ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/utils/MusicCookieCsrfTokenRepository.java

   1 /*
   2  * Copyright 2012-2016 the original author or authors.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 package org.onap.portalapp.portal.utils;
  18
  19 import javax.servlet.http.Cookie;
  20 import javax.servlet.http.HttpServletRequest;
  21 import javax.servlet.http.HttpServletResponse;
  22
  23 import org.onap.music.eelf.logging.EELFLoggerDelegate;
  24 import org.onap.portalapp.music.service.MusicService;
  25 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
  26 import org.springframework.security.web.csrf.CsrfToken;
  27 import org.springframework.security.web.csrf.CsrfTokenRepository;
  28 import org.springframework.security.web.csrf.DefaultCsrfToken;
  29 import org.springframework.util.StringUtils;
  30
  31
  32 public final class MusicCookieCsrfTokenRepository implements CsrfTokenRepository {
  33         static final String CSRF_COOKIE_NAME = "XSRF-TOKEN";
  34         static final String CSRF_HEADER_NAME = "X-XSRF-TOKEN";
  35         static final String CSRF_PARAMETER_NAME = "_csrf";
  36         static final String EP_SERVICE = "EPService";
  37         CookieCsrfTokenRepository cookieRepo = null;
  38         private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicService.class);
  39
  40         public MusicCookieCsrfTokenRepository() {
  41         }
  42
  43         public MusicCookieCsrfTokenRepository(CookieCsrfTokenRepository _cookieRepo) {
  44                 this();
  45                 cookieRepo = _cookieRepo;
  46         }
  47
  48         @Override
  49         public CsrfToken generateToken(HttpServletRequest request) {
  50                 return cookieRepo.generateToken(request) ;
  51         }
  52
  53         @Override
  54         public void saveToken(CsrfToken token, HttpServletRequest request,
  55                         HttpServletResponse response) {
  56                 logger.debug(EELFLoggerDelegate.debugLogger, "initialize save csrf token ...");
  57                 cookieRepo.saveToken(token, request, response);
  58         }
  59
  60         @Override
  61         public CsrfToken loadToken(HttpServletRequest request) {
  62                 logger.debug(EELFLoggerDelegate.debugLogger, "initialize load csrf token ...");
  63                 CsrfToken cookieRepoToken = cookieRepo.loadToken(request);
  64                 if(cookieRepoToken==null){ // if cookieRepo does not has the token, check the cassandra for the values stored by other tomcats
  65                         try { // todo this part of the code needs to be replaced with out depending on EPService cookie
  66                                 String sessionId = getSessionIdFromCookie(request);
  67                                 String token = MusicService.getAttribute(CSRF_COOKIE_NAME, sessionId);
  68                                 if (token==null || !StringUtils.hasLength(token))
  69                                         return null;
  70                                 cookieRepoToken = new DefaultCsrfToken(CSRF_HEADER_NAME, CSRF_PARAMETER_NAME , token);
  71                         } catch (Exception e) {
  72                                 logger.error(EELFLoggerDelegate.errorLogger, "Error while calling csrf saveToken" , e);
  73                         }
  74                 }
  75                 return cookieRepoToken;
  76         }
  77
  78         /**
  79          * Factory method to conveniently create an instance that has
  80          * {@link #setCookieHttpOnly(boolean)} set to false.
  81          *
  82          * @return an instance of CookieCsrfTokenRepository with
  83          * {@link #setCookieHttpOnly(boolean)} set to false
  84          */
  85         public static MusicCookieCsrfTokenRepository withHttpOnlyFalse() {
  86                 CookieCsrfTokenRepository result = new CookieCsrfTokenRepository();
  87                 result.setCookieHttpOnly(false);
  88                 return new MusicCookieCsrfTokenRepository(result);
  89         }
  90
  91         private String getSessionIdFromCookie (HttpServletRequest request){
  92                 Cookie cookies[] = request.getCookies();
  93                 if (cookies != null) {
  94                         for (Cookie cookie : cookies) {
  95                                 if (EP_SERVICE.equals(cookie.getName())) {
  96                                         return cookie.getValue();
  97                                 }
  98                         }
  99                 }
 100                 return null;
 101         }
 102 }