From 9fef9615bd5889eacbe8ddad454b7ff4b4c195c0 Mon Sep 17 00:00:00 2001
From: "Lott, Christopher (cl778h)"
Date: Thu, 3 Oct 2019 15:58:33 -0400
Subject: [PATCH] Serve login page without using redirect
This preserves original scheme, either HTTP or HTTPS.
Correct URL of Dashboard REST URL in config-deploy doc.
Bump version to 1.2.3.
Change-Id: Ia7da1e2a7a0f189c95072ddda51ac59a738d9247
Signed-off-by: Lott, Christopher (cl778h)
---
a1-med-client/pom.xml | 2 +-
anr-xapp-client/pom.xml | 2 +-
app-mgr-client/pom.xml | 2 +-
docs/config-deploy.rst | 4 +-
docs/release-notes.rst | 5 +
e2-mgr-client/pom.xml | 2 +-
pom.xml | 4 +-
webapp-backend/pom.xml | 2 +-
.../ric/portal/dashboard/DashboardConstants.java | 1 -
.../oransc/ric/portal/dashboard/LoginServlet.java | 116 ---------------------
.../dashboard/config/WebSecurityConfiguration.java | 22 +---
.../dashboard/controller/AdminController.java | 1 +
.../dashboard/controller/E2ManagerController.java | 4 +-
.../dashboard/controller/Html5PathsController.java | 18 +++-
.../dashboard/portalapi/DashboardUserManager.java | 57 +++++++++-
.../portalapi/PortalAuthenticationFilter.java | 70 +++++++++----
.../src/main/resources/application.properties | 2 +-
.../config/WebSecurityMockConfiguration.java | 21 +---
.../controller/PortalRestCentralServiceTest.java | 12 +--
webapp-frontend/pom.xml | 2 +-
20 files changed, 148 insertions(+), 201 deletions(-)
delete mode 100644 webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/LoginServlet.java
diff --git a/a1-med-client/pom.xml b/a1-med-client/pom.xml
index d1dbf5c8..8cfc29d0 100644
--- a/a1-med-client/pom.xml
+++ b/a1-med-client/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
org.o-ran-sc.portal.ric-dashboardric-dash-parent
- 1.2.2-SNAPSHOT
+ 1.2.3-SNAPSHOTorg.o-ran-sc.ric.plt.a1med.client
diff --git a/anr-xapp-client/pom.xml b/anr-xapp-client/pom.xml
index 05cddf9a..d7dcaff5 100644
--- a/anr-xapp-client/pom.xml
+++ b/anr-xapp-client/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
org.o-ran-sc.portal.ric-dashboardric-dash-parent
- 1.2.2-SNAPSHOT
+ 1.2.3-SNAPSHOTorg.o-ran-sc.ric.xapp.anr.client
diff --git a/app-mgr-client/pom.xml b/app-mgr-client/pom.xml
index d27f10c9..b6ea408e 100644
--- a/app-mgr-client/pom.xml
+++ b/app-mgr-client/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
org.o-ran-sc.portal.ric-dashboardric-dash-parent
- 1.2.2-SNAPSHOT
+ 1.2.3-SNAPSHOTorg.o-ran-sc.ric.plt.appmgr.client
diff --git a/docs/config-deploy.rst b/docs/config-deploy.rst
index 5f62be40..c6d5086a 100644
--- a/docs/config-deploy.rst
+++ b/docs/config-deploy.rst
@@ -210,8 +210,8 @@ must supply the following information about the deployed instance:
``http://dashboard.simpledemo.onap.org:8080``
- Dashboard REST URL that is reachable by the Portal back-end server.
This can be a host name or an IP address, because it does not use
- cookie-based authentication. This should be a value like
- ``http://192.168.1.1:8080/auxapi/v3``
+ cookie-based authentication. This must be a URL with suffix "/api/v3"
+ for example ``http://192.168.1.1:8080/api/v3``.
The Dashboard server only listens on a single port, so the examples
above both use the same port number. Different port numbers might be
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 2453d603..2ab746fa 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -19,6 +19,11 @@
RIC Dashboard Release Notes
===========================
+Version 1.2.3, 4 Oct 2019
+-------------------------
+* Serve unauthenticated user a login-at-portal page without using redirect
+* Upgrade to Spring-Boot 2.1.9.RELEASE
+
Version 1.2.2, 27 Sep 2019
--------------------------
* Support Portal security using EPSDK-FW cookie and user management
diff --git a/e2-mgr-client/pom.xml b/e2-mgr-client/pom.xml
index 723b4ab3..4d4f8976 100644
--- a/e2-mgr-client/pom.xml
+++ b/e2-mgr-client/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
org.o-ran-sc.portal.ric-dashboardric-dash-parent
- 1.2.2-SNAPSHOT
+ 1.2.3-SNAPSHOTorg.o-ran-sc.ric.plt.e2mgr.client
diff --git a/pom.xml b/pom.xml
index 4109bdc6..8c394b35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,14 +26,14 @@ limitations under the License.
org.springframework.bootspring-boot-starter-parent
- 2.1.6.RELEASE
+ 2.1.9.RELEASEorg.o-ran-sc.portal.ric-dashboardric-dash-parentRIC Dashboard projectpom
- 1.2.2-SNAPSHOT
+ 1.2.3-SNAPSHOT11
diff --git a/webapp-backend/pom.xml b/webapp-backend/pom.xml
index e008f8bb..6976b00e 100644
--- a/webapp-backend/pom.xml
+++ b/webapp-backend/pom.xml
@@ -25,7 +25,7 @@ limitations under the License.
org.o-ran-sc.portal.ric-dashboardric-dash-parent
- 1.2.2-SNAPSHOT
+ 1.2.3-SNAPSHOTric-dash-beRIC Dashboard Webapp backend
diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardConstants.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardConstants.java
index c441c17e..f3352f69 100644
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardConstants.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardConstants.java
@@ -26,7 +26,6 @@ public abstract class DashboardConstants {
}
public static final String ENDPOINT_PREFIX = "/api";
- public static final String LOGIN_PAGE = "/login.html";
// Factor out method names used in multiple controllers
public static final String VERSION_METHOD = "version";
public static final String APP_NAME_AC = "AC";
diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/LoginServlet.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/LoginServlet.java
deleted file mode 100644
index fe58e933..00000000
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/LoginServlet.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property and Nokia
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.ric.portal.dashboard;
-
-import java.io.IOException;
-import java.lang.invoke.MethodHandles;
-import java.net.URLEncoder;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
-import org.oransc.ric.portal.dashboard.portalapi.PortalAuthenticationFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.MediaType;
-
-/**
- * Serves a login page that contains a link from configuration to ONAP Portal.
- * This avoids the immediate redirect to Portal that is confusing to users and
- * infuriating to developers.
- *
- * Basically this is do-it-yourself JSP :)
- */
-public class LoginServlet extends HttpServlet {
-
- private static final long serialVersionUID = 1191385178190976568L;
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- @Override
- public void init(ServletConfig servletConfig) throws ServletException {
- logger.debug("init");
- super.init(servletConfig);
- final String portalURL = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
- if (portalURL == null || portalURL.length() == 0)
- throw new ServletException("Failed to get property " + PortalApiConstants.ECOMP_REDIRECT_URL);
- }
-
- @Override
- protected void doGet(HttpServletRequest request, HttpServletResponse response)
- throws IOException, ServletException {
- logger.debug("doGet {}", request.getRequestURI());
- // The original page URL should arrive as a query parameter
- String appUrl = request.getParameter(PortalAuthenticationFilter.REDIRECT_URL_KEY);
- // If a user bookmarks the login page, then nothing arrives;
- // use the original URL without the login suffix.
- if (appUrl == null || appUrl.isEmpty()) {
- String loginUrl = request.getRequestURL().toString();
- int indexOfLogin = loginUrl.indexOf(DashboardConstants.LOGIN_PAGE);
- appUrl = loginUrl.substring(0, indexOfLogin);
- }
- String encodedAppUrl = URLEncoder.encode(appUrl, "UTF-8");
- String portalBaseUrl = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
- String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl;
- String aHref = "";
- // If only Java had "here" documents.
- String body = String.join(//
- System.getProperty("line.separator"), //
- "", //
- "", //
- "RIC Dashboard", //
- "", //
- "", //
- "", //
- "