summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorParshad Patel <pars.patel@samsung.com>2019-09-09 14:45:51 +0900
committerParshad Patel <pars.patel@samsung.com>2019-09-09 14:56:58 +0900
commita9a8be6107f6b9fdfe1bb477f6d41f8e1d817f84 (patch)
tree69f8ccfc2fa6af197e399452a37630c6aa94f1e9
parent485c51d686e57d53571c9e3c64e109e67c1b6f62 (diff)
Set secure flag & log exception
Make sure creating this cookie without the "secure" flag is safe here Either log or rethrow this exception Change this instance-reference to a static reference Issue-ID: PORTAL-562 Change-Id: I4b6e07ec54ec038c0d584816791ed5169e618676 Signed-off-by: Parshad Patel <pars.patel@samsung.com>
-rw-r--r--ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java143
-rw-r--r--ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java83
-rw-r--r--ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java132
3 files changed, 179 insertions, 179 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java
index 062a2e2a..54fcf3af 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/ECOMPLogoutController.java
@@ -33,7 +33,7 @@
*
* ============LICENSE_END============================================
*
- *
+ *
*/
package org.onap.portalapp.controller;
@@ -62,72 +62,77 @@ import org.springframework.web.servlet.ModelAndView;
@org.springframework.context.annotation.Configuration
@EnableAspectJAutoProxy
@Profile("src")
-public class ECOMPLogoutController extends EPUnRestrictedBaseController{
-
- private EPUser user;
- private static final String EP_SERVICE = "EPService";
- EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ECOMPLogoutController.class);
-
- @EPAuditLog
- @RequestMapping(value = {"/logout.htm" }, method = RequestMethod.GET)
- public ModelAndView logOut(HttpServletRequest request,
- HttpServletResponse response) throws Exception {
-
- ModelAndView modelView = null;
-
- chatRoomLogout(request);
- logger.debug(EELFLoggerDelegate.debugLogger, "ECOMPLogoutController.handleRequestInternal - Logout request received.");
-
- modelView = new ModelAndView("redirect:login.htm");
-
- /**
- if (UserUtils.isClientMobileDevice(request)){
- modelView.setViewName(modelView.getViewName().concat("?viewType=mobile"));
- }
- */
- String cookieDoamin = EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN);
- Cookie epCookie = new Cookie(EP_SERVICE, "");
- epCookie.setMaxAge(0);
- epCookie.setDomain(cookieDoamin);
- epCookie.setPath("/");
-
- Cookie appHeaderCookie = new Cookie("show_app_header", "");
- appHeaderCookie.setMaxAge(0);
- appHeaderCookie.setDomain(cookieDoamin);
- appHeaderCookie.setPath("/");
-
- Cookie appTabCookie = new Cookie("cookieTabs", "");
- appTabCookie.setMaxAge(0);
- appTabCookie.setDomain(cookieDoamin);
- appTabCookie.setPath("/");
-
- Cookie appVisInvisTabCookie = new Cookie("visInVisCookieTabs", "");
- appVisInvisTabCookie.setMaxAge(0);
- appVisInvisTabCookie.setDomain(cookieDoamin);
- appVisInvisTabCookie.setPath("/");
-
- response.addCookie(epCookie);
- response.addCookie(appHeaderCookie);
- response.addCookie(appTabCookie);
- response.addCookie(appVisInvisTabCookie);
- request.getSession().invalidate();
-
- logger.debug(EELFLoggerDelegate.debugLogger, "ECOMPLogoutController.handleRequestInternal - Successfully processed the logout request.");
-
- return modelView;
- }
-
- @EPMetricsLog
- public void chatRoomLogout(HttpServletRequest request){
- request = ((ServletRequestAttributes)RequestContextHolder.currentRequestAttributes()).getRequest();
- setUser(EPUserUtils.getUserSession(request));
- }
-
- public EPUser getUser() {
- return user;
- }
-
- public void setUser(EPUser user) {
- this.user = user;
- }
+public class ECOMPLogoutController extends EPUnRestrictedBaseController {
+
+ private EPUser user;
+ private static final String EP_SERVICE = "EPService";
+ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ECOMPLogoutController.class);
+
+ @EPAuditLog
+ @RequestMapping(value = { "/logout.htm" }, method = RequestMethod.GET)
+ public ModelAndView logOut(HttpServletRequest request,
+ HttpServletResponse response) throws Exception {
+
+ ModelAndView modelView = null;
+
+ chatRoomLogout(request);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "ECOMPLogoutController.handleRequestInternal - Logout request received.");
+
+ modelView = new ModelAndView("redirect:login.htm");
+
+ /**
+ * if (UserUtils.isClientMobileDevice(request)){
+ * modelView.setViewName(modelView.getViewName().concat("?viewType=mobile")); }
+ */
+ String cookieDoamin = EPSystemProperties.getProperty(EPSystemProperties.COOKIE_DOMAIN);
+ Cookie epCookie = new Cookie(EP_SERVICE, "");
+ epCookie.setSecure(true);
+ epCookie.setMaxAge(0);
+ epCookie.setDomain(cookieDoamin);
+ epCookie.setPath("/");
+
+ Cookie appHeaderCookie = new Cookie("show_app_header", "");
+ appHeaderCookie.setSecure(true);
+ appHeaderCookie.setMaxAge(0);
+ appHeaderCookie.setDomain(cookieDoamin);
+ appHeaderCookie.setPath("/");
+
+ Cookie appTabCookie = new Cookie("cookieTabs", "");
+ appTabCookie.setSecure(true);
+ appTabCookie.setMaxAge(0);
+ appTabCookie.setDomain(cookieDoamin);
+ appTabCookie.setPath("/");
+
+ Cookie appVisInvisTabCookie = new Cookie("visInVisCookieTabs", "");
+ appVisInvisTabCookie.setSecure(true);
+ appVisInvisTabCookie.setMaxAge(0);
+ appVisInvisTabCookie.setDomain(cookieDoamin);
+ appVisInvisTabCookie.setPath("/");
+
+ response.addCookie(epCookie);
+ response.addCookie(appHeaderCookie);
+ response.addCookie(appTabCookie);
+ response.addCookie(appVisInvisTabCookie);
+ request.getSession().invalidate();
+
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "ECOMPLogoutController.handleRequestInternal - Successfully processed the logout request.");
+
+ return modelView;
+ }
+
+ @EPMetricsLog
+ public void chatRoomLogout(HttpServletRequest request) {
+ request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest();
+ setUser(EPUserUtils.getUserSession(request));
+ }
+
+ public EPUser getUser() {
+ return user;
+ }
+
+ public void setUser(EPUser user) {
+ this.user = user;
+ }
}
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java
index c80419f9..de8524e0 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/PeerBroadcastSocket.java
@@ -35,7 +35,7 @@
*
* ============LICENSE_END============================================
*
- *
+ *
*/
package org.onap.portalapp.controller;
@@ -53,51 +53,50 @@ import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@ServerEndpoint("/opencontact")
public class PeerBroadcastSocket {
- private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PeerBroadcastSocket.class);
- private static final ObjectMapper mapper = new ObjectMapper();
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(PeerBroadcastSocket.class);
+ private static final ObjectMapper mapper = new ObjectMapper();
- protected static final Map<String, Object> channelMap = new HashMap<>();
- private Map<String, String> sessionMap = new HashMap<>();
+ private static final Map<String, Object> channelMap = new HashMap<>();
+ private Map<String, String> sessionMap = new HashMap<>();
- @OnMessage
- public void message(String message, Session session) {
- try {
- Map<String, Object> jsonObject = mapper.readValue(message, Map.class);
- save(jsonObject, session);
- } catch (Exception ex) {
- logger.error(EELFLoggerDelegate.errorLogger, "Failed" + ex.getMessage());
- }
- }
+ @OnMessage
+ public void message(String message, Session session) {
+ try {
+ Map<String, Object> jsonObject = mapper.readValue(message, Map.class);
+ save(jsonObject, session);
+ } catch (Exception ex) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed", ex);
+ }
+ }
- @OnOpen
- public void open(Session session) {
- logger.info(EELFLoggerDelegate.debugLogger, "Channel opened");
- }
+ @OnOpen
+ public void open(Session session) {
+ logger.info(EELFLoggerDelegate.debugLogger, "Channel opened");
+ }
- @OnClose
- public void close(Session session) {
- String channel = sessionMap.get(session.getId());
- if (channel != null) {
- Object sessObj = channelMap.get(channel);
- if (sessObj != null) {
- try {
- ((Session) sessObj).close();
- } catch (IOException e) {
- logger.error(EELFLoggerDelegate.errorLogger, "Failed to close" + e.getMessage());
- }
- }
- channelMap.remove(channel);
- }
- logger.info(EELFLoggerDelegate.debugLogger, "Channel closed");
- }
+ @OnClose
+ public void close(Session session) {
+ String channel = sessionMap.get(session.getId());
+ if (channel != null) {
+ Object sessObj = channelMap.get(channel);
+ if (sessObj != null) {
+ try {
+ ((Session) sessObj).close();
+ } catch (IOException e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to close", e);
+ }
+ }
+ channelMap.remove(channel);
+ }
+ logger.info(EELFLoggerDelegate.debugLogger, "Channel closed");
+ }
- private void save(Map<String, Object> jsonObject, Session session) {
- final Optional<String> from = Optional.of(jsonObject.get("from").toString());
- if (from.isPresent() && channelMap.get(from.get()) == null) {
- this.channelMap.put(from.toString(), session);
- this.sessionMap.put(session.getId(), from.toString());
- }
- }
+ private void save(Map<String, Object> jsonObject, Session session) {
+ final Optional<String> from = Optional.of(jsonObject.get("from").toString());
+ if (from.isPresent() && channelMap.get(from.get()) == null) {
+ channelMap.put(from.toString(), session);
+ this.sessionMap.put(session.getId(), from.toString());
+ }
+ }
}
-
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
index e109ef5d..b1154aa3 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
@@ -39,23 +39,17 @@ package org.onap.portalapp.portal.controller;
import java.util.HashMap;
import java.util.Map;
-
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
-
import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.validation.ValidatorFactory;
-import lombok.NoArgsConstructor;
import org.json.JSONObject;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
import org.onap.portalapp.portal.logging.aop.EPAuditLog;
-import org.onap.portalapp.portal.service.AdminRolesService;
-import org.onap.portalapp.portal.service.EPAppService;
-import org.onap.portalapp.portal.service.PersUserAppService;
import org.onap.portalapp.portal.service.UserService;
import org.onap.portalapp.util.EPUserUtils;
import org.onap.portalapp.validation.SecureString;
@@ -68,6 +62,7 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
+import lombok.NoArgsConstructor;
@RestController
@Configuration
@@ -75,73 +70,74 @@ import org.springframework.web.bind.annotation.RestController;
@EPAuditLog
@NoArgsConstructor
public class AppsOSController extends AppsController {
- private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
-
- private static final String FAILURE = "failure";
- private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
+ private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
- @Autowired
- UserService userService;
+ private static final String FAILURE = "failure";
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
+
+ @Autowired
+ UserService userService;
+
+ /**
+ * Create new application's contact us details.
+ *
+ * @param contactUs
+ * @return
+ */
+ @RequestMapping(value = "/portalApi/saveNewUser", method = RequestMethod.POST, produces = "application/json")
+ public PortalRestResponse<String> saveNewUser(HttpServletRequest request, @RequestBody EPUser newUser) {
+ EPUser user = EPUserUtils.getUserSession(request);
+ if (newUser == null)
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
+ "New User cannot be null or empty");
+
+ if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))
+ && !user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) {
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
+ "UnAuthorized");
+ }
- /**
- * Create new application's contact us details.
- *
- * @param contactUs
- * @return
- */
- @RequestMapping(value = "/portalApi/saveNewUser", method = RequestMethod.POST, produces = "application/json")
- public PortalRestResponse<String> saveNewUser(HttpServletRequest request,@RequestBody EPUser newUser) {
- EPUser user = EPUserUtils.getUserSession(request);
- if (newUser == null)
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE,
- "New User cannot be null or empty");
-
- if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))){
- if(!user.getLoginId().equalsIgnoreCase(newUser.getLoginId()))
- return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
- "UnAuthorized");
- }
-
String checkDuplicate = request.getParameter("isCheck");
- String saveNewUser = FAILURE;
- try {
- saveNewUser = userService.saveNewUser(newUser,checkDuplicate);
- } catch (Exception e) {
- return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage());
- }
- return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, "");
- }
-
- @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
- public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) {
+ String saveNewUser = FAILURE;
+ try {
+ saveNewUser = userService.saveNewUser(newUser, checkDuplicate);
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Exception in saveNewUser", e);
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage());
+ }
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, "");
+ }
+
+ @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET,
+ produces = "application/json")
+ public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) {
- if(loginId != null){
- Validator validator = validatorFactory.getValidator();
- SecureString secureString = new SecureString(loginId);
- Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+ if (loginId != null) {
+ Validator validator = validatorFactory.getValidator();
+ SecureString secureString = new SecureString(loginId);
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
- if (!constraintViolations.isEmpty()){
- return "loginId is not valid";
- }
- }
+ if (!constraintViolations.isEmpty()) {
+ return "loginId is not valid";
+ }
+ }
-
- Map<String,String> map = new HashMap<>();
- EPUser user;
- try {
- user = (EPUser) userService.getUserByUserId(loginId).get(0);
- map.put("firstName", user.getFirstName());
- map.put("lastName", user.getLastName());
- map.put("email", user.getEmail());
- map.put("loginId", user.getLoginId());
- map.put("loginPwd",user.getLoginPwd());
- map.put("middleInitial",user.getMiddleInitial());
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "Failed to get user info", e);
- }
+ Map<String, String> map = new HashMap<>();
+ EPUser user;
+ try {
+ user = (EPUser) userService.getUserByUserId(loginId).get(0);
+ map.put("firstName", user.getFirstName());
+ map.put("lastName", user.getLastName());
+ map.put("email", user.getEmail());
+ map.put("loginId", user.getLoginId());
+ map.put("loginPwd", user.getLoginPwd());
+ map.put("middleInitial", user.getMiddleInitial());
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Failed to get user info", e);
+ }
- JSONObject j = new JSONObject(map);
- return j.toString();
- }
+ JSONObject j = new JSONObject(map);
+ return j.toString();
+ }
-} \ No newline at end of file
+}