2 * ================================================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ================================================================================
21 package org.onap.portalapp.login;
23 import javax.servlet.http.Cookie;
24 import javax.servlet.http.HttpServletRequest;
25 import javax.servlet.http.HttpServletResponse;
27 import org.onap.portalsdk.core.auth.LoginStrategy;
28 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
29 import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
30 import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
31 import org.onap.portalsdk.core.onboarding.util.CipherUtil;
32 import org.onap.portalsdk.core.util.SystemProperties;
33 import org.springframework.web.servlet.ModelAndView;
36 * Implements basic single-signon login strategy for open-source applications
37 * when users start at Portal. Extracts an encrypted user ID sent by Portal.
39 public class LoginStrategyImpl extends LoginStrategy {
41 private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginStrategyImpl.class);
44 * login for open source is same as external login in the non-open-source
48 public ModelAndView doLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
49 return doExternalLogin(request, response);
53 public String getUserId(HttpServletRequest request) throws PortalAPIException {
54 // Check ECOMP Portal cookie
55 Cookie ep = getCookie(request, EP_SERVICE);
57 logger.debug(EELFLoggerDelegate.debugLogger, "getUserId: no EP_SERVICE cookie, returning null");
63 userid = getUserIdFromCookie(request);
64 } catch (Exception e) {
65 logger.error(EELFLoggerDelegate.errorLogger, "getUserId failed", e);
71 * Searches the request for the user-ID cookie and decrypts the value using a
72 * key configured in properties
77 * @throws CipherUtilException
78 * On any failure to decrypt
80 @SuppressWarnings("deprecation")
81 private String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException {
83 Cookie userIdCookie = getCookie(request, USER_ID);
84 if (userIdCookie != null) {
85 final String cookieValue = userIdCookie.getValue();
86 if (!SystemProperties.containsProperty(SystemProperties.Decryption_Key))
87 throw new IllegalStateException("Failed to find property " + SystemProperties.Decryption_Key);
88 final String decryptionKey = SystemProperties.getProperty(SystemProperties.Decryption_Key);
89 userId = CipherUtil.decrypt(cookieValue, decryptionKey);
90 logger.debug(EELFLoggerDelegate.debugLogger, "getUserIdFromCookie: decrypted as {}", userId);
96 * Searches the request for the named cookie.
101 * Name of desired cookie
102 * @return Cookie if found; otherwise null.
104 private Cookie getCookie(HttpServletRequest request, String cookieName) {
105 Cookie[] cookies = request.getCookies();
107 for (Cookie cookie : cookies)
108 if (cookie.getName().equals(cookieName))