IllegalArgumentException("Failed to decrypt password", e);
+ }
+ byte[] plainCredsBytes = plainCreds.getBytes();
+ byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
+ String base64Creds = new String(base64CredsBytes);
+
+ HttpEntity<String> entity = new HttpEntity<String>(headersForBasicAuth(request, base64Creds));
+
+ String url = microserviceUrlConverter(data, params);
+ try {
+ response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();
+ } catch (HttpClientErrorException e) {
+ logger.error("authenticateAndRespond failed for basic security url " + url, e);
+ throw e;
+ }
+ } else if (data.getSecurityType().equals(COOKIE_AUTH)) {
+ HttpEntity<String> entity = new HttpEntity<String>(headersForCookieAuth(request));
+ String url = microserviceUrlConverter(data, params);
+ try {
+ response = template.exchange(url, HttpMethod.GET, entity, String.class).getBody();
+ } catch (HttpClientErrorException e) {
+ logger.error("authenticateAndRespond failed for cookie auth url " + url, e);
+ throw e;
+ }
+ }
+
+ return response;
+ }
+
+ private String decryptedPassword(String encryptedPwd) throws Exception {
+ String result = "";
+ if (encryptedPwd != null && encryptedPwd.length() > 0) {
+ try {
+ result = CipherUtil.decrypt(encryptedPwd,
+ SystemProperties.getProperty(SystemProperties.Decryption_Key));
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "decryptedPassword failed", e);
+ throw e;
+ }
+ }
+
+ return result;
+ }
+
+ private String microserviceUrlConverter(MicroserviceData data, List<MicroserviceParameter> params) {
+ String url = data.getUrl();
+ for (int i = 0; i < params.size(); i++) {
+ if (i == 0) {
+ url += QUESTION_MARK;
+ }
+ url += params.get(i).getPara_key() + "=" + params.get(i).getPara_value();
+ if (i != (params.size() - 1)) {
+ url += ADD_MARK;
+ }
+ }
+
+ return url;
+ }
+
+ private HttpHeaders headersForNoAuth() {
+ HttpHeaders headers = new HttpHeaders();
+ headers.setContentType(MediaType.APPLICATION_JSON);
+
+ return headers;
+ }
+
+ // TODO: why is this generically named cookie used?
+ private final static String Cookie = "Cookie";
+
+ private HttpHeaders headersForBasicAuth(HttpServletRequest request, String base64Creds) {
+ HttpHeaders headers = new HttpHeaders();
+ headers.add("Authorization", "Basic " + base64Creds);
+ headers.setContentType(MediaType.APPLICATION_JSON);
+ String rawCookie = request.getHeader(Cookie);
+ if (rawCookie != null)
+ headers.add(Cookie, rawCookie);
+ return headers;
+ }
+
+ private HttpHeaders headersForCookieAuth(HttpServletRequest request) {
+ HttpHeaders headers = new HttpHeaders();
+ headers.setContentType(MediaType.APPLICATION_JSON);
+ String rawCookie = request.getHeader(Cookie);
+ if (rawCookie != null)
+ headers.add(Cookie, rawCookie);
+ return headers;
+ }
+
+ private List<MicroserviceParameter> composeParams(MicroserviceData data, EPUser user) {
+ List<MicroserviceParameter> params = data.getParameterList();
+ MicroserviceParameter userIdParam = new MicroserviceParameter();
+ userIdParam.setPara_key("userId");
+ userIdParam.setPara_value(user.getOrgUserId());
+ params.add(userIdParam);
+ return params;
+ }
+}
\ No newline at end of file