X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fportalapi%2FPortalAuthenticationFilter.java;h=2337e3f6834965813635d1144d041ef77c8617b7;hb=a0180adc6a1e1ec09472549596428b70d48db3fc;hp=50f5b8942c80c3cff3bd101ad33e7972ebd7da6f;hpb=9fef9615bd5889eacbe8ddad454b7ff4b4c195c0;p=portal%2Fric-dashboard.git diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java index 50f5b894..2337e3f6 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java @@ -2,7 +2,7 @@ * ========================LICENSE_START================================= * O-RAN-SC * %% - * Copyright (C) 2019 AT&T Intellectual Property and Nokia + * Copyright (C) 2019 AT&T Intellectual Property * %% * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,12 +36,15 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.onap.portalsdk.core.onboarding.util.KeyProperties; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.restful.domain.EcompUser; import org.oransc.ric.portal.dashboard.DashboardConstants; +import org.oransc.ric.portal.dashboard.DashboardUserManager; import org.oransc.ric.portal.dashboard.model.EcompUserDetails; +import org.owasp.esapi.reference.DefaultSecurityConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; @@ -69,7 +72,7 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA * created and EPService cookie is set. * * - * TODO: What about sessions? Will this be stateless? + * Open question: what about sessions? Will this be stateless? * * This filter uses no annotations to avoid Spring's automatic registration, * which add this filter in the chain in the wrong order. @@ -78,8 +81,9 @@ public class PortalAuthenticationFilter implements Filter { private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - // Unfortunately these names are not available as constants - private static final String[] securityPropertyFiles = { "ESAPI.properties", "key.properties", "portal.properties", + // Unfortunately not all file names are defined as constants + private static final String[] securityPropertyFiles = { KeyProperties.PROPERTY_FILE_NAME, + PortalApiProperties.PROPERTY_FILE_NAME, DefaultSecurityConfiguration.DEFAULT_RESOURCE_FILE, "validation.properties" }; public static final String REDIRECT_URL_KEY = "redirectUrl"; @@ -101,7 +105,7 @@ public class PortalAuthenticationFilter implements Filter { if (in == null) { String msg = "Failed to find property file on classpath: " + pf; logger.error(msg); - throw new RuntimeException(msg); + throw new SecurityException(msg); } else { try { in.close(); @@ -182,7 +186,7 @@ public class PortalAuthenticationFilter implements Filter { if (logger.isTraceEnabled()) logger.trace("doFilter: req {}", request.getRequestURI()); // Need to authenticate the request - final String userId = authManager.valdiateEcompSso(request); + final String userId = authManager.validateEcompSso(request); final EcompUser ecompUser = (userId == null ? null : userManager.getUser(userId)); if (userId == null || ecompUser == null) { logger.debug("doFilter: unauthorized user requests URI {}, serving login page", request.getRequestURI()); @@ -221,7 +225,7 @@ public class PortalAuthenticationFilter implements Filter { String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl; String aHref = ""; // If only Java had "here" documents. - String body = String.join(// + return String.join(// System.getProperty("line.separator"), // "", // "", // @@ -240,7 +244,6 @@ public class PortalAuthenticationFilter implements Filter { "

", // "", // ""); - return body; } /**