Fix critical cross site scripting
Change-Id: I66a220f71a2e950055107a725191b46bcbe8c6a6
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-3607
Issue-ID: SDC-3755
diff --git a/utils/webseal-simulator/pom.xml b/utils/webseal-simulator/pom.xml
index 02f2bdc..e9801c9 100644
--- a/utils/webseal-simulator/pom.xml
+++ b/utils/webseal-simulator/pom.xml
@@ -1,273 +1,282 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <artifactId>webseal-simulator</artifactId>
- <packaging>war</packaging>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>webseal-simulator</artifactId>
+ <packaging>war</packaging>
- <parent>
- <groupId>org.openecomp.sdc</groupId>
- <artifactId>sdc-main</artifactId>
- <version>1.10.0-SNAPSHOT</version>
- <relativePath>../../</relativePath>
- </parent>
+ <parent>
+ <groupId>org.openecomp.sdc</groupId>
+ <artifactId>sdc-main</artifactId>
+ <version>1.10.0-SNAPSHOT</version>
+ <relativePath>../../</relativePath>
+ </parent>
- <properties>
- <maven.build.timestamp.format>yyyyMMdd'T'HHmmss'Z'</maven.build.timestamp.format>
- <nexus.proxy>https://nexus.onap.org</nexus.proxy>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <sonar.skip>true</sonar.skip>
- </properties>
+ <properties>
+ <maven.build.timestamp.format>yyyyMMdd'T'HHmmss'Z'</maven.build.timestamp.format>
+ <nexus.proxy>https://nexus.onap.org</nexus.proxy>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <sonar.skip>true</sonar.skip>
+ </properties>
- <dependencies>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- <version>2.5</version>
- <scope>compile</scope>
- </dependency>
+ <dependencies>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ <version>${javax.servlet.version}</version>
+ </dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>${httpclient.version}</version>
- </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>${httpclient.version}</version>
+ </dependency>
- <dependency>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging-api</artifactId>
- <version>1.0.4</version>
- </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging-api</artifactId>
+ <version>1.0.4</version>
+ </dependency>
- <dependency>
- <groupId>commons-io</groupId>
- <artifactId>commons-io</artifactId>
- <version>${commons.io.version}</version>
- </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>${commons.io.version}</version>
+ </dependency>
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <version>${commons-codec}</version>
- <scope>compile</scope>
- </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>${commons-codec}</version>
+ <scope>compile</scope>
+ </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-proxy</artifactId>
- <version>${jetty.version}</version>
- <scope>compile</scope>
- <exclusions>
- <exclusion>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-http</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-proxy</artifactId>
+ <version>${jetty.version}</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-http</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-servlets</artifactId>
- <version>${jetty.version}</version>
- <scope>compile</scope>
- <exclusions>
- <exclusion>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-http</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-servlets</artifactId>
+ <version>${jetty.version}</version>
+ <scope>compile</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-http</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
- <!-- Proxy servlet -->
- <dependency>
- <groupId>com.typesafe</groupId>
- <artifactId>config</artifactId>
- <version>1.0.2</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.openecomp.sdc</groupId>
- <artifactId>openecomp-sdc-logging-api</artifactId>
- <version>${project.version}</version>
- </dependency>
+ <!-- Proxy servlet -->
+ <dependency>
+ <groupId>com.typesafe</groupId>
+ <artifactId>config</artifactId>
+ <version>1.0.2</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.openecomp.sdc</groupId>
+ <artifactId>openecomp-sdc-logging-api</artifactId>
+ <version>${project.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
- </dependencies>
- <build>
- <finalName>WSSimulator-${project.version}</finalName>
- <plugins>
- <plugin>
- <groupId>com.github.sylvainlaurent.maven</groupId>
- <artifactId>yaml-json-validator-maven-plugin</artifactId>
- <executions>
- <execution>
- <id>validate</id>
- <phase>validate</phase>
- <goals>
- <goal>validate</goal>
- </goals>
- <configuration>
- <validationSets>
- <validationSet>
- <includes>
- <include>src/main/resources/**/*.y*ml</include>
- <include>src/test/resources/**/*.y*ml</include>
- </includes>
- </validationSet>
- <validationSet>
- <includes>
- <include>src/main/resources/**/*.json</include>
- <include>src/test/resources/**/*.json</include>
- </includes>
- </validationSet>
- </validationSets>
- <skip>${skipYamlJsonValidator}</skip>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-
- <repositories>
- <!-- LF repositories -->
- <repository>
- <id>ecomp-releases</id>
- <name>Release Repository</name>
- <url>${nexus.proxy}/content/repositories/releases/</url>
- </repository>
- <repository>
- <id>ecomp-snapshots</id>
- <name>Snapshots Repository</name>
- <url>${nexus.proxy}/content/repositories/snapshots/</url>
- </repository>
- <repository>
- <id>ecomp-public</id>
- <name>Public Repository</name>
- <url>${nexus.proxy}/content/repositories/public/</url>
- </repository>
- <!-- LF repositories END-->
- </repositories>
-
- <profiles>
- <profile>
- <id>docker</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <build>
+ <build>
+ <finalName>WSSimulator-${project.version}</finalName>
<plugins>
-
- <plugin>
- <artifactId>maven-clean-plugin</artifactId>
- <version>3.0.0</version>
- <executions>
- <execution>
- <id>clean-static-files</id>
- <phase>clean</phase>
- <goals>
- <goal>clean</goal>
- </goals>
- <configuration>
- <filesets>
- <fileset>
- <directory>${project.basedir}/sdc-simulator</directory>
- <includes>
- <include>*.war</include>
- </includes>
- <followSymlinks>false</followSymlinks>
- </fileset>
- </filesets>
- </configuration>
- </execution>
- </executions>
- </plugin>
-
- <plugin>
- <artifactId>maven-resources-plugin</artifactId>
- <executions>
- <execution>
- <id>copy-resources-simulator</id>
- <phase>verify</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${project.basedir}/sdc-simulator</outputDirectory>
- <resources>
- <resource>
- <directory>${project.basedir}/target</directory>
- <includes>
- <include>WSSimulator*.war</include>
- </includes>
- </resource>
- </resources>
- </configuration>
- </execution>
- </executions>
- </plugin>
-
-
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
- <configuration>
- <verbose>${verbose}</verbose>
- <apiVersion>${docker.api.version}</apiVersion>
- <registry>nexus3.onap.org:10001</registry>
- <authConfig>
- <pull>
- <username>docker</username>
- <password>docker</password>
- </pull>
- </authConfig>
- <images>
- <!-- Build simulator image -->
- <image>
- <name>onap/sdc-simulator</name>
- <alias>sdc-simulator</alias>
- <build>
- <cleanup>try</cleanup>
- <dockerFileDir>${basedir}${file.separator}sdc-simulator</dockerFileDir>
- <tags>
- <tag>latest</tag>
- <tag>
- ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-STAGING-latest
- </tag>
- <tag>${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-${maven.build.timestamp}</tag>
- </tags>
- </build>
- </image>
- </images>
- </configuration>
- <executions>
- <execution>
- <id>clean-images</id>
- <phase>pre-clean</phase>
- <goals>
- <goal>remove</goal>
- </goals>
- </execution>
- <execution>
- <id>generate-images</id>
- <phase>install</phase>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- <execution>
- <id>push-images</id>
- <phase>deploy</phase>
- <goals>
- <goal>push</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
+ <plugin>
+ <groupId>com.github.sylvainlaurent.maven</groupId>
+ <artifactId>yaml-json-validator-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>validate</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>validate</goal>
+ </goals>
+ <configuration>
+ <validationSets>
+ <validationSet>
+ <includes>
+ <include>src/main/resources/**/*.y*ml</include>
+ <include>src/test/resources/**/*.y*ml</include>
+ </includes>
+ </validationSet>
+ <validationSet>
+ <includes>
+ <include>src/main/resources/**/*.json</include>
+ <include>src/test/resources/**/*.json</include>
+ </includes>
+ </validationSet>
+ </validationSets>
+ <skip>${skipYamlJsonValidator}</skip>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
- </build>
- </profile>
- </profiles>
+ </build>
+
+ <repositories>
+ <!-- LF repositories -->
+ <repository>
+ <id>ecomp-releases</id>
+ <name>Release Repository</name>
+ <url>${nexus.proxy}/content/repositories/releases/</url>
+ </repository>
+ <repository>
+ <id>ecomp-snapshots</id>
+ <name>Snapshots Repository</name>
+ <url>${nexus.proxy}/content/repositories/snapshots/</url>
+ </repository>
+ <repository>
+ <id>ecomp-public</id>
+ <name>Public Repository</name>
+ <url>${nexus.proxy}/content/repositories/public/</url>
+ </repository>
+ <!-- LF repositories END-->
+ </repositories>
+
+ <profiles>
+ <profile>
+ <id>docker</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <build>
+ <plugins>
+
+ <plugin>
+ <artifactId>maven-clean-plugin</artifactId>
+ <version>3.0.0</version>
+ <executions>
+ <execution>
+ <id>clean-static-files</id>
+ <phase>clean</phase>
+ <goals>
+ <goal>clean</goal>
+ </goals>
+ <configuration>
+ <filesets>
+ <fileset>
+ <directory>${project.basedir}/sdc-simulator</directory>
+ <includes>
+ <include>*.war</include>
+ </includes>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ </filesets>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-resources-simulator</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.basedir}/sdc-simulator
+ </outputDirectory>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/target</directory>
+ <includes>
+ <include>WSSimulator*.war</include>
+ </includes>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+
+ <plugin>
+ <groupId>io.fabric8</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <configuration>
+ <verbose>${verbose}</verbose>
+ <apiVersion>${docker.api.version}</apiVersion>
+ <registry>nexus3.onap.org:10001</registry>
+ <authConfig>
+ <pull>
+ <username>docker</username>
+ <password>docker</password>
+ </pull>
+ </authConfig>
+ <images>
+ <!-- Build simulator image -->
+ <image>
+ <name>onap/sdc-simulator</name>
+ <alias>sdc-simulator</alias>
+ <build>
+ <cleanup>try</cleanup>
+ <dockerFileDir>${basedir}${file.separator}sdc-simulator
+ </dockerFileDir>
+ <tags>
+ <tag>latest</tag>
+ <tag>
+ ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-STAGING-latest
+ </tag>
+ <tag>
+ ${parsedVersion.majorVersion}.${parsedVersion.minorVersion}-${maven.build.timestamp}
+ </tag>
+ </tags>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ <executions>
+ <execution>
+ <id>clean-images</id>
+ <phase>pre-clean</phase>
+ <goals>
+ <goal>remove</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>generate-images</id>
+ <phase>install</phase>
+ <goals>
+ <goal>build</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>push-images</id>
+ <phase>deploy</phase>
+ <goals>
+ <goal>push</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
</project>
diff --git a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb
index 4cdd4fb..f6e6344 100644
--- a/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb
+++ b/utils/webseal-simulator/sdc-simulator/chef-repo/cookbooks/sdc-simulator/templates/default/SDC-Simulator-webseal.conf.erb
@@ -10,14 +10,6 @@
lastName="Santana"
role="Designer"
email="csantana@sdc.com"
- },
- {
- userId="op0001"
- password="123123a"
- firstName="Aretha"
- lastName="Franklin"
- role="Ops"
- email="afranklin@sdc.com"
},
{
userId="jh0003"
@@ -34,14 +26,6 @@
lastName="Depp"
role="Tester"
email="tester@sdc.com"
- },
- {
- userId="gv0001"
- password="123123a"
- firstName="David"
- lastName="Shadmi"
- role="Governor"
- email="governor@sdc.com"
}
]
}
diff --git a/utils/webseal-simulator/sdc-simulator/startup.sh b/utils/webseal-simulator/sdc-simulator/startup.sh
index e8774be..49fdf3e 100644
--- a/utils/webseal-simulator/sdc-simulator/startup.sh
+++ b/utils/webseal-simulator/sdc-simulator/startup.sh
@@ -1,14 +1,13 @@
#!/bin/sh
JAVA_OPTIONS=" $JAVA_OPTIONS \
- -Xdebug -agentlib:jdwp=transport=dt_socket,address=5000,server=y,suspend=n -Xmx128m -Xms128m -Xss1m \
- -Dconfig.home=$JETTY_BASE/config/sdc-simulator \
- -Dlog.home=$JETTY_BASE/logs \
- -Dlogback.configurationFile=$JETTY_BASE/config/sdc-simulator/logback.xml \
- -Djavax.net.ssl.trustStore=$JETTY_BASE/etc/org.onap.sdc.trust.jks \
- -Djavax.net.ssl.trustStorePassword=z+KEj;t+,KN^iimSiS89e#p0 \
- -Djetty.console-capture.dir=$JETTY_BASE/logs"
-
+ -Xdebug -agentlib:jdwp=transport=dt_socket,address=*:5000,server=y,suspend=n -Xmx128m -Xms128m -Xss1m \
+ -Dconfig.home=$JETTY_BASE/config/sdc-simulator \
+ -Dlog.home=$JETTY_BASE/logs \
+ -Dlogback.configurationFile=$JETTY_BASE/config/sdc-simulator/logback.xml \
+ -Djavax.net.ssl.trustStore=$JETTY_BASE/etc/org.onap.sdc.trust.jks \
+ -Djavax.net.ssl.trustStorePassword=z+KEj;t+,KN^iimSiS89e#p0 \
+ -Djetty.console-capture.dir=$JETTY_BASE/logs"
cd $JETTY_BASE/chef-solo
chef-solo -c solo.rb -E ${ENVNAME}
@@ -16,4 +15,3 @@
cd $JETTY_HOME
java $JAVA_OPTIONS -jar "${JETTY_HOME}/start.jar"
-
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java
index 3d4e772..32d8c29 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,149 +20,137 @@
package org.openecomp.sdc.webseal.simulator;
-import org.openecomp.sdc.webseal.simulator.conf.Conf;
-
-import javax.servlet.ServletConfig;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Collection;
+import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Collection;
-import java.util.Iterator;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
+import org.openecomp.sdc.webseal.simulator.conf.Conf;
public class Login extends HttpServlet {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
+ private static final Logger logger = LoggerFactory.getLogger(Login.class);
- @Override
- public void init(final ServletConfig config) throws ServletException {
- super.init(config);
- }
+ @Override
+ protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
- @Override
- protected void doGet(final HttpServletRequest request, final HttpServletResponse response)
- throws ServletException, IOException {
+ if (null != request.getParameter("userId")) {
+ doPost(request, response);
+ return;
+ }
+ logger.info("about to build login page");
+ response.setContentType("text/html");
+ PrintWriter writer = response.getWriter();
- if (null != request.getParameter("userId")) {
- doPost(request, response);
- return;
- }
- System.out.println("about to build login page");
- response.setContentType("text/html");
- PrintWriter writer = response.getWriter();
+ Collection<User> allUsers = Conf.getInstance().getUsers().values();
+ writer.println("<html>");
- Collection<User> allUsers = Conf.getInstance().getUsers().values();
- writer.println("<html>");
-
- writer.println("<head>");
- writer.println("<style>");
- writer.println("body {padding: 40px; font-family: Arial; font-size: 14px;}");
- writer.println("h1 {background-color: #DDDDDD; padding: 4px 10px;}");
- writer.println("h2 {margin-top: 20px;}");
- writer.println(".label {width: 100px; float:left;}");
- writer.println(".break {display: block; margin-bottom: 10px;}");
- writer.println("tr {padding: 4px 10px;}");
- writer.println("th {padding: 4px 10px; text-align: left; background-color: #dddddd;}");
- writer.println("td {padding: 4px 10px; text-align: left;}");
- writer.println("</style>");
- writer.println("</head>");
-
- writer.println("<body>");
-
- writer.println("<h1>Webseal simulator</h1>");
- writer.println("<h2>Login:</h2>");
-
- writer.println("<form action=\"\" method=\"post\">");
- writer.println(" <div class='label'>User id:</div>");
- writer.println(" <input type='text' name='userId'>");
- writer.println(" <div class='break'></div>");
-
- writer.println(" <div class='label'>Password:</div>");
- writer.println(" <input type='password' name='password'>");
- writer.println(" <div class='break'></div>");
-
- writer.println(" <input type='submit' value='Login'>");
- writer.println(" <label name='message'></label>");
- writer.println("</form>");
-
- writer.println("<hr/>");
- writer.println("<h2>Quick links:</h2>");
- writer.println("<table>");
- writer.println("<tr>");
- writer.println("<th>full name</th>");
- writer.println("<th>user id</th>");
- writer.println("<th>role</th>");
- writer.println("<th>action</th>");
- writer.println("</tr>");
- Iterator<User> iterator = allUsers.iterator();
- while (iterator.hasNext()) {
- User user = iterator.next();
- writer.println("<tr>");
- writer.println("<td>" + user.getUserRef() + "</td>");
- writer.println("<td>" + user.getUserId() + "</td>");
- writer.println("<td>" + user.getRole() + "</td>");
- writer.println("<td>" + user.getUserCreateRef() + "</td>");
- writer.println("</tr>");
- }
- writer.println("</table>");
+ writer.println("<head>");
+ writer.println("<style>");
+ writer.println("body {padding: 40px; font-family: Arial; font-size: 14px;}");
+ writer.println("h1 {background-color: #DDDDDD; padding: 4px 10px;}");
+ writer.println("h2 {margin-top: 20px;}");
+ writer.println(".label {width: 100px; float:left;}");
+ writer.println(".break {display: block; margin-bottom: 10px;}");
+ writer.println("tr {padding: 4px 10px;}");
+ writer.println("th {padding: 4px 10px; text-align: left; background-color: #dddddd;}");
+ writer.println("td {padding: 4px 10px; text-align: left;}");
+ writer.println("</style>");
+ writer.println("</head>");
- writer.println("<a href='create?all=true' target='resultFrame'>Create All</a>");
- writer.println("<hr/><iframe name='resultFrame' width='400' height='300'></iframe>");
-
- writer.println("</body>");
- writer.println("</html>");
-
- }
+ writer.println("<body>");
- public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ writer.println("<h1>Webseal simulator</h1>");
+ writer.println("<h2>Login:</h2>");
- String userId = request.getParameter("userId");
- String password = request.getParameter("password");
- request.setAttribute("message", "OK");
+ writer.println("<form action=\"\" method=\"post\">");
+ writer.println(" <div class='label'>User id:</div>");
+ writer.println(" <input type='text' name='userId'>");
+ writer.println(" <div class='break'></div>");
- System.out.println("Login -> doPost userId=" + userId);
- User user = getUser(userId, password);
- if (user == null) {
- response.sendError(500, "ERROR: userId or password incorrect");
-// doGet(request, response);
- } else {
- System.out.println("Login -> doPost redirect to /sdc1 (to proxy)");
- Cookie cookieUser = new Cookie("HTTP_IV_USER", user.getUserId());
- Cookie cookieUserId = new Cookie("USER_ID", user.getUserId());
- Cookie cookieFirstName = new Cookie("HTTP_CSP_FIRSTNAME", user.getFirstName());
- Cookie cookieEmail = new Cookie("HTTP_CSP_EMAIL", user.getEmail());
- Cookie cookieLastName = new Cookie("HTTP_CSP_LASTNAME", user.getLastName());
- Cookie cookieRemoteAddress = new Cookie("HTTP_IV_REMOTE_ADDRESS", "0.0.0.0");
- Cookie cookieWsType = new Cookie("HTTP_CSP_WSTYPE", "Intranet");
- response.addCookie(cookieUser);
- response.addCookie(cookieUserId);
- response.addCookie(cookieFirstName);
- response.addCookie(cookieEmail);
- response.addCookie(cookieLastName);
- response.addCookie(cookieRemoteAddress);
- response.addCookie(cookieWsType);
- response.addCookie(new Cookie(Conf.getInstance().getPortalCookieName(), "portal"));
- response.sendRedirect("/sdc1");
- }
+ writer.println(" <div class='label'>Password:</div>");
+ writer.println(" <input type='password' name='password'>");
+ writer.println(" <div class='break'></div>");
- }
+ writer.println(" <input type='submit' value='Login'>");
+ writer.println(" <label name='message'></label>");
+ writer.println("</form>");
- private User getUser(String userId, String password) {
- User user = Conf.getInstance().getUsers().get(userId);
- if (user == null) {
- return null;
- }
- if (!password.equals(user.getPassword())) {
- return null;
- }
- return user;
- }
+ writer.println("<hr/>");
+ writer.println("<h2>Quick links:</h2>");
+ writer.println("<table>");
+ writer.println("<tr>");
+ writer.println("<th>full name</th>");
+ writer.println("<th>user id</th>");
+ writer.println("<th>role</th>");
+ writer.println("<th>action</th>");
+ writer.println("</tr>");
+ Iterator<User> iterator = allUsers.iterator();
+ while (iterator.hasNext()) {
+ User user = iterator.next();
+ writer.println("<tr>");
+ writer.println("<td>" + user.getUserRef() + "</td>");
+ writer.println("<td>" + user.getUserId() + "</td>");
+ writer.println("<td>" + user.getRole() + "</td>");
+ writer.println("<td>" + user.getUserCreateRef() + "</td>");
+ writer.println("</tr>");
+ }
+ writer.println("</table>");
- @Override
- public String getServletInfo() {
- return "Http Proxy Servlet";
- }
+ writer.println("<a href='create?all=true' target='resultFrame'>Create All</a>");
+ writer.println("<hr/><iframe name='resultFrame' width='400' height='300'></iframe>");
+
+ writer.println("</body>");
+ writer.println("</html>");
+
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ String userId = request.getParameter("userId");
+ String password = request.getParameter("password");
+ request.setAttribute("message", "OK");
+
+ logger.info("Login -> doPost userId={}", userId);
+ User user = getUser(userId, password);
+ if (user == null) {
+ response.sendError(500, "ERROR: userId or password incorrect");
+ } else {
+ logger.info("Login -> doPost redirect to /sdc1 (to proxy)");
+ response.addCookie(new Cookie("HTTP_IV_USER", user.getUserId()));
+ response.addCookie(new Cookie("USER_ID", user.getUserId()));
+ response.addCookie(new Cookie("HTTP_CSP_FIRSTNAME", user.getFirstName()));
+ response.addCookie(new Cookie("HTTP_CSP_EMAIL", user.getEmail()));
+ response.addCookie(new Cookie("HTTP_CSP_LASTNAME", user.getLastName()));
+ response.addCookie(new Cookie("HTTP_IV_REMOTE_ADDRESS", "0.0.0.0"));
+ response.addCookie(new Cookie("HTTP_CSP_WSTYPE", "Intranet"));
+ response.addCookie(new Cookie(Conf.getInstance().getPortalCookieName(), "portal"));
+ response.sendRedirect("/sdc1");
+ }
+
+ }
+
+ private User getUser(String userId, String password) {
+ User user = Conf.getInstance().getUsers().get(userId);
+ if (user == null) {
+ return null;
+ }
+ if (!password.equals(user.getPassword())) {
+ return null;
+ }
+ return user;
+ }
+
+ @Override
+ public String getServletInfo() {
+ return "Http Proxy Servlet";
+ }
}
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
index ea4203d..51d6796 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,8 +20,43 @@
package org.openecomp.sdc.webseal.simulator;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.zip.GZIPInputStream;
+import javax.net.ssl.SSLContext;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
import org.apache.http.Header;
-import org.apache.http.client.methods.*;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
@@ -35,54 +70,31 @@
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
-import org.openecomp.sdc.logging.api.Logger;
-import org.openecomp.sdc.logging.api.LoggerFactory;
import org.openecomp.sdc.webseal.simulator.conf.Conf;
-import javax.net.ssl.SSLContext;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.util.*;
-import java.util.stream.Collectors;
-import java.util.zip.GZIPInputStream;
-
public class SdcProxy extends HttpServlet {
private static final long serialVersionUID = 1L;
- private static URL url;
+ private static final Set<String> RESERVED_HEADERS =
+ Arrays.stream(ReservedHeaders.values()).map(ReservedHeaders::getValue).collect(Collectors.toSet());
+ private static final String USER_ID = "USER_ID";
+ private static final String HTTP_IV_USER = "HTTP_IV_USER";
+ private static final String SDC1 = "/sdc1";
+ private static final String ONBOARDING = "/onboarding/";
+ private static final String SCRIPTS = "/scripts";
+ private static final String STYLES = "/styles";
+ private static final String LANGUAGES = "/languages";
+ private static final String CONFIGURATIONS = "/configurations";
+ private URL url;
private CloseableHttpClient httpClient;
private Conf conf;
- private final String SDC1 = "/sdc1";
- private final String ONBOARDING = "/onboarding/";
- private final String SCRIPTS = "/scripts";
- private final String STYLES = "/styles";
- private final String LANGUAGES = "/languages";
- private final String CONFIGURATIONS = "/configurations";
- private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet());
- private static final Logger logger = LoggerFactory.getLogger(SdcProxy.class);
-
+ @Override
public void init(ServletConfig config) throws ServletException {
super.init(config);
conf = Conf.getInstance();
try {
- String feHost = conf.getFeHost();
- url = new URL(feHost);
+ url = new URL(conf.getFeHost());
} catch (MalformedURLException me) {
throw new ServletException("Proxy URL is invalid", me);
}
@@ -94,10 +106,12 @@
}
}
+ @Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
proxy(request, response, MethodEnum.GET);
}
+ @Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String userId = request.getParameter("userId");
@@ -105,7 +119,7 @@
// Already sign-in
if (userId == null) {
- userId = request.getHeader("USER_ID");
+ userId = request.getHeader(USER_ID);
}
System.out.println("SdcProxy -> doPost userId=" + userId);
@@ -117,25 +131,25 @@
view.forward(mutableRequest, response);
} else {
System.out.println("SdcProxy -> doPost going to doGet");
- request.setAttribute("HTTP_IV_USER", userId);
+ request.setAttribute(HTTP_IV_USER, userId);
proxy(request, response, MethodEnum.POST);
}
}
+ @Override
public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
proxy(request, response, MethodEnum.PUT);
}
+ @Override
public void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
proxy(request, response, MethodEnum.DELETE);
}
- private synchronized void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException, UnsupportedEncodingException {
+ private synchronized void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException {
Map<String, String[]> requestParameters = request.getParameterMap();
String userIdHeader = getUseridFromRequest(request);
- User user = getUser(userIdHeader);
-
// new request - forward to login page
if (userIdHeader == null) {
System.out.print("Going to login");
@@ -143,17 +157,19 @@
return;
}
+ final User user = getUser(userIdHeader);
+
String uri = getUri(request, requestParameters);
HttpRequestBase httpMethod = createHttpMethod(request, methodEnum, uri);
addHeadersToMethod(httpMethod, user, request);
- try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)){;
+ try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)) {
response.setStatus(closeableHttpResponse.getStatusLine().getStatusCode());
if (request.getRequestURI().indexOf(".svg") > -1) {
response.setContentType("image/svg+xml");
}
- if(closeableHttpResponse.getEntity() != null) {
+ if (closeableHttpResponse.getEntity() != null) {
InputStream responseBodyStream = closeableHttpResponse.getEntity().getContent();
Header contentEncodingHeader = closeableHttpResponse.getLastHeader("Content-Encoding");
if (contentEncodingHeader != null && contentEncodingHeader.getValue().equalsIgnoreCase("gzip")) {
@@ -194,8 +210,7 @@
suffix = alignUrlProxy(suffix);
}
StringBuilder query = alignUrlParameters(requestParameters);
- String uri = String.format("%s%s", new Object[]{this.url.toString() + suffix, query.toString()});
- return uri;
+ return String.format("%s%s", url.toString() + suffix, query.toString());
}
private HttpRequestBase createHttpMethod(HttpServletRequest request, MethodEnum methodEnum, String uri) throws IOException {
@@ -228,20 +243,20 @@
private ContentType getContentType(HttpServletRequest request) {
String contentTypeStr = request.getContentType();
- if (contentTypeStr == null ){
- contentTypeStr = request.getHeader("contentType");
- }
+ if (contentTypeStr == null) {
+ contentTypeStr = request.getHeader("contentType");
+ }
ContentType contentType = ContentType.parse(contentTypeStr);
return ContentType.create(contentType.getMimeType());
}
private String getUseridFromRequest(HttpServletRequest request) {
- String userIdHeader = request.getHeader("USER_ID");
+ String userIdHeader = request.getHeader(USER_ID);
if (userIdHeader != null) {
return userIdHeader;
}
- Object o = request.getAttribute("HTTP_IV_USER");
+ Object o = request.getAttribute(HTTP_IV_USER);
if (o != null) {
return o.toString();
}
@@ -249,7 +264,7 @@
if (cookies != null) {
for (int i = 0; i < cookies.length; ++i) {
- if (cookies[i].getName().equals("USER_ID")) {
+ if (cookies[i].getName().equals(USER_ID)) {
userIdHeader = cookies[i].getValue();
}
}
@@ -257,7 +272,7 @@
return userIdHeader;
}
- private static void addHeadersToMethod(HttpUriRequest proxyMethod, User user, HttpServletRequest request) {
+ private void addHeadersToMethod(HttpUriRequest proxyMethod, User user, HttpServletRequest request) {
proxyMethod.setHeader(ReservedHeaders.HTTP_IV_USER.name(), user.getUserId());
proxyMethod.setHeader(ReservedHeaders.USER_ID.name(), user.getUserId());
@@ -266,19 +281,19 @@
proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_LASTNAME.name(), user.getLastName());
proxyMethod.setHeader(ReservedHeaders.HTTP_IV_REMOTE_ADDRESS.name(), "0.0.0.0");
proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_WSTYPE.name(), "Intranet");
- proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_EMAIL.name(), "me@mail.com");
+ proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_EMAIL.name(), "me@mail.com");
- Enumeration<String> headerNames = request.getHeaderNames();
- while (headerNames.hasMoreElements()) {
- String headerName = headerNames.nextElement();
- if (!RESERVED_HEADERS.contains(headerName)) {
- Enumeration<String> headers = request.getHeaders(headerName);
- while (headers.hasMoreElements()) {
- String headerValue = headers.nextElement();
- proxyMethod.setHeader(headerName, headerValue);
- }
- }
- }
+ Enumeration<String> headerNames = request.getHeaderNames();
+ while (headerNames.hasMoreElements()) {
+ String headerName = headerNames.nextElement();
+ if (!RESERVED_HEADERS.contains(headerName)) {
+ Enumeration<String> headers = request.getHeaders(headerName);
+ while (headers.hasMoreElements()) {
+ String headerValue = headers.nextElement();
+ proxyMethod.setHeader(headerName, headerValue);
+ }
+ }
+ }
}
private String alignUrlProxy(String requestURI) {
@@ -301,19 +316,16 @@
return SDC1 + requestURI;
}
- private static StringBuilder alignUrlParameters(Map<String, String[]> requestParameters) throws UnsupportedEncodingException {
- StringBuilder query = new StringBuilder();
- for (String name : requestParameters.keySet()) {
- for (String value : (String[]) requestParameters.get(name)) {
+ private StringBuilder alignUrlParameters(Map<String, String[]> requestParameters) throws UnsupportedEncodingException {
+ final var query = new StringBuilder();
+ for (final Entry<String, String[]> entry : requestParameters.entrySet()) {
+ for (final String value : entry.getValue()) {
if (query.length() == 0) {
query.append("?");
} else {
query.append("&");
}
- name = URLEncoder.encode(name, "UTF-8");
- value = URLEncoder.encode(value, "UTF-8");
-
- query.append(String.format("&%s=%s", new Object[]{name, value}));
+ query.append(String.format("&%s=%s", URLEncoder.encode(entry.getKey(), "UTF-8"), URLEncoder.encode(value, "UTF-8")));
}
}
return query;
@@ -327,38 +339,36 @@
outputStream.flush();
}
+ @Override
public String getServletInfo() {
return "Http Proxy Servlet";
}
- enum ReservedHeaders {
- HTTP_IV_USER("HTTP_IV_USER"), USER_ID("USER_ID"), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL("HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE("HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length");
-
- private String value;
-
- ReservedHeaders(String value) {
- this.value = value;
- }
-
- public String getValue() {
- return value;
- }
- }
-
-
- private static CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException {
- SSLContextBuilder builder = new SSLContextBuilder();
+ private CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException {
+ final var builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContext.getDefault(),
- NoopHostnameVerifier.INSTANCE);
+ NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
- .register("http", new PlainConnectionSocketFactory())
- .register("https", sslsf)
- .build();
+ .register("http", new PlainConnectionSocketFactory())
+ .register("https", sslsf)
+ .build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
return HttpClients.custom()
- .setSSLSocketFactory(sslsf)
- .setConnectionManager(cm)
- .build();
+ .setSSLSocketFactory(sslsf)
+ .setConnectionManager(cm)
+ .build();
}
+
+ @AllArgsConstructor
+ @Getter
+ enum ReservedHeaders {
+ HTTP_IV_USER(SdcProxy.HTTP_IV_USER), USER_ID(SdcProxy.USER_ID), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL(
+ "HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE(
+ "HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length");
+
+ private final String value;
+
+ }
+
}
diff --git a/utils/webseal-simulator/src/main/resources/webseal.conf b/utils/webseal-simulator/src/main/resources/webseal.conf
index 7065725..c711a73 100644
--- a/utils/webseal-simulator/src/main/resources/webseal.conf
+++ b/utils/webseal-simulator/src/main/resources/webseal.conf
@@ -11,14 +11,6 @@
email="csantana@sdc.com"
},
{
- userId="op0001"
- password="123123a"
- firstName="Aretha"
- lastName="Franklin"
- role="Ops"
- email="afranklin@sdc.com"
- },
- {
userId="jh0003"
password="123123a"
firstName="Jimmy"
@@ -35,14 +27,6 @@
email="tester@sdc.com"
},
{
- userId="gv0001"
- password="123123a"
- firstName="David"
- lastName="Shadmi"
- role="Governor"
- email="governor@sdc.com"
- },
- {
userId="pm0001"
password="123123a"
firstName="Teddy"
diff --git a/utils/webseal-simulator/src/main/webapp/login.html b/utils/webseal-simulator/src/main/webapp/login.html
index 2f6a324..4d9eccb 100644
--- a/utils/webseal-simulator/src/main/webapp/login.html
+++ b/utils/webseal-simulator/src/main/webapp/login.html
@@ -1,5 +1,5 @@
<!--
- ~ Copyright © 2016-2018 European Support Limited
+ ~ Copyright (C) 2016-2018 European Support Limited
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
@@ -13,22 +13,21 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-
-<html>
+
+<!DOCTYPE html>
+<html lang="en">
+<head><title>Login page</title></head>
<body>
Login
-
-
<form action="access" method="post">
- UserId:<br>
- <input type="text" name="userId" >
- <br>
- PASSWORD:<br>
- <input type="password" name="password" >
- <br><br>
- <input type="submit" value="Submit">
-
- <label name="message"/>
+ <label>UserId:<br>
+ <input type="text" name="userId">
+ </label>
+ <label>PASSWORD:<br>
+ <input type="password" name="password">
+ </label>
+ <input type="submit" value="Submit">
+
+ <label name="message"></label>
</form>
</body>
-</html>
\ No newline at end of file