Produced by Araxis Merge on 9/15/2018 10:49:02 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | MHV_2018.4.0.0.zip\2018.4.0.0\national portal\mhv_source\mhv_vital_signs\mhv-vital-signs-portal-portlet\src\main\java\gov\va\med\mhv\vitals\web\pgd | VamfUserServiceAuthenticatorAspect.java | Thu Aug 23 21:14:10 2018 UTC |
| 2 | MHV_2018.4.0.0.zip\2018.4.0.0\national portal\mhv_source\mhv_vital_signs\mhv-vital-signs-portal-portlet\src\main\java\gov\va\med\mhv\vitals\web\pgd | VamfUserServiceAuthenticatorAspect.java | Sun Sep 16 00:03:23 2018 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 248 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /** | |
| 2 | * | |
| 3 | */ | |
| 4 | package go v.va.med.m hv.vitals. web.pgd; | |
| 5 | ||
| 6 | import jav a.util.Dat e; | |
| 7 | import jav a.util.UUI D; | |
| 8 | ||
| 9 | import jav ax.servlet .http.Http Session; | |
| 10 | ||
| 11 | import org .aspectj.l ang.Procee dingJoinPo int; | |
| 12 | import org .aspectj.l ang.annota tion.Aspec t; | |
| 13 | import org .aspectj.l ang.annota tion.Befor e; | |
| 14 | import org .springfra mework.bea ns.factory .annotatio n.Autowire d; | |
| 15 | import org .springfra mework.bea ns.factory .annotatio n.Value; | |
| 16 | import org .springfra mework.ste reotype.Co mponent; | |
| 17 | ||
| 18 | import com .fasterxml .jackson.d atabind.Ob jectMapper ; | |
| 19 | import com .liferay.p ortal.kern el.events. ActionExce ption; | |
| 20 | import com .liferay.p ortal.kern el.log.Log ; | |
| 21 | import com .liferay.p ortal.kern el.log.Log FactoryUti l; | |
| 22 | import com .liferay.p ortal.kern el.servlet .PortalSes sionThread Local; | |
| 23 | ||
| 24 | import gov .va.med.mh v.client.v amf.user.a pi.UserApi ; | |
| 25 | import gov .va.med.mh v.common.a pi.dto.Pat ientDTO; | |
| 26 | import gov .va.med.mh v.common.a pi.dto.Use rProfileDT O; | |
| 27 | import gov .va.med.mh v.common.j wt.JwtUtil ity; | |
| 28 | ||
| 29 | /** | |
| 30 | * @author DNS | |
| 31 | * | |
| 32 | */ | |
| 33 | @Aspect | |
| 34 | @Component | |
| 35 | public cla ss VamfUse rServiceAu thenticato rAspect { | |
| 36 | ||
| 37 | pr ivate stat ic final L og LOG = L ogFactoryU til.getLog (VamfUserS erviceAuth enticatorA spect.clas s); | |
| 38 | ||
| 39 | pr ivate stat ic final S tring VAMF _JWT_TOKEN _ATTR_NAME = "MhvVit alsVamfAut henticated Jwt"; | |
| 40 | ||
| 41 | pr ivate stat ic final S tring USER _PROFILE_D TO_ATTR_NA ME = "LIFE RAY_SHARED _userprofi ledto"; | |
| 42 | ||
| 43 | pr ivate stat ic final S tring PATI ENT_DTO_AT TR_NAME = "LIFERAY_S HARED_pati entdto"; | |
| 44 | ||
| 45 | @A utowired | |
| 46 | pr ivate Obje ctMapper m apper; | |
| 47 | ||
| 48 | @A utowired | |
| 49 | pr ivate User Api userAp i; | |
| 50 | ||
| 51 | @V alue("${va mf.mhv.iss uer.id}") | |
| 52 | pr ivate Stri ng mhvIssu erId; | |
| 53 | ||
| 54 | @V alue("${va mf.jwt.not .before.mi nutes}") | |
| 55 | pr ivate Inte ger notBef oreMinutes ; | |
| 56 | ||
| 57 | @V alue("${va mf.jwt.exp ire.after. minutes}") | |
| 58 | pr ivate Inte ger expire AfterMinut es; | |
| 59 | ||
| 60 | @V alue("${va mf.mhv.sig nature.pri vate.key}" ) | |
| 61 | pr ivate Stri ng mhvMobi lePrivateK ey; | |
| 62 | ||
| 63 | @V alue("${va mf.mhv.aut henticatio n.authorit y}") | |
| 64 | pr ivate Stri ng mhvAuth entication Authority; | |
| 65 | ||
| 66 | @B efore("@an notation(V amfJwtAuth )") | |
| 67 | pu blic Objec t doAuthen ticate(Pro ceedingJoi nPoint joi nPoint) th rows Throw able { | |
| 68 | ||
| 69 | Http Session se ssion = nu ll; | |
| 70 | ||
| 71 | try { | |
| 72 | JwtUti lity jwtUt ility = ne w JwtUtili ty(mhvIssu erId, notB eforeMinut es, expire AfterMinut es, mhvMob ilePrivate Key); | |
| 73 | ||
| 74 | sessio n = Portal SessionThr eadLocal.g etHttpSess ion(); | |
| 75 | UserPr ofileDTO u serProfile = getSafe RequestAtt ribute(ses sion, USER _PROFILE_D TO_ATTR_NA ME, UserPr ofileDTO.c lass); | |
| 76 | Patien tDTO patie nt = getSa feRequestA ttribute(s ession, PA TIENT_DTO_ ATTR_NAME, PatientDT O.class); | |
| 77 | String vamfAuthJ wt = (Stri ng)session .getAttrib ute(VAMF_J WT_TOKEN_A TTR_NAME); | |
| 78 | ||
| 79 | // If the JWT is invalid, request / create a n ew token | |
| 80 | if(!jw tUtility.i sTokenInva lid(vamfAu thJwt) && userProfil e != null) { | |
| 81 | ||
| 82 | String f irstName = userProfi le.getFirs tName(); | |
| 83 | String m iddleName = userProf ile.getMid dleName(); | |
| 84 | String l astName = userProfil e.getLastN ame(); | |
| 85 | String s sn = userP rofile.get Ssn(); | |
| 86 | String i cn = (user Profile.ge tIsPatient () && pati ent != nul l) ? patie nt.getIcn( ) : ""; | |
| 87 | String e mail = use rProfile.g etContact( ).getEmail (); | |
| 88 | String g ender = us erProfile. getGender( ); | |
| 89 | Date bir thDate = u serProfile .getBirthD ate(); | |
| 90 | String m hvId = use rProfile.g etId().toS tring(); | |
| 91 | ||
| 92 | // Creat e the MHV Signed web token. | |
| 93 | vamfAuth Jwt = jwtU tility.cre ateMobileW ebToken(fi rstName, m iddleName, lastName, icn, ssn, email, | |
| 94 | ge nder, birt hDate, mhv Id, mhvAut henticatio nAuthority , UUID.ran domUUID(). toString() ); | |
| 95 | ||
| 96 | // Make the reques t to the u ser servic e to get i t signed b y it | |
| 97 | vamfAuth Jwt = this .userApi.c reateUserS essionFrom Jwt(vamfAu thJwt); | |
| 98 | ||
| 99 | session. setAttribu te(VAMF_JW T_TOKEN_AT TR_NAME, v amfAuthJwt ); | |
| 100 | } | |
| 101 | ||
| 102 | } ca tch (Throw able t) { | |
| 103 | LOG.er ror("Error establish ing JWT Se ssion.", t ); | |
| 104 | throw t; | |
| 105 | } | |
| 106 | ||
| 107 | retu rn joinPoi nt.proceed (); | |
| 108 | } | |
| 109 | ||
| 110 | @S uppressWar nings("unc hecked") | |
| 111 | pr ivate <T> T getSafeR equestAttr ibute(Http Session se ssion, Str ing attrib uteName, C lass<T> va lueType) | |
| 112 | throws ActionExc eption { | |
| 113 | try { | |
| 114 | Object sessionAt tribute = session.ge tAttribute (attribute Name); | |
| 115 | if (se ssionAttri bute != nu ll && sess ionAttribu te instanc eof String ) { | |
| 116 | return m apper.read Value((Str ing) sessi onAttribut e, valueTy pe); | |
| 117 | } | |
| 118 | ||
| 119 | return (T) sessi onAttribut e; | |
| 120 | } ca tch (Excep tion e) { | |
| 121 | throw new Action Exception( String.for mat("Error getting s ession att ribute '%s ' from ses sion.", at tributeNam e), e); | |
| 122 | } | |
| 123 | ||
| 124 | } | |
| 125 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.