[PORTAL-7] Rebase

[portal.git] / ecomp-portal-BE-common / src / main / java / org / openecomp / portalapp / portal / service / EPLoginServiceImpl.java

/*-\r
 * ================================================================================\r
 * ECOMP Portal\r
 * ================================================================================\r
 * Copyright (C) 2017 AT&T Intellectual Property\r
 * ================================================================================\r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 * \r
 *      http://www.apache.org/licenses/LICENSE-2.0\r
 * \r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 * ================================================================================\r
 */\r
package org.openecomp.portalapp.portal.service;\r
\r
import java.util.Date;\r
import java.util.HashMap;\r
import java.util.HashSet;\r
import java.util.List;\r
import java.util.Set;\r
\r
import org.springframework.beans.factory.annotation.Autowired;\r
import org.springframework.context.annotation.EnableAspectJAutoProxy;\r
import org.springframework.stereotype.Service;\r
import org.springframework.transaction.annotation.Transactional;\r
\r
import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;\r
import org.openecomp.portalsdk.core.menu.MenuBuilder;\r
import org.openecomp.portalsdk.core.service.DataAccessService;\r
import org.openecomp.portalsdk.core.service.support.FusionService;\r
import org.openecomp.portalsdk.core.util.SystemProperties;\r
import org.openecomp.portalsdk.core.web.support.AppUtils;\r
import org.openecomp.portalapp.command.EPLoginBean;\r
import org.openecomp.portalapp.portal.domain.EPUser;\r
import org.openecomp.portalapp.portal.logging.aop.EPMetricsLog;\r
import org.openecomp.portalapp.portal.logging.format.EPAppMessagesEnum;\r
import org.openecomp.portalapp.portal.logging.logic.EPLogUtil;\r
import org.openecomp.portalapp.util.EPUserUtils;\r
\r
@Service("eploginService")\r
@Transactional\r
@org.springframework.context.annotation.Configuration\r
@EnableAspectJAutoProxy\r
@EPMetricsLog\r
public class EPLoginServiceImpl extends FusionService implements EPLoginService {\r
        EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EPLoginServiceImpl.class);\r
\r
        @Autowired\r
        private DataAccessService dataAccessService;\r
\r
        /*\r
         * (non-Javadoc)\r
         * @see org.openecomp.portalapp.portal.service.EPLoginService#findUser(org.openecomp.portalapp.command.EPLoginBean, java.lang.String, java.util.HashMap)\r
         */\r
        @SuppressWarnings("rawtypes")\r
        public EPLoginBean findUser(EPLoginBean bean, String menuPropertiesFilename, HashMap additionalParams)\r
                        throws Exception {\r
                return findUser(bean, menuPropertiesFilename, additionalParams, true);\r
        }\r
\r
        /*\r
         * (non-Javadoc)\r
         * @see org.openecomp.portalapp.portal.service.EPLoginService#findUser(org.openecomp.portalapp.command.EPLoginBean, java.lang.String, java.util.HashMap, boolean)\r
         */\r
        @SuppressWarnings("rawtypes")\r
        public EPLoginBean findUser(EPLoginBean bean, String menuPropertiesFilename_ignored, HashMap additionalParams,\r
                        boolean matchPassword) throws Exception {\r
                EPUser user = null;\r
                EPUser userCopy = null;\r
\r
                if (bean.getOrgUserId() != null) {\r
                        user = (EPUser) findUser(bean);\r
                } else {\r
                        if (matchPassword)\r
                                user = (EPUser) findUser(bean.getLoginId(), bean.getLoginPwd());\r
                        else\r
                                user = (EPUser) findUserWithoutPwd(bean.getLoginId());\r
                }\r
\r
                // run this command to fetch more information from the lazily loaded\r
                // object\r
\r
                // This is funny - commenting out the following method call\r
                // 1. What are we doing with the returned values of the following two\r
                // methods? Nothing.\r
                // 2. Use a guest user scenario - user object will be null - clealry,\r
                // NPE.\r
                // 3. A check of if(user !=null) is made AFTER these bogus calls :) - If\r
                // these calls WERE doing anything significat (which they are not),\r
                // shouln't they have been moved inside that if check?\r
\r
                // user.getEPUserApps();\r
\r
                // Comments\r
                // 1. This method is clearly doing more than 'getting roles' - Not a\r
                // good name -\r
                // 2. Also, there is no null check - guest user scenarios will break the\r
                // code with NPE - added the check - Do not want to remove the call\r
                // altogether - not sure how it will effect things.\r
\r
                if (user != null) {\r
                        user.getEPRoles();\r
\r
                        // raise an error if the portal application is locked and the user\r
                        // does not\r
                        // have system administrator privileges\r
                        if (AppUtils.isApplicationLocked()\r
                                        && !EPUserUtils.hasRole(user, SystemProperties.getProperty(SystemProperties.SYS_ADMIN_ROLE_ID))) {\r
                                bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_APPLICATION_LOCKED);\r
                                EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeUserAdminPrivilegesInfo, user.getLoginId());\r
                        }\r
\r
                        // raise an error if the user is inactive\r
                        if (!user.getActive()) {\r
                                bean.setLoginErrorMessage(SystemProperties.MESSAGE_KEY_LOGIN_ERROR_USER_INACTIVE);\r
                                EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeUserInactiveWarning, user.getLoginId());\r
                        }\r
\r
                        // only login the user if no errors have occurred\r
                        if (bean.getLoginErrorMessage() == null) {\r
\r
                                // this will be a snapshot of the user's information as\r
                                // retrieved from the database\r
                                userCopy = (EPUser) user.clone();\r
\r
                                // update the last logged in date for the user\r
                                user.setLastLoginDate(new Date());\r
                                getDataAccessService().saveDomainObject(user, additionalParams);\r
\r
                                // create the application menu based on the user's privileges\r
                                MenuBuilder menuBuilder = new MenuBuilder();\r
                                Set appMenu = menuBuilder.getMenu(\r
                                                SystemProperties.getProperty(SystemProperties.APPLICATION_MENU_SET_NAME), dataAccessService);\r
                                bean.setMenu(appMenu != null ? appMenu : new HashSet());\r
                                Set businessDirectMenu = menuBuilder.getMenu(\r
                                                SystemProperties.getProperty(SystemProperties.BUSINESS_DIRECT_MENU_SET_NAME),\r
                                                dataAccessService);\r
                                bean.setBusinessDirectMenu(businessDirectMenu != null ? businessDirectMenu : new HashSet());\r
\r
                                bean.setUser(userCopy);\r
                        }\r
\r
                } else {\r
                        EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeUserMissingError, bean.getOrgUserId());\r
                }\r
\r
                return bean;\r
        }\r
\r
        /**\r
         * Searches the fn_user table for a row that matches the specified login_id\r
         * and login_pwd values.\r
         * \r
         * @param loginId\r
         * @param password\r
         * @return EPUser object; null on error or if no match.\r
         */\r
        private EPUser findUser(String loginId, String password) {\r
                List<?> list = null;\r
\r
                StringBuffer criteria = new StringBuffer();\r
                criteria.append(" where login_id = '").append(loginId).append("'").append(" and login_pwd = '").append(password)\r
                                .append("'");\r
\r
                try {\r
                        list = getDataAccessService().getList(EPUser.class, criteria.toString(), null, null);\r
                } catch (Exception e) {\r
                        EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);\r
                        logger.error(EELFLoggerDelegate.errorLogger, "findUser(String) failed on " + loginId, e);\r
                }\r
\r
                return (list == null || list.size() == 0) ? null : (EPUser) list.get(0);\r
        }\r
\r
        /*\r
         * (non-Javadoc)\r
         * @see org.openecomp.portalapp.portal.service.EPLoginService#findUserWithoutPwd(java.lang.String)\r
         */\r
        @Override\r
        public EPUser findUserWithoutPwd(String loginId) {\r
                List<?> list = null;\r
\r
                StringBuffer criteria = new StringBuffer();\r
                criteria.append(" where login_id = '").append(loginId).append("'");\r
\r
                try {\r
                        list = getDataAccessService().getList(EPUser.class, criteria.toString(), null, null);\r
                } catch (Exception e) {\r
                        EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);\r
                        String message = "findUserWithoutPwd failed on " + loginId;\r
                        logger.error(EELFLoggerDelegate.errorLogger, message, e);\r
                }\r
\r
                return (list == null || list.size() == 0) ? null : (EPUser) list.get(0);\r
        }\r
\r
        /**\r
         * Searches the fn_user table for a row that matches the value of the bean's\r
         * Organization User ID property.\r
         * \r
         * @param bean\r
         * @return EPUser object; null on error or if no match.\r
         */\r
        private EPUser findUser(EPLoginBean bean) {\r
                List<?> list = null;\r
\r
                StringBuffer criteria = new StringBuffer();\r
                criteria.append(" where orgUserId = '").append(bean.getOrgUserId()).append("'");\r
\r
                try {\r
                        list = getDataAccessService().getList(EPUser.class, criteria.toString(), null, null);\r
                } catch (Exception e) {\r
                        EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);\r
                        logger.error(EELFLoggerDelegate.errorLogger, "findUser(EPLoginBean) failed", e);\r
                }\r
\r
                return (list == null || list.size() == 0) ? null : (EPUser) list.get(0);\r
        }\r
\r
        public DataAccessService getDataAccessService() {\r
                return dataAccessService;\r
        }\r
\r
        public void setDataAccessService(DataAccessService dataAccessService) {\r
                this.dataAccessService = dataAccessService;\r
        }\r
\r
}\r