Code Review / portal / sdk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 5eb302b)
Security vulnerability 39/21939/1 amsterdam release-1.3.2 1.0.0-Amsterdam 1.0.0-ONAP v1.3.2
authorst782s <statta@research.att.com>
Thu, 2 Nov 2017 21:05:10 +0000 (17:05 -0400)
committerst782s <statta@research.att.com>
Thu, 2 Nov 2017 21:07:34 +0000 (17:07 -0400)
Handle Session issues and security vulnerability login issue to by
preventing sql injection attack

Issue: PORTAL-137
Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f
Signed-off-by: st782s <statta@research.att.com>
19 files changed:
ecomp-sdk/epsdk-analytics/README.md patch | blob | history
ecomp-sdk/epsdk-analytics/pom.xml patch | blob | history
ecomp-sdk/epsdk-app-common/README.md patch | blob | history
ecomp-sdk/epsdk-app-common/pom.xml patch | blob | history
ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java patch | blob | history
ecomp-sdk/epsdk-app-os/README.md patch | blob | history
ecomp-sdk/epsdk-app-os/pom.xml patch | blob | history
ecomp-sdk/epsdk-app-overlay/README.md patch | blob | history
ecomp-sdk/epsdk-app-overlay/pom.xml patch | blob | history
ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml patch | blob | history
ecomp-sdk/epsdk-core/README.md patch | blob | history
ecomp-sdk/epsdk-core/pom.xml patch | blob | history
ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java patch | blob | history
ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java patch | blob | history
ecomp-sdk/epsdk-fw/README.md patch | blob | history
ecomp-sdk/epsdk-fw/pom.xml patch | blob | history
ecomp-sdk/epsdk-workflow/README.md patch | blob | history
ecomp-sdk/epsdk-workflow/pom.xml patch | blob | history
ecomp-sdk/pom.xml patch | blob | history

diff --git a/ecomp-sdk/epsdk-analytics/README.md b/ecomp-sdk/epsdk-analytics/README.md
index 7310535..3f398c7 100644 (file)
--- a/ecomp-sdk/epsdk-analytics/README.md
+++ b/ecomp-sdk/epsdk-analytics/README.md
@@ -11,6 +11,9 @@ features including charts, maps and reports ("Raptor").
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- No changes
+
 Version 1.3.1, 15 October 2017
 - No changes
 
diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml
index d211e06..6fc3eaf 100644 (file)
--- a/ecomp-sdk/epsdk-analytics/pom.xml
+++ b/ecomp-sdk/epsdk-analytics/pom.xml
@@ -5,7 +5,7 @@
        <parent>
                <groupId>org.onap.portal.sdk</groupId>
                <artifactId>epsdk-project</artifactId>
-               <version>1.3.1</version>
+               <version>1.3.2</version>
        </parent>
        
        <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-common/README.md b/ecomp-sdk/epsdk-app-common/README.md
index 8a7d0e6..edca9b5 100644 (file)
--- a/ecomp-sdk/epsdk-app-common/README.md
+++ b/ecomp-sdk/epsdk-app-common/README.md
@@ -24,6 +24,9 @@ AngularJS version 1.5.0.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
 Version 1.3.1, 15 October 2017
 - No changes
 
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index bacab49..d10e473 100644 (file)
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -5,7 +5,7 @@
        <parent>
                <groupId>org.onap.portal.sdk</groupId>
                <artifactId>epsdk-project</artifactId>
-               <version>1.3.1</version>
+               <version>1.3.2</version>
        </parent>
 
        <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
index 766d9eb..f921581 100644 (file)
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
@@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController {
                        final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
                        logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
                                        redirectUrl);
+
+                       // this line may not be necessary but jsessionid cookie is not getting created in all cases,
+                       // so force the cookie creation
+                       request.getSession(true);
+
                        return new ModelAndView("redirect:" + redirectUrl);
                }
        }
diff --git a/ecomp-sdk/epsdk-app-os/README.md b/ecomp-sdk/epsdk-app-os/README.md
index 79ab974..e413237 100644 (file)
--- a/ecomp-sdk/epsdk-app-os/README.md
+++ b/ecomp-sdk/epsdk-app-os/README.md
@@ -13,6 +13,9 @@ https://www.eclipse.org/m2e-wtp/
 
 ## Release Notes
 
+Version 1.3.2, 1 November 2017
+- No changes
+
 Version 1.3.1, 15 October 2017
 - PORTAL-104 Changed the sql connector to Mariadb
 - PORTAL-127 Remove GreenSock code from b2b library in SDK
diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml
index 94530cd..85bc253 100644 (file)
--- a/ecomp-sdk/epsdk-app-os/pom.xml
+++ b/ecomp-sdk/epsdk-app-os/pom.xml
@@ -7,7 +7,7 @@
         <parent>
                 <groupId>org.onap.portal.sdk</groupId>
                 <artifactId>epsdk-project</artifactId>
-                <version>1.3.1</version>
+                <version>1.3.2</version>
         </parent>
 
         <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-overlay/README.md b/ecomp-sdk/epsdk-app-overlay/README.md
index df86ec9..094ab0f 100644 (file)
--- a/ecomp-sdk/epsdk-app-overlay/README.md
+++ b/ecomp-sdk/epsdk-app-overlay/README.md
@@ -17,6 +17,9 @@ AngularJS version 1.5.0.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
 Version 1.3.1, 15 October 2017
 - PORTAL-127 Remove GreenSock code from b2b library
 
diff --git a/ecomp-sdk/epsdk-app-overlay/pom.xml b/ecomp-sdk/epsdk-app-overlay/pom.xml
index 0332717..6380073 100644 (file)
--- a/ecomp-sdk/epsdk-app-overlay/pom.xml
+++ b/ecomp-sdk/epsdk-app-overlay/pom.xml
@@ -5,7 +5,7 @@
        <parent>
                <groupId>org.onap.portal.sdk</groupId>
                <artifactId>epsdk-project</artifactId>
-               <version>1.3.1</version>
+               <version>1.3.2</version>
        </parent>
 
        <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
index 098a585..dbe53d5 100644 (file)
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
@@ -352,14 +352,14 @@
     <query name="getAllUsers">
       select id, firstName, lastName from User where active = true order by lastName, firstName
     </query>
-       
+
     <query name="getRoleNameById">
       select name from Role where id = :role_id
     </query>
 
     <query name="getAllRoles">
       select id, name from Role order by name
-    </query>   
+    </query>
     
     <query name="getReportSecurityUsers">
       select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and userId is not null
@@ -369,11 +369,6 @@
       select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and roleId is not null
     </query>
 
-<!--     <query name="insertReportSecurityUsers">
-               insert into ReportUserRole (repId, roleId, userId, readOnlyYn) values (:report_id, :role_id, :user_id, :read_only_yn)
-    </query> -->
-    
-
     <query name="deleteReportSecurityUsers">
       delete from ReportUserRole where repId = :report_id and userId =:user_id
     </query>
@@ -390,4 +385,16 @@
       select id from User where orgUserId = :orgUserId
     </query>
 
+     <query name="getUserByOrgUserId">
+       FROM User WHERE orgUserId = :org_user_id
+     </query>
+
+     <query name="getUserByLoginId">
+       FROM User WHERE loginId = :login_id
+     </query>
+
+     <query name="getUserByLoginIdLoginPwd">
+       FROM User WHERE loginId = :login_id and loginPwd = :login_pwd
+     </query>
+
 </hibernate-mapping>
diff --git a/ecomp-sdk/epsdk-core/README.md b/ecomp-sdk/epsdk-core/README.md
index b6eac5c..6b22f12 100644 (file)
--- a/ecomp-sdk/epsdk-core/README.md
+++ b/ecomp-sdk/epsdk-core/README.md
@@ -13,6 +13,9 @@ ECOMP SDK web application.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
 Version 1.3.1, 15 October 2017
 - No changes
 
diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml
index b2f69eb..bfef5a9 100644 (file)
--- a/ecomp-sdk/epsdk-core/pom.xml
+++ b/ecomp-sdk/epsdk-core/pom.xml
@@ -5,7 +5,7 @@
        <parent>
                <groupId>org.onap.portal.sdk</groupId>
                <artifactId>epsdk-project</artifactId>
-               <version>1.3.1</version>
+               <version>1.3.2</version>
        </parent>
 
        <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java
index bab2249..7783e82 100644 (file)
--- a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceCentralizedImpl.java
@@ -24,46 +24,38 @@ import org.springframework.transaction.annotation.Transactional;
 @Transactional
 public class LoginServiceCentralizedImpl extends FusionService implements LoginService {
 
-       private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceCentralizedImpl.class);
-
-       @Autowired
-       AppService appService;
+       private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceCentralizedImpl.class);
 
        @Autowired
        private DataAccessService dataAccessService;
-       
-       @Autowired
-       RestApiRequestBuilder restApiRequestBuilder;
-       
+
        @Autowired
-       UserService userService;
+       private RestApiRequestBuilder restApiRequestBuilder;
 
-       @SuppressWarnings("unused")
-       private MenuBuilder menuBuilder;
+       @Autowired
+       private UserService userService;
 
        @Override
-       public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams)
-                       throws Exception {
+       public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, @SuppressWarnings("rawtypes") HashMap additionalParams) throws Exception {
                return findUser(bean, menuPropertiesFilename, additionalParams, true);
        }
 
+       @Override
        @SuppressWarnings("rawtypes")
        public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams,
                        boolean matchPassword) throws Exception {
-               User user = null;
-               User userCopy = null;
 
-               if (bean.getUserid() != null && bean.getUserid() != null) {
-                       user = (User) findUser(bean);
+               User user;
+               if (bean.getUserid() != null) {
+                       user = findUser(bean);
                } else {
                        if (matchPassword)
-                               user = (User) findUser(bean.getLoginId(), bean.getLoginPwd());
+                               user = findUser(bean.getLoginId(), bean.getLoginPwd());
                        else
-                               user = (User) findUserWithoutPwd(bean.getLoginId());
+                               user = findUserWithoutPwd(bean.getLoginId());
                }
 
                if (user != null) {
-
                        if (AppUtils.isApplicationLocked()
                                        && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {
                                bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);
@@ -82,15 +74,20 @@ public class LoginServiceCentralizedImpl extends FusionService implements LoginS
 
                                // this will be a snapshot of the user's information as
                                // retrieved from the database
-                               userCopy = (User) user.clone();
+                               User userCopy = null;
+                               try {
+                                       userCopy = (User) user.clone();
+                               } catch (CloneNotSupportedException ex) {
+                                       // Never happens
+                                       logger.error(EELFLoggerDelegate.errorLogger, "findUser failed", ex);
+                               }
 
-                               User appuser = getUser(userCopy);
+                               User appuser = findUserWithoutPwd(user.getLoginId());
 
                                appuser.setLastLoginDate(new Date());
 
                                // update the last logged in date for the user
-                               // user.setLastLoginDate(new Date());
-                               getDataAccessService().saveDomainObject(appuser, additionalParams);
+                               dataAccessService.saveDomainObject(appuser, additionalParams);
 
                                // update the audit log of the user
                                // Check for the client device type and set log attributes
@@ -117,6 +114,7 @@ public class LoginServiceCentralizedImpl extends FusionService implements LoginS
 
        private boolean userHasActiveRoles(User user) {
                boolean hasActiveRole = false;
+               @SuppressWarnings("rawtypes")
                Iterator roles = user.getRoles().iterator();
                while (roles.hasNext()) {
                        Role role = (Role) roles.next();
@@ -128,72 +126,43 @@ public class LoginServiceCentralizedImpl extends FusionService implements LoginS
                return hasActiveRole;
        }
 
-       @SuppressWarnings("null")
-       public User findUser(LoginBean bean) throws Exception {
-               User user = null;
+       private User findUser(LoginBean bean) throws Exception {
                String repsonse = restApiRequestBuilder.getViaREST("/user/" + bean.getUserid(), true, bean.getUserid());
-               user = userService.userMapper(repsonse);
+               User user = userService.userMapper(repsonse);
                user.setId(getUserIdByOrgUserId(user.getOrgUserId()));
                return user;
        }
-       
-       public Long getUserIdByOrgUserId(String orgUserId) {
-               Map<String, String> params = new HashMap<String, String>();
+
+       private Long getUserIdByOrgUserId(String orgUserId) {
+               Map<String, String> params = new HashMap<>();
                params.put("orgUserId", orgUserId);
                @SuppressWarnings("rawtypes")
-               List list = getDataAccessService().executeNamedQuery("getUserIdByorgUserId", params, null);
+               List list = dataAccessService.executeNamedQuery("getUserIdByorgUserId", params, null);
                Long userId = null;
                if (list != null && !list.isEmpty())
                        userId = (Long) list.get(0);
                return userId;
        }
-       
-
-       public User findUser(String loginId, String password) {
 
-               List list = null;
-
-               StringBuffer criteria = new StringBuffer();
-               criteria.append(" where login_id = '").append(loginId).append("'").append(" and login_pwd = '").append(password)
-                               .append("'");
-
-               list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
-               return (list == null || list.size() == 0) ? null : (User) list.get(0);
+       @SuppressWarnings("rawtypes")
+       private User findUser(String loginId, String password) {
+               Map<String,String> params = new HashMap<>();
+               params.put("login_id", loginId);
+               params.put("login_pwd", password);
+               List list = dataAccessService.executeNamedQuery("getUserByLoginIdLoginPwd", params, new HashMap());
+               return (list == null || list.isEmpty()) ? null : (User) list.get(0);
        }
 
+       @SuppressWarnings("rawtypes")
        private User findUserWithoutPwd(String loginId) {
-               List list = null;
-               StringBuffer criteria = new StringBuffer();
-               criteria.append(" where login_id = '").append(loginId).append("'");
-               list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
-               return (list == null || list.size() == 0) ? null : (User) list.get(0);
-       }
-
-       public DataAccessService getDataAccessService() {
-               return dataAccessService;
+               Map<String,String> params = new HashMap<>();
+               params.put("login_id", loginId);                
+               List list = dataAccessService.executeNamedQuery("getUserByLoginId", params, new HashMap());
+               return (list == null || list.isEmpty()) ? null : (User) list.get(0);
        }
 
-       public void setDataAccessService(DataAccessService dataAccessService) {
-               this.dataAccessService = dataAccessService;
-       }
-
-       public MenuBuilder getMenuBuilder() {
+       private MenuBuilder getMenuBuilder() {
                return new MenuBuilder();
        }
 
-       public void setMenuBuilder(MenuBuilder menuBuilder) {
-               this.menuBuilder = menuBuilder;
-       }
-
-       public User getUser(User user) {
-               List list = null;
-
-               StringBuffer criteria = new StringBuffer();
-               criteria.append(" where login_id = '").append(user.getLoginId()).append("'");
-
-               list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
-               return (list == null || list.size() == 0) ? null : (User) list.get(0);
-
-       }
-
 }
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java
index a38a16f..9ba7dcf 100644 (file)
--- a/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/openecomp/portalsdk/core/service/LoginServiceImpl.java
@@ -1,6 +1,6 @@
 /*-
  * ================================================================================
- * eCOMP Portal SDK
+ * ECOMP Portal SDK
  * ================================================================================
  * Copyright (C) 2017 AT&T Intellectual Property
  * ================================================================================
@@ -24,11 +24,13 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.openecomp.portalsdk.core.command.LoginBean;
 import org.openecomp.portalsdk.core.domain.Role;
 import org.openecomp.portalsdk.core.domain.User;
+import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.openecomp.portalsdk.core.menu.MenuBuilder;
 import org.openecomp.portalsdk.core.service.support.FusionService;
 import org.openecomp.portalsdk.core.util.SystemProperties;
@@ -40,161 +42,128 @@ import org.springframework.transaction.annotation.Transactional;
 @Transactional
 public class LoginServiceImpl extends FusionService implements LoginService {
 
-       @SuppressWarnings("unused")
-    private MenuBuilder  menuBuilder;
-    @Autowired
-       private DataAccessService  dataAccessService;
-
-    @SuppressWarnings("rawtypes")
-    public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams ) throws Exception {
-       return findUser(bean, menuPropertiesFilename, additionalParams, true);
-    }
-       
-    @SuppressWarnings("rawtypes")
-    public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams, boolean matchPassword) throws Exception {
-      User           user = null;
-      User       userCopy = null;
-      
-      if (bean.getUserid() != null && bean.getUserid() != null) {
-        user = (User)findUser(bean);
-      }
-      else {
-         if (matchPassword)
-                 user = (User)findUser(bean.getLoginId(), bean.getLoginPwd());
-         else
-                 user = (User)findUserWithoutPwd(bean.getLoginId());
-      }
-
-      if (user != null) {
-
-        // raise an error if the application is locked and the user does not have system administrator privileges
-        if (AppUtils.isApplicationLocked() && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {
-          bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);
-        }
-
-        // raise an error if the user is inactive
-        if (!user.getActive()) {
-          bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
-        }
-
-        // raise an error if no active roles exist for the user
-//        boolean hasActiveRole = false;
-//        Iterator roles = user.getRoles().iterator();
-//        while (roles.hasNext()) {
-//          Role role = (Role)roles.next();
-//          if (role.getActive()) {
-//            hasActiveRole = true;
-//            break;
-//          }
-//        }
-      
-//        if (!hasActiveRole) {
-//          bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
-//        }
-        if (!userHasActiveRoles(user)) {
-                       bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
-               }
-        // only login the user if no errors have occurred
-        if (bean.getLoginErrorMessage() == null) {
-
-          // this will be a snapshot of the user's information as retrieved from the database
-          userCopy = (User)user.clone();
-
-          // update the last logged in date for the user
-          user.setLastLoginDate(new Date());
-          getDataAccessService().saveDomainObject(user, additionalParams);
-
-          // update the audit log of the user
-          //Check for the client device type and set log attributes appropriately
-          
-
-          // save the above changes to the User and their audit trail
-
-          // create the application menu based on the user's privileges
-          Set appMenu = getMenuBuilder().getMenu(SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME),dataAccessService);
-          bean.setMenu(appMenu != null?appMenu:new HashSet());
-          Set businessDirectMenu = getMenuBuilder().getMenu(SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME),dataAccessService);
-          bean.setBusinessDirectMenu(businessDirectMenu != null?businessDirectMenu:new HashSet());
-          
-          bean.setUser(userCopy);
-        }
-
-      }
-
-      return bean;
-    }
-    
-    private boolean userHasActiveRoles(User user) {
-       boolean hasActiveRole = false;
-        @SuppressWarnings("rawtypes")
-               Iterator roles = user.getRoles().iterator();
-        while (roles.hasNext()) {
-          Role role = (Role)roles.next();
-          if (role.getActive()) {
-            hasActiveRole = true;
-            break;
-          }
-        }
-        return hasActiveRole;
-       }
-
-    @SuppressWarnings("rawtypes")
-    public User findUser(String loginId, String password) {
-      List      list     = null;
-
-      StringBuffer criteria = new StringBuffer();
-      criteria.append(" where login_id = '").append(loginId).append("'")
-              .append(" and login_pwd = '").append(password).append("'");
-      
-      list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
+       private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceImpl.class);
 
-      return (list == null || list.size() == 0) ? null : (User)list.get(0);
-    }
-    
-    @SuppressWarnings("rawtypes")
-    private User findUserWithoutPwd(String loginId) {
-        List      list     = null;
+       @Autowired
+       private DataAccessService dataAccessService;
 
-        StringBuffer criteria = new StringBuffer();
-        criteria.append(" where login_id = '").append(loginId).append("'");
-        
-        list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
-
-        return (list == null || list.size() == 0) ? null : (User)list.get(0);
-      }
-
-    @SuppressWarnings("rawtypes")
-    public User findUser(LoginBean bean) {
-      List          list = null;
-
-      StringBuffer criteria = new StringBuffer();
-      criteria.append(" where org_user_id = '").append(bean.getUserid()).append("'");
-      
-      list = getDataAccessService().getList(User.class, criteria.toString(), null, null);
+       @Override
+       @SuppressWarnings("rawtypes")
+       public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams) {
+               return findUser(bean, menuPropertiesFilename, additionalParams, true);
+       }
 
-      return (list == null || list.size() == 0) ? null : (User)list.get(0);
-    }
+       @Override
+       @SuppressWarnings("rawtypes")
+       public LoginBean findUser(LoginBean bean, String menuPropertiesFilename, HashMap additionalParams,
+                       boolean matchPassword) {
+
+               User user;
+               if (bean.getUserid() != null && bean.getUserid() != null) {
+                       user = findUser(bean);
+               } else {
+                       if (matchPassword)
+                               user = findUser(bean.getLoginId(), bean.getLoginPwd());
+                       else
+                               user = findUserWithoutPwd(bean.getLoginId());
+               }
 
+               if (user != null) {
+                       // raise an error if the application is locked and the user does not have system
+                       // administrator privileges
+                       if (AppUtils.isApplicationLocked()
+                                       && !UserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {
+                               bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);
+                       }
+
+                       // raise an error if the user is inactive
+                       if (!user.getActive()) {
+                               bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
+                       }
+
+                       if (!userHasActiveRoles(user)) {
+                               bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);
+                       }
+                       // only login the user if no errors have occurred
+                       if (bean.getLoginErrorMessage() == null) {
+
+                               // this will be a snapshot of the user's information as retrieved from the
+                               // database
+                               User userCopy = null;
+                               try {
+                                       userCopy = (User) user.clone();
+                               } catch (CloneNotSupportedException ex) {
+                                       // Never happens
+                                       logger.error(EELFLoggerDelegate.errorLogger, "findUser failed", ex);
+                               }
+
+                               // update the last logged in date for the user
+                               user.setLastLoginDate(new Date());
+                               dataAccessService.saveDomainObject(user, additionalParams);
+
+                               // update the audit log of the user
+                               // Check for the client device type and set log attributes appropriately
+
+                               // save the above changes to the User and their audit trail
+
+                               // create the application menu based on the user's privileges
+                               Set appMenu = getMenuBuilder().getMenu(
+                                               SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME), dataAccessService);
+                               bean.setMenu(appMenu != null ? appMenu : new HashSet());
+                               Set businessDirectMenu = getMenuBuilder().getMenu(
+                                               SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME),
+                                               dataAccessService);
+                               bean.setBusinessDirectMenu(businessDirectMenu != null ? businessDirectMenu : new HashSet());
+
+                               bean.setUser(userCopy);
+                       }
 
-    public MenuBuilder getMenuBuilder() {
-        return new MenuBuilder();
-    }
+               }
 
+               return bean;
+       }
 
-    public void setMenuBuilder(MenuBuilder menuBuilder) {
-        this.menuBuilder = menuBuilder;
-    }
+       private boolean userHasActiveRoles(User user) {
+               boolean hasActiveRole = false;
+               @SuppressWarnings("rawtypes")
+               Iterator roles = user.getRoles().iterator();
+               while (roles.hasNext()) {
+                       Role role = (Role) roles.next();
+                       if (role.getActive()) {
+                               hasActiveRole = true;
+                               break;
+                       }
+               }
+               return hasActiveRole;
+       }
 
-    
-    public DataAccessService getDataAccessService() {
-               return dataAccessService;
+       @SuppressWarnings("rawtypes")
+       private User findUser(String loginId, String password) {
+               Map<String, String> params = new HashMap<>();
+               params.put("login_id", loginId);
+               params.put("login_pwd", password);
+               List list = dataAccessService.executeNamedQuery("getUserByLoginIdLoginPwd", params, new HashMap());
+               return (list == null || list.isEmpty()) ? null : (User) list.get(0);
        }
 
+       @SuppressWarnings("rawtypes")
+       private User findUserWithoutPwd(String loginId) {
+               Map<String, String> params = new HashMap<>();
+               params.put("login_id", loginId);
+               List list = dataAccessService.executeNamedQuery("getUserByLoginId", params, new HashMap());
+               return (list == null || list.isEmpty()) ? null : (User) list.get(0);
+       }
 
-       public void setDataAccessService(DataAccessService dataAccessService) {
-               this.dataAccessService = dataAccessService;
+       @SuppressWarnings("rawtypes")
+       private User findUser(LoginBean bean) {
+               Map<String, String> params = new HashMap<>();
+               params.put("org_user_id", bean.getUserid());
+               List list = dataAccessService.executeNamedQuery("getUserByOrgUserId", params, new HashMap());
+               return (list == null || list.isEmpty()) ? null : (User) list.get(0);
        }
 
+       private MenuBuilder getMenuBuilder() {
+               return new MenuBuilder();
+       }
 
 }
diff --git a/ecomp-sdk/epsdk-fw/README.md b/ecomp-sdk/epsdk-fw/README.md
index eb6010e..7898ab9 100644 (file)
--- a/ecomp-sdk/epsdk-fw/README.md
+++ b/ecomp-sdk/epsdk-fw/README.md
@@ -29,6 +29,9 @@ nor does it require Spring.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- No changes
+
 Version 1.3.1, 15 October 2017
 - No changes
 
diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 8252328..ddd362d 100644 (file)
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -5,7 +5,7 @@
        <parent>
                <groupId>org.onap.portal.sdk</groupId>
                <artifactId>epsdk-project</artifactId>
-               <version>1.3.1</version>
+               <version>1.3.2</version>
        </parent>
 
        <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-workflow/README.md b/ecomp-sdk/epsdk-workflow/README.md
index bcf4683..065f685 100644 (file)
--- a/ecomp-sdk/epsdk-workflow/README.md
+++ b/ecomp-sdk/epsdk-workflow/README.md
@@ -11,6 +11,9 @@ schedulers, workflows and R Cloud integration.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- No changes
+
 Version 1.3.1, 15 October 2017
 - No changes
 
diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml
index 5a8ff45..9ac5f20 100644 (file)
--- a/ecomp-sdk/epsdk-workflow/pom.xml
+++ b/ecomp-sdk/epsdk-workflow/pom.xml
@@ -5,7 +5,7 @@
        <parent>
                <groupId>org.onap.portal.sdk</groupId>
                <artifactId>epsdk-project</artifactId>
-               <version>1.3.1</version>
+               <version>1.3.2</version>
        </parent>
        
        <!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml
index d6a0d98..f694c41 100644 (file)
--- a/ecomp-sdk/pom.xml
+++ b/ecomp-sdk/pom.xml
@@ -6,7 +6,7 @@
        <!-- ECOMP Portal SDK Maven parent project -->
        <groupId>org.onap.portal.sdk</groupId>
        <artifactId>epsdk-project</artifactId>
-       <version>1.3.1</version>
+       <version>1.3.2</version>
        <packaging>pom</packaging>
        <name>portal-sdk</name>
        <url>https://wiki.onap.org/display/DW/Portal</url>
ARCHIVED- 2022-02-15 at the request of the project