2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ===================================================================
8 * Unless otherwise specified, all software contained herein is licensed
9 * under the Apache License, Version 2.0 (the "License");
10 * you may not use this software except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * Unless otherwise specified, all documentation contained herein is licensed
22 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23 * you may not use this documentation except in compliance with the License.
24 * You may obtain a copy of the License at
26 * https://creativecommons.org/licenses/by/4.0/
28 * Unless required by applicable law or agreed to in writing, documentation
29 * distributed under the License is distributed on an "AS IS" BASIS,
30 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31 * See the License for the specific language governing permissions and
32 * limitations under the License.
34 * ============LICENSE_END============================================
38 package org.onap.portalapp.portal.service;
40 import java.io.IOException;
41 import java.util.ArrayList;
42 import java.util.HashMap;
43 import java.util.HashSet;
44 import java.util.Iterator;
45 import java.util.List;
48 import java.util.SortedSet;
49 import java.util.TreeSet;
50 import java.util.stream.Collectors;
52 import org.apache.commons.codec.DecoderException;
53 import org.hibernate.Query;
54 import org.hibernate.Session;
55 import org.hibernate.SessionFactory;
56 import org.hibernate.Transaction;
57 import org.hibernate.criterion.Criterion;
58 import org.hibernate.criterion.Restrictions;
59 import org.json.JSONArray;
60 import org.json.JSONObject;
61 import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
62 import org.onap.portalapp.portal.domain.CentralizedApp;
63 import org.onap.portalapp.portal.domain.EPApp;
64 import org.onap.portalapp.portal.domain.EPAppRoleFunction;
65 import org.onap.portalapp.portal.domain.EPRole;
66 import org.onap.portalapp.portal.domain.EPUser;
67 import org.onap.portalapp.portal.domain.EPUserApp;
68 import org.onap.portalapp.portal.domain.ExternalRoleDetails;
69 import org.onap.portalapp.portal.ecomp.model.UploadRoleFunctionExtSystem;
70 import org.onap.portalapp.portal.exceptions.DeleteDomainObjectFailedException;
71 import org.onap.portalapp.portal.exceptions.ExternalAuthSystemException;
72 import org.onap.portalapp.portal.exceptions.InactiveApplicationException;
73 import org.onap.portalapp.portal.exceptions.InvalidApplicationException;
74 import org.onap.portalapp.portal.exceptions.InvalidUserException;
75 import org.onap.portalapp.portal.exceptions.RoleFunctionException;
76 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
77 import org.onap.portalapp.portal.logging.aop.EPMetricsLog;
78 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
79 import org.onap.portalapp.portal.transport.*;
80 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
81 import org.onap.portalapp.portal.utils.EcompPortalUtils;
82 import org.onap.portalapp.portal.utils.PortalConstants;
83 import org.onap.portalapp.util.EPUserUtils;
84 import org.onap.portalsdk.core.domain.Role;
85 import org.onap.portalsdk.core.domain.RoleFunction;
86 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
87 import org.onap.portalsdk.core.restful.domain.EcompRole;
88 import org.onap.portalsdk.core.restful.domain.EcompRoleFunction;
89 import org.onap.portalsdk.core.restful.domain.EcompUser;
90 import org.onap.portalsdk.core.service.DataAccessService;
91 import org.onap.portalsdk.core.util.SystemProperties;
92 import org.springframework.beans.factory.annotation.Autowired;
93 import org.springframework.context.annotation.EnableAspectJAutoProxy;
94 import org.springframework.http.HttpEntity;
95 import org.springframework.http.HttpHeaders;
96 import org.springframework.http.HttpMethod;
97 import org.springframework.http.HttpStatus;
98 import org.springframework.http.ResponseEntity;
99 import org.springframework.stereotype.Service;
100 import org.springframework.transaction.annotation.Transactional;
101 import org.springframework.web.client.HttpClientErrorException;
102 import org.springframework.web.client.RestTemplate;
104 import com.fasterxml.jackson.core.JsonProcessingException;
105 import com.fasterxml.jackson.databind.DeserializationFeature;
106 import com.fasterxml.jackson.databind.ObjectMapper;
107 import com.fasterxml.jackson.databind.type.TypeFactory;
109 @Service("externalAccessRolesService")
110 @EnableAspectJAutoProxy
113 public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesService {
114 private static final String APP_ROLE_NAME_PARAM = "appRoleName";
115 private static final String GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM = "getRoletoUpdateInExternalAuthSystem";
116 private static final String GET_PORTAL_APP_ROLES_QUERY = "getPortalAppRoles";
117 private static final String GET_ROLE_FUNCTION_QUERY = "getRoleFunction";
118 private static final String FUNCTION_CODE_PARAMS = "functionCode";
119 private static final String AND_FUNCTION_CD_EQUALS = " and function_cd = '";
120 private static final String OWNER = ".owner";
121 private static final String ADMIN = ".admin";
122 private static final String ACCOUNT_ADMINISTRATOR = ".Account_Administrator";
123 private static final String FUNCTION_PIPE = "|";
124 private static final String EXTERNAL_AUTH_PERMS = "perms";
125 private static final String EXTERNAL_AUTH_ROLE_DESCRIPTION = "description";
126 private static final String IS_EMPTY_JSON_STRING = "{}";
127 private static final String CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE = "Connecting to External Auth system";
128 private static final String APP_ID = "appId";
129 private static final String ROLE_NAME = "name";
130 private static final String APP_ID_EQUALS = " app_id = ";
131 private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesServiceImpl.class);
133 private DataAccessService dataAccessService;
135 private EPAppService epAppService;
137 private SessionFactory sessionFactory;
139 EPRoleService ePRoleService;
140 RestTemplate template = new RestTemplate();
141 // These decode values are based on HexDecoder
142 static final String decodeValueOfForwardSlash = "2f";
143 static final String decodeValueOfHiphen = "2d";
144 static final String decodeValueOfStar = "2a";
146 @SuppressWarnings("unchecked")
148 public List<EPRole> getAppRoles(Long appId) throws Exception {
149 List<EPRole> applicationRoles = null;
150 final Map<String, Long> appParams = new HashMap<>();
153 applicationRoles = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null);
155 appParams.put("appId", appId);
156 applicationRoles = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
158 } catch (Exception e) {
159 logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e);
162 return applicationRoles;
165 @SuppressWarnings("unchecked")
167 public List<EPApp> getApp(String uebkey) throws Exception {
168 List<EPApp> app = null;
170 final Map<String, String> appUebkeyParams = new HashMap<>();
171 appUebkeyParams.put("appKey", uebkey);
172 app = dataAccessService.executeNamedQuery("getMyAppDetailsByUebKey", appUebkeyParams, null);
173 if (!app.isEmpty() && !app.get(0).getEnabled()
174 && !app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
175 throw new InactiveApplicationException("Application:" + app.get(0).getName() + " is Unavailable");
177 } catch (Exception e) {
178 logger.error(EELFLoggerDelegate.errorLogger, "getApp: failed", e);
185 * It returns single application role from external auth system
189 * @return JSON string which contains application role details
192 private String getSingleAppRole(String addRole, EPApp app) throws Exception {
193 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
194 HttpEntity<String> entity = new HttpEntity<>(headers);
195 ResponseEntity<String> response = null;
196 logger.debug(EELFLoggerDelegate.debugLogger, "getSingleAppRole: Connecting to External Auth system");
197 response = template.exchange(
198 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/"
199 + app.getNameSpace() + "." + addRole
200 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
201 HttpMethod.GET, entity, String.class);
202 logger.debug(EELFLoggerDelegate.debugLogger,
203 "getSingleAppRole: Finished GET app role from External Auth system and status code: {} ",
204 response.getStatusCode().value());
205 return response.getBody();
209 public boolean addRole(Role addRole, String uebkey) throws Exception {
210 boolean response = false;
211 ResponseEntity<String> addResponse = null;
212 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
213 EPApp app = getApp(uebkey).get(0);
214 String newRole = updateExistingRoleInExternalSystem(addRole, app);
215 HttpEntity<String> entity = new HttpEntity<>(newRole, headers);
216 logger.debug(EELFLoggerDelegate.debugLogger, "addRole: Connecting to External Auth system");
217 addResponse = template.exchange(
218 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
219 HttpMethod.POST, entity, String.class);
220 if (addResponse.getStatusCode().value() == 201) {
222 logger.debug(EELFLoggerDelegate.debugLogger,
223 "addRole: Finished adding role in the External Auth system and response code: {} ",
224 addResponse.getStatusCode().value());
226 if (addResponse.getStatusCode().value() == 406) {
227 logger.error(EELFLoggerDelegate.errorLogger,
228 "addRole: Failed to add in the External Auth system due to {} and status code: {}",
229 addResponse.getBody(), addResponse.getStatusCode().value());
236 * It deletes record in external auth system
239 * @return JSON String which has status code and response body
242 private ResponseEntity<String> deleteRoleInExternalSystem(String delRole) throws Exception {
243 ResponseEntity<String> delResponse = null;
244 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
245 HttpEntity<String> entity = new HttpEntity<>(delRole, headers);
246 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleInExternalSystem: {} for DELETE: {}",
247 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, delRole);
248 delResponse = template.exchange(
249 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role?force=true",
250 HttpMethod.DELETE, entity, String.class);
251 logger.debug(EELFLoggerDelegate.debugLogger,
252 "deleteRoleInExternalSystem: Finished DELETE operation in the External Auth system {} and status code: {} ",
253 delRole, delResponse.getStatusCode().value());
258 * It updates role in external auth system
260 * @param updateExtRole
262 * @return true if success else false
263 * @throws Exception If updateRoleInExternalSystem fails we catch it in logger
266 private boolean updateRoleInExternalSystem(Role updateExtRole, EPApp app, boolean isGlobalRole) throws Exception {
267 boolean response = false;
268 ObjectMapper mapper = new ObjectMapper();
269 ResponseEntity<String> deleteResponse = null;
270 List<EPRole> epRoleList = null;
271 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)
272 || (isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
273 epRoleList = getPortalAppRoleInfo(updateExtRole.getId());
275 epRoleList = getPartnerAppRoleInfo(updateExtRole.getId(), app);
277 // Assigning functions to global role
278 if ((isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
279 List<RoleFunction> globalRoleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole);
280 EPApp portalAppInfo = epAppService.getApp(PortalConstants.PORTAL_APP_ID);
281 addFunctionsTOGlobalRole(epRoleList, updateExtRole, globalRoleFunctionListNew, mapper, app, portalAppInfo);
284 String appRole = getSingleAppRole(epRoleList.get(0).getName(), app);
285 List<RoleFunction> roleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole);
286 if (!appRole.equals(IS_EMPTY_JSON_STRING)) {
287 JSONObject jsonObj = new JSONObject(appRole);
288 JSONArray extRole = jsonObj.getJSONArray("role");
289 if (!extRole.getJSONObject(0).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) {
290 String roleName = extRole.getJSONObject(0).getString(ROLE_NAME);
291 Map<String, String> delRoleKeyMapper = new HashMap<>();
292 delRoleKeyMapper.put(ROLE_NAME, roleName);
293 String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper);
294 deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue);
295 if (deleteResponse.getStatusCode().value() != 200) {
296 throw new ExternalAuthSystemException(deleteResponse.getBody());
298 addRole(updateExtRole, app.getUebKey());
300 String desc = extRole.getJSONObject(0).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
301 String name = extRole.getJSONObject(0).getString(ROLE_NAME);
302 List<ExternalAccessPerms> list = new ArrayList<>();
303 if (extRole.getJSONObject(0).has(EXTERNAL_AUTH_PERMS)) {
304 JSONArray perms = extRole.getJSONObject(0).getJSONArray(EXTERNAL_AUTH_PERMS);
305 list = mapper.readValue(perms.toString(), TypeFactory.defaultInstance()
306 .constructCollectionType(List.class, ExternalAccessPerms.class));
308 // If role name or role functions are updated then delete
309 // record in External System and add new record to avoid
311 boolean isRoleNameChanged = false;
312 if (!desc.equals(updateExtRole.getName())) {
313 isRoleNameChanged = true;
314 deleteRoleInExtSystem(mapper, name);
315 addRole(updateExtRole, app.getUebKey());
316 // add partner functions to the global role in External
318 if (!list.isEmpty() && isGlobalRole) {
319 addPartnerHasRoleFunctionsToGlobalRole(list, mapper, app, updateExtRole);
322 perm -> EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace()));
323 // if role name is changes please ignore the previous
324 // functions in External Auth
325 // and update with user requested functions
326 addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, list);
328 // Delete role in External System if role is inactive
329 if (!updateExtRole.getActive()) {
330 deleteRoleInExtSystem(mapper, name);
332 if (!isRoleNameChanged) {
333 response = addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name,
338 // It seems like role exists in local DB but not in External
340 if (updateExtRole.getActive()) {
341 addRole(updateExtRole, app.getUebKey());
342 ExternalAccessRolePerms extAddRolePerms = null;
343 ExternalAccessPerms extAddPerms = null;
344 List<RoleFunction> roleFunctionListAdd = convertSetToListOfRoleFunctions(updateExtRole);
345 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
346 for (RoleFunction roleFunc : roleFunctionListAdd) {
347 extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + roleFunc.getType(),
348 roleFunc.getCode(), roleFunc.getAction());
349 extAddRolePerms = new ExternalAccessRolePerms(extAddPerms,
350 app.getNameSpace() + "." + updateExtRole.getName().replaceAll(
351 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
352 response = addRoleFuncExtSysRestAPI(mapper, extAddRolePerms, headers);
360 private void deleteRoleInExtSystem(ObjectMapper mapper, String name)
361 throws JsonProcessingException, Exception, ExternalAuthSystemException {
362 ResponseEntity<String> deleteResponse;
363 Map<String, String> delRoleKeyMapper = new HashMap<>();
364 delRoleKeyMapper.put(ROLE_NAME, name);
365 String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper);
366 deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue);
367 if (deleteResponse.getStatusCode().value() != 200) {
368 logger.error(EELFLoggerDelegate.errorLogger,
369 "updateRoleInExternalSystem: Failed to delete role in external system due to {} ",
370 deleteResponse.getBody());
371 throw new ExternalAuthSystemException(deleteResponse.getBody());
375 private boolean addRemoveFunctionsToRole(Role updateExtRole, EPApp app, ObjectMapper mapper,
376 List<RoleFunction> roleFunctionListNew, String name, List<ExternalAccessPerms> list) throws Exception {
378 Map<String, RoleFunction> updateRoleFunc = new HashMap<>();
379 for (RoleFunction addPerm : roleFunctionListNew) {
380 updateRoleFunc.put(addPerm.getCode(), addPerm);
382 final Map<String, ExternalAccessPerms> extRolePermMap = new HashMap<>();
383 final Map<String, ExternalAccessPerms> extRolePermMapPipes = new HashMap<>();
384 list.removeIf(perm -> !EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace()));
385 // Update permissions in the ExternalAccess System
386 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
387 if (!list.isEmpty()) {
388 for (ExternalAccessPerms perm : list) {
389 RoleFunction roleFunc = updateRoleFunc.get(perm.getType().substring(app.getNameSpace().length() + 1)
390 + FUNCTION_PIPE + perm.getInstance() + FUNCTION_PIPE + perm.getAction());
391 if (roleFunc == null) {
392 RoleFunction roleFuncPipeFilter = updateRoleFunc.get(perm.getInstance());
393 if (roleFuncPipeFilter == null)
394 removePermForRole(perm, mapper, name, headers);
396 extRolePermMap.put(perm.getInstance(), perm);
397 extRolePermMapPipes.put(perm.getType().substring(app.getNameSpace().length() + 1) + FUNCTION_PIPE
398 + perm.getInstance() + FUNCTION_PIPE + perm.getAction(), perm);
402 if (!roleFunctionListNew.isEmpty()) {
403 for (RoleFunction roleFunc : roleFunctionListNew) {
404 if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
405 ExternalAccessPerms perm = extRolePermMapPipes.get(roleFunc.getCode());
407 response = addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers,
411 if (!extRolePermMap.containsKey(EcompPortalUtils.getFunctionCode(roleFunc.getCode()))) {
412 response = addFunctionsToRoleInExternalAuthSystem(updateExtRole, app, mapper, headers,
422 * Adds function to the role in the external auth system while editing a role or
423 * updating new functions to a role
426 private boolean addFunctionsToRoleInExternalAuthSystem(Role updateExtRole, EPApp app, ObjectMapper mapper,
427 HttpHeaders headers, RoleFunction roleFunc) throws JsonProcessingException {
429 ExternalAccessRolePerms extRolePerms;
430 ExternalAccessPerms extPerms;
434 if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
435 code = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
436 type = EcompPortalUtils.getFunctionType(roleFunc.getCode());
437 action = getFunctionCodeAction(roleFunc.getCode());
439 code = roleFunc.getCode();
440 type = roleFunc.getCode().contains("menu") ? "menu" : "url";
443 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action);
444 extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + updateExtRole.getName()
445 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
446 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
447 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
448 logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: {} for POST: {}",
449 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
450 ResponseEntity<String> addResponse = template.exchange(
451 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
452 HttpMethod.POST, entity, String.class);
453 if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) {
455 logger.debug(EELFLoggerDelegate.debugLogger,
456 "updateRoleInExternalSystem: Connected to External Auth system but something went wrong! due to {} and statuscode: {}",
457 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
460 logger.debug(EELFLoggerDelegate.debugLogger,
461 "updateRoleInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ",
462 updateRolePerms, addResponse.getStatusCode().value());
467 private void addPartnerHasRoleFunctionsToGlobalRole(List<ExternalAccessPerms> permslist, ObjectMapper mapper,
468 EPApp app, Role updateExtRole) throws Exception {
469 for (ExternalAccessPerms perm : permslist) {
470 if (!EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace())) {
471 ExternalAccessRolePerms extAddGlobalRolePerms = null;
472 ExternalAccessPerms extAddPerms = null;
473 extAddPerms = new ExternalAccessPerms(perm.getType(), perm.getInstance(), perm.getAction());
474 extAddGlobalRolePerms = new ExternalAccessRolePerms(extAddPerms,
475 app.getNameSpace() + "." + updateExtRole.getName().replaceAll(
476 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
477 String addPerms = mapper.writeValueAsString(extAddGlobalRolePerms);
478 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
479 HttpEntity<String> entity = new HttpEntity<>(addPerms, headers);
480 logger.debug(EELFLoggerDelegate.debugLogger, "addPartnerHasRoleFunctionsToGlobalRole: {} ",
481 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
483 ResponseEntity<String> addResponse = template
484 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
485 + "role/perm", HttpMethod.POST, entity, String.class);
486 if (addResponse.getStatusCode().value() != 201) {
487 logger.debug(EELFLoggerDelegate.debugLogger,
488 "addPartnerHasRoleFunctionsToGlobalRole: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}",
489 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
491 logger.debug(EELFLoggerDelegate.debugLogger,
492 "addPartnerHasRoleFunctionsToGlobalRole: Finished adding permissions to roles in External Auth system and status code: {} ",
493 addResponse.getStatusCode().value());
495 } catch (Exception e) {
496 logger.error(EELFLoggerDelegate.errorLogger,
497 "addPartnerHasRoleFunctionsToGlobalRole: Failed for POST request: {} due to ", addPerms, e);
503 @SuppressWarnings("unchecked")
504 private void addFunctionsTOGlobalRole(List<EPRole> epRoleList, Role updateExtRole,
505 List<RoleFunction> roleFunctionListNew, ObjectMapper mapper, EPApp app, EPApp portalAppInfo)
508 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addFunctionsTOGlobalRole");
509 // GET Permissions from External Auth System
510 JSONArray extPerms = getExtAuthPermissions(app);
511 List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms);
512 final Map<String, ExternalAccessPermsDetail> existingPermsWithRoles = new HashMap<>();
513 final Map<String, ExternalAccessPermsDetail> existingPermsWithRolesWithPipes = new HashMap<>();
514 final Map<String, RoleFunction> userRquestedFunctionsMap = new HashMap<>();
515 final Map<String, RoleFunction> userRquestedFunctionsMapPipesFilter = new HashMap<>();
516 for (ExternalAccessPermsDetail permDetail : permsDetailList) {
517 existingPermsWithRoles.put(EcompPortalUtils.getFunctionCode(permDetail.getInstance()), permDetail);
518 existingPermsWithRolesWithPipes.put(permDetail.getInstance(), permDetail);
520 // Add If function does not exists for role in External Auth System
521 for (RoleFunction roleFunc : roleFunctionListNew) {
522 String roleFuncCode = "";
523 ExternalAccessPermsDetail permsDetail;
524 if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
525 roleFuncCode = roleFunc.getCode();
526 permsDetail = existingPermsWithRolesWithPipes.get(roleFunc.getCode());
528 roleFuncCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
529 permsDetail = existingPermsWithRoles.get(roleFuncCode);
531 if (null == permsDetail.getRoles()
532 || !permsDetail.getRoles()
533 .contains(portalAppInfo.getNameSpace() + FUNCTION_PIPE
534 + epRoleList.get(0).getName().replaceAll(
535 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS,
537 addRoleFunctionsToGlobalRoleInExternalSystem(roleFunc, updateExtRole, mapper, app, portalAppInfo);
539 userRquestedFunctionsMap.put(roleFuncCode, roleFunc);
540 userRquestedFunctionsMapPipesFilter.put(EcompPortalUtils.getFunctionCode(roleFuncCode), roleFunc);
542 // Delete functions if exists in External Auth System but not in
545 final Map<String, Long> epAppRoleFuncParams = new HashMap<>();
546 epAppRoleFuncParams.put("requestedAppId", app.getId());
547 epAppRoleFuncParams.put("roleId", updateExtRole.getId());
548 List<GlobalRoleWithApplicationRoleFunction> globalRoleFunctionList = dataAccessService
549 .executeNamedQuery("getGlobalRoleForRequestedApp", epAppRoleFuncParams, null);
550 for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFunctionList) {
551 String globalRoleFuncWithoutPipes = "";
552 RoleFunction roleFunc = null;
553 if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) {
554 globalRoleFuncWithoutPipes = globalRoleFunc.getFunctionCd();
555 roleFunc = userRquestedFunctionsMap.get(globalRoleFuncWithoutPipes);
557 globalRoleFuncWithoutPipes = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd());
558 roleFunc = userRquestedFunctionsMapPipesFilter.get(globalRoleFuncWithoutPipes);
560 if (roleFunc == null) {
561 ExternalAccessPermsDetail permDetailFromMap = globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)
562 ? existingPermsWithRolesWithPipes.get(globalRoleFuncWithoutPipes)
563 : existingPermsWithRoles.get(globalRoleFuncWithoutPipes);
564 ExternalAccessPerms perm = new ExternalAccessPerms(permDetailFromMap.getType(),
565 EcompPortalUtils.getFunctionCode(permDetailFromMap.getInstance()),
566 permDetailFromMap.getAction());
567 String roleName = portalAppInfo.getNameSpace() + "." + globalRoleFunc.getRoleName()
568 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_");
569 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
570 removePermForRole(perm, mapper, roleName, headers);
573 logger.debug(EELFLoggerDelegate.debugLogger, "Finished addFunctionsTOGlobalRole");
574 } catch (Exception e) {
575 logger.error(EELFLoggerDelegate.errorLogger, "addFunctionsTOGlobalRole: Failed", e);
580 private void addRoleFunctionsToGlobalRoleInExternalSystem(RoleFunction addFunction, Role globalRole,
581 ObjectMapper mapper, EPApp app, EPApp portalAppInfo) throws Exception {
583 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addRoleFunctionsToGlobalRoleInExternalSystem");
584 ExternalAccessRolePerms extAddRolePerms = null;
585 ExternalAccessPerms extAddPerms = null;
586 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
590 if (addFunction.getCode().contains(FUNCTION_PIPE)) {
591 code = EcompPortalUtils.getFunctionCode(addFunction.getCode());
592 type = getFunctionCodeType(addFunction.getCode());
593 action = getFunctionCodeAction(addFunction.getCode());
595 code = addFunction.getCode();
596 type = addFunction.getCode().contains("menu") ? "menu" : "url";
599 extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action);
600 extAddRolePerms = new ExternalAccessRolePerms(extAddPerms, portalAppInfo.getNameSpace() + "." + globalRole
601 .getName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
602 String updateRolePerms = mapper.writeValueAsString(extAddRolePerms);
603 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
604 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} ",
605 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
606 ResponseEntity<String> addResponse = template.exchange(
607 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
608 HttpMethod.POST, entity, String.class);
609 if (addResponse.getStatusCode().value() != 201) {
610 logger.debug(EELFLoggerDelegate.debugLogger,
611 "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}",
612 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
614 logger.debug(EELFLoggerDelegate.debugLogger,
615 "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system and status code: {} ",
616 addResponse.getStatusCode().value());
618 logger.debug(EELFLoggerDelegate.debugLogger, "Finished addRoleFunctionsToGlobalRoleInExternalSystem");
619 } catch (Exception e) {
620 logger.error(EELFLoggerDelegate.errorLogger, "addRoleFunctionsToGlobalRoleInExternalSystem: Failed", e);
625 private boolean addRoleFuncExtSysRestAPI(ObjectMapper addPermsMapper, ExternalAccessRolePerms extAddRolePerms,
626 HttpHeaders headers) throws JsonProcessingException {
628 String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms);
629 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
630 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} for POST: {} ",
631 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
632 ResponseEntity<String> addResponse = template.exchange(
633 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
634 HttpMethod.POST, entity, String.class);
635 if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) {
637 logger.debug(EELFLoggerDelegate.debugLogger,
638 "addRoleFunctionsInExternalSystem: While adding permission to the role in External Auth system something went wrong! due to {} and statuscode: {}",
639 addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
642 logger.debug(EELFLoggerDelegate.debugLogger,
643 "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ",
644 updateRolePerms, addResponse.getStatusCode().value());
651 * It converts list of functions in updateExtRole parameter to the RoleFunction
654 * @param updateExtRole
655 * @return list of functions
657 @SuppressWarnings("unchecked")
658 private List<RoleFunction> convertSetToListOfRoleFunctions(Role updateExtRole) {
659 Set<RoleFunction> roleFunctionSetList = updateExtRole.getRoleFunctions();
660 List<RoleFunction> roleFunctionList = new ArrayList<>();
661 ObjectMapper roleFuncMapper = new ObjectMapper();
662 Iterator<RoleFunction> itetaror = roleFunctionSetList.iterator();
663 while (itetaror.hasNext()) {
664 Object nextValue = itetaror.next();
665 RoleFunction roleFunction = roleFuncMapper.convertValue(nextValue, RoleFunction.class);
666 roleFunctionList.add(roleFunction);
668 return roleFunctionList.stream().distinct().collect(Collectors.toList());
672 * It delete permissions/functions in the external auth system
678 * @throws JsonProcessingException
681 private void removePermForRole(ExternalAccessPerms perm, ObjectMapper permMapper, String name, HttpHeaders headers)
682 throws ExternalAuthSystemException, JsonProcessingException {
683 ExternalAccessRolePerms extAccessRolePerms = new ExternalAccessRolePerms(perm, name);
684 String permDetails = permMapper.writeValueAsString(extAccessRolePerms);
686 HttpEntity<String> deleteEntity = new HttpEntity<>(permDetails, headers);
687 logger.debug(EELFLoggerDelegate.debugLogger, "removePermForRole: {} for DELETE: {} ",
688 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, permDetails);
689 ResponseEntity<String> deletePermResponse = template
690 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
691 + "role/" + name + "/perm", HttpMethod.DELETE, deleteEntity, String.class);
692 if (deletePermResponse.getStatusCode().value() != 200) {
693 throw new ExternalAuthSystemException(deletePermResponse.getBody());
695 logger.debug(EELFLoggerDelegate.debugLogger,
696 "removePermForRole: Finished deleting permission to role in External Auth system: {} and status code: {}",
697 permDetails, deletePermResponse.getStatusCode().value());
698 } catch (Exception e) {
699 if (e.getMessage().contains("404")) {
700 logger.error(EELFLoggerDelegate.errorLogger, "Failed to add role for DELETE request: {} due to {}",
701 permDetails, e.getMessage());
709 * It will create new role in the External Auth System
713 * @return true if successfully added in the system else false
714 * @throws Exception If fails to add role in the system
716 private void addNewRoleInExternalSystem(List<EPRole> newRole, EPApp app)
717 throws Exception, HttpClientErrorException {
719 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
720 ObjectMapper mapper = new ObjectMapper();
721 String addNewRole = "";
722 ExternalAccessRole extRole = new ExternalAccessRole();
723 extRole.setName(app.getNameSpace() + "." + newRole.get(0).getName()
724 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
725 extRole.setDescription(String.valueOf(newRole.get(0).getName()));
726 addNewRole = mapper.writeValueAsString(extRole);
727 HttpEntity<String> postEntity = new HttpEntity<>(addNewRole, headers);
728 logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: {} for POST: {} ",
729 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addNewRole);
730 ResponseEntity<String> addNewRoleInExternalSystem = template.exchange(
731 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
732 HttpMethod.POST, postEntity, String.class);
733 if (addNewRoleInExternalSystem.getStatusCode().value() == 201) {
734 logger.debug(EELFLoggerDelegate.debugLogger,
735 "addNewRoleInExternalSystem: Finished adding into External Auth system for POST: {} and status code: {}",
736 addNewRole, addNewRoleInExternalSystem.getStatusCode().value());
738 } catch (HttpClientErrorException ht) {
739 dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + newRole.get(0).getId(), null);
740 logger.error(EELFLoggerDelegate.debugLogger,
741 "addNewRoleInExternalSystem: Failed to add in External Auth system and status code: {}", ht);
742 throw new HttpClientErrorException(ht.getStatusCode());
748 * It updates existing role in the External Auth System
750 * @param addRole It Contains role information
752 * @return string which is formatted to match with the external auth system
753 * @throws JsonProcessingException
755 private String updateExistingRoleInExternalSystem(Role addRole, EPApp app) throws JsonProcessingException {
756 ObjectMapper mapper = new ObjectMapper();
757 String addNewRole = "";
758 ExternalAccessRole extRole = new ExternalAccessRole();
759 extRole.setName(app.getNameSpace() + "." + addRole.getName()
760 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
761 extRole.setDescription(String.valueOf(addRole.getName()));
762 addNewRole = mapper.writeValueAsString(extRole);
767 * It create a role in the external auth system and then in our local
771 * @return true else false
774 @SuppressWarnings("unchecked")
775 @Transactional(rollbackFor = Exception.class)
776 public boolean addRoleInEcompDB(Role addRoleInDB, EPApp app) throws Exception {
777 boolean result = false;
778 EPRole epRole = null;
779 Set<RoleFunction> roleFunctionList = addRoleInDB.getRoleFunctions();
780 List<RoleFunction> roleFunctionListNew = new ArrayList<>();
781 ObjectMapper mapper = new ObjectMapper();
782 Iterator<RoleFunction> itetaror = roleFunctionList.iterator();
783 while (itetaror.hasNext()) {
784 Object nextValue = itetaror.next();
785 RoleFunction roleFunction = mapper.convertValue(nextValue, RoleFunction.class);
786 roleFunctionListNew.add(roleFunction);
788 List<RoleFunction> listWithoutDuplicates = roleFunctionListNew.stream().distinct().collect(Collectors.toList());
790 if (addRoleInDB.getId() == null) { // check if it is new role
791 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
792 checkIfRoleExitsInExternalSystem(addRoleInDB, app);
794 EPRole epRoleNew = new EPRole();
795 epRoleNew.setActive(addRoleInDB.getActive());
796 epRoleNew.setName(addRoleInDB.getName());
797 epRoleNew.setPriority(addRoleInDB.getPriority());
798 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
799 epRoleNew.setAppId(null);
801 epRoleNew.setAppId(app.getId());
803 dataAccessService.saveDomainObject(epRoleNew, null);
804 List<EPRole> getRoleCreated = null;
805 final Map<String, String> epAppRoleParams = new HashMap<>();
806 final Map<String, String> epAppPortalRoleParams = new HashMap<>();
807 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
808 epAppRoleParams.put("appId", String.valueOf(app.getId()));
809 epAppRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName());
810 List<EPRole> roleCreated = dataAccessService
811 .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, epAppRoleParams, null);
812 EPRole epUpdateRole = roleCreated.get(0);
813 epUpdateRole.setAppRoleId(epUpdateRole.getId());
814 dataAccessService.saveDomainObject(epUpdateRole, null);
815 getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
816 epAppRoleParams, null);
818 epAppPortalRoleParams.put(APP_ROLE_NAME_PARAM, addRoleInDB.getName());
819 getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY,
820 epAppPortalRoleParams, null);
822 // Add role in External Auth system
823 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
824 addNewRoleInExternalSystem(getRoleCreated, app);
827 } else { // if role already exists then update it
828 EPRole globalRole = null;
829 List<EPRole> applicationRoles;
830 List<EPRole> globalRoleList = getGlobalRolesOfPortal();
831 boolean isGlobalRole = false;
832 if (!globalRoleList.isEmpty()) {
833 EPRole role = globalRoleList.stream().filter(x -> addRoleInDB.getId().equals(x.getId())).findAny()
840 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)
841 || (globalRole != null && app.getId() != globalRole.getAppId())) {
842 applicationRoles = getPortalAppRoleInfo(addRoleInDB.getId());
844 applicationRoles = getPartnerAppRoleInfo(addRoleInDB.getId(), app);
846 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
847 updateRoleInExternalSystem(addRoleInDB, app, isGlobalRole);
848 // Add all user to the re-named role in external auth system
849 if (!applicationRoles.isEmpty()
850 && !addRoleInDB.getName().equals(applicationRoles.get(0).getName())) {
851 bulkUploadUsersSingleRole(app.getUebKey(), applicationRoles.get(0).getId(),
852 addRoleInDB.getName());
855 deleteRoleFunction(app, applicationRoles);
856 if (!applicationRoles.isEmpty()) {
857 epRole = applicationRoles.get(0);
858 epRole.setName(addRoleInDB.getName());
859 epRole.setPriority(addRoleInDB.getPriority());
860 epRole.setActive(addRoleInDB.getActive());
861 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
862 epRole.setAppId(null);
863 epRole.setAppRoleId(null);
864 } else if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)
865 && applicationRoles.get(0).getAppRoleId() == null) {
866 epRole.setAppRoleId(epRole.getId());
868 dataAccessService.saveDomainObject(epRole, null);
870 Long roleAppId = null;
871 if (globalRole != null && !app.getId().equals(globalRole.getAppId()))
872 roleAppId = PortalConstants.PORTAL_APP_ID;
873 saveRoleFunction(listWithoutDuplicates, app, applicationRoles, roleAppId);
876 } catch (Exception e) {
877 logger.error(EELFLoggerDelegate.errorLogger, "addRoleInEcompDB is failed", e);
885 * It validates whether role exists in external auth system
889 * @throws Exception If role exits
891 private void checkIfRoleExitsInExternalSystem(Role checkRole, EPApp app) throws Exception {
892 getNameSpaceIfExists(app);
893 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
894 String roleName = app.getNameSpace() + "." + checkRole.getName()
895 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_");
896 HttpEntity<String> checkRoleEntity = new HttpEntity<>(headers);
897 logger.debug(EELFLoggerDelegate.debugLogger, "checkIfRoleExitsInExternalSystem: {} ",
898 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
899 ResponseEntity<String> checkRoleInExternalSystem = template
900 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "roles/"
901 + roleName, HttpMethod.GET, checkRoleEntity, String.class);
902 if (!checkRoleInExternalSystem.getBody().equals(IS_EMPTY_JSON_STRING)) {
904 "checkIfRoleExitsInExternalSystem: Role already exists in external system {} and status code: {} ",
905 checkRoleInExternalSystem.getBody(), checkRoleInExternalSystem.getStatusCode().value());
906 throw new ExternalAuthSystemException(" Role already exists in external system");
911 * It saves list of functions to the role in portal
913 * @param roleFunctionListNew
915 * @param applicationRoles
918 @SuppressWarnings("unchecked")
919 private void saveRoleFunction(List<RoleFunction> roleFunctionListNew, EPApp app, List<EPRole> applicationRoles,
920 Long roleAppId) throws Exception {
921 final Map<String, String> getAppFunctionParams = new HashMap<>();
922 for (RoleFunction roleFunc : roleFunctionListNew) {
923 String code = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
924 EPAppRoleFunction appRoleFunc = new EPAppRoleFunction();
925 appRoleFunc.setAppId(app.getId());
926 appRoleFunc.setRoleId(applicationRoles.get(0).getId());
927 appRoleFunc.setRoleAppId(String.valueOf(roleAppId));
928 getAppFunctionParams.put("appId", String.valueOf(app.getId()));
929 getAppFunctionParams.put(FUNCTION_CODE_PARAMS, roleFunc.getCode());
930 // query to check if function code has pipes
931 List<CentralV2RoleFunction> roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY,
932 getAppFunctionParams, null);
933 if (roleFunction.isEmpty()) {
934 getAppFunctionParams.put(FUNCTION_CODE_PARAMS, code);
935 roleFunction = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, getAppFunctionParams, null);
937 if (roleFunction.size() > 1) {
938 CentralV2RoleFunction getExactFunctionCode = appFunctionListFilter(code, roleFunction);
939 appRoleFunc.setCode(getExactFunctionCode.getCode());
941 appRoleFunc.setCode(roleFunction.get(0).getCode());
943 dataAccessService.saveDomainObject(appRoleFunc, null);
949 * It filters the app functions which starts with similar name in the result set
952 * @param roleFunction
953 * @return CentralRoleFunction
955 private CentralV2RoleFunction appFunctionListFilter(String roleFuncCode, List<CentralV2RoleFunction> roleFunction) {
956 final Map<String, CentralV2RoleFunction> appFunctionsFilter = new HashMap<>();
957 final Map<String, CentralV2RoleFunction> appFunctionsFilterPipes = new HashMap<>();
958 CentralV2RoleFunction getExactFunctionCode = null;
959 for (CentralV2RoleFunction cenRoleFunction : roleFunction) {
960 appFunctionsFilter.put(cenRoleFunction.getCode(), cenRoleFunction);
961 appFunctionsFilterPipes.put(EcompPortalUtils.getFunctionCode(cenRoleFunction.getCode()), cenRoleFunction);
963 getExactFunctionCode = appFunctionsFilter.get(roleFuncCode);
964 if (getExactFunctionCode == null) {
965 getExactFunctionCode = appFunctionsFilterPipes.get(roleFuncCode);
967 return getExactFunctionCode;
971 * It deletes all EPAppRoleFunction records in the portal
976 @SuppressWarnings("unchecked")
977 private void deleteRoleFunction(EPApp app, List<EPRole> role) {
978 final Map<String, Long> appRoleFuncsParams = new HashMap<>();
979 appRoleFuncsParams.put("appId", app.getId());
980 appRoleFuncsParams.put("roleId", role.get(0).getId());
981 List<EPAppRoleFunction> appRoleFunctionList = dataAccessService
982 .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null);
983 if (!appRoleFunctionList.isEmpty()) {
984 for (EPAppRoleFunction approleFunction : appRoleFunctionList) {
985 dataAccessService.deleteDomainObject(approleFunction, null);
991 @SuppressWarnings("unchecked")
992 public List<EPUser> getUser(String loginId) throws InvalidUserException {
993 final Map<String, String> userParams = new HashMap<>();
994 userParams.put("org_user_id", loginId);
995 List<EPUser> userList = dataAccessService.executeNamedQuery("getEPUserByOrgUserId", userParams, null);
996 if (userList.isEmpty()) {
997 throw new InvalidUserException("User not found");
1003 public String getV2UserWithRoles(String loginId, String uebkey) throws Exception {
1004 final Map<String, String> params = new HashMap<>();
1005 List<EPUser> userList = null;
1006 CentralV2User cenV2User = null;
1007 String result = null;
1009 params.put("orgUserIdValue", loginId);
1010 List<EPApp> appList = getApp(uebkey);
1011 if (!appList.isEmpty()) {
1012 userList = getUser(loginId);
1013 if (!userList.isEmpty()) {
1014 ObjectMapper mapper = new ObjectMapper();
1015 cenV2User = getV2UserAppRoles(loginId, uebkey);
1016 result = mapper.writeValueAsString(cenV2User);
1017 } else if (userList.isEmpty()) {
1018 throw new InvalidUserException("User not found");
1021 throw new InactiveApplicationException("Application not found");
1023 } catch (Exception e) {
1024 logger.error(EELFLoggerDelegate.errorLogger, "getUser: failed", e);
1031 public List<CentralV2Role> getRolesForApp(String uebkey) throws Exception {
1032 logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Entering into getRolesForApp");
1033 List<CentralV2Role> roleList = new ArrayList<>();
1034 final Map<String, Long> params = new HashMap<>();
1036 List<EPApp> app = getApp(uebkey);
1037 List<EPRole> appRolesList = getAppRoles(app.get(0).getId());
1038 roleList = createCentralRoleObject(app, appRolesList, roleList, params);
1039 if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) {
1040 List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId());
1041 List<EPRole> globalRolesList = getGlobalRolesOfPortal();
1042 List<CentralV2Role> portalsGlobalRolesFinlaList = new ArrayList<>();
1043 if (!globalRolesList.isEmpty()) {
1044 for (EPRole eprole : globalRolesList) {
1045 CentralV2Role cenRole = convertRoleToCentralV2Role(eprole);
1046 portalsGlobalRolesFinlaList.add(cenRole);
1048 roleList.addAll(globalRoleList);
1049 for (CentralV2Role role : portalsGlobalRolesFinlaList) {
1050 CentralV2Role result = roleList.stream().filter(x -> role.getId().equals(x.getId())).findAny()
1056 for (EPRole role : globalRolesList) {
1057 CentralV2Role cenRole = convertRoleToCentralV2Role(role);
1058 roleList.add(cenRole);
1062 } catch (Exception e) {
1063 logger.error(EELFLoggerDelegate.errorLogger, "getRolesForApp: Failed!", e);
1066 logger.debug(EELFLoggerDelegate.debugLogger, "getRolesForApp: Finished!");
1067 return roleList.stream().distinct().collect(Collectors.toList());
1070 @SuppressWarnings("unchecked")
1072 public List<CentralV2RoleFunction> getRoleFuncList(String uebkey) throws Exception {
1073 EPApp app = getApp(uebkey).get(0);
1074 List<CentralV2RoleFunction> finalRoleList = new ArrayList<>();
1075 final Map<String, Long> params = new HashMap<>();
1076 params.put(APP_ID, app.getId());
1077 List<CentralV2RoleFunction> getRoleFuncList = dataAccessService.executeNamedQuery("getAllRoleFunctions", params,
1079 for (CentralV2RoleFunction roleFuncItem : getRoleFuncList) {
1080 String code = EcompPortalUtils.getFunctionCode(roleFuncItem.getCode());
1082 if (roleFuncItem.getCode().contains("|"))
1083 type = EcompPortalUtils.getFunctionType(roleFuncItem.getCode());
1085 type = getFunctionCodeType(roleFuncItem.getCode());
1086 String action = getFunctionCodeAction(roleFuncItem.getCode());
1087 roleFuncItem.setCode(EPUserUtils.decodeFunctionCode(code));
1088 roleFuncItem.setType(type);
1089 roleFuncItem.setAction(action);
1090 finalRoleList.add(roleFuncItem);
1092 return finalRoleList;
1096 public String getFunctionCodeAction(String roleFuncItem) {
1097 return (!roleFuncItem.contains(FUNCTION_PIPE)) ? "*" : EcompPortalUtils.getFunctionAction(roleFuncItem);
1101 public String getFunctionCodeType(String roleFuncItem) {
1103 if ((roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu"))
1104 || (!roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("menu"))) {
1106 } else if (checkIfCodeHasNoPipesAndHasTypeUrl(roleFuncItem) || checkIfCodeHasPipesAndHasTypeUrl(roleFuncItem)
1107 || checkIfCodeHasNoPipesAndHasNoTypeUrl(roleFuncItem)) {
1109 } else if (roleFuncItem.contains(FUNCTION_PIPE)
1110 && (!roleFuncItem.contains("menu") || roleFuncItem.contains("url"))) {
1111 type = EcompPortalUtils.getFunctionType(roleFuncItem);
1118 * It check whether function code has no pipes and no url string in it
1120 * @param roleFuncItem
1121 * @return true or false
1123 private boolean checkIfCodeHasNoPipesAndHasNoTypeUrl(String roleFuncItem) {
1124 return !roleFuncItem.contains(FUNCTION_PIPE) && !roleFuncItem.contains("url");
1129 * It check whether function code has pipes and url string in it
1131 * @param roleFuncItem
1132 * @return true or false
1134 private boolean checkIfCodeHasPipesAndHasTypeUrl(String roleFuncItem) {
1135 return roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url");
1140 * It check whether function code has no pipes and has url string in it
1142 * @param roleFuncItem
1143 * @return true or false
1145 private boolean checkIfCodeHasNoPipesAndHasTypeUrl(String roleFuncItem) {
1146 return !roleFuncItem.contains(FUNCTION_PIPE) && roleFuncItem.contains("url");
1150 * It returns user detail information which is deep copy of EPUser.class object
1158 @SuppressWarnings("unchecked")
1159 private CentralV2User createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception {
1160 final Map<String, Long> params = new HashMap<>();
1161 CentralV2User userAppList = new CentralV2User.CentralV2UserBuilder().createCentralV2User();
1162 CentralV2User user1 = null;
1163 final Map<String, Long> params1 = new HashMap<>();
1164 List<EPRole> globalRoleList = new ArrayList<>();
1166 if (app.getId() != PortalConstants.PORTAL_APP_ID) {
1167 params1.put("userId", userInfo.getId());
1168 params1.put("appId", app.getId());
1169 globalRoleList = dataAccessService.executeNamedQuery("userAppGlobalRoles", params1, null);
1171 userAppList.setUserApps(new TreeSet<CentralV2UserApp>());
1172 for (EPUserApp userApp : userAppSet) {
1173 if (userApp.getRole().getActive()) {
1174 EPApp epApp = userApp.getApp();
1175 String globalRole = userApp.getRole().getName().toLowerCase();
1176 if (((epApp.getId().equals(app.getId()))
1177 && (!userApp.getRole().getId().equals(PortalConstants.ACCOUNT_ADMIN_ROLE_ID)))
1178 || ((epApp.getId().equals(PortalConstants.PORTAL_APP_ID))
1179 && (globalRole.toLowerCase().startsWith("global_")))) {
1180 CentralV2UserApp cua = new CentralV2UserApp();
1181 cua.setUserId(null);
1182 CentralApp cenApp = new CentralApp(1L, epApp.getCreated(), epApp.getModified(),
1183 epApp.getCreatedId(), epApp.getModifiedId(), epApp.getRowNum(), epApp.getName(),
1184 epApp.getImageUrl(), epApp.getDescription(), epApp.getNotes(), epApp.getUrl(),
1185 epApp.getAlternateUrl(), epApp.getAppRestEndpoint(), epApp.getMlAppName(),
1186 epApp.getMlAppAdminId(), String.valueOf(epApp.getMotsId()), epApp.getAppPassword(),
1187 String.valueOf(epApp.getOpen()), String.valueOf(epApp.getEnabled()),
1188 epApp.getThumbnail(), epApp.getUsername(), epApp.getUebKey(), epApp.getUebSecret(),
1189 epApp.getUebTopicName());
1190 cenApp.setAppPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD);
1193 if (globalRole.toLowerCase().startsWith("global_")
1194 && epApp.getId().equals(PortalConstants.PORTAL_APP_ID)
1195 && !epApp.getId().equals(app.getId())) {
1196 appId = app.getId();
1197 EPRole result = null;
1198 if (globalRoleList.size() > 0)
1199 result = globalRoleList.stream()
1200 .filter(x -> userApp.getRole().getId().equals(x.getId())).findAny()
1205 appId = userApp.getApp().getId();
1207 params.put("roleId", userApp.getRole().getId());
1208 params.put(APP_ID, appId);
1209 List<CentralV2RoleFunction> appRoleFunctionList = dataAccessService
1210 .executeNamedQuery("getAppRoleFunctionList", params, null);
1211 SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>();
1212 for (CentralV2RoleFunction roleFunc : appRoleFunctionList) {
1213 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
1214 String type = getFunctionCodeType(roleFunc.getCode());
1215 String action = getFunctionCodeAction(roleFunc.getCode());
1216 CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(roleFunc.getId(),
1217 functionCode, roleFunc.getName(), null, type, action, null);
1218 roleFunctionSet.add(cenRoleFunc);
1220 Long userRoleId = null;
1221 if (globalRole.toLowerCase().startsWith("global_")
1222 || epApp.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1223 userRoleId = userApp.getRole().getId();
1225 userRoleId = userApp.getRole().getAppRoleId();
1227 CentralV2Role cenRole = new CentralV2Role(userRoleId, userApp.getRole().getCreated(),
1228 userApp.getRole().getModified(), userApp.getRole().getCreatedId(),
1229 userApp.getRole().getModifiedId(), userApp.getRole().getRowNum(),
1230 userApp.getRole().getName(), userApp.getRole().getActive(),
1231 userApp.getRole().getPriority(), roleFunctionSet, null, null);
1232 cua.setRole(cenRole);
1233 userAppList.getUserApps().add(cua);
1237 user1 = new CentralV2User.CentralV2UserBuilder().setId(null).setCreated(userInfo.getCreated())
1238 .setModified(userInfo.getModified()).setCreatedId(userInfo.getCreatedId())
1239 .setModifiedId(userInfo.getModifiedId()).setRowNum(userInfo.getRowNum())
1240 .setOrgId(userInfo.getOrgId()).setManagerId(userInfo.getManagerId())
1241 .setFirstName(userInfo.getFirstName()).setMiddleInitial(userInfo.getMiddleInitial())
1242 .setLastName(userInfo.getLastName()).setPhone(userInfo.getPhone()).setFax(userInfo.getFax())
1243 .setCellular(userInfo.getCellular()).setEmail(userInfo.getEmail())
1244 .setAddressId(userInfo.getAddressId()).setAlertMethodCd(userInfo.getAlertMethodCd())
1245 .setHrid(userInfo.getHrid()).setOrgUserId(userInfo.getOrgUserId()).setOrgCode(userInfo.getOrgCode())
1246 .setAddress1(userInfo.getAddress1()).setAddress2(userInfo.getAddress2()).setCity(userInfo.getCity())
1247 .setState(userInfo.getState()).setZipCode(userInfo.getZipCode()).setCountry(userInfo.getCountry())
1248 .setOrgManagerUserId(userInfo.getOrgManagerUserId()).setLocationClli(userInfo.getLocationClli())
1249 .setBusinessCountryCode(userInfo.getBusinessCountryCode())
1250 .setBusinessCountryName(userInfo.getBusinessCountryName())
1251 .setBusinessUnit(userInfo.getBusinessUnit()).setBusinessUnitName(userInfo.getBusinessUnitName())
1252 .setDepartment(userInfo.getDepartment()).setDepartmentName(userInfo.getDepartmentName())
1253 .setCompanyCode(userInfo.getCompanyCode()).setCompany(userInfo.getCompany())
1254 .setZipCodeSuffix(userInfo.getZipCodeSuffix()).setJobTitle(userInfo.getJobTitle())
1255 .setCommandChain(userInfo.getCommandChain()).setSiloStatus(userInfo.getSiloStatus())
1256 .setCostCenter(userInfo.getCostCenter()).setFinancialLocCode(userInfo.getFinancialLocCode())
1257 .setLoginId(userInfo.getLoginId()).setLoginPwd(userInfo.getLoginPwd())
1258 .setLastLoginDate(userInfo.getLastLoginDate()).setActive(userInfo.getActive())
1259 .setInternal(userInfo.getInternal()).setSelectedProfileId(userInfo.getSelectedProfileId())
1260 .setTimeZoneId(userInfo.getTimeZoneId()).setOnline(userInfo.isOnline())
1261 .setChatId(userInfo.getChatId()).setUserApps(userAppList.getUserApps()).setPseudoRoles(null)
1262 .createCentralV2User();
1263 } catch (Exception e) {
1264 logger.error(EELFLoggerDelegate.errorLogger, "createEPUser: createEPUser failed", e);
1271 public CentralV2Role getRoleInfo(Long roleId, String uebkey) throws Exception {
1272 final Map<String, Long> params = new HashMap<>();
1273 List<CentralV2Role> roleList = new ArrayList<>();
1274 CentralV2Role cenRole = new CentralV2Role();
1275 List<EPRole> roleInfo = null;
1276 List<EPApp> app = null;
1278 app = getApp(uebkey);
1279 if (app.isEmpty()) {
1280 throw new InactiveApplicationException("Application not found");
1282 if (app.get(0).getId() != PortalConstants.PORTAL_APP_ID) {
1283 List<EPRole> globalRoleList = new ArrayList<>();
1284 globalRoleList = getGlobalRolesOfPortal();
1285 if (globalRoleList.size() > 0) {
1286 EPRole result = globalRoleList.stream().filter(x -> roleId.equals(x.getId())).findAny()
1289 return getGlobalRoleForRequestedApp(app.get(0).getId(), roleId);
1292 if (app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
1293 roleInfo = getPortalAppRoleInfo(roleId);
1295 roleInfo = getPartnerAppRoleInfo(roleId, app.get(0));
1297 roleList = createCentralRoleObject(app, roleInfo, roleList, params);
1298 if (roleList.isEmpty()) {
1301 } catch (Exception e) {
1302 logger.error(EELFLoggerDelegate.errorLogger, "getRoleInfo: failed", e);
1305 return roleList.get(0);
1308 @SuppressWarnings("unchecked")
1309 private List<EPRole> getPartnerAppRoleInfo(Long roleId, EPApp app) {
1310 List<EPRole> roleInfo;
1311 final Map<String, Long> getPartnerAppRoleParams = new HashMap<>();
1312 getPartnerAppRoleParams.put("appRoleId", roleId);
1313 getPartnerAppRoleParams.put("appId", app.getId());
1314 roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleByRoleId", getPartnerAppRoleParams, null);
1315 if (roleInfo.isEmpty()) {
1316 getPartnerAppRoleParams.put("appRoleId", roleId);
1317 roleInfo = dataAccessService.executeNamedQuery("getPartnerAppRoleById", getPartnerAppRoleParams, null);
1322 @SuppressWarnings("unchecked")
1323 private List<EPRole> getPortalAppRoleInfo(Long roleId) {
1324 List<EPRole> roleInfo;
1325 final Map<String, Long> getPortalAppRoleParams = new HashMap<>();
1326 getPortalAppRoleParams.put("roleId", roleId);
1327 roleInfo = dataAccessService.executeNamedQuery("getPortalAppRoleByRoleId", getPortalAppRoleParams, null);
1333 * It returns list of app roles along with role functions and which went through
1341 * @throws DecoderException
1343 @SuppressWarnings("unchecked")
1345 public List<CentralV2Role> createCentralRoleObject(List<EPApp> app, List<EPRole> roleInfo,
1346 List<CentralV2Role> roleList, Map<String, Long> params) throws RoleFunctionException {
1347 for (EPRole role : roleInfo) {
1348 params.put("roleId", role.getId());
1349 params.put(APP_ID, app.get(0).getId());
1350 List<CentralV2RoleFunction> cenRoleFuncList = dataAccessService.executeNamedQuery("getAppRoleFunctionList",
1352 SortedSet<CentralV2RoleFunction> roleFunctionSet = new TreeSet<>();
1353 for (CentralV2RoleFunction roleFunc : cenRoleFuncList) {
1354 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
1355 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
1356 String type = getFunctionCodeType(roleFunc.getCode());
1357 String action = getFunctionCodeAction(roleFunc.getCode());
1358 CentralV2RoleFunction cenRoleFunc = new CentralV2RoleFunction(role.getId(), functionCode,
1359 roleFunc.getName(), null, type, action, null);
1360 roleFunctionSet.add(cenRoleFunc);
1362 SortedSet<CentralV2Role> childRoles = new TreeSet<>();
1363 SortedSet<CentralV2Role> parentRoles = new TreeSet<>();
1364 CentralV2Role cenRole = null;
1365 if (role.getAppRoleId() == null) {
1366 cenRole = new CentralV2Role(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(),
1367 role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), role.getPriority(),
1368 roleFunctionSet, childRoles, parentRoles);
1370 cenRole = new CentralV2Role(role.getAppRoleId(), role.getCreated(), role.getModified(),
1371 role.getCreatedId(), role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(),
1372 role.getPriority(), roleFunctionSet, childRoles, parentRoles);
1374 roleList.add(cenRole);
1379 @SuppressWarnings("unchecked")
1381 public CentralV2RoleFunction getRoleFunction(String functionCode, String uebkey) throws Exception {
1382 String code = EcompPortalUtils.getFunctionCode(functionCode);
1383 String encodedCode = EcompPortalUtils.encodeFunctionCode(code);
1384 CentralV2RoleFunction roleFunc = null;
1385 EPApp app = getApp(uebkey).get(0);
1386 List<CentralV2RoleFunction> getRoleFuncList = null;
1387 final Map<String, String> params = new HashMap<>();
1389 params.put(FUNCTION_CODE_PARAMS, functionCode);
1390 params.put(APP_ID, String.valueOf(app.getId()));
1391 getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null);
1392 if (getRoleFuncList.isEmpty()) {
1393 params.put(FUNCTION_CODE_PARAMS, encodedCode);
1394 getRoleFuncList = dataAccessService.executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null);
1395 if (getRoleFuncList.isEmpty()) {
1399 if (getRoleFuncList.size() > 1) {
1400 CentralV2RoleFunction cenV2RoleFunction = appFunctionListFilter(encodedCode, getRoleFuncList);
1401 if (cenV2RoleFunction == null)
1403 roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction);
1405 // Check even if single record have pipes
1406 if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) {
1407 roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0));
1409 roleFunc = getRoleFuncList.get(0);
1412 } catch (Exception e) {
1413 logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e);
1419 private CentralV2RoleFunction checkIfPipesExitsInFunctionCode(CentralV2RoleFunction getRoleFuncList) {
1420 CentralV2RoleFunction roleFunc;
1421 String functionCodeFormat = getRoleFuncList.getCode();
1422 if (functionCodeFormat.contains(FUNCTION_PIPE)) {
1423 String newfunctionCodeFormat = EcompPortalUtils.getFunctionCode(functionCodeFormat);
1424 String newfunctionTypeFormat = EcompPortalUtils.getFunctionType(functionCodeFormat);
1425 String newfunctionActionFormat = EcompPortalUtils.getFunctionAction(functionCodeFormat);
1426 roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), newfunctionCodeFormat,
1427 getRoleFuncList.getName(), getRoleFuncList.getAppId(), newfunctionTypeFormat,
1428 newfunctionActionFormat, getRoleFuncList.getEditUrl());
1430 roleFunc = new CentralV2RoleFunction(getRoleFuncList.getId(), functionCodeFormat, getRoleFuncList.getName(),
1431 getRoleFuncList.getAppId(), getRoleFuncList.getEditUrl());
1437 public boolean saveCentralRoleFunction(CentralV2RoleFunction domainCentralRoleFunction, EPApp app)
1439 boolean saveOrUpdateFunction = false;
1441 if(EcompPortalUtils.checkFunctionCodeHasEncodePattern(domainCentralRoleFunction.getCode()))
1442 domainCentralRoleFunction.setCode(EcompPortalUtils.encodeFunctionCode(domainCentralRoleFunction.getCode()));
1443 final Map<String, String> functionParams = new HashMap<>();
1444 functionParams.put("appId", String.valueOf(app.getId()));
1445 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1446 addRoleFunctionInExternalSystem(domainCentralRoleFunction, app);
1448 if (domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null) {
1449 domainCentralRoleFunction.setCode(domainCentralRoleFunction.getType() + FUNCTION_PIPE
1450 + domainCentralRoleFunction.getCode() + FUNCTION_PIPE + domainCentralRoleFunction.getAction());
1452 domainCentralRoleFunction.setAppId(app.getId());
1453 dataAccessService.saveDomainObject(domainCentralRoleFunction, null);
1454 saveOrUpdateFunction = true;
1455 } catch (Exception e) {
1456 logger.error(EELFLoggerDelegate.errorLogger, "saveCentralRoleFunction: failed", e);
1459 return saveOrUpdateFunction;
1463 * It creates application permission in external auth system
1465 * @param domainCentralRoleFunction
1469 private void addRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app)
1471 ObjectMapper mapper = new ObjectMapper();
1472 ExternalAccessPerms extPerms = new ExternalAccessPerms();
1473 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1475 String instance = "";
1477 if ((domainCentralRoleFunction.getType() != null && domainCentralRoleFunction.getAction() != null)
1478 || domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)) {
1479 type = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)
1480 ? EcompPortalUtils.getFunctionType(domainCentralRoleFunction.getCode())
1481 : domainCentralRoleFunction.getType();
1482 instance = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)
1483 ? EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode())
1484 : domainCentralRoleFunction.getCode();
1485 action = domainCentralRoleFunction.getCode().contains(FUNCTION_PIPE)
1486 ? EcompPortalUtils.getFunctionAction(domainCentralRoleFunction.getCode())
1487 : domainCentralRoleFunction.getAction();
1489 type = domainCentralRoleFunction.getCode().contains("menu") ? "menu" : "url";
1490 instance = domainCentralRoleFunction.getCode();
1493 // get Permissions from External Auth System
1494 JSONArray extPermsList = getExtAuthPermissions(app);
1495 List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPermsList);
1496 String requestedPerm = type + FUNCTION_PIPE + instance + FUNCTION_PIPE + action;
1497 boolean checkIfFunctionsExits = permsDetailList.stream()
1498 .anyMatch(permsDetail -> permsDetail.getInstance().equals(requestedPerm));
1499 if (!checkIfFunctionsExits) {
1501 extPerms.setAction(action);
1502 extPerms.setInstance(instance);
1503 extPerms.setType(app.getNameSpace() + "." + type);
1504 extPerms.setDescription(domainCentralRoleFunction.getName());
1505 String addFunction = mapper.writeValueAsString(extPerms);
1506 HttpEntity<String> entity = new HttpEntity<>(addFunction, headers);
1507 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for POST: {}",
1508 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction);
1509 ResponseEntity<String> addPermResponse = template.exchange(
1510 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm",
1511 HttpMethod.POST, entity, String.class);
1512 logger.debug(EELFLoggerDelegate.debugLogger,
1513 "addRoleFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ",
1514 addPermResponse.getStatusCode().value(), addFunction);
1515 } catch (HttpClientErrorException e) {
1516 logger.error(EELFLoggerDelegate.errorLogger,
1517 "HttpClientErrorException - Failed to add function in external central auth system", e);
1518 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1520 } catch (Exception e) {
1521 logger.error(EELFLoggerDelegate.errorLogger,
1522 "addRoleFunctionInExternalSystem: Failed to add fucntion in external central auth system", e);
1527 extPerms.setAction(action);
1528 extPerms.setInstance(instance);
1529 extPerms.setType(app.getNameSpace() + "." + type);
1530 extPerms.setDescription(domainCentralRoleFunction.getName());
1531 String updateRoleFunction = mapper.writeValueAsString(extPerms);
1532 HttpEntity<String> entity = new HttpEntity<>(updateRoleFunction, headers);
1533 logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionInExternalSystem: {} for PUT: {}",
1534 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRoleFunction);
1535 ResponseEntity<String> updatePermResponse = template.exchange(
1536 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm",
1537 HttpMethod.PUT, entity, String.class);
1538 logger.debug(EELFLoggerDelegate.debugLogger,
1539 "addRoleFunctionInExternalSystem: Finished updating permission in External Auth system {} and response: {} ",
1540 updateRoleFunction, updatePermResponse.getStatusCode().value());
1541 } catch (HttpClientErrorException e) {
1542 logger.error(EELFLoggerDelegate.errorLogger,
1543 "HttpClientErrorException - Failed to add function in external central auth system", e);
1544 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1546 } catch (Exception e) {
1547 logger.error(EELFLoggerDelegate.errorLogger,
1548 "addRoleFunctionInExternalSystem: Failed to update function in external central auth system",
1555 @SuppressWarnings("unchecked")
1557 @Transactional(rollbackFor = Exception.class)
1558 public boolean deleteCentralRoleFunction(String code, EPApp app) {
1559 boolean deleteFunctionResponse = false;
1561 final Map<String, String> params = new HashMap<>();
1562 params.put(FUNCTION_CODE_PARAMS, code);
1563 params.put(APP_ID, String.valueOf(app.getId()));
1564 List<CentralV2RoleFunction> domainCentralRoleFunction = dataAccessService
1565 .executeNamedQuery(GET_ROLE_FUNCTION_QUERY, params, null);
1566 CentralV2RoleFunction appFunctionCode = appFunctionListFilter(code, domainCentralRoleFunction);
1567 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1568 deleteRoleFunctionInExternalSystem(appFunctionCode, app);
1569 // Delete role function dependency records
1570 deleteAppRoleFunctions(appFunctionCode.getCode(), app);
1572 dataAccessService.deleteDomainObject(appFunctionCode, null);
1573 deleteFunctionResponse = true;
1574 } catch (Exception e) {
1575 logger.error(EELFLoggerDelegate.errorLogger, "deleteCentralRoleFunction: failed", e);
1577 return deleteFunctionResponse;
1581 * It deletes app function record in portal
1586 private void deleteAppRoleFunctions(String code, EPApp app) {
1587 dataAccessService.deleteDomainObjects(EPAppRoleFunction.class,
1588 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + code + "'", null);
1593 * It deletes permission in the external auth system
1595 * @param domainCentralRoleFunction
1599 private void deleteRoleFunctionInExternalSystem(CentralV2RoleFunction domainCentralRoleFunction, EPApp app)
1602 ObjectMapper mapper = new ObjectMapper();
1603 ExternalAccessPerms extPerms = new ExternalAccessPerms();
1604 String instanceValue = EcompPortalUtils.getFunctionCode(domainCentralRoleFunction.getCode());
1605 String checkType = getFunctionCodeType(domainCentralRoleFunction.getCode());
1606 String actionValue = getFunctionCodeAction(domainCentralRoleFunction.getCode());
1607 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1608 extPerms.setAction(actionValue);
1609 extPerms.setInstance(instanceValue);
1610 extPerms.setType(app.getNameSpace() + "." + checkType);
1611 extPerms.setDescription(domainCentralRoleFunction.getName());
1612 String deleteRoleFunction = mapper.writeValueAsString(extPerms);
1613 HttpEntity<String> entity = new HttpEntity<>(deleteRoleFunction, headers);
1614 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleFunctionInExternalSystem: {} for DELETE: {} ",
1615 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, deleteRoleFunction);
1616 ResponseEntity<String> delPermResponse = template
1617 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
1618 + "perm?force=true", HttpMethod.DELETE, entity, String.class);
1619 logger.debug(EELFLoggerDelegate.debugLogger,
1620 "deleteRoleFunctionInExternalSystem: Finished deleting permission in External Auth system {} and status code: {} ",
1621 deleteRoleFunction, delPermResponse.getStatusCode().value());
1622 } catch (HttpClientErrorException e) {
1623 logger.error(EELFLoggerDelegate.errorLogger,
1624 "HttpClientErrorException - Failed to delete functions in External System", e);
1625 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1626 } catch (Exception e) {
1627 if (e.getMessage().equalsIgnoreCase("404 Not Found")) {
1628 logger.debug(EELFLoggerDelegate.debugLogger,
1629 " deleteRoleFunctionInExternalSystem: It seems like function is already deleted in external central auth system but exists in local DB",
1632 logger.error(EELFLoggerDelegate.errorLogger,
1633 "deleteRoleFunctionInExternalSystem: Failed to delete functions in External System", e);
1639 public ExternalRequestFieldsValidator saveRoleForApplication(Role saveRole, String uebkey) throws Exception {
1640 boolean response = false;
1641 String message = "";
1643 EPApp app = getApp(uebkey).get(0);
1644 addRoleInEcompDB(saveRole, app);
1646 } catch (Exception e) {
1647 message = e.getMessage();
1648 logger.error(EELFLoggerDelegate.errorLogger, "saveRoleForApplication failed", e);
1650 return new ExternalRequestFieldsValidator(response, message);
1653 @SuppressWarnings("unchecked")
1655 public boolean deleteRoleForApplication(String deleteRole, String uebkey) throws Exception {
1656 Session localSession = sessionFactory.openSession();
1657 Transaction transaction = null;
1658 boolean result = false;
1660 List<EPRole> epRoleList = null;
1661 EPApp app = getApp(uebkey).get(0);
1662 final Map<String, String> deleteRoleParams = new HashMap<>();
1663 deleteRoleParams.put(APP_ROLE_NAME_PARAM, deleteRole);
1664 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1665 epRoleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, deleteRoleParams, null);
1667 deleteRoleParams.put(APP_ID, String.valueOf(app.getId()));
1668 epRoleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
1669 deleteRoleParams, null);
1671 if (!epRoleList.isEmpty()) {
1672 transaction = localSession.beginTransaction();
1673 // Delete app role functions before deleting role
1674 deleteRoleFunction(app, epRoleList);
1675 if (app.getId() == 1) {
1676 // Delete fn_user_ role
1677 dataAccessService.deleteDomainObjects(EPUserApp.class,
1678 APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null);
1679 boolean isPortalRequest = false;
1680 deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest);
1682 deleteRoleInExternalAuthSystem(epRoleList, app);
1683 transaction.commit();
1684 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: committed the transaction");
1685 dataAccessService.deleteDomainObject(epRoleList.get(0), null);
1688 } catch (Exception e) {
1689 logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleForApplication: failed", e);
1692 localSession.close();
1699 * It deletes role for application in external auth system
1701 * @param epRoleList contains role information
1702 * @param app contains application information
1705 private void deleteRoleInExternalAuthSystem(List<EPRole> epRoleList, EPApp app) throws Exception {
1706 ResponseEntity<String> deleteResponse;
1707 ResponseEntity<String> res = getNameSpaceIfExists(app);
1708 if (res.getStatusCode() == HttpStatus.OK) {
1709 // Delete Role in External System
1710 String deleteRoleKey = "{\"name\":\"" + app.getNameSpace() + "." + epRoleList.get(0).getName()
1711 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_") + "\"}";
1712 deleteResponse = deleteRoleInExternalSystem(deleteRoleKey);
1713 if (deleteResponse.getStatusCode().value() != 200 && deleteResponse.getStatusCode().value() != 404) {
1714 EPLogUtil.logExternalAuthAccessAlarm(logger, deleteResponse.getStatusCode());
1715 logger.error(EELFLoggerDelegate.errorLogger,
1716 "deleteRoleForApplication: Failed to delete role in external auth system! due to {} ",
1717 deleteResponse.getBody());
1719 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleForApplication: about to commit the transaction");
1725 * It deletes application user role in external auth system
1732 private void deleteUserRoleInExternalSystem(EPRole role, EPApp app, String LoginId) throws Exception {
1733 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
1734 HttpEntity<String> entity = new HttpEntity<>(headers);
1735 getNameSpaceIfExists(app);
1736 logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ",
1737 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
1738 ResponseEntity<String> getResponse = template.exchange(
1739 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/"
1741 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)
1742 + "/" + app.getNameSpace() + "."
1744 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
1745 HttpMethod.GET, entity, String.class);
1746 logger.debug(EELFLoggerDelegate.debugLogger,
1747 "deleteUserRoleInExternalSystem: Finished GET user roles from External Auth system and response: {} ",
1748 getResponse.getBody());
1749 if (getResponse.getStatusCode().value() != 200) {
1750 throw new ExternalAuthSystemException(getResponse.getBody());
1752 String res = getResponse.getBody();
1753 if (!res.equals(IS_EMPTY_JSON_STRING)) {
1754 HttpEntity<String> userRoleentity = new HttpEntity<>(headers);
1755 logger.debug(EELFLoggerDelegate.debugLogger, "deleteUserRoleInExternalSystem: {} ",
1756 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
1757 ResponseEntity<String> deleteResponse = template.exchange(
1758 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole/"
1760 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)
1761 + "/" + app.getNameSpace() + "."
1762 + role.getName().replaceAll(
1763 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
1764 HttpMethod.DELETE, userRoleentity, String.class);
1765 if (deleteResponse.getStatusCode().value() != 200) {
1766 throw new ExternalAuthSystemException("Failed to delete user role");
1768 logger.debug(EELFLoggerDelegate.debugLogger,
1769 "deleteUserRoleInExternalSystem: Finished deleting user role in External Auth system and status code: {} ",
1770 deleteResponse.getStatusCode().value());
1774 @SuppressWarnings("unchecked")
1776 public List<CentralV2Role> getActiveRoles(String uebkey) throws Exception {
1777 List<CentralV2Role> roleList = new ArrayList<>();
1779 List<EPApp> app = getApp(uebkey);
1780 final Map<String, Long> params = new HashMap<>();
1783 if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
1784 appId = app.get(0).getId();
1786 List<Criterion> restrictionsList = new ArrayList<Criterion>();
1787 Criterion active_ynCrt = Restrictions.eq("active", Boolean.TRUE);
1790 appIdCrt = Restrictions.isNull("appId");
1792 appIdCrt = Restrictions.eq("appId", appId);
1793 Criterion andCrit = Restrictions.and(active_ynCrt, appIdCrt);
1794 restrictionsList.add(andCrit);
1795 List<EPRole> epRole = (List<EPRole>) dataAccessService.getList(EPRole.class, null, restrictionsList, null);
1796 roleList = createCentralRoleObject(app, epRole, roleList, params);
1797 List<CentralV2Role> globalRoleList = getGlobalRolesOfApplication(app.get(0).getId());
1798 if (globalRoleList.size() > 0)
1799 roleList.addAll(globalRoleList);
1800 } catch (Exception e) {
1801 logger.error(EELFLoggerDelegate.errorLogger, "getActiveRoles: failed", e);
1808 @Transactional(rollbackFor = Exception.class)
1809 public ExternalRequestFieldsValidator deleteDependencyRoleRecord(Long roleId, String uebkey, String LoginId)
1811 Session localSession = sessionFactory.openSession();
1812 String message = "";
1813 Transaction transaction = null;
1814 boolean response = false;
1817 transaction = localSession.beginTransaction();
1818 List<EPRole> epRoleList = null;
1819 app = getApp(uebkey).get(0);
1820 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
1821 epRoleList = getPortalAppRoleInfo(roleId);
1823 epRoleList = getPartnerAppRoleInfo(roleId, app);
1825 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1826 // Delete User Role in External System before deleting role
1827 deleteUserRoleInExternalSystem(epRoleList.get(0), app, LoginId);
1829 // Delete user app roles
1830 dataAccessService.deleteDomainObjects(EPUserApp.class,
1831 APP_ID_EQUALS + app.getId() + " and role_id = " + epRoleList.get(0).getId(), null);
1832 boolean isPortalRequest = false;
1833 deleteRoleDependencyRecords(localSession, epRoleList.get(0).getId(), app.getId(), isPortalRequest);
1834 transaction.commit();
1835 if (EcompPortalUtils.checkIfRemoteCentralAccessAllowed()) {
1836 // Final call to delete role once all dependencies has been
1838 deleteRoleInExternalAuthSystem(epRoleList, app);
1840 dataAccessService.deleteDomainObjects(EPRole.class, " role_id = " + epRoleList.get(0).getId(), null);
1841 logger.debug(EELFLoggerDelegate.debugLogger, "deleteDependencyRoleRecord: committed the transaction");
1843 } catch (HttpClientErrorException e) {
1844 logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord: HttpClientErrorException", e);
1845 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
1846 message = e.getMessage();
1847 } catch (Exception e) {
1848 logger.error(EELFLoggerDelegate.errorLogger, "deleteDependencyRoleRecord failed", e);
1849 EcompPortalUtils.rollbackTransaction(transaction,
1850 "deleteDependencyRoleRecord rollback, exception = " + e.toString());
1851 message = e.getMessage();
1853 localSession.close();
1855 return new ExternalRequestFieldsValidator(response, message);
1859 @SuppressWarnings("unchecked")
1861 public void syncRoleFunctionFromExternalAccessSystem(EPApp app) {
1863 // get Permissions from External Auth System
1864 JSONArray extPerms = getExtAuthPermissions(app);
1865 List<ExternalAccessPermsDetail> permsDetailList = getExtAuthPerrmissonList(app, extPerms);
1866 // get functions in DB
1867 final Map<String, Long> params = new HashMap<>();
1868 final Map<String, CentralV2RoleFunction> roleFuncMap = new HashMap<>();
1869 params.put(APP_ID, app.getId());
1870 List<CentralV2RoleFunction> appFunctions = dataAccessService.executeNamedQuery("getAllRoleFunctions",
1872 if (!appFunctions.isEmpty()) {
1873 for (CentralV2RoleFunction roleFunc : appFunctions) {
1874 roleFuncMap.put(roleFunc.getCode(), roleFunc);
1877 // get Roles for portal in DB
1878 List<EPRole> portalRoleList = getGlobalRolesOfPortal();
1879 final Map<String, EPRole> existingPortalRolesMap = new HashMap<>();
1880 for (EPRole epRole : portalRoleList) {
1881 existingPortalRolesMap.put(epRole.getName().replaceAll(
1882 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), epRole);
1885 final Map<String, EPRole> currentRolesInDB = getAppRoleNamesWithUnderscoreMap(app);
1886 // store External Permissions with Pipe and without Pipe (just
1888 final Map<String, ExternalAccessPermsDetail> extAccessPermsContainsPipeMap = new HashMap<>();
1889 final Map<String, ExternalAccessPermsDetail> extAccessPermsMap = new HashMap<>();
1890 for (ExternalAccessPermsDetail permsDetailInfoWithPipe : permsDetailList) {
1891 extAccessPermsContainsPipeMap.put(permsDetailInfoWithPipe.getInstance(), permsDetailInfoWithPipe);
1892 String finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetailInfoWithPipe.getInstance());
1893 extAccessPermsMap.put(finalFunctionCodeVal, permsDetailInfoWithPipe);
1895 // Add if new functions and app role functions were added in
1896 // external auth system
1897 for (ExternalAccessPermsDetail permsDetail : permsDetailList) {
1898 String code = permsDetail.getInstance();
1899 CentralV2RoleFunction getFunctionCodeKey = roleFuncMap.get(permsDetail.getInstance());
1900 List<CentralV2RoleFunction> roleFunctionList = addGetLocalFunction(app, roleFuncMap, permsDetail, code,
1901 getFunctionCodeKey);
1902 List<String> roles = permsDetail.getRoles();
1903 if (roles != null) {
1904 // Check if function has any roles and which does not exist
1905 // in External Auth System. If exists delete in local
1906 addRemoveIfFunctionsRolesIsSyncWithExternalAuth(app, currentRolesInDB, roleFunctionList, roles,
1907 existingPortalRolesMap);
1910 // Check if function does exits in External Auth System but exits in
1911 // local then delete function and its dependencies
1912 for (CentralV2RoleFunction roleFunc : appFunctions) {
1914 ExternalAccessPermsDetail getFunctionCodeContainsPipeKey = extAccessPermsContainsPipeMap
1915 .get(roleFunc.getCode());
1916 if (null == getFunctionCodeContainsPipeKey) {
1917 ExternalAccessPermsDetail getFunctionCodeKey = extAccessPermsMap.get(roleFunc.getCode());
1918 if (null == getFunctionCodeKey) {
1919 deleteAppRoleFuncDoesNotExitsInExtSystem(app, roleFunc);
1922 } catch (Exception e) {
1923 logger.error(EELFLoggerDelegate.errorLogger,
1924 "syncRoleFunctionFromExternalAccessSystem: Failed to delete function", e);
1927 logger.debug(EELFLoggerDelegate.debugLogger,
1928 "syncRoleFunctionFromExternalAccessSystem: Finished syncRoleFunctionFromExternalAccessSystem");
1929 } catch (Exception e) {
1930 logger.error(EELFLoggerDelegate.errorLogger,
1931 "syncRoleFunctionFromExternalAccessSystem: Failed syncRoleFunctionFromExternalAccessSystem", e);
1935 @SuppressWarnings("unchecked")
1936 private void addRemoveIfFunctionsRolesIsSyncWithExternalAuth(EPApp app, final Map<String, EPRole> currentRolesInDB,
1937 List<CentralV2RoleFunction> roleFunctionList, List<String> roles,
1938 Map<String, EPRole> existingPortalRolesMap) throws Exception {
1939 if (!roleFunctionList.isEmpty()) {
1940 final Map<String, String> appRoleFuncParams = new HashMap<>();
1941 final Map<String, LocalRole> currentAppRoleFunctionsMap = new HashMap<>();
1942 final Map<String, String> currentRolesInExtSystem = new HashMap<>();
1943 appRoleFuncParams.put("functionCd", roleFunctionList.get(0).getCode());
1944 appRoleFuncParams.put("appId", String.valueOf(app.getId()));
1945 List<LocalRole> localRoleList = dataAccessService.executeNamedQuery("getCurrentAppRoleFunctions",
1946 appRoleFuncParams, null);
1947 for (LocalRole localRole : localRoleList) {
1948 currentAppRoleFunctionsMap.put(localRole.getRolename().replaceAll(
1949 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), localRole);
1951 for (String addRole : roles) {
1952 currentRolesInExtSystem.put(addRole.substring(addRole.indexOf(FUNCTION_PIPE) + 1), addRole);
1954 for (String extAuthrole : roles) {
1955 String roleNameSpace = extAuthrole.substring(0, extAuthrole.indexOf(FUNCTION_PIPE));
1956 boolean isNameSpaceMatching = EcompPortalUtils.checkNameSpaceMatching(roleNameSpace,
1957 app.getNameSpace());
1958 if (isNameSpaceMatching) {
1959 if (!currentAppRoleFunctionsMap
1960 .containsKey(extAuthrole.substring(app.getNameSpace().length() + 1))) {
1961 EPRole localAddFuntionRole = currentRolesInDB
1962 .get(extAuthrole.substring(app.getNameSpace().length() + 1));
1963 if (localAddFuntionRole == null) {
1964 checkAndAddRoleInDB(app, currentRolesInDB, roleFunctionList, extAuthrole);
1966 EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction();
1967 addAppRoleFunc.setAppId(app.getId());
1968 addAppRoleFunc.setCode(roleFunctionList.get(0).getCode());
1969 addAppRoleFunc.setRoleId(localAddFuntionRole.getId());
1970 dataAccessService.saveDomainObject(addAppRoleFunc, null);
1973 // This block is to save global role function if exists
1975 String extAuthAppRoleName = extAuthrole.substring(extAuthrole.indexOf(FUNCTION_PIPE) + 1);
1976 boolean checkIfGlobalRoleExists = existingPortalRolesMap.containsKey(extAuthAppRoleName);
1977 if (checkIfGlobalRoleExists) {
1978 final Map<String, Long> params = new HashMap<>();
1979 EPRole role = existingPortalRolesMap.get(extAuthAppRoleName);
1980 EPAppRoleFunction addGlobalRoleFunctions = new EPAppRoleFunction();
1981 params.put("appId", app.getId());
1982 params.put("roleId", role.getId());
1983 List<EPAppRoleFunction> currentGlobalRoleFunctionsList = dataAccessService
1984 .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", params, null);
1985 boolean checkIfRoleFunctionExists = currentGlobalRoleFunctionsList.stream()
1986 .anyMatch(currentGlobalRoleFunction -> currentGlobalRoleFunction.getCode()
1987 .equals(roleFunctionList.get(0).getCode()));
1988 if (role != null && !checkIfRoleFunctionExists) {
1989 addGlobalRoleFunctions.setAppId(app.getId());
1990 addGlobalRoleFunctions.setRoleId(role.getId());
1991 if (!app.getId().equals(role.getAppRoleId())) {
1992 addGlobalRoleFunctions.setRoleAppId((PortalConstants.PORTAL_APP_ID).toString());
1994 addGlobalRoleFunctions.setRoleAppId(null);
1996 addGlobalRoleFunctions.setCode(roleFunctionList.get(0).getCode());
1997 dataAccessService.saveDomainObject(addGlobalRoleFunctions, null);
2002 for (LocalRole localRoleDelete : localRoleList) {
2003 if (!currentRolesInExtSystem.containsKey(localRoleDelete.getRolename()
2004 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) {
2005 dataAccessService.deleteDomainObjects(EPAppRoleFunction.class,
2006 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunctionList.get(0).getCode()
2007 + "'" + " and role_id = " + localRoleDelete.getRoleId().longValue(),
2014 private void deleteAppRoleFuncDoesNotExitsInExtSystem(EPApp app, CentralV2RoleFunction roleFunc) {
2015 logger.debug(EELFLoggerDelegate.debugLogger,
2016 "syncRoleFunctionFromExternalAccessSystem: Deleting app role function {}", roleFunc.getCode());
2017 dataAccessService.deleteDomainObjects(EPAppRoleFunction.class,
2018 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null);
2019 logger.debug(EELFLoggerDelegate.debugLogger,
2020 "syncRoleFunctionFromExternalAccessSystem: Deleted app role function {}", roleFunc.getCode());
2021 logger.debug(EELFLoggerDelegate.debugLogger,
2022 "syncRoleFunctionFromExternalAccessSystem: Deleting app function {}", roleFunc.getCode());
2023 dataAccessService.deleteDomainObjects(CentralV2RoleFunction.class,
2024 APP_ID_EQUALS + app.getId() + AND_FUNCTION_CD_EQUALS + roleFunc.getCode() + "'", null);
2025 logger.debug(EELFLoggerDelegate.debugLogger,
2026 "syncRoleFunctionFromExternalAccessSystem: Deleted app function {}", roleFunc.getCode());
2029 private void checkAndAddRoleInDB(EPApp app, final Map<String, EPRole> currentRolesInDB,
2030 List<CentralV2RoleFunction> roleFunctionList, String roleList) throws Exception {
2031 if (!currentRolesInDB.containsKey(roleList.substring(app.getNameSpace().length() + 1))) {
2032 Role role = addRoleInDBIfDoesNotExists(app, roleList.substring(app.getNameSpace().length() + 1));
2033 addRoleDescriptionInExtSystem(role, app);
2034 if (!roleFunctionList.isEmpty()) {
2036 if (!roleFunctionList.isEmpty()) {
2037 EPAppRoleFunction addAppRoleFunc = new EPAppRoleFunction();
2038 addAppRoleFunc.setAppId(app.getId());
2039 addAppRoleFunc.setCode(roleFunctionList.get(0).getCode());
2040 addAppRoleFunc.setRoleId(role.getId());
2041 dataAccessService.saveDomainObject(addAppRoleFunc, null);
2043 } catch (Exception e) {
2044 logger.error(EELFLoggerDelegate.errorLogger,
2045 "syncRoleFunctionFromExternalAccessSystem: Failed to save app role function ", e);
2051 @SuppressWarnings("unchecked")
2052 private List<CentralV2RoleFunction> addGetLocalFunction(EPApp app,
2053 final Map<String, CentralV2RoleFunction> roleFuncMap, ExternalAccessPermsDetail permsDetail, String code,
2054 CentralV2RoleFunction getFunctionCodeKey) {
2055 String finalFunctionCodeVal = addToLocalIfFunctionNotExists(app, roleFuncMap, permsDetail, code,
2056 getFunctionCodeKey);
2057 final Map<String, String> appSyncFuncsParams = new HashMap<>();
2058 appSyncFuncsParams.put("appId", String.valueOf(app.getId()));
2059 appSyncFuncsParams.put("functionCd", finalFunctionCodeVal);
2060 List<CentralV2RoleFunction> roleFunctionList = null;
2061 roleFunctionList = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams,
2063 if (roleFunctionList.isEmpty()) {
2064 appSyncFuncsParams.put("functionCd", code);
2065 roleFunctionList = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId", appSyncFuncsParams,
2068 return roleFunctionList;
2071 private String addToLocalIfFunctionNotExists(EPApp app, final Map<String, CentralV2RoleFunction> roleFuncMap,
2072 ExternalAccessPermsDetail permsDetail, String code, CentralV2RoleFunction getFunctionCodeKey) {
2073 String finalFunctionCodeVal = "";
2074 if (null == getFunctionCodeKey) {
2075 finalFunctionCodeVal = EcompPortalUtils.getFunctionCode(permsDetail.getInstance());
2076 CentralV2RoleFunction checkIfCodeStillExits = roleFuncMap.get(finalFunctionCodeVal);
2077 // If function does not exist in local then add!
2078 if (null == checkIfCodeStillExits) {
2079 logger.debug(EELFLoggerDelegate.debugLogger,
2080 "syncRoleFunctionFromExternalAccessSystem: Adding function: {} ", code);
2081 addFunctionInEcompDB(app, permsDetail, code);
2082 logger.debug(EELFLoggerDelegate.debugLogger,
2083 "syncRoleFunctionFromExternalAccessSystem: Finished adding function: {} ", code);
2086 return finalFunctionCodeVal;
2089 @SuppressWarnings("unchecked")
2091 public Map<String, EPRole> getAppRoleNamesWithUnderscoreMap(EPApp app) {
2092 final Map<String, EPRole> currentRolesInDB = new HashMap<>();
2093 List<EPRole> getCurrentRoleList = null;
2094 final Map<String, Long> appParams = new HashMap<>();
2095 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2096 getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null);
2098 appParams.put("appId", app.getId());
2099 getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
2101 for (EPRole role : getCurrentRoleList) {
2102 currentRolesInDB.put(role.getName()
2103 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"), role);
2105 return currentRolesInDB;
2108 @SuppressWarnings("unchecked")
2109 private Map<String, EPRole> getAppRoleNamesMap(EPApp app) {
2110 final Map<String, EPRole> currentRolesInDB = new HashMap<>();
2111 List<EPRole> getCurrentRoleList = null;
2112 final Map<String, Long> appParams = new HashMap<>();
2113 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2114 getCurrentRoleList = dataAccessService.executeNamedQuery("getPortalAppRolesList", null, null);
2116 appParams.put("appId", app.getId());
2117 getCurrentRoleList = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
2119 for (EPRole role : getCurrentRoleList) {
2120 currentRolesInDB.put(role.getName(), role);
2122 return currentRolesInDB;
2125 private List<ExternalAccessPermsDetail> getExtAuthPerrmissonList(EPApp app, JSONArray extPerms) throws IOException {
2126 ExternalAccessPermsDetail permDetails = null;
2127 List<ExternalAccessPermsDetail> permsDetailList = new ArrayList<>();
2128 for (int i = 0; i < extPerms.length(); i++) {
2129 String description = null;
2130 if (extPerms.getJSONObject(i).has("description")) {
2131 description = extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
2133 description = extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1) + "|"
2134 + extPerms.getJSONObject(i).getString("instance") + "|"
2135 + extPerms.getJSONObject(i).getString("action");
2137 if (extPerms.getJSONObject(i).has("roles")) {
2138 ObjectMapper rolesListMapper = new ObjectMapper();
2139 JSONArray resRoles = extPerms.getJSONObject(i).getJSONArray("roles");
2140 List<String> list = rolesListMapper.readValue(resRoles.toString(),
2141 TypeFactory.defaultInstance().constructCollectionType(List.class, String.class));
2142 permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"),
2143 extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1)
2144 + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE
2145 + extPerms.getJSONObject(i).getString("action"),
2146 extPerms.getJSONObject(i).getString("action"), list, description);
2147 permsDetailList.add(permDetails);
2149 permDetails = new ExternalAccessPermsDetail(extPerms.getJSONObject(i).getString("type"),
2150 extPerms.getJSONObject(i).getString("type").substring(app.getNameSpace().length() + 1)
2151 + FUNCTION_PIPE + extPerms.getJSONObject(i).getString("instance") + FUNCTION_PIPE
2152 + extPerms.getJSONObject(i).getString("action"),
2153 extPerms.getJSONObject(i).getString("action"), description);
2154 permsDetailList.add(permDetails);
2157 return permsDetailList;
2160 private JSONArray getExtAuthPermissions(EPApp app) throws Exception {
2161 ResponseEntity<String> response = null;
2162 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2163 HttpEntity<String> entity = new HttpEntity<>(headers);
2164 logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: {} ",
2165 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
2166 response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
2167 + "perms/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class);
2168 String res = response.getBody();
2169 logger.debug(EELFLoggerDelegate.debugLogger,
2170 "syncRoleFunctionFromExternalAccessSystem: Finished GET permissions from External Auth system and response: {} ",
2171 response.getBody());
2172 JSONObject jsonObj = new JSONObject(res);
2173 JSONArray extPerms = jsonObj.getJSONArray("perm");
2174 for (int i = 0; i < extPerms.length(); i++) {
2175 if (extPerms.getJSONObject(i).getString("type").equals(app.getNameSpace() + ".access")) {
2185 * Add function into local DB
2188 * @param permsDetail
2191 private void addFunctionInEcompDB(EPApp app, ExternalAccessPermsDetail permsDetail, String code) {
2193 CentralV2RoleFunction addFunction = new CentralV2RoleFunction();
2194 addFunction.setAppId(app.getId());
2195 addFunction.setCode(code);
2196 addFunction.setName(permsDetail.getDescription());
2197 dataAccessService.saveDomainObject(addFunction, null);
2198 } catch (Exception e) {
2199 logger.error(EELFLoggerDelegate.errorLogger, "addFunctionInEcompDB: Failed to add function", e);
2205 * It updates description of a role in external auth system
2211 private boolean addRoleDescriptionInExtSystem(Role role, EPApp app) throws Exception {
2212 boolean status = false;
2214 String addRoleNew = updateExistingRoleInExternalSystem(role, app);
2215 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2216 HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers);
2218 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
2219 HttpMethod.PUT, entity, String.class);
2221 } catch (HttpClientErrorException e) {
2222 logger.error(EELFLoggerDelegate.errorLogger,
2223 "HttpClientErrorException - Failed to addRoleDescriptionInExtSystem", e);
2224 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2225 } catch (Exception e) {
2226 logger.error(EELFLoggerDelegate.errorLogger, "addRoleDescriptionInExtSystem: Failed", e);
2233 * While sync functions form external auth system if new role found we should
2234 * add in local and return Role.class object
2240 @SuppressWarnings("unchecked")
2241 private Role addRoleInDBIfDoesNotExists(EPApp app, String role) {
2242 Role setNewRole = new Role();
2244 // functions can have new role created in External Auth System
2247 boolean isCreated = checkIfRoleExitsElseCreateInSyncFunctions(role, app);
2248 final Map<String, String> getRoleByNameParams = new HashMap<>();
2249 List<EPRole> getRoleCreated = null;
2250 getRoleByNameParams.put(APP_ROLE_NAME_PARAM, role);
2251 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2252 getRoleByNameParams.put("appId", String.valueOf(app.getId()));
2253 List<EPRole> roleCreated = dataAccessService
2254 .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, getRoleByNameParams, null);
2256 EPRole epUpdateRole = roleCreated.get(0);
2257 epUpdateRole.setAppRoleId(epUpdateRole.getId());
2258 dataAccessService.saveDomainObject(epUpdateRole, null);
2259 getRoleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
2260 getRoleByNameParams, null);
2262 getRoleCreated = roleCreated;
2265 getRoleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, getRoleByNameParams,
2268 if (getRoleCreated != null && !getRoleCreated.isEmpty()) {
2269 EPRole roleObject = getRoleCreated.get(0);
2270 setNewRole.setId(roleObject.getId());
2271 setNewRole.setName(roleObject.getName());
2272 setNewRole.setActive(roleObject.getActive());
2273 setNewRole.setPriority(roleObject.getPriority());
2275 } catch (Exception e) {
2276 logger.error(EELFLoggerDelegate.errorLogger, "addRoleInDBIfDoesNotExists: Failed", e);
2281 @SuppressWarnings("unchecked")
2282 private boolean checkIfRoleExitsElseCreateInSyncFunctions(String role, EPApp app) {
2283 boolean isCreated = false;
2284 final Map<String, String> roleParams = new HashMap<>();
2285 roleParams.put(APP_ROLE_NAME_PARAM, role);
2286 List<EPRole> roleCreated = null;
2287 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2288 roleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, roleParams, null);
2290 roleParams.put("appId", String.valueOf(app.getId()));
2291 roleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, roleParams,
2294 if (roleCreated == null || roleCreated.isEmpty()) {
2295 roleParams.put("appId", String.valueOf(app.getId()));
2296 EPRole epRoleNew = new EPRole();
2297 epRoleNew.setActive(true);
2298 epRoleNew.setName(role);
2299 if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2300 epRoleNew.setAppId(null);
2302 epRoleNew.setAppId(app.getId());
2304 dataAccessService.saveDomainObject(epRoleNew, null);
2313 @SuppressWarnings("unchecked")
2314 public Integer bulkUploadFunctions(String uebkey) throws Exception {
2315 EPApp app = getApp(uebkey).get(0);
2316 List<RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getAllFunctions", null, null);
2317 CentralV2RoleFunction cenRoleFunc = null;
2318 Integer functionsAdded = 0;
2320 for (RoleFunction roleFunc : roleFuncList) {
2321 cenRoleFunc = new CentralV2RoleFunction(roleFunc.getCode(), roleFunc.getName());
2322 addRoleFunctionInExternalSystem(cenRoleFunc, app);
2325 } catch (HttpClientErrorException e) {
2326 logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadFunctions failed", e);
2327 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2328 } catch (Exception e) {
2329 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions: failed", e.getMessage(), e);
2331 return functionsAdded;
2335 public Integer bulkUploadRoles(String uebkey) throws Exception {
2336 List<EPApp> app = getApp(uebkey);
2337 List<EPRole> roles = getAppRoles(app.get(0).getId());
2338 List<CentralV2Role> cenRoleList = new ArrayList<>();
2339 final Map<String, Long> params = new HashMap<>();
2340 Integer rolesListAdded = 0;
2342 cenRoleList = createCentralRoleObject(app, roles, cenRoleList, params);
2343 ObjectMapper mapper = new ObjectMapper();
2344 mapper.configure(DeserializationFeature.FAIL_ON_IGNORED_PROPERTIES, false);
2345 String roleList = mapper.writeValueAsString(cenRoleList);
2346 List<Role> roleObjectList = mapper.readValue(roleList,
2347 TypeFactory.defaultInstance().constructCollectionType(List.class, Role.class));
2348 for (Role role : roleObjectList) {
2349 addRoleInExternalSystem(role, app.get(0));
2352 if (!app.get(0).getId().equals(PortalConstants.PORTAL_APP_ID)) {
2353 // Add Account Admin role in External AUTH System
2355 String addAccountAdminRole = "";
2356 ExternalAccessRole extRole = new ExternalAccessRole();
2357 extRole.setName(app.get(0).getNameSpace() + "." + PortalConstants.ADMIN_ROLE
2358 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
2359 addAccountAdminRole = mapper.writeValueAsString(extRole);
2360 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2361 HttpEntity<String> entity = new HttpEntity<>(addAccountAdminRole, headers);
2363 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
2364 HttpMethod.POST, entity, String.class);
2366 } catch (HttpClientErrorException e) {
2367 logger.error(EELFLoggerDelegate.errorLogger,
2368 "HttpClientErrorException - Failed to create Account Admin role", e);
2369 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2370 } catch (Exception e) {
2371 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
2372 logger.error(EELFLoggerDelegate.errorLogger,
2373 "bulkUploadRoles: Account Admin Role already exits but does not break functionality",
2376 logger.error(EELFLoggerDelegate.errorLogger,
2377 "bulkUploadRoles: Failed to create Account Admin role", e.getMessage());
2381 } catch (Exception e) {
2382 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles: failed", e);
2385 return rolesListAdded;
2389 * It creating new role in external auth system while doing bulk upload
2395 private void addRoleInExternalSystem(Role role, EPApp app) throws Exception {
2396 String addRoleNew = updateExistingRoleInExternalSystem(role, app);
2397 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2399 HttpEntity<String> entity = new HttpEntity<>(addRoleNew, headers);
2401 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role",
2402 HttpMethod.POST, entity, String.class);
2403 } catch (HttpClientErrorException e) {
2404 logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - Failed to addRoleInExternalSystem",
2406 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2407 } catch (Exception e) {
2408 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
2409 logger.error(EELFLoggerDelegate.errorLogger,
2410 "addRoleInExternalSystem: Role already exits but does not break functionality", e);
2412 logger.error(EELFLoggerDelegate.errorLogger,
2413 "addRoleInExternalSystem: Failed to addRoleInExternalSystem", e.getMessage());
2419 @SuppressWarnings("unchecked")
2420 public Integer bulkUploadRolesFunctions(String uebkey) throws Exception {
2421 EPApp app = getApp(uebkey).get(0);
2422 List<EPRole> roles = getAppRoles(app.getId());
2423 final Map<String, Long> params = new HashMap<>();
2424 Integer roleFunctions = 0;
2426 for (EPRole role : roles) {
2427 params.put("roleId", role.getId());
2428 List<BulkUploadRoleFunction> appRoleFunc = dataAccessService.executeNamedQuery("uploadAllRoleFunctions",
2430 if (!appRoleFunc.isEmpty()) {
2431 for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) {
2432 addRoleFunctionsInExternalSystem(addRoleFunc, role, app);
2437 } catch (HttpClientErrorException e) {
2438 logger.error(EELFLoggerDelegate.errorLogger,
2439 "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e);
2440 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2441 } catch (Exception e) {
2442 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e);
2444 return roleFunctions;
2448 * Its adding a role function while doing bulk upload
2450 * @param addRoleFunc
2454 private void addRoleFunctionsInExternalSystem(BulkUploadRoleFunction addRoleFunc, EPRole role, EPApp app) {
2456 String instance = "";
2458 if (addRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) {
2459 type = EcompPortalUtils.getFunctionType(addRoleFunc.getFunctionCd());
2460 instance = EcompPortalUtils.getFunctionCode(addRoleFunc.getFunctionCd());
2461 action = EcompPortalUtils.getFunctionAction(addRoleFunc.getFunctionCd());
2463 type = addRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url";
2464 instance = addRoleFunc.getFunctionCd();
2467 ExternalAccessRolePerms extRolePerms = null;
2468 ExternalAccessPerms extPerms = null;
2469 ObjectMapper mapper = new ObjectMapper();
2471 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2472 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action,
2473 addRoleFunc.getFunctionName());
2474 extRolePerms = new ExternalAccessRolePerms(extPerms, app.getNameSpace() + "." + role.getName()
2475 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
2476 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
2477 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
2479 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
2480 HttpMethod.POST, entity, String.class);
2481 } catch (Exception e) {
2482 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
2483 logger.error(EELFLoggerDelegate.errorLogger,
2484 "addRoleFunctionsInExternalSystem: RoleFunction already exits but does not break functionality",
2487 logger.error(EELFLoggerDelegate.errorLogger,
2488 "addRoleFunctionsInExternalSystem: Failed to addRoleFunctionsInExternalSystem", e.getMessage());
2493 @SuppressWarnings("unchecked")
2495 public Integer bulkUploadPartnerFunctions(String uebkey) throws Exception {
2496 EPApp app = getApp(uebkey).get(0);
2497 final Map<String, Long> params = new HashMap<>();
2498 params.put("appId", app.getId());
2499 List<CentralV2RoleFunction> roleFuncList = dataAccessService.executeNamedQuery("getPartnerAppFunctions", params,
2501 Integer functionsAdded = 0;
2503 for (CentralV2RoleFunction roleFunc : roleFuncList) {
2504 addFunctionInExternalSystem(roleFunc, app);
2507 } catch (HttpClientErrorException e) {
2508 logger.error(EELFLoggerDelegate.errorLogger, "HttpClientErrorException - bulkUploadPartnerFunctions failed",
2510 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2511 } catch (Exception e) {
2512 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions: failed", e.getMessage(), e);
2514 return functionsAdded;
2517 private void addFunctionInExternalSystem(CentralV2RoleFunction roleFunc, EPApp app) throws Exception {
2518 ObjectMapper mapper = new ObjectMapper();
2519 ExternalAccessPerms extPerms = new ExternalAccessPerms();
2520 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2522 String instance = "";
2524 if ((roleFunc.getCode().contains(FUNCTION_PIPE))
2525 || (roleFunc.getType() != null && roleFunc.getAction() != null)) {
2526 type = EcompPortalUtils.getFunctionType(roleFunc.getCode());
2527 instance = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
2528 action = EcompPortalUtils.getFunctionAction(roleFunc.getCode());
2530 type = roleFunc.getCode().contains("menu") ? "menu" : "url";
2531 instance = roleFunc.getCode();
2535 extPerms.setAction(action);
2536 extPerms.setInstance(instance);
2537 extPerms.setType(app.getNameSpace() + "." + type);
2538 extPerms.setDescription(roleFunc.getName());
2539 String addFunction = mapper.writeValueAsString(extPerms);
2540 HttpEntity<String> entity = new HttpEntity<>(addFunction, headers);
2541 logger.debug(EELFLoggerDelegate.debugLogger, "addFunctionInExternalSystem: {} for POST: {}",
2542 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addFunction);
2543 ResponseEntity<String> addPermResponse = template.exchange(
2544 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "perm",
2545 HttpMethod.POST, entity, String.class);
2546 logger.debug(EELFLoggerDelegate.debugLogger,
2547 "addFunctionInExternalSystem: Finished adding permission for POST: {} and status code: {} ",
2548 addPermResponse.getStatusCode().value(), addFunction);
2549 } catch (HttpClientErrorException e) {
2550 logger.error(EELFLoggerDelegate.errorLogger,
2551 "HttpClientErrorException - Failed to add function in external central auth system", e);
2552 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2554 } catch (Exception e) {
2555 logger.error(EELFLoggerDelegate.errorLogger,
2556 "addFunctionInExternalSystem: Failed to add fucntion in external central auth system", e);
2562 public void bulkUploadPartnerRoles(String uebkey, List<Role> roleList) throws Exception {
2563 EPApp app = getApp(uebkey).get(0);
2564 for (Role role : roleList) {
2565 addRoleInExternalSystem(role, app);
2569 @SuppressWarnings("unchecked")
2571 public Integer bulkUploadPartnerRoleFunctions(String uebkey) throws Exception {
2572 EPApp app = getApp(uebkey).get(0);
2573 List<EPRole> roles = getAppRoles(app.getId());
2574 final Map<String, Long> params = new HashMap<>();
2575 Integer roleFunctions = 0;
2577 for (EPRole role : roles) {
2578 params.put("roleId", role.getId());
2579 List<BulkUploadRoleFunction> appRoleFunc = dataAccessService
2580 .executeNamedQuery("uploadPartnerRoleFunctions", params, null);
2581 if (!appRoleFunc.isEmpty()) {
2582 for (BulkUploadRoleFunction addRoleFunc : appRoleFunc) {
2583 addRoleFunctionsInExternalSystem(addRoleFunc, role, app);
2588 // upload global role functions to ext auth system
2589 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2590 roleFunctions = bulkUploadGlobalRoleFunctions(app, roleFunctions);
2592 } catch (HttpClientErrorException e) {
2593 logger.error(EELFLoggerDelegate.errorLogger,
2594 "HttpClientErrorException - Failed to bulkUploadRolesFunctions", e);
2595 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2596 } catch (Exception e) {
2597 logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRolesFunctions: failed", e);
2599 return roleFunctions;
2602 @SuppressWarnings("unchecked")
2603 private Integer bulkUploadGlobalRoleFunctions(EPApp app, Integer roleFunctions) throws Exception {
2605 EPApp portalApp = epAppService.getApp(1l);
2606 final Map<String, Long> params = new HashMap<>();
2607 params.put("appId", app.getId());
2608 List<GlobalRoleWithApplicationRoleFunction> globalRoleFuncs = dataAccessService
2609 .executeNamedQuery("getBulkUploadPartnerGlobalRoleFunctions", params, null);
2610 ObjectMapper mapper = new ObjectMapper();
2611 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2612 for (GlobalRoleWithApplicationRoleFunction globalRoleFunc : globalRoleFuncs) {
2613 ExternalAccessRolePerms extRolePerms;
2614 ExternalAccessPerms extPerms;
2616 String instance = "";
2618 if (globalRoleFunc.getFunctionCd().contains(FUNCTION_PIPE)) {
2619 type = EcompPortalUtils.getFunctionType(globalRoleFunc.getFunctionCd());
2620 instance = EcompPortalUtils.getFunctionCode(globalRoleFunc.getFunctionCd());
2621 action = EcompPortalUtils.getFunctionAction(globalRoleFunc.getFunctionCd());
2623 type = globalRoleFunc.getFunctionCd().contains("menu") ? "menu" : "url";
2624 instance = globalRoleFunc.getFunctionCd();
2627 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, instance, action);
2628 extRolePerms = new ExternalAccessRolePerms(extPerms,
2629 portalApp.getNameSpace() + "." + globalRoleFunc.getRoleName().replaceAll(
2630 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
2631 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
2632 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
2633 updateRoleFunctionInExternalSystem(updateRolePerms, entity);
2636 } catch (HttpClientErrorException e) {
2637 logger.error(EELFLoggerDelegate.errorLogger,
2638 "HttpClientErrorException - Failed to add role function in external central auth system", e);
2639 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2641 } catch (Exception e) {
2642 logger.error(EELFLoggerDelegate.errorLogger,
2643 "bulkUploadGlobalRoleFunctions: Failed to add role fucntion in external central auth system", e);
2646 return roleFunctions;
2651 public void syncApplicationRolesWithEcompDB(EPApp app) {
2653 logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Started");
2654 // Sync functions and roles assigned to it which also creates new roles if does
2655 // not exits in portal
2656 syncRoleFunctionFromExternalAccessSystem(app);
2657 logger.debug(EELFLoggerDelegate.debugLogger, "syncRoleFunctionFromExternalAccessSystem: Finished");
2658 ObjectMapper mapper = new ObjectMapper();
2659 logger.debug(EELFLoggerDelegate.debugLogger, "Entering to getAppRolesJSONFromExtAuthSystem");
2660 // Get Permissions from External Auth System
2661 JSONArray extRole = getAppRolesJSONFromExtAuthSystem(app);
2662 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into getExternalRoleDetailsList");
2664 List<ExternalRoleDetails> externalRoleDetailsList = getExternalRoleDetailsList(app, mapper, extRole);
2665 List<EPRole> finalRoleList = new ArrayList<>();
2666 for (ExternalRoleDetails externalRole : externalRoleDetailsList) {
2667 EPRole ecompRole = convertExternalRoleDetailstoEpRole(externalRole);
2668 finalRoleList.add(ecompRole);
2670 List<EPRole> applicationRolesList;
2671 applicationRolesList = getAppRoles(app.getId());
2672 List<String> applicationRoleIdList = new ArrayList<>();
2673 for (EPRole applicationRole : applicationRolesList) {
2674 applicationRoleIdList.add(applicationRole.getName());
2676 List<EPRole> roleListToBeAddInEcompDB = new ArrayList<>();
2677 for (EPRole aafRole : finalRoleList) {
2678 if (!applicationRoleIdList.contains(aafRole.getName())) {
2679 roleListToBeAddInEcompDB.add(aafRole);
2682 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into inactiveRolesNotInExternalAuthSystem");
2683 // Check if roles exits in external Access system and if not make inactive in DB
2684 inactiveRolesNotInExternalAuthSystem(app, finalRoleList, applicationRolesList);
2685 logger.debug(EELFLoggerDelegate.debugLogger, "Entering into addNewRoleInEcompDBUpdateDescInExtAuthSystem");
2686 // Add new roles in DB and updates role description in External Auth System
2687 addNewRoleInEcompDBUpdateDescInExtAuthSystem(app, roleListToBeAddInEcompDB);
2688 logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: Finished");
2689 } catch (HttpClientErrorException e) {
2690 logger.error(EELFLoggerDelegate.errorLogger,
2691 "syncApplicationRolesWithEcompDB: Failed due to the External Auth System", e);
2692 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
2693 } catch (Exception e) {
2694 logger.error(EELFLoggerDelegate.errorLogger, "syncApplicationRolesWithEcompDB: Failed ", e);
2700 * It adds new roles in DB and updates description in External Auth System
2703 * @param roleListToBeAddInEcompDB
2705 @SuppressWarnings("unchecked")
2706 private void addNewRoleInEcompDBUpdateDescInExtAuthSystem(EPApp app, List<EPRole> roleListToBeAddInEcompDB) {
2707 EPRole roleToBeAddedInEcompDB;
2708 for (int i = 0; i < roleListToBeAddInEcompDB.size(); i++) {
2710 roleToBeAddedInEcompDB = roleListToBeAddInEcompDB.get(i);
2711 if (app.getId() == 1) {
2712 roleToBeAddedInEcompDB.setAppRoleId(null);
2714 dataAccessService.saveDomainObject(roleToBeAddedInEcompDB, null);
2715 List<EPRole> getRoleCreatedInSync = null;
2716 if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
2717 final Map<String, String> globalRoleParams = new HashMap<>();
2718 globalRoleParams.put("appId", String.valueOf(app.getId()));
2719 globalRoleParams.put("appRoleName", roleToBeAddedInEcompDB.getName());
2720 getRoleCreatedInSync = dataAccessService
2721 .executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, globalRoleParams, null);
2722 EPRole epUpdateRole = getRoleCreatedInSync.get(0);
2723 epUpdateRole.setAppRoleId(epUpdateRole.getId());
2724 dataAccessService.saveDomainObject(epUpdateRole, null);
2726 List<EPRole> roleList = new ArrayList<>();
2727 final Map<String, String> params = new HashMap<>();
2728 params.put(APP_ROLE_NAME_PARAM, roleToBeAddedInEcompDB.getName());
2729 boolean isPortalRole = false;
2730 if (app.getId() == 1) {
2731 isPortalRole = true;
2732 roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, params, null);
2734 isPortalRole = false;
2735 params.put(APP_ID, app.getId().toString());
2736 roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, params,
2739 EPRole role = roleList.get(0);
2740 Role aaFrole = new Role();
2741 aaFrole.setId(role.getId());
2742 aaFrole.setActive(role.getActive());
2743 aaFrole.setPriority(role.getPriority());
2744 aaFrole.setName(role.getName());
2745 updateRoleInExternalSystem(aaFrole, app, isPortalRole);
2746 } catch (Exception e) {
2747 logger.error(EELFLoggerDelegate.errorLogger,
2748 "SyncApplicationRolesWithEcompDB: Failed to add or update role in external auth system", e);
2755 * It de-activates application roles in DB if not present in External Auth
2759 * @param finalRoleList contains list of current roles present in
2760 * External Auth System
2761 * @param applicationRolesList contains list of current roles present in DB
2763 @SuppressWarnings("unchecked")
2764 private void inactiveRolesNotInExternalAuthSystem(EPApp app, List<EPRole> finalRoleList,
2765 List<EPRole> applicationRolesList) {
2766 final Map<String, EPRole> checkRolesInactive = new HashMap<>();
2767 for (EPRole extrole : finalRoleList) {
2768 checkRolesInactive.put(extrole.getName(), extrole);
2770 for (EPRole role : applicationRolesList) {
2772 final Map<String, String> extRoleParams = new HashMap<>();
2773 List<EPRole> roleList = null;
2774 extRoleParams.put(APP_ROLE_NAME_PARAM, role.getName());
2775 if (!checkRolesInactive.containsKey(role.getName())) {
2776 if (app.getId() == 1) {
2777 roleList = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, extRoleParams, null);
2779 extRoleParams.put(APP_ID, app.getId().toString());
2780 roleList = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
2781 extRoleParams, null);
2783 if (!roleList.isEmpty()) {
2784 EPRole updateRoleInactive = roleList.get(0);
2785 updateRoleInactive.setActive(false);
2786 dataAccessService.saveDomainObject(updateRoleInactive, null);
2789 } catch (Exception e) {
2790 logger.error(EELFLoggerDelegate.errorLogger,
2791 "syncApplicationRolesWithEcompDB: Failed to de-activate role ", e);
2797 @SuppressWarnings("unchecked")
2798 public List<ExternalRoleDetails> getExternalRoleDetailsList(EPApp app, ObjectMapper mapper, JSONArray extRole)
2799 throws IOException {
2800 List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>();
2801 ExternalAccessPerms externalAccessPerms = new ExternalAccessPerms();
2802 List<String> functionCodelist = new ArrayList<>();
2803 Map<String, EPRole> curRolesMap = getAppRoleNamesMap(app);
2804 Map<String, EPRole> curRolesUnderscoreMap = getAppRoleNamesWithUnderscoreMap(app);
2805 for (int i = 0; i < extRole.length(); i++) {
2806 ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails();
2807 EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction();
2808 JSONObject Role = (JSONObject) extRole.get(i);
2809 String name = extRole.getJSONObject(i).getString(ROLE_NAME);
2810 String actualRoleName = name.substring(app.getNameSpace().length() + 1);
2811 if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) {
2812 actualRoleName = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
2814 SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>();
2815 if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_PERMS)) {
2816 JSONArray extPerm = (JSONArray) Role.get(EXTERNAL_AUTH_PERMS);
2817 for (int j = 0; j < extPerm.length(); j++) {
2818 JSONObject perms = extPerm.getJSONObject(j);
2819 boolean isNamespaceMatching = EcompPortalUtils.checkNameSpaceMatching(perms.getString("type"),
2820 app.getNameSpace());
2821 if (isNamespaceMatching) {
2822 externalAccessPerms = new ExternalAccessPerms(perms.getString("type"),
2823 perms.getString("instance"), perms.getString("action"));
2824 ePAppRoleFunction.setCode(externalAccessPerms.getInstance());
2825 functionCodelist.add(ePAppRoleFunction.getCode());
2826 externalAccessPermsOfRole.add(externalAccessPerms);
2830 externalRoleDetail.setActive(true);
2831 externalRoleDetail.setName(actualRoleName);
2832 if (app.getId() == 1) {
2833 externalRoleDetail.setAppId(null);
2835 externalRoleDetail.setAppId(app.getId());
2837 EPRole currRole = null;
2838 currRole = (!extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION))
2839 ? curRolesUnderscoreMap.get(actualRoleName)
2840 : curRolesMap.get(actualRoleName);
2842 if (currRole != null)
2843 roleId = currRole.getId();
2844 final Map<String, EPAppRoleFunction> roleFunctionsMap = new HashMap<>();
2845 final Map<String, Long> appRoleFuncsParams = new HashMap<>();
2846 if (roleId != null) {
2847 appRoleFuncsParams.put("appId", app.getId());
2848 appRoleFuncsParams.put("roleId", roleId);
2849 // get role functions from DB
2850 List<EPAppRoleFunction> appRoleFunctions = dataAccessService
2851 .executeNamedQuery("getAppRoleFunctionOnRoleIdandAppId", appRoleFuncsParams, null);
2852 if (!appRoleFunctions.isEmpty()) {
2853 for (EPAppRoleFunction roleFunc : appRoleFunctions) {
2854 roleFunctionsMap.put(roleFunc.getCode(), roleFunc);
2858 if (!externalAccessPermsOfRole.isEmpty()) {
2859 // Adding functions to role
2860 for (ExternalAccessPerms externalpermission : externalAccessPermsOfRole) {
2861 EPAppRoleFunction checkRoleFunctionExits = roleFunctionsMap.get(externalpermission.getInstance());
2862 if (checkRoleFunctionExits == null) {
2863 String funcCode = externalpermission.getType().substring(app.getNameSpace().length() + 1)
2864 + FUNCTION_PIPE + externalpermission.getInstance() + FUNCTION_PIPE
2865 + externalpermission.getAction();
2866 EPAppRoleFunction checkRoleFunctionPipeExits = roleFunctionsMap.get(funcCode);
2867 if (checkRoleFunctionPipeExits == null) {
2869 final Map<String, String> appFuncsParams = new HashMap<>();
2870 appFuncsParams.put("appId", String.valueOf(app.getId()));
2871 appFuncsParams.put("functionCd", externalpermission.getInstance());
2872 logger.debug(EELFLoggerDelegate.debugLogger,
2873 "SyncApplicationRolesWithEcompDB: Adding function to the role: {}",
2874 externalpermission.getInstance());
2875 List<CentralV2RoleFunction> roleFunction = null;
2876 roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId",
2877 appFuncsParams, null);
2878 if (roleFunction.isEmpty()) {
2879 appFuncsParams.put("functionCd", funcCode);
2880 roleFunction = dataAccessService.executeNamedQuery("getAppFunctionOnCodeAndAppId",
2881 appFuncsParams, null);
2883 if (!roleFunction.isEmpty()) {
2884 EPAppRoleFunction apRoleFunction = new EPAppRoleFunction();
2885 apRoleFunction.setAppId(app.getId());
2886 apRoleFunction.setRoleId(roleId);
2887 apRoleFunction.setCode(roleFunction.get(0).getCode());
2888 dataAccessService.saveDomainObject(apRoleFunction, null);
2890 } catch (Exception e) {
2891 logger.error(EELFLoggerDelegate.errorLogger,
2892 "SyncApplicationRolesWithEcompDB: Failed to add role function", e);
2898 externalRoleDetailsList.add(externalRoleDetail);
2900 return externalRoleDetailsList;
2904 public JSONArray getAppRolesJSONFromExtAuthSystem(EPApp app) throws Exception {
2905 ResponseEntity<String> response = null;
2906 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2907 HttpEntity<String> entity = new HttpEntity<>(headers);
2908 logger.debug(EELFLoggerDelegate.debugLogger, "syncApplicationRolesWithEcompDB: {} ",
2909 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
2910 response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
2911 + "roles/ns/" + app.getNameSpace(), HttpMethod.GET, entity, String.class);
2912 String res = response.getBody();
2913 logger.debug(EELFLoggerDelegate.debugLogger,
2914 "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :",
2916 JSONObject jsonObj = new JSONObject(res);
2917 JSONArray extRole = jsonObj.getJSONArray("role");
2918 for (int i = 0; i < extRole.length(); i++) {
2919 if (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ADMIN)
2920 || extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + OWNER)
2921 || (extRole.getJSONObject(i).getString(ROLE_NAME).equals(app.getNameSpace() + ACCOUNT_ADMINISTRATOR)
2922 && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
2931 public JSONArray getAllUsersByRole(String roleName) throws Exception {
2932 ResponseEntity<String> response = null;
2933 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
2934 HttpEntity<String> entity = new HttpEntity<>(headers);
2935 logger.debug(EELFLoggerDelegate.debugLogger, "getAllUsersByRole: {} ",
2936 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE);
2937 response = template.exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
2938 + "userRoles/role/" + roleName, HttpMethod.GET, entity, String.class);
2939 String res = response.getBody();
2940 logger.debug(EELFLoggerDelegate.debugLogger,
2941 "syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :",
2943 if (res == null || res.trim().isEmpty())
2945 JSONObject jsonObj = new JSONObject(res);
2946 JSONArray extRole = jsonObj.getJSONArray("userRole");
2952 * It converts from ExternalRoleDetails.class object to EPRole.class object
2954 * @param externalRoleDetails
2955 * @return EPRole object
2957 private EPRole convertExternalRoleDetailstoEpRole(ExternalRoleDetails externalRoleDetails) {
2958 EPRole role = new EPRole();
2959 role.setActive(true);
2960 role.setAppId(externalRoleDetails.getAppId());
2961 role.setAppRoleId(externalRoleDetails.getAppRoleId());
2962 role.setName(externalRoleDetails.getName());
2963 role.setPriority(externalRoleDetails.getPriority());
2967 @SuppressWarnings("unchecked")
2969 public Integer bulkUploadUserRoles(String uebkey) throws Exception {
2970 EPApp app = getApp(uebkey).get(0);
2971 final Map<String, String> params = new HashMap<>();
2972 params.put("uebKey", app.getUebKey());
2973 List<BulkUploadUserRoles> userRolesList = null;
2974 Integer userRolesAdded = 0;
2975 if (app.getCentralAuth()) {
2976 userRolesList = dataAccessService.executeNamedQuery("getBulkUserRoles", params, null);
2977 for (BulkUploadUserRoles userRolesUpload : userRolesList) {
2978 if (!userRolesUpload.getOrgUserId().equals("su1234")) {
2979 addUserRoleInExternalSystem(userRolesUpload);
2984 return userRolesAdded;
2988 * Its adding a user role in external auth system while doing bulk upload
2990 * @param userRolesUpload
2992 private void addUserRoleInExternalSystem(BulkUploadUserRoles userRolesUpload) {
2995 ObjectMapper mapper = new ObjectMapper();
2996 if (EPCommonSystemProperties
2997 .containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
2998 name = userRolesUpload.getOrgUserId()
2999 + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
3001 ExternalAccessUser extUser = new ExternalAccessUser(name,
3002 userRolesUpload.getAppNameSpace() + "." + userRolesUpload.getRoleName()
3003 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
3004 String userRole = mapper.writeValueAsString(extUser);
3005 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3006 HttpEntity<String> entity = new HttpEntity<>(userRole, headers);
3008 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "userRole",
3009 HttpMethod.POST, entity, String.class);
3010 } catch (HttpClientErrorException e) {
3011 logger.error(EELFLoggerDelegate.errorLogger,
3012 "HttpClientErrorException - Failed to addUserRoleInExternalSystem", e);
3013 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
3014 } catch (Exception e) {
3015 if (e.getMessage().equalsIgnoreCase("409 Conflict")) {
3016 logger.error(EELFLoggerDelegate.errorLogger,
3017 "addUserRoleInExternalSystem: UserRole already exits but does not break functionality");
3019 logger.error(EELFLoggerDelegate.errorLogger,
3020 "addUserRoleInExternalSystem: Failed to addUserRoleInExternalSystem", e);
3026 public void deleteRoleDependencyRecords(Session localSession, Long roleId, Long appId, boolean isPortalRequest)
3031 // It should delete only when it portal's roleId
3032 if (appId.equals(PortalConstants.PORTAL_APP_ID)) {
3033 // Delete from fn_role_function
3034 sql = "DELETE FROM fn_role_function WHERE role_id=" + roleId;
3035 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3036 query = localSession.createSQLQuery(sql);
3037 query.executeUpdate();
3038 // Delete from fn_role_composite
3039 sql = "DELETE FROM fn_role_composite WHERE parent_role_id=" + roleId + " OR child_role_id=" + roleId;
3040 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3041 query = localSession.createSQLQuery(sql);
3042 query.executeUpdate();
3044 // Delete from ep_app_role_function
3045 sql = "DELETE FROM ep_app_role_function WHERE role_id=" + roleId;
3046 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3047 query = localSession.createSQLQuery(sql);
3048 query.executeUpdate();
3049 // Delete from ep_role_notification
3050 sql = "DELETE FROM ep_role_notification WHERE role_id=" + roleId;
3051 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3052 query = localSession.createSQLQuery(sql);
3053 query.executeUpdate();
3054 // Delete from fn_user_pseudo_role
3055 sql = "DELETE FROM fn_user_pseudo_role WHERE pseudo_role_id=" + roleId;
3056 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3057 query = localSession.createSQLQuery(sql);
3058 query.executeUpdate();
3059 // Delete form EP_WIDGET_CATALOG_ROLE
3060 sql = "DELETE FROM EP_WIDGET_CATALOG_ROLE WHERE role_id=" + roleId;
3061 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3062 query = localSession.createSQLQuery(sql);
3063 query.executeUpdate();
3064 // Delete form EP_WIDGET_CATALOG_ROLE
3065 sql = "DELETE FROM ep_user_roles_request_det WHERE requested_role_id=" + roleId;
3066 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3067 query = localSession.createSQLQuery(sql);
3068 query.executeUpdate();
3069 if (!isPortalRequest) {
3070 // Delete form fn_menu_functional_roles
3071 sql = "DELETE FROM fn_menu_functional_roles WHERE role_id=" + roleId;
3072 logger.debug(EELFLoggerDelegate.debugLogger, "Executing query: " + sql);
3073 query = localSession.createSQLQuery(sql);
3074 query.executeUpdate();
3076 } catch (Exception e) {
3077 logger.debug(EELFLoggerDelegate.debugLogger, "deleteRoleDependeciesRecord: failed ", e);
3078 throw new DeleteDomainObjectFailedException("delete Failed" + e.getMessage());
3082 @SuppressWarnings("unchecked")
3084 public List<String> getMenuFunctionsList(String uebkey) throws Exception {
3085 List<String> appMenuFunctionsList = null;
3086 List<String> appMenuFunctionsFinalList = new ArrayList<>();
3088 EPApp app = getApp(uebkey).get(0);
3089 final Map<String, Long> appParams = new HashMap<>();
3090 appParams.put(APP_ID, app.getId());
3091 appMenuFunctionsList = dataAccessService.executeNamedQuery("getMenuFunctions", appParams, null);
3092 for (String appMenuFunction : appMenuFunctionsList) {
3093 if (appMenuFunction.contains(FUNCTION_PIPE)) {
3094 appMenuFunctionsFinalList.add(EcompPortalUtils.getFunctionCode(appMenuFunction));
3096 appMenuFunctionsFinalList.add(appMenuFunction);
3099 } catch (Exception e) {
3100 logger.error(EELFLoggerDelegate.errorLogger, "getMenuFunctionsList: Failed", e);
3101 return appMenuFunctionsFinalList;
3103 return appMenuFunctionsFinalList;
3106 @SuppressWarnings({ "unchecked" })
3108 public List<EcompUser> getAllAppUsers(String uebkey) throws Exception {
3109 List<String> usersList = new ArrayList<>();
3110 List<EcompUser> usersfinalList = new ArrayList<>();
3112 EPApp app = getApp(uebkey).get(0);
3113 final Map<String, Long> appParams = new HashMap<>();
3114 appParams.put("appId", app.getId());
3115 List<EcompUserRoles> userList = (List<EcompUserRoles>) dataAccessService
3116 .executeNamedQuery("ApplicationUserRoles", appParams, null);
3117 for (EcompUserRoles ecompUserRole : userList) {
3118 boolean found = false;
3119 Set<EcompRole> roles = null;
3120 for (EcompUser user : usersfinalList) {
3121 if (user.getOrgUserId().equals(ecompUserRole.getOrgUserId())) {
3122 EcompRole ecompRole = new EcompRole();
3123 ecompRole.setId(ecompUserRole.getRoleId());
3124 ecompRole.setName(ecompUserRole.getRoleName());
3125 roles = user.getRoles();
3126 EcompRole role = roles.stream().filter(x -> x.getName().equals(ecompUserRole.getRoleName()))
3127 .findAny().orElse(null);
3128 SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>();
3130 roleFunctionSet = (SortedSet<EcompRoleFunction>) role.getRoleFunctions();
3132 String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode());
3133 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
3134 EcompRoleFunction epRoleFunction = new EcompRoleFunction();
3135 epRoleFunction.setName(ecompUserRole.getFunctionName());
3136 epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode));
3137 epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode()));
3138 epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode()));
3139 roleFunctionSet.add(epRoleFunction);
3140 ecompRole.setRoleFunctions(roleFunctionSet);
3141 roles.add(ecompRole);
3142 user.setRoles(roles);
3148 EcompUser epUser = new EcompUser();
3149 epUser.setOrgId(ecompUserRole.getOrgId());
3150 epUser.setManagerId(ecompUserRole.getManagerId());
3151 epUser.setFirstName(ecompUserRole.getFirstName());
3152 epUser.setLastName(ecompUserRole.getLastName());
3153 epUser.setPhone(ecompUserRole.getPhone());
3154 epUser.setEmail(ecompUserRole.getEmail());
3155 epUser.setOrgUserId(ecompUserRole.getOrgUserId());
3156 epUser.setOrgCode(ecompUserRole.getOrgCode());
3157 epUser.setOrgManagerUserId(ecompUserRole.getOrgManagerUserId());
3158 epUser.setJobTitle(ecompUserRole.getJobTitle());
3159 epUser.setLoginId(ecompUserRole.getLoginId());
3160 epUser.setActive(true);
3161 roles = new HashSet<>();
3162 EcompRole ecompRole = new EcompRole();
3163 ecompRole.setId(ecompUserRole.getRoleId());
3164 ecompRole.setName(ecompUserRole.getRoleName());
3165 SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>();
3166 String functionCode = EcompPortalUtils.getFunctionCode(ecompUserRole.getFunctionCode());
3167 functionCode = EPUserUtils.decodeFunctionCode(functionCode);
3168 EcompRoleFunction epRoleFunction = new EcompRoleFunction();
3169 epRoleFunction.setName(ecompUserRole.getFunctionName());
3170 epRoleFunction.setCode(EPUserUtils.decodeFunctionCode(functionCode));
3171 epRoleFunction.setType(getFunctionCodeType(ecompUserRole.getFunctionCode()));
3172 epRoleFunction.setAction(getFunctionCodeAction(ecompUserRole.getFunctionCode()));
3173 roleFunctionSet.add(epRoleFunction);
3174 ecompRole.setRoleFunctions(roleFunctionSet);
3175 roles.add(ecompRole);
3176 epUser.setRoles(roles);
3177 usersfinalList.add(epUser);
3180 ObjectMapper mapper = new ObjectMapper();
3181 for (EcompUser u1 : usersfinalList) {
3182 String str = mapper.writeValueAsString(u1);
3185 } catch (Exception e) {
3186 logger.error(EELFLoggerDelegate.errorLogger, "getAllUsers failed", e);
3189 return usersfinalList;
3193 public Role ConvertCentralRoleToRole(String result) {
3194 ObjectMapper mapper = new ObjectMapper();
3195 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
3196 Role newRole = new Role();
3198 newRole = mapper.readValue(result, Role.class);
3199 } catch (IOException e) {
3200 logger.error(EELFLoggerDelegate.errorLogger, "Failed to convert the result to Role Object", e);
3202 if (newRole.getRoleFunctions() != null) {
3203 @SuppressWarnings("unchecked")
3204 Set<RoleFunction> roleFunctionList = newRole.getRoleFunctions();
3205 Set<RoleFunction> roleFunctionListNew = new HashSet<>();
3206 Iterator<RoleFunction> itetaror = roleFunctionList.iterator();
3207 while (itetaror.hasNext()) {
3208 Object nextValue = itetaror.next();
3209 RoleFunction roleFun = mapper.convertValue(nextValue, RoleFunction.class);
3210 roleFunctionListNew.add(roleFun);
3212 newRole.setRoleFunctions(roleFunctionListNew);
3218 @SuppressWarnings("unchecked")
3219 public List<CentralizedApp> getCentralizedAppsOfUser(String userId) {
3220 Map<String, String> params = new HashMap<>();
3221 params.put("userId", userId);
3222 List<CentralizedApp> centralizedAppsList = new ArrayList<>();
3224 centralizedAppsList = dataAccessService.executeNamedQuery("getCentralizedAppsOfUser", params, null);
3225 } catch (Exception e) {
3226 logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e);
3228 return centralizedAppsList;
3231 @SuppressWarnings("unchecked")
3232 public List<CentralV2Role> getGlobalRolesOfApplication(Long appId) {
3233 Map<String, Long> params = new HashMap<>();
3234 params.put("appId", appId);
3235 List<GlobalRoleWithApplicationRoleFunction> globalRoles = new ArrayList<>();
3237 globalRoles = dataAccessService.executeNamedQuery("getGlobalRoleWithApplicationRoleFunctions", params,
3239 } catch (Exception e) {
3240 logger.error(EELFLoggerDelegate.errorLogger, "getCentralizedAppsOfUser failed", e);
3242 List<CentralV2Role> rolesfinalList = new ArrayList<>();
3243 if (globalRoles.size() > 0)
3244 rolesfinalList = finalListOfCentralRoles(globalRoles);
3245 return rolesfinalList;
3248 @SuppressWarnings("unchecked")
3249 private CentralV2Role getGlobalRoleForRequestedApp(long requestedAppId, long roleId) {
3250 CentralV2Role finalGlobalrole = null;
3251 List<GlobalRoleWithApplicationRoleFunction> roleWithApplicationRoleFucntions = new ArrayList<>();
3252 Map<String, Long> params = new HashMap<>();
3253 params.put("roleId", roleId);
3254 params.put("requestedAppId", requestedAppId);
3256 roleWithApplicationRoleFucntions = dataAccessService.executeNamedQuery("getGlobalRoleForRequestedApp",
3258 } catch (Exception e) {
3259 logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRoleForRequestedApp failed", e);
3261 if (roleWithApplicationRoleFucntions.size() > 0) {
3262 List<CentralV2Role> rolesfinalList = finalListOfCentralRoles(roleWithApplicationRoleFucntions);
3263 finalGlobalrole = rolesfinalList.get(0);
3265 List<EPRole> roleList = getPortalAppRoleInfo(roleId);
3266 finalGlobalrole = convertRoleToCentralV2Role(roleList.get(0));
3268 return finalGlobalrole;
3271 private List<CentralV2Role> finalListOfCentralRoles(List<GlobalRoleWithApplicationRoleFunction> globalRoles) {
3272 List<CentralV2Role> rolesfinalList = new ArrayList<>();
3273 for (GlobalRoleWithApplicationRoleFunction role : globalRoles) {
3274 boolean found = false;
3275 for (CentralV2Role cenRole : rolesfinalList) {
3276 if (role.getRoleId().equals(cenRole.getId())) {
3277 SortedSet<CentralV2RoleFunction> roleFunctions = cenRole.getRoleFunctions();
3278 CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role);
3279 roleFunctions.add(cenRoleFun);
3280 cenRole.setRoleFunctions(roleFunctions);
3286 CentralV2Role cenrole = new CentralV2Role();
3287 cenrole.setName(role.getRoleName());
3288 cenrole.setId(role.getRoleId());
3289 cenrole.setActive(role.isActive());
3290 cenrole.setPriority(role.getPriority());
3291 SortedSet<CentralV2RoleFunction> roleFunctions = new TreeSet<>();
3292 CentralV2RoleFunction cenRoleFun = createCentralRoleFunctionForGlobalRole(role);
3293 roleFunctions.add(cenRoleFun);
3294 cenrole.setRoleFunctions(roleFunctions);
3295 rolesfinalList.add(cenrole);
3298 return rolesfinalList;
3301 private CentralV2RoleFunction createCentralRoleFunctionForGlobalRole(GlobalRoleWithApplicationRoleFunction role) {
3305 CentralV2RoleFunction cenRoleFun;
3306 if (role.getFunctionCd().contains(FUNCTION_PIPE)) {
3307 instance = EcompPortalUtils.getFunctionCode(role.getFunctionCd());
3308 type = EcompPortalUtils.getFunctionType(role.getFunctionCd());
3309 action = EcompPortalUtils.getFunctionAction(role.getFunctionCd());
3310 cenRoleFun = new CentralV2RoleFunction(null, instance, role.getFunctionName(), null, type, action, null);
3312 type = getFunctionCodeType(role.getFunctionCd());
3313 action = getFunctionCodeAction(role.getFunctionCd());
3314 cenRoleFun = new CentralV2RoleFunction(null, role.getFunctionCd(), role.getFunctionName(), null, type,
3320 @SuppressWarnings("unchecked")
3322 public List<EPRole> getGlobalRolesOfPortal() {
3323 List<EPRole> globalRoles = new ArrayList<>();
3325 globalRoles = dataAccessService.executeNamedQuery("getGlobalRolesOfPortal", null, null);
3326 } catch (Exception e) {
3327 logger.error(EELFLoggerDelegate.errorLogger, "getGlobalRolesOfPortal failed", e);
3332 private CentralV2Role convertRoleToCentralV2Role(EPRole role) {
3333 return new CentralV2Role(role.getId(), role.getCreated(), role.getModified(), role.getCreatedId(),
3334 role.getModifiedId(), role.getRowNum(), role.getName(), role.getActive(), role.getPriority(),
3335 new TreeSet<>(), new TreeSet<>(), new TreeSet<>());
3339 public List<CentralRoleFunction> convertCentralRoleFunctionToRoleFunctionObject(
3340 List<CentralV2RoleFunction> answer) {
3341 List<CentralRoleFunction> addRoleFuncList = new ArrayList<>();
3342 for (CentralV2RoleFunction cenRoleFunc : answer) {
3343 CentralRoleFunction setRoleFunc = new CentralRoleFunction();
3344 setRoleFunc.setCode(cenRoleFunc.getCode());
3345 setRoleFunc.setName(cenRoleFunc.getName());
3346 addRoleFuncList.add(setRoleFunc);
3348 return addRoleFuncList;
3352 public CentralUser getUserRoles(String loginId, String uebkey) throws Exception {
3353 CentralUser sendUserRoles = null;
3355 CentralV2User cenV2User = getV2UserAppRoles(loginId, uebkey);
3356 sendUserRoles = convertV2UserRolesToOlderVersion(cenV2User);
3357 } catch (Exception e) {
3358 logger.error(EELFLoggerDelegate.errorLogger, "getUserRoles: failed", e);
3361 return sendUserRoles;
3366 * It returns V2 CentralUser object if user has any roles and permissions
3370 * @return CentralUser object
3373 private CentralV2User getV2UserAppRoles(String loginId, String uebkey) throws Exception {
3375 List<EPUser> epUserList;
3376 List<EPApp> appList = getApp(uebkey);
3377 app = appList.get(0);
3378 epUserList = getUser(loginId);
3379 EPUser user = epUserList.get(0);
3380 Set<EPUserApp> userAppSet = user.getEPUserApps();
3381 return createEPUser(user, userAppSet, app);
3384 private List<EcompRole> getUserAppRoles(EPApp app, EPUser user) {
3385 final Map<String, Long> userParams = new HashMap<>();
3386 userParams.put("appId", app.getId());
3387 userParams.put("userId", user.getId());
3388 @SuppressWarnings("unchecked")
3389 List<EPUserAppCurrentRoles> userAppsRolesList = dataAccessService.executeNamedQuery("getUserAppCurrentRoles",
3391 List<EcompRole> setUserRoles = new ArrayList<>();
3392 for (EPUserAppCurrentRoles role : userAppsRolesList) {
3393 logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userRolename = {}",
3394 role.getRoleName());
3395 EcompRole ecompRole = new EcompRole();
3396 ecompRole.setId(role.getRoleId());
3397 ecompRole.setName(role.getRoleName());
3398 setUserRoles.add(ecompRole);
3400 logger.debug(EELFLoggerDelegate.debugLogger, "In getUserAppRoles()- get userrole list size = {}",
3401 setUserRoles.size());
3402 return setUserRoles;
3406 public List<EcompRole> missingUserApplicationRoles(String uebkey, String loginId, Set<EcompRole> CurrentUserRoles)
3408 List<EPApp> appList = getApp(uebkey);
3409 EPApp app = appList.get(0);
3410 List<EPUser> epUserList;
3411 epUserList = getUser(loginId);
3412 List<EcompRole> missingUserAppRoles = new ArrayList<>();
3413 List<String> roleNamesList = CurrentUserRoles.stream().map(EcompRole::getName).collect(Collectors.toList());
3414 logger.debug(EELFLoggerDelegate.debugLogger, "Roles of User from hibernate :" + roleNamesList);
3415 List<EcompRole> userApplicationsRolesfromDB = getUserAppRoles(app, epUserList.get(0));
3416 if (userApplicationsRolesfromDB.size() > 0) {
3417 missingUserAppRoles = userApplicationsRolesfromDB.stream().filter(x -> !roleNamesList.contains(x.getName()))
3418 .collect(Collectors.toList());
3420 List<String> MissingroleNamesList = missingUserAppRoles.stream().map(EcompRole::getName)
3421 .collect(Collectors.toList());
3422 logger.debug(EELFLoggerDelegate.debugLogger, "MissingUserAppRoles():" + MissingroleNamesList);
3424 List<EcompRole> finalMissingRoleList = new ArrayList<>();
3425 if (missingUserAppRoles.size() > 0) {
3426 final Map<String, Long> params = new HashMap<>();
3427 for (EcompRole role : missingUserAppRoles) {
3428 params.put("roleId", role.getId());
3429 params.put(APP_ID, app.getId());
3431 EcompRole epRole = new EcompRole();
3432 epRole.setId(role.getId());
3433 epRole.setName(role.getName());
3434 @SuppressWarnings("unchecked")
3435 List<CentralV2RoleFunction> appRoleFunctionList = dataAccessService
3436 .executeNamedQuery("getAppRoleFunctionList", params, null);
3437 SortedSet<EcompRoleFunction> roleFunctionSet = new TreeSet<>();
3438 for (CentralV2RoleFunction roleFunc : appRoleFunctionList) {
3439 String functionCode = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
3440 String type = getFunctionCodeType(roleFunc.getCode());
3441 String action = getFunctionCodeAction(roleFunc.getCode());
3442 EcompRoleFunction fun = new EcompRoleFunction();
3443 fun.setAction(action);
3444 fun.setCode(functionCode);
3446 fun.setName(roleFunc.getName());
3447 roleFunctionSet.add(fun);
3450 epRole.setRoleFunctions(roleFunctionSet);
3451 finalMissingRoleList.add(epRole);
3455 return finalMissingRoleList;
3459 * It converts V2 CentralUser object to old version CentralUser object
3462 * @return EPUser object
3464 private CentralUser convertV2UserRolesToOlderVersion(CentralV2User cenV2User) {
3465 Set<CentralV2UserApp> userV2Apps = cenV2User.getUserApps();
3466 Set<CentralUserApp> userApps = new TreeSet<>();
3467 for (CentralV2UserApp userApp : userV2Apps) {
3468 CentralApp app = userApp.getApp();
3469 CentralUserApp cua = new CentralUserApp();
3470 cua.setUserId(null);
3472 SortedSet<CentralRoleFunction> cenRoleFunction = new TreeSet<>();
3473 for (CentralV2RoleFunction cenV2RoleFunc : userApp.getRole().getRoleFunctions()) {
3474 CentralRoleFunction cenRoleFunc = new CentralRoleFunction(cenV2RoleFunc.getCode(),
3475 cenV2RoleFunc.getName());
3476 cenRoleFunction.add(cenRoleFunc);
3478 CentralRole role = new CentralRole(userApp.getRole().getId(), userApp.getRole().getName(),
3479 userApp.getRole().getActive(), userApp.getRole().getPriority(), cenRoleFunction);
3483 return new CentralUser.CentralUserBuilder().setId(cenV2User.getId()).setCreated(cenV2User.getCreated())
3484 .setModified(cenV2User.getModified()).setCreatedId(cenV2User.getCreatedId())
3485 .setModifiedId(cenV2User.getModifiedId()).setRowNum(cenV2User.getRowNum())
3486 .setOrgId(cenV2User.getOrgId()).setManagerId(cenV2User.getManagerId())
3487 .setFirstName(cenV2User.getFirstName()).setMiddleInitial(cenV2User.getMiddleInitial())
3488 .setLastName(cenV2User.getLastName()).setPhone(cenV2User.getPhone()).setFax(cenV2User.getFax())
3489 .setCellular(cenV2User.getCellular()).setEmail(cenV2User.getEmail())
3490 .setAddressId(cenV2User.getAddressId()).setAlertMethodCd(cenV2User.getAlertMethodCd())
3491 .setHrid(cenV2User.getHrid()).setOrgUserId(cenV2User.getOrgUserId()).setOrgCode(cenV2User.getOrgCode())
3492 .setAddress1(cenV2User.getAddress1()).setAddress2(cenV2User.getAddress2()).setCity(cenV2User.getCity())
3493 .setState(cenV2User.getState()).setZipCode(cenV2User.getZipCode()).setCountry(cenV2User.getCountry())
3494 .setOrgManagerUserId(cenV2User.getOrgManagerUserId()).setLocationClli(cenV2User.getLocationClli())
3495 .setBusinessCountryCode(cenV2User.getBusinessCountryCode())
3496 .setBusinessCountryName(cenV2User.getBusinessCountryName()).setBusinessUnit(cenV2User.getBusinessUnit())
3497 .setBusinessUnitName(cenV2User.getBusinessUnitName()).setDepartment(cenV2User.getDepartment())
3498 .setDepartmentName(cenV2User.getDepartmentName()).setCompanyCode(cenV2User.getCompanyCode())
3499 .setCompany(cenV2User.getCompany()).setZipCodeSuffix(cenV2User.getZipCodeSuffix())
3500 .setJobTitle(cenV2User.getJobTitle()).setCommandChain(cenV2User.getCommandChain())
3501 .setSiloStatus(cenV2User.getSiloStatus()).setCostCenter(cenV2User.getCostCenter())
3502 .setFinancialLocCode(cenV2User.getFinancialLocCode()).setLoginId(cenV2User.getLoginId())
3503 .setLoginPwd(cenV2User.getLoginPwd()).setLastLoginDate(cenV2User.getLastLoginDate())
3504 .setActive(cenV2User.isActive()).setInternal(cenV2User.isInternal())
3505 .setSelectedProfileId(cenV2User.getSelectedProfileId()).setTimeZoneId(cenV2User.getTimeZoneId())
3506 .setOnline(cenV2User.isOnline()).setChatId(cenV2User.getChatId()).setUserApps(userApps)
3507 .createCentralUser();
3511 public List<CentralRole> convertV2CentralRoleListToOldVerisonCentralRoleList(List<CentralV2Role> v2CenRoleList) {
3512 List<CentralRole> cenRoleList = new ArrayList<>();
3513 for (CentralV2Role v2CenRole : v2CenRoleList) {
3514 SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
3515 for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) {
3516 CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(),
3517 v2CenRoleFunc.getName());
3518 cenRoleFuncList.add(roleFunc);
3520 CentralRole role = new CentralRole(v2CenRole.getId(), v2CenRole.getName(), v2CenRole.getActive(),
3521 v2CenRole.getPriority(), cenRoleFuncList);
3522 cenRoleList.add(role);
3528 public ResponseEntity<String> getNameSpaceIfExists(EPApp app) throws Exception {
3529 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3530 HttpEntity<String> entity = new HttpEntity<>(headers);
3531 logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Connecting to External Auth system");
3532 ResponseEntity<String> response = null;
3535 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
3536 + "nss/" + app.getNameSpace(), HttpMethod.GET, entity, String.class);
3537 logger.debug(EELFLoggerDelegate.debugLogger, "checkIfNameSpaceExists: Finished ",
3538 response.getStatusCode().value());
3539 } catch (HttpClientErrorException e) {
3540 logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e);
3541 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
3542 if (e.getStatusCode() == HttpStatus.NOT_FOUND)
3543 throw new InvalidApplicationException("Invalid NameSpace");
3551 public CentralRole convertV2CentralRoleToOldVerisonCentralRole(CentralV2Role v2CenRole) {
3552 SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
3553 for (CentralV2RoleFunction v2CenRoleFunc : v2CenRole.getRoleFunctions()) {
3554 CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName());
3555 cenRoleFuncList.add(roleFunc);
3557 return new CentralRole(v2CenRole.getId(), v2CenRole.getName(), v2CenRole.getActive(), v2CenRole.getPriority(),
3561 @SuppressWarnings("unchecked")
3563 public Integer bulkUploadUsersSingleRole(String uebkey, Long roleId, String modifiedRoleName) throws Exception {
3564 EPApp app = getApp(uebkey).get(0);
3565 final Map<String, String> params = new HashMap<>();
3566 params.put("uebKey", app.getUebKey());
3567 params.put("roleId", String.valueOf(roleId));
3568 List<BulkUploadUserRoles> userRolesList = null;
3569 Integer userRolesAdded = 0;
3570 if (app.getCentralAuth()) {
3571 userRolesList = dataAccessService.executeNamedQuery("getBulkUsersForSingleRole", params, null);
3572 for (BulkUploadUserRoles userRolesUpload : userRolesList) {
3573 userRolesUpload.setRoleName(modifiedRoleName);
3574 if (!userRolesUpload.getOrgUserId().equals("su1234")) {
3575 addUserRoleInExternalSystem(userRolesUpload);
3580 return userRolesAdded;
3584 public void bulkUploadRoleFunc(UploadRoleFunctionExtSystem data, EPApp app) throws Exception {
3585 ObjectMapper mapper = new ObjectMapper();
3586 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3588 ExternalAccessRolePerms extRolePerms;
3589 ExternalAccessPerms extPerms;
3590 extPerms = new ExternalAccessPerms(app.getNameSpace() + "." + data.getType(),
3591 EcompPortalUtils.encodeFunctionCode(data.getInstance()), data.getAction());
3592 String appNameSpace = "";
3593 if (data.getIsGlobalRolePartnerFunc()) {
3594 appNameSpace = epAppService.getApp(1l).getNameSpace();
3596 appNameSpace = app.getNameSpace();
3598 extRolePerms = new ExternalAccessRolePerms(extPerms, appNameSpace + "." + data.getRoleName()
3599 .replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
3600 String updateRolePerms = mapper.writeValueAsString(extRolePerms);
3601 HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
3602 updateRoleFunctionInExternalSystem(updateRolePerms, entity);
3603 } catch (HttpClientErrorException e) {
3604 logger.error(EELFLoggerDelegate.errorLogger,
3605 "HttpClientErrorException - Failed to add role function in external central auth system", e);
3606 EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
3608 } catch (Exception e) {
3609 logger.error(EELFLoggerDelegate.errorLogger,
3610 "addFunctionInExternalSystem: Failed to add role fucntion in external central auth system", e);
3615 private void updateRoleFunctionInExternalSystem(String updateRolePerms, HttpEntity<String> entity) {
3616 logger.debug(EELFLoggerDelegate.debugLogger, "bulkUploadRoleFunc: {} for POST: {}",
3617 CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
3618 ResponseEntity<String> addPermResponse = template.exchange(
3619 SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
3620 HttpMethod.POST, entity, String.class);
3621 logger.debug(EELFLoggerDelegate.debugLogger,
3622 "bulkUploadRoleFunc: Finished adding permission for POST: {} and status code: {} ",
3623 addPermResponse.getStatusCode().value(), updateRolePerms);
3627 public void syncApplicationUserRolesFromExtAuthSystem(String loginId) throws Exception {
3629 if (EPCommonSystemProperties.containsProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN)) {
3630 name = loginId + SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_USER_DOMAIN);
3632 HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
3633 HttpEntity<String> getUserRolesEntity = new HttpEntity<>(headers);
3634 ResponseEntity<String> getResponse = getUserRolesFromExtAuthSystem(name, getUserRolesEntity);
3635 List<ExternalAccessUserRoleDetail> userRoleDetailList = new ArrayList<>();
3636 String res = getResponse.getBody();
3637 JSONObject jsonObj = null;
3638 JSONArray extRoles = null;
3639 if (!res.equals("{}")) {
3640 jsonObj = new JSONObject(res);
3641 extRoles = jsonObj.getJSONArray("role");
3643 updateUserRolesInLocal(userRoleDetailList, extRoles, loginId);
3646 @SuppressWarnings("unchecked")
3647 private void updateUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, JSONArray extRoles,
3648 String loginId) throws InvalidUserException {
3649 HashMap<String, String> userParams = new HashMap<>();
3650 userParams.put("orgUserId", loginId);
3651 // Get all centralized applications existing user roles from local
3652 List<CentralizedAppRoles> currentUserAppRoles = dataAccessService
3653 .executeNamedQuery("getUserCentralizedAppRoles", userParams, null);
3654 EPUser user = getUser(loginId).get(0);
3655 // Get all centralized applications roles from local
3656 HashMap<String, CentralizedAppRoles> cenAppRolesMap = getCentralizedAppRoleList();
3657 HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = getCurrentUserCentralizedAppRoles(
3658 currentUserAppRoles);
3659 // Get all centralized applications + admin role from local
3660 HashMap<String, EPApp> centralisedAppsMap = getCentralizedAdminAppsInfo();
3661 if (extRoles != null) {
3662 ExternalAccessUserRoleDetail userRoleDetail = null;
3663 for (int i = 0; i < extRoles.length(); i++) {
3664 if (!extRoles.getJSONObject(i).getString("name").endsWith(ADMIN)
3665 && !extRoles.getJSONObject(i).getString("name").endsWith(OWNER)) {
3666 userRoleDetail = new ExternalAccessUserRoleDetail(extRoles.getJSONObject(i).getString("name"),
3668 userRoleDetailList.add(userRoleDetail);
3671 addUserRolesInLocal(userRoleDetailList, user, cenAppRolesMap, currentCentralizedUserAppRolesMap,
3672 centralisedAppsMap);
3676 private void addUserRolesInLocal(List<ExternalAccessUserRoleDetail> userRoleDetailList, EPUser user,
3677 HashMap<String, CentralizedAppRoles> cenAppRolesMap,
3678 HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap,
3679 HashMap<String, EPApp> centralisedAppsMap) {
3680 for (ExternalAccessUserRoleDetail extUserRoleDetail : userRoleDetailList) {
3682 // check if user already has role in local
3683 if (!currentCentralizedUserAppRolesMap.containsKey(extUserRoleDetail.getName())) {
3684 CentralizedAppRoles getCenAppRole = cenAppRolesMap.get(extUserRoleDetail.getName());
3685 if (getCenAppRole != null) {
3686 logger.debug(EELFLoggerDelegate.debugLogger,
3687 "addUserRolesInLocal: Adding user role from external auth system {}",
3688 extUserRoleDetail.toString());
3689 EPUserApp userApp = new EPUserApp();
3690 EPApp app = new EPApp();
3691 app.setId(getCenAppRole.getAppId());
3692 EPRole epRole = new EPRole();
3693 epRole.setId(getCenAppRole.getRoleId());
3694 userApp.setApp(app);
3695 userApp.setUserId(user.getId());
3696 userApp.setRole(epRole);
3697 dataAccessService.saveDomainObject(userApp, null);
3698 logger.debug(EELFLoggerDelegate.debugLogger,
3699 "addUserRolesInLocal: Finished user role from external auth system {}",
3700 extUserRoleDetail.toString());
3701 } else if (getCenAppRole == null // check if user has app
3702 // account admin role
3703 && extUserRoleDetail.getName().endsWith(PortalConstants.ADMIN_ROLE.replaceAll(
3704 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"))) {
3705 EPApp app = centralisedAppsMap.get(extUserRoleDetail.getName());
3707 logger.debug(EELFLoggerDelegate.debugLogger,
3708 "addUserRolesInLocal: Adding user role from external auth system {}",
3709 extUserRoleDetail.toString());
3710 EPUserApp userApp = new EPUserApp();
3711 EPRole epRole = new EPRole();
3712 epRole.setId(PortalConstants.ACCOUNT_ADMIN_ROLE_ID);
3713 userApp.setApp(app);
3714 userApp.setUserId(user.getId());
3715 userApp.setRole(epRole);
3716 dataAccessService.saveDomainObject(userApp, null);
3717 logger.debug(EELFLoggerDelegate.debugLogger,
3718 "addUserRolesInLocal: Finished user role from external auth system {}",
3719 extUserRoleDetail.toString());
3723 } catch (Exception e) {
3724 logger.error(EELFLoggerDelegate.errorLogger,
3725 "addUserRolesInLocal - Failed to update user role in local from external auth system {} ",
3726 extUserRoleDetail.toString(), e);
3731 @SuppressWarnings("unchecked")
3732 private HashMap<String, EPApp> getCentralizedAdminAppsInfo() {
3733 List<EPApp> centralizedApps = dataAccessService.executeNamedQuery("getCentralizedApps", null, null);
3734 HashMap<String, EPApp> centralisedAppsMap = new HashMap<>();
3735 for (EPApp cenApp : centralizedApps) {
3736 centralisedAppsMap.put(
3737 cenApp.getNameSpace() + "."
3738 + PortalConstants.ADMIN_ROLE.replaceAll(
3739 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
3742 return centralisedAppsMap;
3745 private HashMap<String, CentralizedAppRoles> getCurrentUserCentralizedAppRoles(
3746 List<CentralizedAppRoles> currentUserAppRoles) {
3747 HashMap<String, CentralizedAppRoles> currentCentralizedUserAppRolesMap = new HashMap<>();
3748 for (CentralizedAppRoles cenAppUserRole : currentUserAppRoles) {
3749 currentCentralizedUserAppRolesMap.put(
3750 cenAppUserRole.getAppNameSpace() + "."
3751 + cenAppUserRole.getRoleName().replaceAll(
3752 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
3755 return currentCentralizedUserAppRolesMap;
3758 @SuppressWarnings("unchecked")
3759 private HashMap<String, CentralizedAppRoles> getCentralizedAppRoleList() {
3760 List<CentralizedAppRoles> centralizedAppRoles = dataAccessService
3761 .executeNamedQuery("getAllCentralizedAppsRoles", null, null);
3762 HashMap<String, CentralizedAppRoles> cenAppRolesMap = new HashMap<>();
3763 for (CentralizedAppRoles CentralizedAppRole : centralizedAppRoles) {
3765 CentralizedAppRole.getAppNameSpace() + "."
3766 + CentralizedAppRole.getRoleName().replaceAll(
3767 EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"),
3768 CentralizedAppRole);
3770 return cenAppRolesMap;
3774 public ResponseEntity<String> getUserRolesFromExtAuthSystem(String name, HttpEntity<String> getUserRolesEntity) {
3775 logger.debug(EELFLoggerDelegate.debugLogger, "Connecting to external system to get current user roles");
3776 ResponseEntity<String> getResponse = template
3777 .exchange(SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
3778 + "roles/user/" + name, HttpMethod.GET, getUserRolesEntity, String.class);
3779 if (getResponse.getStatusCode().value() == 200) {
3780 logger.debug(EELFLoggerDelegate.debugLogger,
3781 "getAllUserRoleFromExtAuthSystem: Finished GET user roles from external system and received user roles {}",
3782 getResponse.getBody());
3784 logger.error(EELFLoggerDelegate.errorLogger,
3785 "getAllUserRoleFromExtAuthSystem: Failed GET user roles from external system and received user roles {}",
3786 getResponse.getBody());
3787 EPLogUtil.logExternalAuthAccessAlarm(logger, getResponse.getStatusCode());
3793 public Integer updateAppRoleDescription(String uebkey) {
3794 Integer roleDescUpdated = 0;
3797 app = getApp(uebkey).get(0);
3798 List<EPRole> roles = getAppRoles(app.getId());
3799 for (EPRole epRole : roles) {
3800 Role role = new Role();
3801 role.setName(epRole.getName());
3802 boolean status = addRoleDescriptionInExtSystem(role, app);
3806 } catch (Exception e) {
3807 logger.error(EELFLoggerDelegate.errorLogger, "updateAppRoleDescription: Failed! ", e);
3809 return roleDescUpdated;
Code Review / portal.git / blob