{{{ xProject jdbc/xProjectDB javax.sql.DataSource tenantContext com.sap.cloud.account.TenantContext connectivityConfiguration com.sap.core.connectivity.api.configuration.ConnectivityConfiguration PasswordStorage com.sap.cloud.security.password.PasswordStorage FORM Protected APIs /api/v1/* ProjectManager ProjectMember ProjectManager ProjectMember OAuth scope definition for joining a project ListProjectsScopeFilter com.sap.cloud.security.oauth2.OAuthAuthorizationFilter scope list-projects http-method GET no-session true ListProjectsScopeFilter /api/v1/mobile/projects OAuth scope definition for joining a project JoinProjectScopeFilter com.sap.cloud.security.oauth2.OAuthAuthorizationFilter scope join-project http-method POST no-session true JoinProjectScopeFilter /api/v1/mobile/projects OAuth scope definition for managing a project member's timesheets ManageTimesheetsScopeFilter com.sap.cloud.security.oauth2.OAuthAuthorizationFilter scope manage-timesheets http-method GET POST no-session true ManageTimesheetsScopeFilter /api/v1/mobile/timesheets TestDataServlet com.sap.cloud.sample.xproject.servlet.TestDataServlet TestDataServlet /TestDataServlet CsrfFilter org.apache.catalina.filters.CsrfPreventionFilter entryPoints /index.jsp CsrfFilter /api/v1/web }}} {{{ package com.sap.cloud.sample.xproject.web; import java.io.IOException; import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.URL; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; import java.util.Map; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.sql.DataSource; import org.apache.http.HttpEntity; import org.apache.http.NameValuePair; import org.apache.http.auth.AuthenticationException; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.auth.BasicScheme; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.message.BasicNameValuePair; import org.apache.http.util.EntityUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.sap.cloud.account.TenantContext; import com.sap.cloud.security.password.PasswordStorage; import com.sap.cloud.security.password.PasswordStorageException; import com.sap.core.connectivity.api.configuration.ConnectivityConfiguration; import com.sap.core.connectivity.api.configuration.DestinationConfiguration; public class Util { private static final Logger LOGGER = LoggerFactory.getLogger(Util.class); private static final String JNDI_KEY_DATA_SOURCE = "java:comp/env/jdbc/xProjectDB"; private static final String JNDI_KEY_CONNECTIVITY_CONFIG = "java:comp/env/connectivityConfiguration"; private static final String JNDI_KEY_PASSWORD_STORAGE = "java:comp/env/PasswordStorage"; private static final String DESTINATION_OAUTHAS_TOKEN = "oauthasTokenEndpoint"; private static final String DESTINATION_AUTHZ_MGMT = "authzMgmtService"; private static final String PROPERTY_CLIENTID = "User"; private static final String PROPERTY_SECRET = "Password"; private static final String ON_PREMISE_PROXY = "OnPremise"; // used for user to role assignments private static class Role { public String applicationName; public String name; public String providerAccount; } private static class Roles { public Roles() { this.role = new ArrayList(); } @JsonProperty("roles") public List role; } public static DataSource getDataSource() { Object dataSource; try { InitialContext ctx = new InitialContext(); dataSource = ctx.lookup(JNDI_KEY_DATA_SOURCE); } catch (NamingException e) { throw new IllegalStateException("JNDI lookup failure", e); } if (dataSource instanceof DataSource) { return (DataSource) dataSource; } throw new IllegalStateException( "No data source available in JNDI context"); } public static String getAccountName() { TenantContext context = null; try { context = (TenantContext) (new InitialContext()).lookup("java:comp/env/tenantContext"); } catch (NamingException ne) { LOGGER.error("Failed to get tenant context", ne); } return context.getTenant().getAccount().getId(); } public static Proxy getProxy(String proxyType) { String proxyHost = null; int proxyPort; if (ON_PREMISE_PROXY.equals(proxyType)) { // Get proxy for on-premise destinations proxyHost = System.getenv("HC_OP_HTTP_PROXY_HOST"); proxyPort = Integer.parseInt(System.getenv("HC_OP_HTTP_PROXY_PORT")); } else { // Get proxy for internet destinations proxyHost = System.getProperty("http.proxyHost"); proxyPort = Integer.parseInt(System.getProperty("http.proxyPort")); } return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort)); } public static int assignUserToRole(String userid, String rolename, String accessToken) { // https://api.hana.ondemand.com/authorization/v1/documentation#accounts__accountName__users_roles_put Role newRole = new Role(); newRole.applicationName = "xproject"; newRole.name = rolename; newRole.providerAccount = getAccountName(); Roles roles = new Roles(); roles.role.add(newRole); int responseCode = 0; ObjectMapper mapper = new ObjectMapper(); try { String json = mapper.writeValueAsString(roles); // look up the connectivity configuration API "connectivityConfiguration" Context ctx = new InitialContext(); ConnectivityConfiguration configuration = (ConnectivityConfiguration) ctx.lookup(JNDI_KEY_CONNECTIVITY_CONFIG); // get destination configuration for "authzapi" DestinationConfiguration destConfiguration = configuration.getConfiguration(DESTINATION_AUTHZ_MGMT); // get destination URL String url = destConfiguration.getProperty("URL").replace("accountName", Util.getAccountName()). concat("?userId=" + URLEncoder.encode(userid, StandardCharsets.UTF_8.name())); LOGGER.debug("Usign URL {}", url); // create HTTP Client and PUT request from Apache libs CloseableHttpClient httpClient = HttpClients.createDefault(); HttpPut httpPut = new HttpPut(url); // add API request body StringEntity requestEntity = new StringEntity(json, ContentType.APPLICATION_JSON); httpPut.setEntity(requestEntity); LOGGER.debug("Sending API request body: {}", requestEntity.toString()); // add the OAuth Access Token to the header httpPut.addHeader("Authorization", "Bearer " + accessToken); try { // call API LOGGER.debug("Executing request {}", httpPut.getRequestLine()); CloseableHttpResponse response = httpClient.execute(httpPut); responseCode = response.getStatusLine().getStatusCode(); HttpEntity responseBody = response.getEntity(); try { LOGGER.debug("Response code: {}", responseCode); if (responseCode == HttpURLConnection.HTTP_CREATED) { // process response from api String apiResponse = EntityUtils.toString(responseBody); LOGGER.debug("Response is: {}", apiResponse); } } finally { // complete response processing EntityUtils.consume(responseBody); response.close(); } } catch (ClientProtocolException cpe) { LOGGER.error("ClientProtocol Exception: ", cpe); } finally { httpClient.close(); } } catch (JsonProcessingException jpe) { LOGGER.error("Error assigning the role: ", jpe); } catch (IOException ioe) { LOGGER.error("IO Exception: ", ioe); } catch (NamingException ne) { LOGGER.error("JNDI lookup failure", ne); } return responseCode; } public static int unassignUserFromRole(String userid, String rolename, String accessToken) { // https://api.hana.ondemand.com/authorization/v1/documentation#accounts__accountName__users_roles_delete int responseCode = 0; try { // look up the connectivity configuration API "connectivityConfiguration" Context ctx = new InitialContext(); ConnectivityConfiguration configuration = (ConnectivityConfiguration) ctx.lookup(JNDI_KEY_CONNECTIVITY_CONFIG); // get destination configuration for "authzapi" DestinationConfiguration destConfiguration = configuration.getConfiguration(DESTINATION_AUTHZ_MGMT); // get destination URL String url = destConfiguration.getProperty("URL").replace("accountName", Util.getAccountName()). concat("?userId=" + URLEncoder.encode(userid, StandardCharsets.UTF_8.name())). concat("&roles=" + URLEncoder.encode(rolename + "@" + Util.getAccountName() + ":" + "xproject",StandardCharsets.UTF_8.name())); LOGGER.debug("Usign URL {}", url); // create HTTP Client and DELETE request from Apache libs CloseableHttpClient httpClient = HttpClients.createDefault(); HttpDelete httpDelete = new HttpDelete(url); // add the OAuth Access Token to the header httpDelete.addHeader("Authorization", "Bearer " + accessToken); try { // call API LOGGER.debug("Executing request {}", httpDelete.getRequestLine()); CloseableHttpResponse response = httpClient.execute(httpDelete); responseCode = response.getStatusLine().getStatusCode(); try { HttpEntity responseBody = response.getEntity(); LOGGER.debug("Response code: {}", responseCode); if (responseCode == HttpURLConnection.HTTP_OK) { // process response from api String apiResponse = EntityUtils.toString(responseBody); LOGGER.debug("Response is: {}", apiResponse); } // complete response processing EntityUtils.consume(responseBody); } finally { response.close(); } } catch (ClientProtocolException cpe) { LOGGER.error("ClientProtocol Exception: ", cpe); } finally { httpClient.close(); } } catch (JsonProcessingException jpe) { LOGGER.error("Error assigning the role: ", jpe); } catch (IOException ioe) { LOGGER.error("IO Exception: ", ioe); } catch (NamingException ne) { LOGGER.error("JNDI lookup failure", ne); } return responseCode; } public static String requestNewAccessTokenForPlatformAPI() { String accessToken = null; try { // look up the connectivity configuration API "connectivityConfiguration" Context ctx = new InitialContext(); ConnectivityConfiguration configuration = (ConnectivityConfiguration) ctx.lookup(JNDI_KEY_CONNECTIVITY_CONFIG); // get destination configuration for "oauthasTokenEndpoint" DestinationConfiguration destConfiguration = configuration.getConfiguration(DESTINATION_OAUTHAS_TOKEN); // get all destination properties Map allDestinationPropeties = destConfiguration.getAllProperties(); // get clientid and secret from destination user and password properties String clientid = allDestinationPropeties.get(Util.PROPERTY_CLIENTID); String secret = allDestinationPropeties.get(Util.PROPERTY_SECRET); LOGGER.debug("Usign client id {} and secret {}", clientid ,secret); // get destination URL URL url = new URL(allDestinationPropeties.get("URL")); LOGGER.debug("Usign URL {}", url.toString()); // create HTTP Client and POST request from Apache libs CloseableHttpClient httpClient = HttpClients.createDefault(); HttpPost httpPost = new HttpPost(url.toString()); // add OAuth access token request parameters as per https://tools.ietf.org/html/rfc6749#section-4.4.1 List nvps = new ArrayList(); nvps.add(new BasicNameValuePair("grant_type", "client_credentials")); httpPost.setEntity(new UrlEncodedFormEntity(nvps)); try { // create Basic Authn header UsernamePasswordCredentials creds = new UsernamePasswordCredentials(clientid, secret); httpPost.addHeader(new BasicScheme().authenticate(creds, httpPost, null)); // send access token request to SAP CP Neo OAuth 2.0 Authorization Server LOGGER.debug("Executing request {}", httpPost.getRequestLine()); CloseableHttpResponse response = httpClient.execute(httpPost); try { HttpEntity responseBody = response.getEntity(); int responseCode = response.getStatusLine().getStatusCode(); LOGGER.debug("Response code: {}", responseCode); if (responseCode == HttpURLConnection.HTTP_OK) { // process response from api token endpoint String apiTokenResponse = EntityUtils.toString(responseBody); LOGGER.debug("Response is: {}", apiTokenResponse); // read api token response ObjectMapper mapper = new ObjectMapper(); JsonNode apiToken = mapper.readTree(apiTokenResponse); // get access token from response accessToken = apiToken.findValue("access_token").textValue(); LOGGER.debug("Access token: {}", accessToken); // store access token in SAP CP password storage using the account- and API name as alias setAccessToken(getAccountName(), accessToken.toCharArray()); } // complete response processing EntityUtils.consume(responseBody); } finally { response.close(); } } catch (ClientProtocolException cpe) { LOGGER.error("ClientProtocol Exception: ", cpe); } catch (AuthenticationException ae) { LOGGER.error("Authentication Exception: ", ae); } finally { httpClient.close(); } } catch (Exception e) { LOGGER.error("Exception: ", e); } return accessToken; } public static String getAccessTokenForPlatformAPI() { String accessToken = null; try { char[] accessTokenChar = getAccessToken(getAccountName()); if (accessTokenChar != null) { accessToken = String.valueOf(accessTokenChar); } else { // request a new access token from SAP CP Neo OAuth 2.0 Authorization Server accessToken = requestNewAccessTokenForPlatformAPI(); } } catch (PasswordStorageException pse) { LOGGER.error("Error retrieving access token from password storage: ", pse); } catch (NamingException ne) { LOGGER.error("JNDI lookup failure", ne); } return accessToken; } private static PasswordStorage getPasswordStorage() throws NamingException { InitialContext ctx = new InitialContext(); PasswordStorage passwordStorage = (PasswordStorage) ctx.lookup(JNDI_KEY_PASSWORD_STORAGE); return passwordStorage; } private static void setAccessToken(String alias, char[] accessToken) throws PasswordStorageException, NamingException { // TODO: Place cursor below this line and insert Snippet 1 PasswordStorage passwordStorage = getPasswordStorage(); passwordStorage.setPassword(alias, accessToken); LOGGER.debug("Successfully stored access token with account id {} as alias", alias); } private static char[] getAccessToken(String alias) throws PasswordStorageException, NamingException { char[] accessToken = null; // TODO: Place cursor below this line and insert Snippet 2 PasswordStorage passwordStorage = getPasswordStorage(); accessToken = passwordStorage.getPassword(alias); if (accessToken != null) { LOGGER.debug("Retrieved access token {} for account id {} as alias", String.valueOf(accessToken), alias); } return accessToken; } } }}}