X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FExternalAccessRolesController.java;h=103e3386b9701b5253af1f6af9abb702841146b8;hb=b5d17f2d9bfaa430bbd2ed31ffe588f73ed4cf94;hp=5f6818f15eed5a1ded7e19bf94bcc94fe7e0b2ee;hpb=a70761c096192e38800bf38d6c7f61f52bf72007;p=portal.git diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java index 5f6818f1..103e3386 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java @@ -4,6 +4,8 @@ * =================================================================== * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * =================================================================== + * Modification Copyright © 2020 IBM. + * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); @@ -61,6 +63,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.logging.aop.EPEELFLoggerAdvice; import org.onap.portalapp.portal.logging.logic.EPLogUtil; import org.onap.portalapp.portal.service.ExternalAccessRolesService; +import org.onap.portalsdk.core.service.UserService; import org.onap.portalapp.portal.transport.CentralRole; import org.onap.portalapp.portal.transport.CentralRoleFunction; import org.onap.portalapp.portal.transport.CentralUser; @@ -69,6 +72,8 @@ import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.portal.utils.PortalConstants; +import org.onap.portalapp.validation.DataValidator; +import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.domain.AuditLog; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; @@ -76,7 +81,6 @@ import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.restful.domain.EcompUser; import org.onap.portalsdk.core.service.AuditService; -import org.onap.portalsdk.core.service.UserService; import org.onap.portalsdk.core.service.UserServiceCentalizedImpl; import org.onap.portalsdk.core.util.SystemProperties; import org.onap.portalsdk.core.web.support.UserUtils; @@ -88,9 +92,12 @@ import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -104,24 +111,18 @@ import io.swagger.annotations.ApiOperation; @EnableAspectJAutoProxy @EPAuditLog public class ExternalAccessRolesController implements BasicAuthenticationController { - private static final String ROLE_INVALID_CHARS = "%=():,\"\""; - private static final String SUCCESSFULLY_DELETED = "Successfully Deleted"; - private static final String INVALID_UEB_KEY = "Invalid credentials!"; - private static final String LOGIN_ID = "LoginId"; - - RestTemplate template = new RestTemplate(); + private static final String UEBKEY = "uebkey"; + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); + private static final DataValidator DATA_VALIDATOR = new DataValidator(); @Autowired private AuditService auditService; - private static final String UEBKEY = "uebkey"; - - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class); - @Autowired private ExternalAccessRolesService externalAccessRolesService; @@ -129,11 +130,15 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl private UserService userservice = new UserServiceCentalizedImpl(); @ApiOperation(value = "Gets user role for an application.", response = CentralUser.class, responseContainer="List") - @RequestMapping(value = { - "/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/user/{loginId}" }, produces = "application/json") public CentralUser getUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { - + if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getUser not valid data"); + return null; + } CentralUser answer = null; try { fieldsValidation(request); @@ -146,10 +151,15 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets user roles for an application which is upgraded to newer version.", response = String.class, responseContainer="List") - @RequestMapping(value = { - "/v1/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/user/{loginId}" }, produces = "application/json") public String getV2UserList(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { + if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getV2UserList not valid data"); + return "Data is not valid"; + } String answer = null; try { fieldsValidation(request); @@ -162,8 +172,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets roles for an application.", response = CentralRole.class, responseContainer="Json") - @RequestMapping(value = { - "/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/roles" }, produces = "application/json") public List getRolesForApp(HttpServletRequest request, HttpServletResponse response) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "Request received for getRolesForApp"); List v2CenRole = null; @@ -186,8 +196,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets roles for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer="Json") - @RequestMapping(value = { - "/v1/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/roles" }, produces = "application/json") public List getV2RolesForApp(HttpServletRequest request, HttpServletResponse response) throws Exception { logger.debug(EELFLoggerDelegate.debugLogger, "Request received for getV2RolesForApp"); List answer = null; @@ -208,8 +218,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets all role functions for an application for older version.", response = CentralRoleFunction.class, responseContainer="Json") - @RequestMapping(value = { - "/functions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/functions" }, produces = "application/json") public List getRoleFunctionsList(HttpServletRequest request, HttpServletResponse response) throws Exception { List answer = null; @@ -233,8 +243,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets all role functions for an application which is upgraded to newer version.", response = CentralV2RoleFunction.class, responseContainer="Json") - @RequestMapping(value = { - "/v1/functions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/functions" }, produces = "application/json") public List getV2RoleFunctionsList(HttpServletRequest request, HttpServletResponse response) throws Exception { List cenRoleFuncList = null; @@ -257,8 +267,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Gets role information for an application.", response = CentralRole.class, responseContainer="Json") - @RequestMapping(value = { - "/role/{role_id}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/role/{role_id}" }, produces = "application/json") public CentralRole getRoleInfo(HttpServletRequest request, HttpServletResponse response, @PathVariable("role_id") Long roleId) throws Exception { CentralV2Role answer = null; @@ -277,8 +287,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets v2 role information for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer="Json") - @RequestMapping(value = { - "/v1/role/{role_id}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { + "/v1/role/{role_id}" }, produces = "application/json") public CentralV2Role getV2RoleInfo(HttpServletRequest request, HttpServletResponse response, @PathVariable("role_id") Long roleId) throws Exception { CentralV2Role answer = null; @@ -295,11 +305,15 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets role information for an application provided by function code.", response = CentralRoleFunction.class, responseContainer = "Json") - @RequestMapping(value = { "/function/{code}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/function/{code}" }, produces = "application/json") public CentralRoleFunction getRoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { CentralV2RoleFunction centralV2RoleFunction = null; CentralRoleFunction centralRoleFunction = new CentralRoleFunction(); + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction failed", new Exception("Data is not valid")); + } try { fieldsValidation(request); centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY)); @@ -314,10 +328,14 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets role information for an application provided by function code.", response = CentralV2RoleFunction.class, responseContainer = "Json") - @RequestMapping(value = { "/v1/function/{code}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v1/function/{code}" }, produces = "application/json") public CentralV2RoleFunction getV2RoleFunction(HttpServletRequest request, HttpServletResponse response, @PathVariable("code") String code) throws Exception { CentralV2RoleFunction centralV2RoleFunction = null; + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + sendErrorResponse(response, new Exception("Data is not valid")); + logger.error(EELFLoggerDelegate.errorLogger, "getV2RoleFunction failed", new Exception("Data is not valid")); + } try { fieldsValidation(request); centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY)); @@ -332,18 +350,22 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Saves role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/roleFunction" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/roleFunction" }, produces = "application/json") public PortalRestResponse saveRoleFunction(HttpServletRequest request, HttpServletResponse response, - @RequestBody String roleFunc) throws Exception { + @RequestBody String roleFunc) { String status = "Successfully saved!"; + if(!DATA_VALIDATOR.isValid(new SecureString(roleFunc))){ + logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to roleFunc, not valid data.", "Failed"); + } try { fieldsValidation(request); - String data = roleFunc; - ObjectMapper mapper = new ObjectMapper(); + ObjectMapper mapper = new ObjectMapper(); List applicationList = externalAccessRolesService.getApp(request.getHeader(UEBKEY)); EPApp requestedApp = applicationList.get(0); mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class); + CentralV2RoleFunction availableRoleFunction = mapper.readValue(roleFunc, CentralV2RoleFunction.class); CentralV2RoleFunction domainRoleFunction = null; boolean isCentralV2Version = false; if(availableRoleFunction.getType()!=null && availableRoleFunction.getAction()!= null) { @@ -405,8 +427,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed"); } } catch (Exception e) { if (e.getMessage() == null ||e.getMessage().contains(INVALID_UEB_KEY)) { @@ -415,15 +437,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, status, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, status, "Success"); } @ApiOperation(value = "Deletes role function for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/roleFunction/{code}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/roleFunction/{code}" }, produces = "application/json") public PortalRestResponse deleteRoleFunction(HttpServletRequest request, HttpServletResponse response, - @PathVariable("code") String code) throws Exception { + @PathVariable("code") String code) { + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRoleFunction, not valid data.", "Failed"); + } try { fieldsValidation(request); EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0); @@ -454,8 +481,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Failed to deleteRoleFunction for '" + code + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRoleFunction for '" + code + "'", "Failed"); } } catch (Exception e) { if (e.getMessage().contains(INVALID_UEB_KEY)) { @@ -471,9 +498,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Saves role for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/role" }, method = RequestMethod.POST, produces = "application/json") + @PostMapping(value = { "/role" }, produces = "application/json") public PortalRestResponse saveRole(HttpServletRequest request, HttpServletResponse response, - @RequestBody Role role) throws Exception { + @RequestBody Role role) { try { fieldsValidation(request); ExternalRequestFieldsValidator saveRoleResult = null; @@ -526,15 +553,20 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully Saved", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully Saved", "Success"); } @ApiOperation(value = "Deletes role for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/deleteRole/{code}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/deleteRole/{code}" }, produces = "application/json") public PortalRestResponse deleteRole(HttpServletRequest request, HttpServletResponse response, - @PathVariable String code) throws Exception { + @PathVariable String code) { + if(!DATA_VALIDATOR.isValid(new SecureString(code))){ + logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRole, not valid data.", "Failed"); + } try { fieldsValidation(request); boolean deleteResponse = externalAccessRolesService.deleteRoleForApplication(code, @@ -566,8 +598,8 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl MDC.remove(SystemProperties.MDC_TIMER); } else { logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed"); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, - "Failed to deleteRole for '" + code + "'", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, + "Failed to deleteRole for '" + code + "'", "Failed"); } } catch (Exception e) { if (e.getMessage().contains(INVALID_UEB_KEY)) { @@ -576,13 +608,13 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success"); } @ApiOperation(value = "Gets active roles for an application.", response = CentralRole.class, responseContainer = "Json") - @RequestMapping(value = { "/activeRoles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/activeRoles" }, produces = "application/json") public List getActiveRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { List roles = null; try { @@ -598,7 +630,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets active roles for an application.", response = CentralV2Role.class, responseContainer = "Json") - @RequestMapping(value = { "/v1/activeRoles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v1/activeRoles" }, produces = "application/json") public List getV2ActiveRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { List cenRole = null; try { @@ -613,9 +645,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "deletes user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, produces = "application/json") public PortalRestResponse deleteDependencyRoleRecord(HttpServletRequest request, HttpServletResponse response, - @PathVariable("roleId") Long roleId) throws Exception { + @PathVariable("roleId") Long roleId) { ExternalRequestFieldsValidator removeResult = null; try { fieldsValidation(request); @@ -640,9 +672,9 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "deletes roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/v2/deleteRole/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json") + @DeleteMapping(value = { "/v2/deleteRole/{roleId}" }, produces = "application/json") public PortalRestResponse deleteRole(HttpServletRequest request, HttpServletResponse response, - @PathVariable("roleId") Long roleId) throws Exception { + @PathVariable("roleId") Long roleId) { ExternalRequestFieldsValidator removeResult = null; try { fieldsValidation(request); @@ -667,64 +699,64 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl @ApiOperation(value = "Bulk upload functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/functions" }, produces = "application/json") + public PortalRestResponse bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/roles" }, produces = "application/json") + public PortalRestResponse bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadRoles(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload role functions for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/roleFunctions" }, produces = "application/json") + public PortalRestResponse bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadRolesFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/portal/userRoles" }, produces = "application/json") + public PortalRestResponse bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) { Integer result = 0; try { result = externalAccessRolesService.bulkUploadUserRoles(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload users for renamed role of an application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) throws Exception { + @PostMapping(value = { "/upload/portal/userRole/{roleId}" }, produces = "application/json") + public PortalRestResponse bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) { Integer result = 0; try { String roleName = request.getHeader("RoleName"); @@ -732,54 +764,57 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success"); } @ApiOperation(value = "Bulk upload functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/partner/functions" }, produces = "application/json") + public PortalRestResponse bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) { Integer addedFunctions = 0; try { addedFunctions = externalAccessRolesService.bulkUploadPartnerFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: '"+addedFunctions+"' functions", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, + "Successfully added: '" + addedFunctions + "' functions", "Success"); } @ApiOperation(value = "Bulk upload roles for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List upload) throws Exception { + @PostMapping(value = { "/upload/partner/roles" }, produces = "application/json") + public PortalRestResponse bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List upload) { try { externalAccessRolesService.bulkUploadPartnerRoles(request.getHeader(UEBKEY), upload); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added", "Success"); } @ApiOperation(value = "Bulk upload role functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json") - @RequestMapping(value = { "/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json") - public PortalRestResponse bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { + @PostMapping(value = { "/upload/partner/roleFunctions" }, produces = "application/json") + public PortalRestResponse bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) { Integer addedRoleFunctions = 0; try { addedRoleFunctions = externalAccessRolesService.bulkUploadPartnerRoleFunctions(request.getHeader(UEBKEY)); } catch (Exception e) { response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e); - return new PortalRestResponse(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed"); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", + "Failed"); } - return new PortalRestResponse(PortalRestStatusEnum.OK, "Successfully added: '"+addedRoleFunctions + "' role functions", "Success"); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, + "Successfully added: '" + addedRoleFunctions + "' role functions", "Success"); } @ApiOperation(value = "Gets all functions along with global functions", response = List.class, responseContainer = "Json") - @RequestMapping(value = { "/menuFunctions" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/menuFunctions" }, produces = "application/json") public List getMenuFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception { List functionsList = null; try { @@ -793,7 +828,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets all active Users of application", response = String.class, responseContainer = "Json") - @RequestMapping(value = { "/users" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/users" }, produces = "application/json") public List getUsersOfApplication(HttpServletRequest request, HttpServletResponse response) throws Exception { List users = null; try { @@ -853,9 +888,13 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets ecompUser of an application.", response = CentralUser.class, responseContainer = "List") - @RequestMapping(value = { "/v2/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v2/user/{loginId}" }, produces = "application/json") public String getEcompUser(HttpServletRequest request, HttpServletResponse response, @PathVariable("loginId") String loginId) throws Exception { + if(!DATA_VALIDATOR.isValid(new SecureString(loginId))){ + sendErrorResponse(response, new Exception("getEcompUser failed")); + logger.error(EELFLoggerDelegate.errorLogger, "getEcompUser failed", new Exception("getEcompUser failed")); + } EcompUser user = new EcompUser(); ObjectMapper mapper = new ObjectMapper(); String answer = null; @@ -868,7 +907,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl user = UserUtils.convertToEcompUser(ecompUser); List missingRolesOfUser = externalAccessRolesService.missingUserApplicationRoles(request.getHeader(UEBKEY), loginId, user.getRoles()); if (missingRolesOfUser.size() > 0) { - Set roles = new TreeSet(missingRolesOfUser); + Set roles = new TreeSet<>(missingRolesOfUser); user.getRoles().addAll(roles); } } @@ -880,7 +919,7 @@ public class ExternalAccessRolesController implements BasicAuthenticationControl } @ApiOperation(value = "Gets user ecomp role for an application.", response = CentralUser.class, responseContainer = "List") - @RequestMapping(value = { "/v2/roles" }, method = RequestMethod.GET, produces = "application/json") + @GetMapping(value = { "/v2/roles" }, produces = "application/json") public List getEcompRolesOfApplication(HttpServletRequest request, HttpServletResponse response) throws Exception { List ecompRoles = null;