X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ui%2Fsrc%2Fmain%2Fjava%2Forg%2Fakraino%2Fvalidation%2Fui%2Flogin%2FLoginStrategyImpl.java;h=bebc35a61a37c49701367712d6977f73d7ee58c4;hb=19e7a87af0e8b17a418497b41c8b8c98708cd01f;hp=55960ac1eb5f64a7d397161d8eb7758a99442494;hpb=ab9486c87090e0670d44825db7fc5d4eb900fd89;p=validation.git diff --git a/ui/src/main/java/org/akraino/validation/ui/login/LoginStrategyImpl.java b/ui/src/main/java/org/akraino/validation/ui/login/LoginStrategyImpl.java index 55960ac..bebc35a 100644 --- a/ui/src/main/java/org/akraino/validation/ui/login/LoginStrategyImpl.java +++ b/ui/src/main/java/org/akraino/validation/ui/login/LoginStrategyImpl.java @@ -1,43 +1,22 @@ -/*- - * ============LICENSE_START========================================== - * ONAP Portal - * =================================================================== - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * =================================================================== +/* + * Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. * - * Unless otherwise specified, all software contained herein is licensed - * under the Apache License, Version 2.0 (the "License"); - * you may not use this software except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. You may obtain + * a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Unless otherwise specified, all documentation contained herein is licensed - * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); - * you may not use this documentation except in compliance with the License. - * You may obtain a copy of the License at - * - * https://creativecommons.org/licenses/by/4.0/ - * - * Unless required by applicable law or agreed to in writing, documentation - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * ============LICENSE_END============================================ - * - * + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. */ package org.akraino.validation.ui.login; +import java.io.IOException; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -62,9 +41,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.ModelAndView; /** - * Implements basic single-signon login strategy for open-source - * applications when users start at Portal. Extracts an encrypted user ID - * sent by Portal. + * Implements basic single-signon login strategy for open-source applications + * when users start at Portal. Extracts an encrypted user ID sent by Portal. */ public class LoginStrategyImpl extends LoginStrategy { @@ -87,27 +65,100 @@ public class LoginStrategyImpl extends LoginStrategy { LoginBean commandBean = new LoginBean(); String loginId = request.getParameter("loginId"); String password = request.getParameter("password"); + String redirectUrl = request.getParameter("redirectUrl"); commandBean.setLoginId(loginId); commandBean.setLoginPwd(password); commandBean.setUserid(loginId); commandBean = loginService.findUser(commandBean, (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap()); List roleFunctionList = roleService.getRoleFunctions(loginId); - - if (commandBean.getUser() == null) { + if (commandBean.getUser() == null || !CipherUtil + .decryptPKC(commandBean.getUser().getLoginPwd(), System.getenv("ENCRYPTION_KEY")).equals(password)) { String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) ? commandBean.getLoginErrorMessage() : "login.error.external.invalid"; Map model = new HashMap<>(); model.put("error", loginErrorMessage); - return new ModelAndView("login_external", "model", model); + if (redirectUrl == null || redirectUrl.equals("")) { + return new ModelAndView("login_external", "model", model); + } else { + return new ModelAndView( + "redirect:login_external.htm?redirectUrl=" + request.getParameter("redirectUrl")); + } } else { // store the currently logged in user's information in the session UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), commandBean.getBusinessDirectMenu(), SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList); initateSessionMgtHandler(request); - // user has been authenticated, now take them to the welcome page - return new ModelAndView("redirect:welcome.htm"); + // user has been authenticated, now take them to the welcome or redirection page + if (redirectUrl == null || redirectUrl.equals("")) { + return new ModelAndView("redirect:welcome.htm"); + } else { + return new ModelAndView("redirect:" + + redirectUrl.substring(redirectUrl.lastIndexOf("/bluvalui/") + 10, redirectUrl.length())); + } + } + } + + @Override + public ModelAndView doExternalLogin(HttpServletRequest request, HttpServletResponse response) throws IOException { + + invalidateExistingSession(request); + + LoginBean commandBean = new LoginBean(); + String loginId = request.getParameter("loginId"); + String password = request.getParameter("password"); + String redirectUrl = request.getParameter("redirectUrl"); + commandBean.setLoginId(loginId); + commandBean.setLoginPwd(password); + commandBean.setUserid(loginId); + commandBean = loginService.findUser(commandBean, + (String) request.getAttribute(MenuProperties.MENU_PROPERTIES_FILENAME_KEY), new HashMap()); + List roleFunctionList = roleService.getRoleFunctions(loginId); + + try { + if (commandBean.getUser() == null + || !CipherUtil.decryptPKC(commandBean.getUser().getLoginPwd(), System.getenv("ENCRYPTION_KEY")) + .equals(password)) { + String loginErrorMessage = (commandBean.getLoginErrorMessage() != null) + ? commandBean.getLoginErrorMessage() + : "login.error.external.invalid"; + Map model = new HashMap<>(); + model.put("error", loginErrorMessage); + if (redirectUrl == null || redirectUrl.equals("")) { + return new ModelAndView("login_external", "model", model); + } else { + return new ModelAndView( + "redirect:login_external.htm?redirectUrl=" + request.getParameter("redirectUrl")); + } + } else { + // store the currently logged in user's information in the session + UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), + commandBean.getBusinessDirectMenu(), + SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList); + initateSessionMgtHandler(request); + // user has been authenticated, now take them to the welcome or redirection page + if (redirectUrl == null || redirectUrl.equals("")) { + return new ModelAndView("redirect:welcome.htm"); + } else { + return new ModelAndView("redirect:" + + redirectUrl.substring(redirectUrl.lastIndexOf("/bluvalui/") + 10, redirectUrl.length())); + } + } + } catch (CipherUtilException e) { + LOGGER.error(EELFLoggerDelegate.errorLogger, "Error in Cipher." + UserUtils.getStackTrace(e)); + // store the currently logged in user's information in the session + UserUtils.setUserSession(request, commandBean.getUser(), commandBean.getMenu(), + commandBean.getBusinessDirectMenu(), + SystemProperties.getProperty(SystemProperties.LOGIN_METHOD_BACKDOOR), roleFunctionList); + initateSessionMgtHandler(request); + // user has been authenticated, now take them to the welcome or redirection page + if (redirectUrl == null || redirectUrl.equals("")) { + return new ModelAndView("redirect:welcome.htm"); + } else { + return new ModelAndView("redirect:" + + redirectUrl.substring(redirectUrl.lastIndexOf("/bluvalui/") + 10, redirectUrl.length())); + } } } @@ -130,8 +181,8 @@ public class LoginStrategyImpl extends LoginStrategy { } /** - * Searches the request for the user-ID cookie and decrypts the value - * using a key configured in properties + * Searches the request for the user-ID cookie and decrypts the value using a + * key configured in properties * * @param request HttpServletRequest * @return User ID @@ -154,7 +205,7 @@ public class LoginStrategyImpl extends LoginStrategy { /** * Searches the request for the named cookie. * - * @param request HttpServletRequest + * @param request HttpServletRequest * @param cookieName Name of desired cookie * @return Cookie if found; otherwise null. */