-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
+/*
+ * Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
*
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- *
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * permissions and limitations under the License.
*/
package org.akraino.validation.ui.login;
+import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.web.servlet.ModelAndView;
/**
- * Implements basic single-signon login strategy for open-source
- * applications when users start at Portal. Extracts an encrypted user ID
- * sent by Portal.
+ * Implements basic single-signon login strategy for open-source applications
+ * when users start at Portal. Extracts an encrypted user ID sent by Portal.
*/
public class LoginStrategyImpl extends LoginStrategy {
LoginBean commandBean = new LoginBean();
String loginId = request.getParameter("loginId");
String password = request.getParameter("password");
+ String redirectUrl = request.getParameter("redirectUrl");
commandBean.setLoginId(loginId);
commandBean.setLoginPwd(password);
commandBean.setUserid(loginId);
commandBean = loginService.findUser(commandBean,
(String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap());
List<RoleFunction> roleFunctionList = roleService.getRoleFunctions(loginId);
-
- if (commandBean.getUser() == null) {
+ if (commandBean.getUser() == null || !CipherUtil
+ .decryptPKC(commandBean.getUser().getLoginPwd(), System.getenv("ENCRYPTION_KEY")).equals(password)) {
String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage()
: "login.error.external.invalid";
Map<String, String> model = new HashMap<>();
model.put("error", loginErrorMessage);
- return new ModelAndView("login_external", "model", model);
+ if (redirectUrl == null || redirectUrl.equals("")) {
+ return new ModelAndView("login_external", "model", model);
+ } else {
+ return new ModelAndView(
+ "redirect:login_external.htm?redirectUrl=" + request.getParameter("redirectUrl"));
+ }
} else {
// store the currently logged in user's information in the session
UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
commandBean.getBusinessDirectMenu(),
SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList);
initateSessionMgtHandler(request);
- // user has been authenticated, now take them to the welcome page
- return new ModelAndView("redirect:welcome.htm");
+ // user has been authenticated, now take them to the welcome or redirection page
+ if (redirectUrl == null || redirectUrl.equals("")) {
+ return new ModelAndView("redirect:welcome.htm");
+ } else {
+ return new ModelAndView("redirect:"
+ + redirectUrl.substring(redirectUrl.lastIndexOf("/bluvalui/") + 10, redirectUrl.length()));
+ }
+ }
+ }
+
+ @Override
+ public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+
+ invalidateExistingSession(request);
+
+ LoginBean commandBean = new LoginBean();
+ String loginId = request.getParameter("loginId");
+ String password = request.getParameter("password");
+ String redirectUrl = request.getParameter("redirectUrl");
+ commandBean.setLoginId(loginId);
+ commandBean.setLoginPwd(password);
+ commandBean.setUserid(loginId);
+ commandBean = loginService.findUser(commandBean,
+ (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap());
+ List<RoleFunction> roleFunctionList = roleService.getRoleFunctions(loginId);
+
+ try {
+ if (commandBean.getUser() == null
+ || !CipherUtil.decryptPKC(commandBean.getUser().getLoginPwd(), System.getenv("ENCRYPTION_KEY"))
+ .equals(password)) {
+ String loginErrorMessage = (commandBean.getLoginErrorMessage() != null)
+ ? commandBean.getLoginErrorMessage()
+ : "login.error.external.invalid";
+ Map<String, String> model = new HashMap<>();
+ model.put("error", loginErrorMessage);
+ if (redirectUrl == null || redirectUrl.equals("")) {
+ return new ModelAndView("login_external", "model", model);
+ } else {
+ return new ModelAndView(
+ "redirect:login_external.htm?redirectUrl=" + request.getParameter("redirectUrl"));
+ }
+ } else {
+ // store the currently logged in user's information in the session
+ UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
+ commandBean.getBusinessDirectMenu(),
+ SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList);
+ initateSessionMgtHandler(request);
+ // user has been authenticated, now take them to the welcome or redirection page
+ if (redirectUrl == null || redirectUrl.equals("")) {
+ return new ModelAndView("redirect:welcome.htm");
+ } else {
+ return new ModelAndView("redirect:"
+ + redirectUrl.substring(redirectUrl.lastIndexOf("/bluvalui/") + 10, redirectUrl.length()));
+ }
+ }
+ } catch (CipherUtilException e) {
+ LOGGER.error(EELFLoggerDelegate.errorLogger, "Error in Cipher." + UserUtils.getStackTrace(e));
+ // store the currently logged in user's information in the session
+ UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(),
+ commandBean.getBusinessDirectMenu(),
+ SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList);
+ initateSessionMgtHandler(request);
+ // user has been authenticated, now take them to the welcome or redirection page
+ if (redirectUrl == null || redirectUrl.equals("")) {
+ return new ModelAndView("redirect:welcome.htm");
+ } else {
+ return new ModelAndView("redirect:"
+ + redirectUrl.substring(redirectUrl.lastIndexOf("/bluvalui/") + 10, redirectUrl.length()));
+ }
}
}
}
/**
- * Searches the request for the user-ID cookie and decrypts the value
- * using a key configured in properties
+ * Searches the request for the user-ID cookie and decrypts the value using a
+ * key configured in properties
*
* @param request HttpServletRequest
* @return User ID
/**
* Searches the request for the named cookie.
*
- * @param request HttpServletRequest
+ * @param request HttpServletRequest
* @param cookieName Name of desired cookie
* @return Cookie if found; otherwise null.
*/