Produced by Araxis Merge on 4/2/2019 1:06:55 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | C:\AraxisMergeCompare\Pri_un\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\security | SsoAuthorizationController.java | Wed Mar 27 19:21:07 2019 UTC |
2 | C:\AraxisMergeCompare\Pri_re\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\security | SsoAuthorizationController.java | Fri Mar 29 17:27:48 2019 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 284 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /** | |
2 | * | |
3 | */ | |
4 | package go v.va.med.a rs.securit y; | |
5 | ||
6 | import jav a.net.URLD ecoder; | |
7 | import jav a.net.URLE ncoder; | |
8 | import jav a.text.Mes sageFormat ; | |
9 | ||
10 | import jav ax.servlet .http.Http ServletReq uest; | |
11 | ||
12 | import org .apache.co mmons.lang .StringUti ls; | |
13 | import org .apache.lo gging.log4 j.LogManag er; | |
14 | import org .apache.lo gging.log4 j.Logger; | |
15 | import org .springfra mework.bea ns.factory .annotatio n.Autowire d; | |
16 | import org .springfra mework.bea ns.factory .annotatio n.Value; | |
17 | import org .springfra mework.htt p.HttpStat us; | |
18 | import org .springfra mework.htt p.Response Entity; | |
19 | import org .springfra mework.web .bind.anno tation.Pos tMapping; | |
20 | import org .springfra mework.web .bind.anno tation.Req uestBody; | |
21 | import org .springfra mework.web .bind.anno tation.Req uestMappin g; | |
22 | import org .springfra mework.web .bind.anno tation.Res tControlle r; | |
23 | ||
24 | import gov .va.med.ar s.exceptio ns.Generic Exception; | |
25 | import gov .va.med.ar s.model.re quest.Decr yptionRequ est; | |
26 | import gov .va.med.ar s.model.re quest.Encr yptUrl; | |
27 | import gov .va.med.ar s.model.re sponse.Enc ryptUrlRes ponse; | |
28 | import gov .va.med.ar s.model.re sponse.Use rInfoRespo nse; | |
29 | import gov .va.med.ar s.service. IAuthentic atorServic e; | |
30 | import net .minidev.j son.JSONOb ject; | |
31 | ||
32 | /** | |
33 | * @author
|
|
34 | * | |
35 | */ | |
36 | @RestContr oller | |
37 | @RequestMa pping("/ap i/v1/autho rize") | |
38 | public cla ss SsoAuth orizationC ontroller { | |
39 | ||
40 | pr ivate stat ic final L ogger logg er = LogMa nager.getL ogger(SsoA uthorizati onControll er.class); | |
41 | ||
42 | @A utowired | |
43 | IA uthenticat orService authentica torService ; | |
44 | ||
45 | @V alue("${po stBack.url }") | |
46 | St ring postB ackUrl; | |
47 | ||
48 | @V alue("${ca ptured.url }") | |
49 | St ring captu redUrl; | |
50 | ||
51 | @V alue("${po stBack.att achment.ur l}") | |
52 | St ring postB ackAttachm entUrl; | |
53 | ||
54 | @V alue("${ca ptured.att achment.ur l}") | |
55 | St ring captu redAttachm entUrl; | |
56 | ||
57 | @P ostMapping ("/encrypt Url") | |
58 | pu blic Respo nseEntity< ?> getEncr yptedUrls( @RequestBo dy Encrypt Url encryp tUrl, Http ServletReq uest reque st) { | |
59 | Encr yptUrlResp onse encry ptedUrlRes ponse = ne w EncryptU rlResponse (); | |
60 | JSON Object obj ect = new JSONObject (); | |
61 | ||
62 | try { | |
63 | if(Str ingUtils.i sBlank(enc ryptUrl.ge tAttachmen tId())) { | |
64 | String e ncryptedCa pturedUrl = AesEncry ption | |
65 | .e ncrypt(Mes sageFormat .format(ca pturedUrl, encryptUr l.getHostn ame())); | |
66 | encrypte dUrlRespon se.setEnco dedCapture dUrl(URLEn coder.enco de(encrypt edCaptured Url, "UTF- 8")); | |
67 | ||
68 | String e ncryptedFo rwardUrl = AesEncryp tion | |
69 | .e ncrypt(Mes sageFormat .format(po stBackUrl, encryptUr l.getHostn ame())); | |
70 | encrypte dUrlRespon se.setEnco dedPostBac kUrl( | |
71 | UR LEncoder.e ncode(Mess ageFormat. format(enc ryptedForw ardUrl, en cryptUrl.g etHostname ()), "UTF- 8")); | |
72 | encrypte dUrlRespon se.setSess ionInforma tion(reque st.getSess ion().getI d().toStri ng()); | |
73 | return n ew Respons eEntity<>( encryptedU rlResponse , HttpStat us.OK); | |
74 | } else { | |
75 | String e ncryptedCa pturedUrl = AesEncry ption | |
76 | .e ncrypt(Mes sageFormat .format(ca pturedAtta chmentUrl, encryptUr l.getHostn ame(), enc ryptUrl.ge tAttachmen tId())); | |
77 | encrypte dUrlRespon se.setEnco dedCapture dUrl(URLEn coder.enco de(encrypt edCaptured Url, "UTF- 8")); | |
78 | ||
79 | String e ncryptedFo rwardUrl = AesEncryp tion | |
80 | .e ncrypt(Mes sageFormat .format(po stBackAtta chmentUrl, encryptUr l.getHostn ame(), enc ryptUrl.ge tAttachmen tId())); | |
81 | encrypte dUrlRespon se.setEnco dedPostBac kUrl( | |
82 | UR LEncoder.e ncode(Mess ageFormat. format(enc ryptedForw ardUrl, en cryptUrl.g etHostname ()), "UTF- 8")); | |
83 | encrypte dUrlRespon se.setSess ionInforma tion(reque st.getSess ion().getI d().toStri ng()); | |
84 | return n ew Respons eEntity<>( encryptedU rlResponse , HttpStat us.OK); | |
85 | } | |
86 | ||
87 | } ca tch (Excep tion e) { | |
88 | object .put("encr yptedUrlRe sponse", " Error pars ing the ho stname"); | |
89 | return new Respo nseEntity< >(object, HttpStatus .BAD_REQUE ST); | |
90 | } | |
91 | } | |
92 | ||
93 | @P ostMapping ("/decrypt Url") | |
94 | pu blic Respo nseEntity< ?> getNtNa me(@Reques tBody Decr yptionRequ est decryp tedRequest ) throws G enericExce ption { | |
95 | Stri ng decrypt edNTUserna me = null; | |
96 | JSON Object res ponse = nu ll; | |
97 | try { | |
98 | if (!S tringUtils .isEmpty(d ecryptedRe quest.getG etNtname() )) { | |
99 | String u sername = URLDecoder .decode(de cryptedReq uest.getGe tNtname(), "UTF-8"); | |
100 | decrypte dNTUsernam e = AesEnc ryption.de crypt(user name); | |
101 | ||
102 | // Authe nticate th e User Fir st | |
103 | //boolea n isAuthen ticated = authentica torService .authentic ateUser(de cryptedNTU sername); | |
104 | UserInfo Response u serRolesRe sponse; | |
105 | //if (is Authentica ted) { | |
106 | // Get Use rRoles | |
107 | userRolesR esponse = authentica torService .getUserRo les(decryp tedNTUsern ame); | |
108 | if (userRo lesRespons e != null && !(userR olesRespon se.getUser Roles().is Empty())) { | |
109 | if (decrypted Request.ge tAttachmen tId() != n ull && !de cryptedReq uest.getAt tachmentId ().isEmpty ()) { | |
110 | user RolesRespo nse.setAtt achmentId( decryptedR equest.get Attachment Id()); | |
111 | } | |
112 | re turn new R esponseEnt ity<>(user RolesRespo nse, HttpS tatus.OK); | |
113 | } else { | |
114 | re sponse = n ew JSONObj ect(); | |
115 | lo gger.warn( "getUserRo les : 0 Ro les found for " + de cryptedNTU sername); | |
116 | re sponse.put ("errorCod e", "Un-Au thorized") ; | |
117 | re sponse.put ("message" , "The ent ered user has no acc ess to the applicati on"); | |
118 | re turn new R esponseEnt ity<>(resp onse, Http Status.FOR BIDDEN); | |
119 | } | |
120 | /*} else { | |
121 | response = new JSONO bject(); | |
122 | logger.err or("getUse rRoles : A uthenticat ion failed for userN ame: " + d ecryptedNT Username); | |
123 | response.p ut("errorC ode", "Inv alid User" ); | |
124 | response.p ut("messag e", "The e ntered use r has no a ccess to t he applica tion"); | |
125 | throw new GenericExc eption("", "", HttpS tatus.FORB IDDEN); | |
126 | }*/ | |
127 | } else { | |
128 | response = new JSO NObject(); | |
129 | logger.w arn("Windo ws NT name not found " + decry ptedNTUser name); | |
130 | response .put("erro rCode", "U n-Authoriz ed"); | |
131 | response .put("mess age", "The entered u ser has no access to the appli cation"); | |
132 | return n ew Respons eEntity<>( response, HttpStatus .FORBIDDEN ); | |
133 | } | |
134 | ||
135 | } ca tch (Excep tion e) { | |
136 | respon se = new J SONObject( ); | |
137 | logger .warn("Int ernal erro r occured " + decryp tedNTUsern ame); | |
138 | respon se.put("er rorCode", "Un-Author ized"); | |
139 | respon se.put("me ssage", "T he entered user has no access to the app lication") ; | |
140 | return new Respo nseEntity< >(response , HttpStat us.NOT_FOU ND); | |
141 | } | |
142 | } | |
143 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.