4261. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 6/9/2017 3:51:24 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

4261.1 Files compared

#	Location	File	Last Modified
1			Fri Jun 9 19:51:24 2017 UTC
2	eHealth_Exch (eHealth Exchange Enhancements) Build 3 docs & code_May_2017.zip\VAP_CIF_CODE0502.zip\VAP_CIF_CODE0502\VAP_CIF_CODE0502\nvap-web\src\main\java\gov\va\nvap\web\auth	Login.java	Fri Apr 21 20:15:58 2017 UTC

4261.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	0	0
Changed	0	0
Inserted	1	226
Removed	0	0

4261.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

4261.4 Active regular expressions

No regular expressions were active.

4261.5 Comparison detail

				1		/*
				2		* To chan ge this te mplate, ch oose Tools \| Templat es
				3		* and ope n the temp late in th e editor.
				4		*/
				5
				6		package go v.va.nvap. web.auth;
				7
				8		import gov .va.nvap.c ommon.vali dation.Nul lChecker;
				9		import gov .va.nvap.s ervice.aud it.AuditEx ception;
				10		import gov .va.nvap.s ervice.aud it.AuditSe rvice;
				11		import gov .va.nvap.s ervice.aud it.data.Us erAccessAu dit;
				12		import gov .va.nvap.s vc.consent mgmt.stub. dao.Descri ptorDAO;
				13		import gov .va.nvap.s vc.consent mgmt.stub. data.Descr iptor;
				14		import gov .va.nvap.s vc.facilit y.data.Fac ility;
				15		import gov .va.nvap.w eb.dao.Use rRoleDAO;
				16		import gov .va.nvap.w eb.helper. facility.F acilityHel per;
				17		import gov .va.nvap.w eb.user.Us er;
				18		import gov .va.nvap.w eb.user.ro le.UserNam eException ;
				19		import gov .va.nvap.w eb.util.Va lidatorMes sage;
				20		import jav a.io.IOExc eption;
				21		import jav a.util.Dat e;
				22		import jav a.util.Has hMap;
				23		import jav a.util.Lis t;
				24		import jav ax.ejb.EJB ;
				25		import jav ax.securit y.auth.cal lback.Call back;
				26		import jav ax.securit y.auth.cal lback.Call backHandle r;
				27		import jav ax.securit y.auth.cal lback.Name Callback;
				28		import jav ax.securit y.auth.cal lback.Pass wordCallba ck;
				29		import jav ax.securit y.auth.cal lback.Unsu pportedCal lbackExcep tion;
				30		import jav ax.servlet .ServletEx ception;
				31		import jav ax.servlet .http.Cook ie;
				32		import jav ax.servlet .http.Http ServletReq uest;
				33		import jav ax.servlet .http.Http ServletRes ponse;
				34		import jav ax.servlet .http.Http Session;
				35		import org .apache.co mmons.logg ing.Log;
				36		import org .apache.co mmons.logg ing.LogFac tory;
				37		import web logic.serv let.securi ty.Servlet Authentica tion;
				38
				39		/**
				40		* @author Asha Amri traj
				41		*/
				42		public cla ss Login e xtends gov .va.nvap.w eb.app.Res ponseDispa tcherHttpS ervlet {
				43		st atic priva te final L og LOG = L ogFactory. getLog(Log in.class);
				44
				45		/* *
				46		* Serial UI D.
				47		* /
				48		pr ivate stat ic final l ong serial VersionUID = 8573087 7377917181 62L;
				49
				50		privat e static f inal Strin g VA_USERN AME = "adS amAccountN ame";
				51
				52		@E JB(beanInt erface = A uditServic e.class, m appedName = "AuditSe rvice")
				53		Au ditService auditServ ice;
				54
				55		public void chec kSession(f inal HttpS ervletRequ est reques t, final H ttpServlet Response r esponse) t hrows Serv letExcepti on, IOExce ption {
				56		if (request. getSession (false) == null \|\| ! request.is RequestedS essionIdVa lid()) {
				57		response .getWriter ().write(" 0");
				58		} else {
				59		response .getWriter ().write(" 1");
				60		}
				61		}
				62
				63		/* *
				64		* This is c alled when the Login button is pressed i n the GUI.
				65		* /
				66		pu blic void login(fina l HttpServ letRequest request,
				67		final HttpServle tResponse response) throws Ser vletExcept ion,
				68		IOExce ption {
				69		// G et the use rname and password f rom the we b page.
				70		fina l String u sername = request.ge tParameter ("username ");
				71		fina l String p assword = request.ge tParameter ("password ");
				72
				73		// C heck the s ession if it is stil l valid
				74		//fi nal HttpSe ssion sess ion = requ est.getSes sion(false );
				75		/*if (session != null) {
				76		sessio n.invalida te();
				77		}*/
				78		// C all the ap ache commo ns validat or to vali date the f ields in t he page
				79		if ( this.valid ate(reques t, respons e)) {
				80		// Cal l back for authentic ation
				81		final CallbackHa ndler call backHandle r = new Ca llbackHand ler() {
				82		@Overrid e
				83		public v oid handle (final Cal lback[] ca llbacks)
				84		th rows IOExc eption, Un supportedC allbackExc eption {
				85		for (final Callback cb : callb acks) {
				86		if (cb insta nceof Name Callback) {
				87		((Na meCallback ) cb).setN ame(userna me);
				88		} else if (c b instance of Passwor dCallback) {
				89		((Pa sswordCall back) cb). setPasswor d(password
				90		.toCharA rray());
				91		} else {
				92		thro w new Unsu pportedCal lbackExcep tion(cb,
				93		"Callbac k is not s upported." );
				94		}
				95		}
				96		}
				97		};
				98		// Aut henticate
				99		if (Se rvletAuthe ntication. authentica te(callbac kHandler, request) = = 0) {
				100		if (Logi n.LOG.isIn foEnabled( )) {
				101		//Login.LO G.info("VA P Login Su ccess - us er=" + use rname);
				102		}
				103		try {
				104		// Call VA P Audit to audit the login inf ormation
				105		this.audit Service.au ditUserAcc ess(new Us erAccessAu dit(
				106		user name, "", new Date() , new Date ()));
				107		} catch (final Aud itExceptio n ex) {
				108		throw new RuntimeExc eption(ex) ;
				109		}
				110		// Succe ss
				111		loginSuc cess(reque st, respon se);
				112
				113		} else {
				114		if (Logi n.LOG.isIn foEnabled( )) {
				115		//Login.LO G.info("VA P Login Fa iled - use r=" + user name);
				116		}
				117		// Error
				118		final Va lidatorMes sage messa ge = new V alidatorMe ssage();
				119		// Set m essage to the formEr rors for d isplay in JSP
				120		message. setMessage ("Invalid username a nd/or pass word was e ntered.");
				121		request. setAttribu te("formEr rors",
				122		ne w Validato rMessage[] { message });
				123		// Error
				124		this.for ward(reque st, respon se, "error ");
				125		}
				126		} el se {
				127		// Val idate the page
				128		this.f orward(req uest, resp onse, "val idate");
				129		}
				130		}
				131
				132		@O verride
				133		pu blic void unspecifie d(final Ht tpServletR equest req uest, fina l HttpServ letRespons e response ) throws S ervletExce ption, IOE xception {
				134
				135		// Check use rname head er to see if usernam e from SSO i is prese nt
				136		if (!NullChe cker.isNul lOrEmpty(r equest.get Header(VA_ USERNAME)) ) {
				137		try {
				138		// C all VAP Au dit to aud it the log in informa tion
				139		this .auditServ ice.auditU serAccess( new UserAc cessAudit(
				140		reques t.getHeade r("adSamAc countName" ), "", new Date(), n ew Date()) );
				141		} catch (final Aud itExceptio n ex) {
				142		thro w new Audi tException ();
				143		}
				144
				145		loginSuc cess(reque st, respon se);
				146		} else {
				147		throw ne w UserName Exception( "UserNameE xception") ;
				148		}
				149		}
				150
				151		/* *
				152		* Get the f acility he lper from Spring.
				153		* /
				154		pu blic Facil ityHelper getFacilit yHelper() {
				155		fina l Facility Helper fac ilityHelpe r = this.g etBean("fa cilityHelp er",
				156		Facility Helper.cla ss);
				157		retu rn facilit yHelper;
				158		}
				159
				160		privat e Descript orDAO getD escriptorD AO() {
				161		re turn this. getBean("D escriptorD AO", Descr iptorDAO.c lass);
				162		}
				163
				164		privat e UserRole DAO getUse rRoleDAO() {
				165		re turn this. getBean("U serRoleDAO ", UserRol eDAO.class );
				166		}
				167
				168		privat e void log inSuccess( HttpServle tRequest r equest, Ht tpServletR esponse re sponse) th rows IOExc eption, Se rvletExcep tion {
				169
				170		// get User' s default facility f rom cookie or from V HAUserId a nd set it for the se ssion
				171		go v.va.nvap. svc.facili ty.data.Fa cility def aultUserFa cility = n ull;
				172		Co okie[] vap Cookies = request.ge tCookies() ;
				173		if (vapCooki es != null ){
				174		for (Coo kie vapCoo kie : vapC ookies){
				175		if ( vapCookie. getName(). equals("fa cility")){
				176		if (NullCh ecker.isNo tEmpty(vap Cookie.get Value())) {
				177		defaul tUserFacil ity = new Facility() ;
				178		try {
				179		Fa cility fac ility = th is.getFaci lityHelper ().getFaci lityByStat ionId(vapC ookie.getV alue());
				180		if (facility != null) {
				181		defaultU serFacilit y.setFacil ityStation (facility. getFacilit yStation() );
				182		defaultU serFacilit y.setFacil ityName(fa cility.get FacilityNa me());
				183		defaultU serFacilit y.setVisnI d(facility .getVisnId ());
				184		}
				185		} catc h (Excepti on e) {
				186		// Cookie mu st contain an invali d station number. We 'll ignore the error and set t he default facility
				187		// based on the user I D.
				188		}
				189		}
				190		}
				191		}
				192		}
				193
				194		if (NullChec ker.isEmpt y(defaultU serFacilit y)) {
				195		// Get t he Default Facility by user id
				196		defaultU serFacilit y = this.g etFacility Helper().g etFacility StationByV HAUserId(
				197		reques t.getHeade r(VA_USERN AME));
				198		}
				199
				200		fi nal HttpSe ssion sess ion = requ est.getSes sion(true) ;
				201
				202		if (NullChec ker.isNotE mpty(defau ltUserFaci lity)) {
				203		session. setAttribu te("defaul tUserFacil ity", defa ultUserFac ility);
				204		}
				205
				206		// valid user now, so v alid sessi on. add th e tool tip s (descrip tors) to t his sessio n for use in many vi ews
				207		Li st<Descrip tor> dees = this.get Descriptor DAO().getA ll();
				208		Ha shMap hm = new HashM ap();
				209
				210		fo r(Descript or d : dee s) {
				211		hm.put(d .getName() , d.getTex t());
				212		}
				213
				214		se ssion.setA ttribute(" descriptor s", hm);
				215
				216		// Create us er with ro les for re direct
				217		Us er user = new User(t his.getUse rRoleDAO() .findUserR oleNames(r equest.get Header(VA_ USERNAME). toLowerCas e()));
				218		se ssion.setA ttribute(" user", use r);
				219
				220		if (user.has Role("VAPA pplication WebUser")) {
				221		this.for ward(reque st, respon se, "succe ss");
				222		} else {
				223		this.for ward(reque st, respon se, "succe ssReport") ;
				224		}
				225		}
				226		}