X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ecomp-portal-BE-common%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fportalapp%2Fportal%2Fcontroller%2FExternalAppsRestfulController.java;h=d3e079e8c5a4b162b8ce9936ca11bf4b93851ab0;hb=b5d17f2d9bfaa430bbd2ed31ffe588f73ed4cf94;hp=bd2b0a1a1e239a159be4dacb96233d6fc1b55024;hpb=21a8761f684745bb300e075c7e98ad897ace9eed;p=portal.git

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java
index bd2b0a1a..d3e079e8 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAppsRestfulController.java
@@ -4,6 +4,10 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ *  Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
+ *  Modification Copyright © 2020 IBM.
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -33,7 +37,7 @@
  *
  * ============LICENSE_END============================================
  *
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * 
  */
 package org.onap.portalapp.portal.controller;
 
@@ -48,8 +52,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.onap.portalapp.controller.EPRestrictedRESTfulBaseController;
+import org.onap.portalapp.music.conf.MusicSession;
+import org.onap.portalapp.music.util.MusicUtil;
 import org.onap.portalapp.portal.domain.EPApp;
 import org.onap.portalapp.portal.domain.EPRole;
+import org.onap.portalapp.portal.domain.EPServiceCookie;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
 import org.onap.portalapp.portal.service.AdminRolesService;
@@ -64,8 +71,12 @@ import org.onap.portalapp.portal.transport.FunctionalMenuItem;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse;
+import org.onap.portalsdk.core.onboarding.util.CipherUtil;
+import org.onap.portalsdk.core.util.SystemProperties;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -74,6 +85,10 @@ import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -88,6 +103,7 @@ import io.swagger.annotations.ApiOperation;
 public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseController {
 
 	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAppsRestfulController.class);
+	private final DataValidator DATA_VALIDATOR = new DataValidator();
 
 	@Autowired
 	private FunctionalMenuService functionalMenuService;
@@ -105,18 +121,25 @@ public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseContro
 	private EPRoleService epRoleService;
 
 	@ApiOperation(value = "Creates a Portal user notification for roles identified in the content from an external application.", response = PortalAPIResponse.class)
-	@RequestMapping(value = { "/publishNotification" }, method = RequestMethod.POST, produces = "application/json")
+	@PostMapping(value = { "/publishNotification" }, produces = "application/json")
 	@ResponseBody
 	public PortalAPIResponse publishNotification(HttpServletRequest request,
 			@RequestBody EpNotificationItem notificationItem) throws Exception {
+
+		if(!DATA_VALIDATOR.isValid(notificationItem)){
+			PortalAPIResponse response = new PortalAPIResponse(false, "failed");
+			return response;
+		}
 		String appKey = request.getHeader("uebkey");
 		EPApp app = findEpApp(appKey);
 		List<Long> postRoleIds = new ArrayList<Long>();
-		for (Long roleId : notificationItem.getRoleIds()) {
-			EPRole role = epRoleService.getRole(app.getId(), roleId);
-			if (role != null)
-				postRoleIds.add(role.getId());
-		}
+		if (app != null) {
+        for (Long roleId : notificationItem.getRoleIds()) {
+            EPRole role = epRoleService.getRole(app.getId(), roleId);
+            if (role != null)
+                postRoleIds.add(role.getId());
+        	}
+    	}
 
 		// --- recreate the user notification object with the POrtal Role Ids
 		EpNotificationItem postItem = new EpNotificationItem();
@@ -151,14 +174,14 @@ public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseContro
 		try {
 			list = this.getDataAccessService().executeNamedQuery("getMyAppDetailsByUebKey", params, null);
 		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "getMyAppDetailsByUebKey failed", e);			
+			logger.error(EELFLoggerDelegate.errorLogger, "getMyAppDetailsByUebKey failed", e);
 		}
 			
-		return (list == null || list.size() == 0) ? null : (EPApp) list.get(0);
+		return (list == null || list.isEmpty()) ? null : (EPApp) list.get(0);
 	}
 
 	@ApiOperation(value = "Gets favorite items within the functional menu for the current user.", response = FavoritesFunctionalMenuItemJson.class, responseContainer="List")
-	@RequestMapping(value = { "/getFavorites" }, method = RequestMethod.GET, produces = "application/json")
+	@GetMapping(value = { "/getFavorites" }, produces = "application/json")
 	public List<FavoritesFunctionalMenuItemJson> getFavoritesForUser(HttpServletRequest request,
 			HttpServletResponse response) throws Exception {
 		String loginId = "";
@@ -187,8 +210,8 @@ public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseContro
 	}
 
 	@ApiOperation(value = "Gets functional menu items appropriate for the current user.", response = FunctionalMenuItem.class, responseContainer="List")
-	@RequestMapping(value = {
-			"/functionalMenuItemsForUser" }, method = RequestMethod.GET, produces = "application/json")
+	@GetMapping(value = {
+			"/functionalMenuItemsForUser" }, produces = "application/json")
 	public List<FunctionalMenuItem> getFunctionalMenuItemsForUser(HttpServletRequest request,
 			HttpServletResponse response) throws Exception {
 		String loginId = "";
@@ -228,4 +251,30 @@ public class ExternalAppsRestfulController extends EPRestrictedRESTfulBaseContro
 		logger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
 		response.sendError(HttpStatus.BAD_REQUEST.value(), e.getMessage());
 	}
+	
+	@EPAuditLog
+	@PostMapping(value = { "/validateCookie" })
+	public boolean validateCookie(@RequestBody EPServiceCookie epServiceCookie, HttpServletRequest request) throws Exception {
+		Map<String,String> epServiceCookieValueMap = epServiceCookie.getValue();
+		if(epServiceCookieValueMap!=null) {
+			String multifactorauthfrontendurl = SystemProperties.getProperty("frontend_url");
+			String encryptedJSessionId = epServiceCookieValueMap.get(multifactorauthfrontendurl);
+			if(encryptedJSessionId != null) {
+				String jSessionId = CipherUtil.decryptPKC(encryptedJSessionId);
+				if(jSessionId != null) {
+					if(jSessionId.equals(request.getSession().getId())) {
+						if(MusicUtil.isMusicEnable()) { 
+							MusicSession musicSession = new MusicSession();
+							String sessionId = musicSession.getAttribute(encryptedJSessionId);
+							logger.info(EELFLoggerDelegate.errorLogger, "Music sessionid : "+sessionId);
+							return (sessionId != null); 
+						} else {
+							return true;
+						}
+					}
+				}
+			}
+		}
+		return false;
+	}
 }