summaryrefslogtreecommitdiffstats
path: root/auth/auth-hello
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-hello')
-rw-r--r--auth/auth-hello/pom.xml7
-rw-r--r--auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java10
2 files changed, 12 insertions, 5 deletions
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index 11971e0d..f9a420f9 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -55,7 +55,12 @@
<groupId>org.onap.aaf.authz</groupId>
<artifactId>aaf-cadi-aaf</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>org.owasp.encoder</groupId>
+ <artifactId>encoder</artifactId>
+ <version>1.2.1</version>
+ </dependency>
+
</dependencies>
<build>
diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
index 4ffb1787..cdaa6a76 100644
--- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
+++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java
@@ -35,6 +35,8 @@ import org.onap.aaf.auth.rserv.HttpMethods;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.owasp.encoder.Encode;
+
/**
* API Apis
* @author Jonathan
@@ -70,7 +72,7 @@ public class API_Hello {
String perm = pathParam(req, "perm");
if (perm!=null && perm.length()>0) {
os.print('(');
- os.print(req.getUserPrincipal().getName());
+ os.print(Encode.forJava(req.getUserPrincipal().getName()));
TimeTaken tt = trans.start("Authorize perm", Env.REMOTE);
try {
if (req.isUserInRole(perm)) {
@@ -82,7 +84,7 @@ public class API_Hello {
tt.done();
}
os.print("Permission: ");
- os.print(perm);
+ os.print(Encode.forJava(perm));
os.print(')');
}
os.println();
@@ -144,7 +146,7 @@ public class API_Hello {
}
sb.append("}");
ServletOutputStream os = resp.getOutputStream();
- os.println(sb.toString());
+ os.println(Encode.forJava(sb.toString()));
trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName());
}
},APPLICATION_JSON);
@@ -164,7 +166,7 @@ public class API_Hello {
trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content);
if (content.startsWith("{") && content.endsWith("}")) {
resp.setStatus(200 /* OK */);
- resp.getOutputStream().print(content);
+ resp.getOutputStream().print(Encode.forJava(content));
} else {
resp.getOutputStream().write(NOT_JSON);
resp.setStatus(406);