diff options
author | Raviteja Cherughattu <rc835m@att.com> | 2020-07-29 11:49:13 -0500 |
---|---|---|
committer | Raviteja Cherughattu <rc835m@att.com> | 2020-07-29 11:49:13 -0500 |
commit | de75a11f03d87b53f7a2b5525c8fc66f6053aef2 (patch) | |
tree | acf289a3bcccb20f15ef286b25241d2a65ce90b5 /auth | |
parent | 68a9a8d828dbc9ceea8f712a71e1e45866676037 (diff) |
Medium Vulnerabilities: Reverting the changes done towards Locate & FS
Issue-ID: AAF-1115
Change-Id: Ia26cb13d5105d6bad97503c8a85607f01e956478
Signed-off-by: Raviteja Cherughattu <rc835m@att.com>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/auth-fs/pom.xml | 5 | ||||
-rw-r--r-- | auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java | 5 | ||||
-rw-r--r-- | auth/auth-locate/pom.xml | 5 | ||||
-rw-r--r-- | auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java | 10 |
4 files changed, 4 insertions, 21 deletions
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml index 943c1082..2084e18c 100644 --- a/auth/auth-fs/pom.xml +++ b/auth/auth-fs/pom.xml @@ -81,11 +81,6 @@ <artifactId>encoder</artifactId> <version>1.2.1</version> </dependency> - <dependency> - <groupId>org.owasp.esapi</groupId> - <artifactId>esapi</artifactId> - <version>2.0.1</version> - </dependency> </dependencies> <build> diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java index fdedd6bc..6077b39d 100644 --- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java +++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java @@ -45,8 +45,6 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.register.Registrant; import org.onap.aaf.cadi.register.RemoteRegistrant; -import org.owasp.esapi.reference.DefaultHTTPUtilities; - public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { public AAF_FS(final AuthzEnv env) throws IOException, CadiException { @@ -82,8 +80,7 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans> { @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { trans.info().printf("Redirecting %s to HTTP/S %s", req.getRemoteAddr(), req.getLocalAddr()); - DefaultHTTPUtilities util = new DefaultHTTPUtilities(); - util.sendRedirect(url); + resp.sendRedirect(url); } }; diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml index 36585989..71fcfa98 100644 --- a/auth/auth-locate/pom.xml +++ b/auth/auth-locate/pom.xml @@ -83,11 +83,6 @@ <artifactId>encoder</artifactId> <version>1.2.1</version> </dependency> - <dependency> - <groupId>org.owasp.esapi</groupId> - <artifactId>esapi</artifactId> - <version>2.0.1</version> - </dependency> </dependencies> diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java index 7b23c89c..2bb497a0 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java @@ -53,8 +53,6 @@ import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; -import org.owasp.esapi.errors.AccessControlException; -import org.owasp.esapi.reference.DefaultHTTPUtilities; import org.owasp.encoder.Encode; public class API_AAFAccess { @@ -259,7 +257,7 @@ public class API_AAFAccess { }); } - private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException, AccessControlException { + private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException { try { if (loc.hasItems()) { Item item = loc.best(); @@ -272,10 +270,8 @@ public class API_AAFAccess { redirectURL.append('?'); redirectURL.append(str); } - trans.info().log("Redirect to",redirectURL); - DefaultHTTPUtilities util = new DefaultHTTPUtilities(); - util.sendRedirect(redirectURL.toString()); - //resp.sendRedirect(redirectURL.toString()); + trans.info().log("Redirect to",redirectURL); + resp.sendRedirect(redirectURL.toString()); } else { context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection")); } |