Produced by Araxis Merge on 4/27/2018 2:59:10 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | v2.0_Sprint_15_Build_5.zip\v2.0_Sprint_15_Build_5\Unredacted\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\security | SsoAuthorizationController.java | Tue Apr 24 14:49:51 2018 UTC |
| 2 | v2.0_Sprint_15_Build_5..zip\v2.0_Sprint_15_Build_5\Unredacted\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\security | SsoAuthorizationController.java | Thu Apr 26 16:05:12 2018 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 238 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /** | |
| 2 | * | |
| 3 | */ | |
| 4 | package go v.va.med.a rs.securit y; | |
| 5 | ||
| 6 | import jav a.net.URLD ecoder; | |
| 7 | import jav a.net.URLE ncoder; | |
| 8 | import jav a.text.Mes sageFormat ; | |
| 9 | ||
| 10 | import jav ax.servlet .http.Http ServletReq uest; | |
| 11 | ||
| 12 | import org .apache.co mmons.lang .StringUti ls; | |
| 13 | import org .apache.lo gging.log4 j.LogManag er; | |
| 14 | import org .apache.lo gging.log4 j.Logger; | |
| 15 | import org .springfra mework.bea ns.factory .annotatio n.Autowire d; | |
| 16 | import org .springfra mework.bea ns.factory .annotatio n.Value; | |
| 17 | import org .springfra mework.htt p.HttpStat us; | |
| 18 | import org .springfra mework.htt p.Response Entity; | |
| 19 | import org .springfra mework.web .bind.anno tation.Pos tMapping; | |
| 20 | import org .springfra mework.web .bind.anno tation.Req uestBody; | |
| 21 | import org .springfra mework.web .bind.anno tation.Req uestMappin g; | |
| 22 | import org .springfra mework.web .bind.anno tation.Res tControlle r; | |
| 23 | ||
| 24 | import gov .va.med.ar s.exceptio ns.Generic Exception; | |
| 25 | import gov .va.med.ar s.model.re quest.Decr yptionRequ est; | |
| 26 | import gov .va.med.ar s.model.re quest.Encr yptUrl; | |
| 27 | import gov .va.med.ar s.model.re sponse.Enc ryptUrlRes ponse; | |
| 28 | import gov .va.med.ar s.model.re sponse.Use rInfoRespo nse; | |
| 29 | import gov .va.med.ar s.service. IAuthentic atorServic e; | |
| 30 | import net .minidev.j son.JSONOb ject; | |
| 31 | ||
| 32 | /** | |
| 33 | * @author PI I
|
|
| 34 | * | |
| 35 | */ | |
| 36 | @RestContr oller | |
| 37 | @RequestMa pping("/ap i/v1/autho rize") | |
| 38 | public cla ss SsoAuth orizationC ontroller { | |
| 39 | ||
| 40 | pr ivate stat ic final L ogger logg er = LogMa nager.getL ogger(SsoA uthorizati onControll er.class); | |
| 41 | ||
| 42 | @A utowired | |
| 43 | IA uthenticat orService authentica torService ; | |
| 44 | ||
| 45 | @V alue("${po stBack.url }") | |
| 46 | St ring postB ackUrl; | |
| 47 | ||
| 48 | @V alue("${ca ptured.url }") | |
| 49 | St ring captu redUrl; | |
| 50 | ||
| 51 | @P ostMapping ("/encrypt Url") | |
| 52 | pu blic Respo nseEntity< ?> getEncr yptedUrls( @RequestBo dy Encrypt Url encryp tUrl, Http ServletReq uest reque st) { | |
| 53 | Encr yptUrlResp onse encry ptedUrlRes ponse = ne w EncryptU rlResponse (); | |
| 54 | JSON Object obj ect = new JSONObject (); | |
| 55 | ||
| 56 | try { | |
| 57 | String encrypted CapturedUr l = AesEnc ryption | |
| 58 | .encrypt(M essageForm at.format( capturedUr l, encrypt Url.getHos tname())); | |
| 59 | encryp tedUrlResp onse.setEn codedCaptu redUrl(URL Encoder.en code(encry ptedCaptur edUrl, "UT F-8")); | |
| 60 | ||
| 61 | String encrypted ForwardUrl = AesEncr yption | |
| 62 | .encrypt(M essageForm at.format( postBackUr l, encrypt Url.getHos tname())); | |
| 63 | encryp tedUrlResp onse.setEn codedPostB ackUrl( | |
| 64 | URLEncoder .encode(Me ssageForma t.format(e ncryptedFo rwardUrl, encryptUrl .getHostna me()), "UT F-8")); | |
| 65 | encryp tedUrlResp onse.setSe ssionInfor mation(req uest.getSe ssion().ge tId().toSt ring()); | |
| 66 | return new Respo nseEntity< >(encrypte dUrlRespon se, HttpSt atus.OK); | |
| 67 | } ca tch (Excep tion e) { | |
| 68 | object .put("encr yptedUrlRe sponse", " Error pars ing the ho stname"); | |
| 69 | return new Respo nseEntity< >(object, HttpStatus .BAD_REQUE ST); | |
| 70 | } | |
| 71 | } | |
| 72 | ||
| 73 | @P ostMapping ("/decrypt Url") | |
| 74 | pu blic Respo nseEntity< ?> getNtNa me(@Reques tBody Decr yptionRequ est decryp tedRequest ) throws G enericExce ption { | |
| 75 | Stri ng decrypt edNTUserna me = null; | |
| 76 | JSON Object res ponse = nu ll; | |
| 77 | try { | |
| 78 | if (!S tringUtils .isEmpty(d ecryptedRe quest.getG etNtname() )) { | |
| 79 | String u sername = URLDecoder .decode(de cryptedReq uest.getGe tNtname(), "UTF-8"); | |
| 80 | decrypte dNTUsernam e = AesEnc ryption.de crypt(user name); | |
| 81 | ||
| 82 | // Authe nticate th e User Fir st | |
| 83 | boolean isAuthenti cated = au thenticato rService.a uthenticat eUser(decr yptedNTUse rname); | |
| 84 | UserInfo Response u serRolesRe sponse; | |
| 85 | if (isAu thenticate d) { | |
| 86 | // Get Use rRoles | |
| 87 | userRolesR esponse = authentica torService .getUserRo les(); | |
| 88 | if (userRo lesRespons e != null && !(userR olesRespon se.getUser Roles().is Empty())) { | |
| 89 | re turn new R esponseEnt ity<>(user RolesRespo nse, HttpS tatus.OK); | |
| 90 | } else { | |
| 91 | re sponse = n ew JSONObj ect(); | |
| 92 | lo gger.warn( "getUserRo les : 0 Ro les found for " + de cryptedNTU sername); | |
| 93 | re sponse.put ("errorCod e", "Un-Au thorized") ; | |
| 94 | re sponse.put ("message" , "The ent ered user has no acc ess to the applicati on"); | |
| 95 | re turn new R esponseEnt ity<>(resp onse, Http Status.NOT _FOUND); | |
| 96 | } | |
| 97 | } else { | |
| 98 | response = new JSONO bject(); | |
| 99 | logger.err or("getUse rRoles : A uthenticat ion failed for userN ame: " + d ecryptedNT Username); | |
| 100 | response.p ut("errorC ode", "Inv alid User" ); | |
| 101 | response.p ut("messag e", "The e ntered use r has no a ccess to t he applica tion"); | |
| 102 | throw new GenericExc eption("", "", HttpS tatus.ACCE PTED); | |
| 103 | } | |
| 104 | } else { | |
| 105 | response = new JSO NObject(); | |
| 106 | logger.w arn("Windo ws NT name not found " + decry ptedNTUser name); | |
| 107 | response .put("erro rCode", "U n-Authoriz ed"); | |
| 108 | response .put("mess age", "The entered u ser has no access to the appli cation"); | |
| 109 | return n ew Respons eEntity<>( response, HttpStatus .NOT_FOUND ); | |
| 110 | } | |
| 111 | ||
| 112 | } ca tch (Excep tion e) { | |
| 113 | respon se = new J SONObject( ); | |
| 114 | logger .warn("Int ernal erro r occured " + decryp tedNTUsern ame); | |
| 115 | respon se.put("er rorCode", "Un-Author ized"); | |
| 116 | respon se.put("me ssage", "T he entered user has no access to the app lication") ; | |
| 117 | return new Respo nseEntity< >(response , HttpStat us.NOT_FOU ND); | |
| 118 | } | |
| 119 | } | |
| 120 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.