Security fixes

Issue-ID: PORTAL-136, PORTAL-155, PORTAL-210,PORTAL-217

Includes JUNITS and docker changes, music integration and security fixes

Change-Id: Ib9205d7e8aa31c525a87e9d9a8076906ea4c7f0a
Signed-off-by: Kishore Reddy, Gujja (kg811t) <kg811t@research.att.com>

diff --git a/deliveries/portal.cql b/deliveries/portal.cql
new file mode 100644 (file)
index 0000000..6cb6271
--- /dev/null
+++ b/deliveries/portal.cql
@@ -0,0 +1,54 @@
+CREATE KEYSPACE IF NOT EXISTS portal
+    WITH REPLICATION = {
+        'class' : 'SimpleStrategy',
+        'replication_factor': 1
+    }
+    AND DURABLE_WRITES = true;
+ 
+
+CREATE TABLE portal.spring_session (
+    primary_id text PRIMARY KEY,
+    creation_time text,
+    expiry_time text,
+    last_access_time text,
+    max_inactive_interval text,
+    principal_name text,
+    session_id text,
+    vector_ts text
+) WITH bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+    
+  
+CREATE TABLE portal.spring_session_attributes (
+    primary_id text,
+    attribute_name text,
+    attribute_bytes blob,
+    vector_ts text,
+    PRIMARY KEY (primary_id, attribute_name)
+) WITH CLUSTERING ORDER BY (attribute_name ASC)
+    AND bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';  

diff --git a/deliveries/portalsdk.cql b/deliveries/portalsdk.cql
new file mode 100644 (file)
index 0000000..62da5dd
--- /dev/null
+++ b/deliveries/portalsdk.cql
@@ -0,0 +1,54 @@
+CREATE KEYSPACE IF NOT EXISTS portalsdk
+    WITH REPLICATION = {
+        'class' : 'SimpleStrategy',
+        'replication_factor': 1
+    }
+    AND DURABLE_WRITES = true;
+ 
+
+CREATE TABLE portalsdk.spring_session (
+    primary_id text PRIMARY KEY,
+    creation_time text,
+    expiry_time text,
+    last_access_time text,
+    max_inactive_interval text,
+    principal_name text,
+    session_id text,
+    vector_ts text
+) WITH bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+    
+  
+CREATE TABLE portalsdk.spring_session_attributes (
+    primary_id text,
+    attribute_name text,
+    attribute_bytes blob,
+    vector_ts text,
+    PRIMARY KEY (primary_id, attribute_name)
+) WITH CLUSTERING ORDER BY (attribute_name ASC)
+    AND bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';  

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 7cdc796..ce394ea 100644 (file)
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -340,7 +340,7 @@
                <dependency>
                        <groupId>org.apache.poi</groupId>
                        <artifactId>poi</artifactId>
-                       <version>3.17</version>
+                       <version>3.15</version>
                        <exclusions>
                                <exclusion>
                                        <groupId>commons-logging</groupId>
@@ -355,7 +355,7 @@
                <dependency>
                        <groupId>org.apache.poi</groupId>
                        <artifactId>poi-ooxml</artifactId>
-                       <version>3.17</version>
+                       <version>3.15</version>
                        <exclusions>
                                <exclusion>
                                        <groupId>commons-logging</groupId>
@@ -547,7 +547,7 @@
                <dependency>
                        <groupId>commons-beanutils</groupId>
                        <artifactId>commons-beanutils</artifactId>
-                       <version>1.9.2</version>
+                       <version>1.9.3</version>
                </dependency>
                <dependency>
                        <groupId>com.ecwid.consul</groupId>
@@ -632,11 +632,6 @@
                    <artifactId>spring-security-config</artifactId>
                    <version>${springframework.version}</version>
            </dependency>
-               <dependency>
-               <groupId>org.apache.lucene</groupId>
-               <artifactId>lucene-queryparser</artifactId>
-               <version>7.2.1</version>
-               </dependency>
                <dependency>
                <groupId>com.thoughtworks.xstream</groupId>
                <artifactId>xstream</artifactId>

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
index 678672b..a222694 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
@@ -1507,7 +1507,12 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
                                        return roleFunc;
                                roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction);
                        } else {
-                               roleFunc = getRoleFuncList.get(0);
+                               // Check even if single record have pipes
+                               if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) {
+                                       roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0));
+                               } else {
+                                       roleFunc = getRoleFuncList.get(0);
+                               }
                        }
                } catch (Exception e) {
                        logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e);
@@ -3434,8 +3439,8 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
        @Override
        public List<CentralRole> convertV2CentralRoleListToOldVerisonCentralRoleList(List<CentralV2Role> v2CenRoleList) {
                List<CentralRole> cenRoleList = new ArrayList<>();
-               SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
                        for(CentralV2Role v2CenRole : v2CenRoleList){
+                               SortedSet<CentralRoleFunction> cenRoleFuncList = new TreeSet<>();
                                for(CentralV2RoleFunction v2CenRoleFunc: v2CenRole.getRoleFunctions()){
                                        CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName());
                                        cenRoleFuncList.add(roleFunc);

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java
index bb408b2..295ba74 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java
@@ -533,7 +533,7 @@ public class ExternalAccessRolesServiceImplTest {
                                .thenReturn(getRoleFuncList);
                CentralV2RoleFunction actual = externalAccessRolesServiceImpl.getRoleFunction("test_type|type_code|*",
                                app.getUebKey());
-               assertEquals(getCenRole.getCode(), actual.getCode());
+               assertEquals("type_code", actual.getCode());
        }
 
        @Test

diff --git a/ecomp-portal-BE-os/README.md b/ecomp-portal-BE-os/README.md
index 6ca4b1e..06f9ae3 100644 (file)
--- a/ecomp-portal-BE-os/README.md
+++ b/ecomp-portal-BE-os/README.md
@@ -15,6 +15,7 @@ https://www.eclipse.org/m2e-wtp/
 ## Release Notes
 
 Version 2.2
+- [PORTAL-179] wrong menu available to App Admin User
 - [PORTAL-207] Raise 4 % percentage (from 44 to 48) sonar code coverage for ONAP PORTAL
 - [PORTAL-136] Raise JUnit test coverage ONAP Portal to 50% for Beijing 
 - [PORTAL-133] replace ECOMP to ONAP on Contact Us and Get Access page

diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index 3eae686..ed42c06 100644 (file)
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -386,7 +386,7 @@
                <dependency>
                        <groupId>org.apache.poi</groupId>
                        <artifactId>poi</artifactId>
-                       <version>3.17</version>
+                       <version>3.15</version>
                        <exclusions>
                                <exclusion>
                                        <groupId>commons-logging</groupId>
@@ -401,7 +401,7 @@
                <dependency>
                        <groupId>org.apache.poi</groupId>
                        <artifactId>poi-ooxml</artifactId>
-                       <version>3.17</version>
+                       <version>3.15</version>
                        <exclusions>
                                <exclusion>
                                        <groupId>commons-logging</groupId>
@@ -609,7 +609,7 @@
                <dependency>
                        <groupId>commons-beanutils</groupId>
                        <artifactId>commons-beanutils</artifactId>
-                       <version>1.9.2</version>
+                       <version>1.9.3</version>
                </dependency>
                <!-- OpenID Connect Dependencies -->
                <dependency>
@@ -656,6 +656,7 @@
                        <groupId>org.onap.portal.sdk</groupId>
                        <artifactId>epsdk-music</artifactId>
                        <version>${epsdk.version}</version>
+                       <classifier>jar-with-dependencies</classifier>
                        <exclusions>
                                <exclusion>
                                        <groupId>org.onap.music</groupId>

diff --git a/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql b/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql
index 18d79fa..6461b13 100644 (file)
--- a/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql
+++ b/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql
@@ -3,7 +3,18 @@
 -- First run the common Opensource DML; then run this file to add The Opensource only data
 USE portal;
 
-set foreign_key_checks=1; 
+set foreign_key_checks=1;
+
+--- update fn_menu for roles
+UPDATE fn_menu
+SET function_cd = 'menu_acc_admin'
+WHERE  label = 'Roles';
+
+--- update fn_menu for users
+UPDATE fn_menu
+SET function_cd = 'menu_acc_admin'
+WHERE label = 'Users';
+
 
 -- fn_user
 Insert into fn_user (USER_ID, ORG_ID, MANAGER_ID,FIRST_NAME,MIDDLE_NAME,LAST_NAME,PHONE,FAX,CELLULAR,EMAIL,ADDRESS_ID,ALERT_METHOD_CD,HRID,ORG_USER_ID,ORG_CODE,LOGIN_ID,LOGIN_PWD,LAST_LOGIN_DATE,ACTIVE_YN,CREATED_ID,CREATED_DATE,MODIFIED_ID,MODIFIED_DATE,IS_INTERNAL_YN,ADDRESS_LINE_1,ADDRESS_LINE_2,CITY,STATE_CD,ZIP_CODE,COUNTRY_CD,LOCATION_CLLI,ORG_MANAGER_USERID,COMPANY,DEPARTMENT_NAME,JOB_TITLE,TIMEZONE,DEPARTMENT,BUSINESS_UNIT,BUSINESS_UNIT_NAME,COST_CENTER,FIN_LOC_CODE,SILO_STATUS) values (1,NULL,NULL,'Demo',NULL,'User',NULL,NULL,NULL,'demo@openecomp.org',NULL,NULL,NULL,'demo',NULL,'demo','4Gl6WL1bmwviYm+XZa6pS1vC0qKXWtn9wcZWdLx61L0=','2016-10-20 15:11:16','Y',NULL,'2016-10-14 21:00:00',1,'2016-10-20 15:11:16','N',NULL,NULL,NULL,'NJ',NULL,'US',NULL,NULL,NULL,NULL,NULL,10,NULL,NULL,NULL,NULL,NULL,NULL);
@@ -89,7 +100,24 @@ insert into ep_app_function (app_id, function_cd, function_name) values
 (1,    'url|saveNotification|*','publish notifications'),
 (1,    'url|url_role.htm|*','role page'),
 (1,    'url|url_welcome.htm|*','welcome page'),
-(1, 'menu|menu_acc_admin|*','Admin Acc Menu');
+(1, 'menu|menu_acc_admin|*','Admin Account Menu'),
+(1,'url|addWebAnalyticsReport|*','Add Web Analytics Report'), 
+(1,'url|appsFullList|*','Apps Full List'),
+(1,'url|centralizedApps|*','Centralized Apps'),
+(1,'url|functionalMenu|*','Functional Menu'),
+(1,'url|getAllWebAnalytics|*','Get All Web Analytics'),
+(1,'url|getFunctionalMenuRole|*','Get Functional Menu Role'),
+(1,'url|getNotificationAppRoles|*','Get Notification App Roles'),
+(1,'url|getUserAppsWebAnalytics|*','Get User Apps Web Analytics'),
+(1,'url|getUserJourneyAnalyticsReport|*','Get User Journey Report'),
+(1,'url|get_roles%2f%2a|*','getRolesOfApp'),
+(1,'url|get_role_functions%2f%2a|*','Get Role Functions'),
+(1,'url|notification_code|*','Notification Code'),
+(1,'url|role_function_list%2fsaveRoleFunction%2f%2a|*','Save Role Function'),
+(1,'url|syncRoles|*','SyncRoles'),
+(1,'url|userAppRoles|*','userAppRoles'),
+(1,'url|userApps|*','User Apps')
+;
 
 
 insert into ep_app_role_function (id, app_id, role_id, function_cd, role_app_id) values
@@ -102,12 +130,24 @@ insert into ep_app_role_function (id, app_id, role_id, function_cd, role_app_id)
 (7, 1, 16, 'menu|menu_logout|*',       null),
 (8, 1, 950, 'url|edit_notification|*', null),
 (9, 1, 950, 'url|getAdminNotifications|*', null),
-(10, 1, 950, 'url|saveNotification|*', null),
-(11, 1, 999, 'url|edit_notification|*', null),
-(12, 1, 999, 'url|getAdminNotifications|*', null),
-(13, 1, 999, 'menu|menu_admin|*', null),
-(14, 1, 1010, 'menu|menu_web_analytics|*', null),
+(10,1, 950, 'url|saveNotification|*', null),
+(11,1, 999,'url|userAppRoles|*','userAppRoles', null),
+(12,1, 999, 'url|getAdminNotifications|*', null),
+(13,1, 999,'url|userApps|*','User Apps'),
+(14,1, 1010, 'menu|menu_web_analytics|*', null),
 (15, 1, 2115, 'menu|menu_web_analytics|*', null),
 (16, 1 , 1, 'menu|menu_acc_admin|*' , null),
 (17, 1 , 999 ,'menu|menu_acc_admin|*', null);
+(18,1,999,'url|centralizedApps|*','Centralized Apps', null),
+(19,1,999,'url|getAllWebAnalytics|*','Get All Web Analytics', null),
+(20,1,999,'url|getFunctionalMenuRole|*','Get Functional Menu Role', null),
+(21,1,999,'url|getNotificationAppRoles|*','Get Notification App Roles', null),
+(22,1,999,'url|getUserAppsWebAnalytics|*','Get User Apps Web Analytics', null),
+(23,1,999,'url|getUserJourneyAnalyticsReport|*','Get User Journey Report', null),
+(24,1,999,'url|get_roles%2f%2a|*','getRolesOfApp', null),
+(25,1,999,'url|get_role_functions%2f%2a|*','Get Role Functions', null),
+(26,1,999,'url|notification_code|*','Notification Code', null),
+(27,1,999,'url|role_function_list%2fsaveRoleFunction%2f%2a|*','Save Role Function', null),
+(28,1,999,'url|syncRoles|*','SyncRoles', null);
+
 commit;    
\ No newline at end of file

diff --git a/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html b/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html
index 508db70..cb29ef7 100644 (file)
--- a/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html
+++ b/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html
@@ -60,7 +60,7 @@
                                
             <div class="span6" >
                 <div class="item-label">Title</div>
-                <input id="input-title" ddh-reset ng-readonly="!functionalMenuDetails.formEditable ? 'checked':'' " placeholder="Enter text"class="functionalMenu-height" ng-model="functionalMenuDetails.menutitle" type="text" name="text"/>
+                <input id="input-title" ddh-reset ng-readonly="!functionalMenuDetails.formEditable ? 'checked':'' " placeholder="Enter text"class="functionalMenu-height" ng-model="functionalMenuDetails.menutitle" type="text" name="text" maxlength="100"/>
                 <div id="div-error-conflict" class="error-container" ng-show="functionalMenuDetails.conflictMessages.text">
                     <small id="msg-error-conflict" id="functionalMenuDetails-input-title-conflict" class="err-message" ng-bind="functionalMenuDetails.conflictMessages.text"></small>
                 </div>

diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index a3c5546..5d8896c 100644 (file)
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -152,6 +152,21 @@
                        <artifactId>logback-classic</artifactId>
                        <version>1.2.3</version>
                </dependency>
+               <dependency>
+                       <groupId>com.fasterxml.jackson.core</groupId>
+                       <artifactId>jackson-annotations</artifactId>
+                       <version>2.8.10</version>
+               </dependency>
+               <dependency>
+                       <groupId>com.fasterxml.jackson.core</groupId>
+                       <artifactId>jackson-core</artifactId>
+                       <version>2.8.10</version>
+               </dependency>
+               <dependency>
+                       <groupId>com.fasterxml.jackson.core</groupId>
+                       <artifactId>jackson-databind</artifactId>
+                       <version>2.8.10</version>
+               </dependency>
        </dependencies>
 
        <build>

diff --git a/pom.xml b/pom.xml
index c1b07e0..d3571b3 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
                <!-- Jenkins should invoke mvn with argument -Dbuild.number=${BUILD_NUMBER} -->
                <build.number>0</build.number>
                <epsdk.version>2.2.0-SNAPSHOT</epsdk.version>
-               <springframework.version>4.2.2.RELEASE</springframework.version>
+               <springframework.version>4.2.3.RELEASE</springframework.version>
                <hibernate.version>4.3.11.Final</hibernate.version>
                <fasterxml.version>2.8.10</fasterxml.version>
                <eelf.version>1.0.0</eelf.version>