Code Review / portal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
[PORTAL-7] Rebase
[portal.git] / ecomp-portal-BE-os / src / main / java / org / openecomp / portalapp / controller / LoginController.java
1 /*-
2  * ================================================================================
3  * ECOMP Portal
4  * ================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property
6  * ================================================================================
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  * 
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  * 
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ================================================================================
19  */
20 package org.openecomp.portalapp.controller;
21
22 import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID;
23
24 import java.net.URLDecoder;
25 import java.util.Enumeration;
26 import java.util.HashMap;
27 import java.util.List;
28 import java.util.Map;
29 import java.util.UUID;
30
31 import javax.servlet.http.Cookie;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
34
35 import org.json.JSONObject;
36 import org.openecomp.portalapp.command.EPLoginBean;
37 import org.openecomp.portalapp.portal.domain.SharedContext;
38 import org.openecomp.portalapp.portal.service.EPLoginService;
39 import org.openecomp.portalapp.portal.service.EPRoleService;
40 import org.openecomp.portalapp.portal.service.SharedContextService;
41 import org.openecomp.portalapp.portal.utils.EPSystemProperties;
42 import org.openecomp.portalapp.portal.utils.EcompPortalUtils;
43 import org.openecomp.portalapp.service.EPProfileService;
44 import org.openecomp.portalapp.util.EPUserUtils;
45 import org.openecomp.portalapp.util.SessionCookieUtil;
46 import org.openecomp.portalsdk.core.logging.logic.EELFLoggerDelegate;
47 import org.openecomp.portalsdk.core.menu.MenuProperties;
48 import org.openecomp.portalsdk.core.onboarding.listener.PortalTimeoutHandler;
49 import org.openecomp.portalsdk.core.onboarding.util.CipherUtil;
50 import org.openecomp.portalsdk.core.util.SystemProperties;
51 import org.openecomp.portalsdk.core.web.support.AppUtils;
52 import org.slf4j.MDC;
53 import org.springframework.beans.factory.annotation.Autowired;
54 import org.springframework.stereotype.Controller;
55 import org.springframework.util.StopWatch;
56 import org.springframework.web.bind.annotation.RequestMapping;
57 import org.springframework.web.bind.annotation.RequestMethod;
58 import org.springframework.web.bind.annotation.ResponseBody;
59 import org.springframework.web.servlet.ModelAndView;
60 import org.springframework.web.util.WebUtils;
61
62 import com.fasterxml.jackson.databind.DeserializationFeature;
63 import com.fasterxml.jackson.databind.JsonNode;
64 import com.fasterxml.jackson.databind.ObjectMapper;
65
66 @Controller
67 @RequestMapping("/")
68 public class LoginController extends EPUnRestrictedBaseController implements LoginService{
69         
70         EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginController.class);
71         
72         public static final String DEFAULT_SUCCESS_VIEW = "applicationsHome";
73         public static final String DEFAULT_FAILURE_VIEW = "login";
74         public static final String ERROR_MESSAGE_KEY    = "error";
75         public static final String REDIRECT_URL = "redirectUrl";
76         
77         @Autowired
78         EPProfileService service;
79         @Autowired
80         private EPLoginService loginService;
81         @Autowired
82         private SharedContextService sharedContextService;
83         
84         @Autowired
85         private EPRoleService roleService;
86         
87         String viewName = "login";
88         private String welcomeView;
89
90     public String getWelcomeView() {
91         return welcomeView;
92     }
93
94     public void setWelcomeView(String welcomeView) {
95         this.welcomeView = welcomeView;
96     }
97     
98         @RequestMapping(value = {"/login.htm" }, method = RequestMethod.GET)
99         public ModelAndView login(HttpServletRequest request) {
100                 Map<String, Object> model = new HashMap<String, Object>();
101                 
102                 String authentication = SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM);
103                 
104                 String loginPage;
105                 
106                 if (authentication == null || authentication.equals("") || authentication.trim().equals("OIDC"))                                
107                         loginPage = "openIdLogin";
108                 else
109                         loginPage =  getViewName();
110                 
111                 return new ModelAndView(loginPage,"model", model);
112         }
113         
114         @SuppressWarnings("rawtypes")
115         @RequestMapping(value = {"/open_source/login" }, method = RequestMethod.POST)
116         public @ResponseBody String loginValidate(HttpServletRequest request, HttpServletResponse response) throws Exception{
117                 
118                 ObjectMapper mapper = new ObjectMapper();
119                 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
120                 JsonNode root = mapper.readTree(request.getReader());
121                 
122               EPLoginBean commandBean = new EPLoginBean();
123               String        loginId = root.get("loginId").textValue(); 
124               String        password = root.get("password").textValue();
125               commandBean.setLoginId(loginId);
126               commandBean.setLoginPwd(CipherUtil.encrypt(password));
127               HashMap additionalParamsMap = new HashMap();
128               StringBuilder sbAdditionalInfo = new StringBuilder();
129               
130               commandBean = getLoginService().findUser(commandBean, (String)request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), 
131                           additionalParamsMap);
132               String fullURL = getFullURL(request);
133               if (commandBean.getUser() == null) {
134                 String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage() 
135                                 : "login.error.external.invalid";
136
137                         logger.info(EELFLoggerDelegate.debugLogger, "loginId = " + loginId + " does not exist in the the DB.");
138                         logger.info(EELFLoggerDelegate.errorLogger, "loginId = " + loginId + " does not exist in the the DB.");
139                         sbAdditionalInfo.append(String.format("But the Login-Id: %s doesn't exist in the Database. Request-URL: %s", 
140                                         loginId, fullURL));
141                         return loginErrorMessage;
142               }
143               else {
144                 // store the currently logged in user's information in the session
145                 EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM), 
146                                 roleService.getRoleFunctions());
147                 
148                 try{
149                         logger.info(EELFLoggerDelegate.debugLogger, "******************* store user info into share context begins");
150                         String sessionId = request.getSession().getId();                                
151                         List<SharedContext> existingSC = getSharedContextService().getSharedContexts(sessionId);
152                         if(existingSC==null || existingSC.size()==0){
153                                 getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_FIRST_NAME, commandBean.getUser().getFirstName());
154                                     getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_LAST_NAME, commandBean.getUser().getLastName());
155                                     getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_EMAIL, commandBean.getUser().getEmail());
156                                     getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_ORG_USERID, commandBean.getLoginId());
157                         }
158                             
159                     }catch(Exception e){
160                         logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
161                                 logger.info(EELFLoggerDelegate.errorLogger, "failed the shared context adding process " + e.getMessage());
162                                 logger.info(EELFLoggerDelegate.debugLogger, "********************** failed the shared context adding process " + e.getMessage());
163                     }
164                         logger.info(EELFLoggerDelegate.debugLogger, "********************* PresetUp the EP service cookie and intial sessionManagement");
165
166                     SessionCookieUtil.preSetUp(request, response); 
167                     SessionCookieUtil.setUpUserIdCookie(request, response, loginId);
168   
169                     JSONObject j = new JSONObject("{success: success}");
170                
171                 return j.toString();
172                
173               }
174         
175         }
176         
177         @RequestMapping(value = {"/processSingleSignOn" }, method = RequestMethod.GET)
178         public ModelAndView processSingelSignOn(HttpServletRequest request, HttpServletResponse response) throws Exception{
179                 
180                 Map<Object, Object>             model = new HashMap<Object, Object>();
181                 HashMap<Object, Object> additionalParamsMap = new HashMap<Object, Object>();
182                 EPLoginBean commandBean = new EPLoginBean();
183                 MDC.put(MDC_KEY_REQUEST_ID, getRequestId(request));
184                 String  orgUserId = "";
185                 //get userId from cookie
186                 orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response);
187                 logger.info(EELFLoggerDelegate.debugLogger, "******************** process_singelSignOn process begins");
188                 logger.info(EELFLoggerDelegate.debugLogger, "******************* We get the orgUserId " + orgUserId);
189
190                 StringBuilder sbAdditionalInfo = new StringBuilder();
191                 if ((orgUserId == null || orgUserId.length() == 0)) {
192                         model.put(ERROR_MESSAGE_KEY, SystemProperties.MESSAGE_KEY_LOGIN_ERROR_COOKIE_EMPTY);
193                         if(request.getParameter("redirectUrl")!=null && request.getParameter("redirectUrl").length()!=0){
194                              return new ModelAndView("redirect:" + DEFAULT_FAILURE_VIEW + ".htm" + "?redirectUrl=" + request.getParameter("redirectUrl"));
195                         }else{
196                                  return new ModelAndView("redirect:" + DEFAULT_FAILURE_VIEW + ".htm");
197                         }
198                 }
199                 else {
200                         
201                         StopWatch stopWatch = new StopWatch("LoginController.Login");
202                         stopWatch.start();
203                                                 
204                         try {
205                                 logger.info(EELFLoggerDelegate.metricsLogger, "Operation findUser is started to locate " + orgUserId + " in the database.");
206                                 logger.info(EELFLoggerDelegate.debugLogger, "Operation findUser is started to locate " + orgUserId + " in the database.");
207                                 commandBean.setLoginId(orgUserId);
208                                 commandBean.setOrgUserId(orgUserId);
209                                 commandBean = getLoginService().findUser(commandBean, (String)request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), additionalParamsMap);
210                                 
211                                 stopWatch.stop();
212                                 MDC.put(EPSystemProperties.MDC_TIMER, stopWatch.getTotalTimeMillis() + "ms");
213                                 logger.info(EELFLoggerDelegate.metricsLogger, "Operation findUser is completed.");
214                                 logger.info(EELFLoggerDelegate.debugLogger, "Operation findUser is completed.");
215                         } catch(Exception e) {
216                                 stopWatch.stop();
217                                 MDC.put(EPSystemProperties.MDC_TIMER, stopWatch.getTotalTimeMillis() + "ms");
218                                 logger.info(EELFLoggerDelegate.errorLogger, "Exception occurred while performing findUser " + orgUserId + ". Details: " + EcompPortalUtils.getStackTrace(e));
219                                 logger.info(EELFLoggerDelegate.debugLogger, "Exception occurred while performing findUser " + orgUserId + ". Details: " + EcompPortalUtils.getStackTrace(e));
220                                 logger.info(EELFLoggerDelegate.metricsLogger, "Operation findUser is failed.");
221                         } finally {
222                                 MDC.remove(EPSystemProperties.MDC_TIMER);
223                         }
224                         
225                         sbAdditionalInfo.append("Login attempt is succeeded. ");
226                         String fullURL = getFullURL(request);
227                         if (commandBean.getUser() == null) {
228                                 logger.info(EELFLoggerDelegate.debugLogger, "loginId = " + orgUserId + " does not exist in the the DB.");
229                                 logger.info(EELFLoggerDelegate.errorLogger, "loginId = " + orgUserId + " does not exist in the the DB.");
230                                 logger.info(EELFLoggerDelegate.debugLogger, "loginId = " + orgUserId + " does not exist in the the DB.");
231
232                                 sbAdditionalInfo.append(String.format("But the Login-Id: %s doesn't exist in the Database. Created a Guest Session. Request-URL: %s", 
233                                                 orgUserId, fullURL));
234                                 if(request.getParameter("redirectUrl")!=null && request.getParameter("redirectUrl").length()!=0){
235                                      return new ModelAndView("redirect:" + DEFAULT_FAILURE_VIEW + ".htm" + "?redirectUrl=" + request.getParameter("redirectUrl"));
236                                 }else{
237                                          return new ModelAndView("redirect:" + DEFAULT_FAILURE_VIEW + ".htm");
238                                 }
239                         }
240                         else {
241                     
242                             sbAdditionalInfo.append(String.format("Login-Id: %s, Login-Method: %s, Request-URL: %s", orgUserId, "", fullURL));
243                                 logger.info(EELFLoggerDelegate.debugLogger, "*********************** now set up user session for " + orgUserId);
244
245                             EPUserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), SystemProperties.getProperty(SystemProperties.AUTHENTICATION_MECHANISM), roleService.getRoleFunctions());
246                                 logger.info(EELFLoggerDelegate.debugLogger, "*********************** now set up user session for " + orgUserId + " finished");
247
248                             //Store user's information into share context       
249                             try{
250                                         logger.info(EELFLoggerDelegate.debugLogger, "******************* store user info into share context begins");
251
252                                 String sessionId = request.getSession().getId();                                
253                                 List<SharedContext> existingSC = getSharedContextService().getSharedContexts(sessionId);
254                                 if(existingSC==null || existingSC.size()==0){
255                                         getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_FIRST_NAME, commandBean.getUser().getFirstName());
256                                             getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_LAST_NAME, commandBean.getUser().getLastName());
257                                             getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_EMAIL, commandBean.getUser().getEmail());
258                                             getSharedContextService().addSharedContext(sessionId, EPSystemProperties.USER_ORG_USERID, commandBean.getLoginId());
259                                 }
260                                     
261                             }catch(Exception e){
262                                 logger.error(EELFLoggerDelegate.errorLogger, EcompPortalUtils.getStackTrace(e));
263                                         logger.info(EELFLoggerDelegate.errorLogger, "failed the shared context adding process " + e.getMessage());
264                                         logger.info(EELFLoggerDelegate.debugLogger, "********************** failed the shared context adding process " + e.getMessage());
265
266                             }
267                             
268                                 logger.info(EELFLoggerDelegate.debugLogger, "********************* PresetUp the EP service cookie and intial sessionManagement");
269
270                             SessionCookieUtil.preSetUp(request, response); 
271                             SessionCookieUtil.setUpUserIdCookie(request, response, orgUserId);
272                                 logger.info(EELFLoggerDelegate.debugLogger, "********************* PresetUp the EP service cookie and intial sessionManagement completed");
273                                 logger.info(EELFLoggerDelegate.errorLogger, commandBean.getUser().getOrgUserId() + " exists in the the system.");
274                                 logger.info(EELFLoggerDelegate.debugLogger, commandBean.getUser().getOrgUserId() + " exists in the the system.");
275
276                             String redirect = "redirectUrl";
277                             
278                                 //get redirectUrl from URL parameter
279                             if(request.getParameter(redirect)!=null && request.getParameter(redirect).length()!=0){
280                                 String forwardUrl = URLDecoder.decode(request.getParameter(redirect),"UTF-8");
281                                 //clean cookie
282                                 Cookie cookie2 = new Cookie(redirect, "");
283                                 cookie2.setMaxAge(0);
284                                 cookie2.setDomain(EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN));
285                                 cookie2.setPath("/");
286                                 response.addCookie(cookie2);
287                                 return new ModelAndView("redirect:" + forwardUrl);
288                             }
289                             
290                             //first check if redirectUrl exists or not
291                                 if(WebUtils.getCookie(request, redirect)!=null){
292                                 String forwardUrl = WebUtils.getCookie(request, redirect).getValue();
293                                 //clean cookie
294                                 Cookie cookie2 = new Cookie(redirect, "");
295                             cookie2.setMaxAge(0);
296                             cookie2.setDomain(EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN));
297                             cookie2.setPath("/");
298                             response.addCookie(cookie2);               
299                                 
300                                 return new ModelAndView("redirect:" + forwardUrl);
301                         }
302                         }
303                 }
304                 
305                 // if user has been authenticated, now take them to the welcome page.
306                 //return new ModelAndView("redirect:" + DEFAULT_SUCCESS_VIEW + ".htm");
307                 logger.info(EELFLoggerDelegate.debugLogger, "********************** Now return to application home page");
308
309                 return new ModelAndView("redirect:" + SystemProperties.getProperty(EPSystemProperties.FE_URL));
310                 
311                 //
312                 // Re-enable for BE/FE separation.  For 1607, at last minute we decided to go out
313                 // without BE/FE separation.
314                 //
315                 //return new ModelAndView("redirect:" + SystemProperties.getProperty(EPSystemProperties.FE_URL));
316                 
317         }
318         
319         public String getFullURL(HttpServletRequest request) {
320                 if (request != null) {
321                         StringBuffer requestURL = request.getRequestURL();
322                         String queryString = request.getQueryString();
323
324                         if (queryString == null) {
325                                 return requestURL.toString();
326                         } else {
327                                 return requestURL.append('?').append(queryString).toString();
328                         }
329                 }
330                 return "";
331         }
332         
333         public String getRequestId(HttpServletRequest request) {
334                 Enumeration<String> headerNames = request.getHeaderNames();
335
336                 String requestId = "";
337                 try {
338                         while (headerNames.hasMoreElements()) {
339                                 String headerName = (String) headerNames.nextElement();
340                                 logger.debug(EELFLoggerDelegate.debugLogger,
341                                                 "One header is " + headerName + " : " + request.getHeader(headerName));
342                                 if (headerName.equalsIgnoreCase(SystemProperties.ECOMP_REQUEST_ID)) {
343                                         requestId = request.getHeader(headerName);
344                                         break;
345                                 }
346                         }
347                 } catch (Exception e) {
348                         logger.error(EELFLoggerDelegate.errorLogger, "HEADER!!!! Exception : " + EcompPortalUtils.getStackTrace(e));
349                 }
350
351                 return (requestId.isEmpty() ? UUID.randomUUID().toString() : requestId);
352         }
353         
354     public String getJessionId(HttpServletRequest request){
355                 
356                 return request.getSession().getId();
357                 /*
358                 Cookie ep = WebUtils.getCookie(request, JSESSIONID);
359                 if(ep==null){
360                         return request.getSession().getId();
361                 }
362                 return ep.getValue();
363                 */
364         }
365         
366         
367         protected void initateSessionMgtHandler(HttpServletRequest request) {
368                 String jSessionId = getJessionId(request);
369                 PortalTimeoutHandler.sessionCreated(jSessionId, jSessionId, AppUtils.getSession(request));
370         }
371         
372
373         public String getViewName() {
374                 return viewName;
375         }
376         public void setViewName(String viewName) {
377                 this.viewName = viewName;
378         }
379         public EPLoginService getLoginService() {
380         return loginService;
381     }
382
383     public void setLoginService(EPLoginService loginService) {
384         this.loginService = loginService;
385     }
386
387         public SharedContextService getSharedContextService() {
388                 return sharedContextService;
389         }
390
391         public void setSharedContextService(SharedContextService sharedContextService) {
392                 this.sharedContextService = sharedContextService;
393         }
394     
395
396
397 }
ARCHIVED- 2022-02-15 at the request of the project