58. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 4/2/2019 1:06:55 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

58.1 Files compared

# Location File Last Modified
1 C:\AraxisMergeCompare\Pri_un\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\security SsoAuthorizationController.java Wed Mar 27 19:21:07 2019 UTC
2 C:\AraxisMergeCompare\Pri_re\ARS_Backend\ars_app\src\main\java\gov\va\med\ars\security SsoAuthorizationController.java Fri Mar 29 17:27:48 2019 UTC

58.2 Comparison summary

Description Between
Files 1 and 2
Text Blocks Lines
Unchanged 2 284
Changed 1 2
Inserted 0 0
Removed 0 0

58.3 Comparison options

Whitespace
Character case Differences in character case are significant
Line endings Differences in line endings (CR and LF characters) are ignored
CR/LF characters Not shown in the comparison detail

58.4 Active regular expressions

No regular expressions were active.

58.5 Comparison detail

  1   /**
  2    * 
  3    */
  4   package go v.va.med.a rs.securit y;
  5  
  6   import jav a.net.URLD ecoder;
  7   import jav a.net.URLE ncoder;
  8   import jav a.text.Mes sageFormat ;
  9  
  10   import jav ax.servlet .http.Http ServletReq uest;
  11  
  12   import org .apache.co mmons.lang .StringUti ls;
  13   import org .apache.lo gging.log4 j.LogManag er;
  14   import org .apache.lo gging.log4 j.Logger;
  15   import org .springfra mework.bea ns.factory .annotatio n.Autowire d;
  16   import org .springfra mework.bea ns.factory .annotatio n.Value;
  17   import org .springfra mework.htt p.HttpStat us;
  18   import org .springfra mework.htt p.Response Entity;
  19   import org .springfra mework.web .bind.anno tation.Pos tMapping;
  20   import org .springfra mework.web .bind.anno tation.Req uestBody;
  21   import org .springfra mework.web .bind.anno tation.Req uestMappin g;
  22   import org .springfra mework.web .bind.anno tation.Res tControlle r;
  23  
  24   import gov .va.med.ar s.exceptio ns.Generic Exception;
  25   import gov .va.med.ar s.model.re quest.Decr yptionRequ est;
  26   import gov .va.med.ar s.model.re quest.Encr yptUrl;
  27   import gov .va.med.ar s.model.re sponse.Enc ryptUrlRes ponse;
  28   import gov .va.med.ar s.model.re sponse.Use rInfoRespo nse;
  29   import gov .va.med.ar s.service. IAuthentic atorServic e;
  30   import net .minidev.j son.JSONOb ject;
  31  
  32   /**
  33    * @author  
D NS     GANGAV
  34    *
  35    */
  36   @RestContr oller
  37   @RequestMa pping("/ap i/v1/autho rize")
  38   public cla ss SsoAuth orizationC ontroller  {
  39  
  40           pr ivate stat ic final L ogger logg er = LogMa nager.getL ogger(SsoA uthorizati onControll er.class);
  41  
  42           @A utowired
  43           IA uthenticat orService  authentica torService ;
  44  
  45           @V alue("${po stBack.url }")
  46           St ring postB ackUrl;
  47  
  48           @V alue("${ca ptured.url }")
  49           St ring captu redUrl;
  50           
  51           @V alue("${po stBack.att achment.ur l}")
  52           St ring postB ackAttachm entUrl;
  53  
  54           @V alue("${ca ptured.att achment.ur l}")
  55           St ring captu redAttachm entUrl;
  56  
  57           @P ostMapping ("/encrypt Url")
  58           pu blic Respo nseEntity< ?> getEncr yptedUrls( @RequestBo dy Encrypt Url encryp tUrl, Http ServletReq uest reque st) {
  59                    Encr yptUrlResp onse encry ptedUrlRes ponse = ne w EncryptU rlResponse ();
  60                    JSON Object obj ect = new  JSONObject ();
  61  
  62                    try  {
  63                             if(Str ingUtils.i sBlank(enc ryptUrl.ge tAttachmen tId())) {
  64                                      String e ncryptedCa pturedUrl  = AesEncry ption
  65                                                       .e ncrypt(Mes sageFormat .format(ca pturedUrl,  encryptUr l.getHostn ame()));
  66                                      encrypte dUrlRespon se.setEnco dedCapture dUrl(URLEn coder.enco de(encrypt edCaptured Url, "UTF- 8"));
  67  
  68                                      String e ncryptedFo rwardUrl =  AesEncryp tion
  69                                                       .e ncrypt(Mes sageFormat .format(po stBackUrl,  encryptUr l.getHostn ame()));
  70                                      encrypte dUrlRespon se.setEnco dedPostBac kUrl(
  71                                                       UR LEncoder.e ncode(Mess ageFormat. format(enc ryptedForw ardUrl, en cryptUrl.g etHostname ()), "UTF- 8"));
  72                                      encrypte dUrlRespon se.setSess ionInforma tion(reque st.getSess ion().getI d().toStri ng());
  73                                      return n ew Respons eEntity<>( encryptedU rlResponse , HttpStat us.OK);
  74                             } else  {
  75                                      String e ncryptedCa pturedUrl  = AesEncry ption
  76                                                       .e ncrypt(Mes sageFormat .format(ca pturedAtta chmentUrl,  encryptUr l.getHostn ame(), enc ryptUrl.ge tAttachmen tId()));
  77                                      encrypte dUrlRespon se.setEnco dedCapture dUrl(URLEn coder.enco de(encrypt edCaptured Url, "UTF- 8"));
  78  
  79                                      String e ncryptedFo rwardUrl =  AesEncryp tion
  80                                                       .e ncrypt(Mes sageFormat .format(po stBackAtta chmentUrl,  encryptUr l.getHostn ame(), enc ryptUrl.ge tAttachmen tId()));
  81                                      encrypte dUrlRespon se.setEnco dedPostBac kUrl(
  82                                                       UR LEncoder.e ncode(Mess ageFormat. format(enc ryptedForw ardUrl, en cryptUrl.g etHostname ()), "UTF- 8"));
  83                                      encrypte dUrlRespon se.setSess ionInforma tion(reque st.getSess ion().getI d().toStri ng());
  84                                      return n ew Respons eEntity<>( encryptedU rlResponse , HttpStat us.OK);
  85                             }
  86                             
  87                    } ca tch (Excep tion e) {
  88                             object .put("encr yptedUrlRe sponse", " Error pars ing the ho stname");
  89                             return  new Respo nseEntity< >(object,  HttpStatus .BAD_REQUE ST);
  90                    }
  91           }
  92  
  93           @P ostMapping ("/decrypt Url")
  94           pu blic Respo nseEntity< ?> getNtNa me(@Reques tBody Decr yptionRequ est decryp tedRequest ) throws G enericExce ption {
  95                    Stri ng decrypt edNTUserna me = null;
  96                    JSON Object res ponse = nu ll;
  97                    try  {
  98                             if (!S tringUtils .isEmpty(d ecryptedRe quest.getG etNtname() )) {
  99                                      String u sername =  URLDecoder .decode(de cryptedReq uest.getGe tNtname(),  "UTF-8");
  100                                      decrypte dNTUsernam e = AesEnc ryption.de crypt(user name);
  101  
  102                                      // Authe nticate th e User Fir st
  103                                      //boolea n isAuthen ticated =  authentica torService .authentic ateUser(de cryptedNTU sername);
  104                                      UserInfo Response u serRolesRe sponse;
  105                                      //if (is Authentica ted) {
  106                                               // Get Use rRoles
  107                                               userRolesR esponse =  authentica torService .getUserRo les(decryp tedNTUsern ame);
  108                                               if (userRo lesRespons e != null  && !(userR olesRespon se.getUser Roles().is Empty()))  {
  109                                                       if (decrypted Request.ge tAttachmen tId() != n ull && !de cryptedReq uest.getAt tachmentId ().isEmpty ()) {
  110                                                                user RolesRespo nse.setAtt achmentId( decryptedR equest.get Attachment Id());
  111                                                       }
  112                                                       re turn new R esponseEnt ity<>(user RolesRespo nse, HttpS tatus.OK);
  113                                               } else {
  114                                                       re sponse = n ew JSONObj ect();
  115                                                       lo gger.warn( "getUserRo les : 0 Ro les found  for " + de cryptedNTU sername);
  116                                                       re sponse.put ("errorCod e", "Un-Au thorized") ;
  117                                                       re sponse.put ("message" , "The ent ered user  has no acc ess to the  applicati on");
  118                                                       re turn new R esponseEnt ity<>(resp onse, Http Status.FOR BIDDEN);
  119                                               }
  120                                      /*} else  {
  121                                               response =  new JSONO bject();
  122                                               logger.err or("getUse rRoles : A uthenticat ion failed  for userN ame: " + d ecryptedNT Username);
  123                                               response.p ut("errorC ode", "Inv alid User" );
  124                                               response.p ut("messag e", "The e ntered use r has no a ccess to t he applica tion");
  125                                               throw new  GenericExc eption("",  "", HttpS tatus.FORB IDDEN);
  126                                      }*/
  127                             } else  {
  128                                      response  = new JSO NObject();
  129                                      logger.w arn("Windo ws NT name  not found  " + decry ptedNTUser name);
  130                                      response .put("erro rCode", "U n-Authoriz ed");
  131                                      response .put("mess age", "The  entered u ser has no  access to  the appli cation");
  132                                      return n ew Respons eEntity<>( response,  HttpStatus .FORBIDDEN );
  133                             }
  134  
  135                    } ca tch (Excep tion e) {
  136                             respon se = new J SONObject( );
  137                             logger .warn("Int ernal erro r occured  " + decryp tedNTUsern ame);
  138                             respon se.put("er rorCode",  "Un-Author ized");
  139                             respon se.put("me ssage", "T he entered  user has  no access  to the app lication") ;
  140                             return  new Respo nseEntity< >(response , HttpStat us.NOT_FOU ND);
  141                    }
  142           }
  143   }