diff options
author | Dan Timoney <dtimoney@att.com> | 2021-07-29 11:11:15 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2021-07-29 11:11:15 -0400 |
commit | f051be6ecc0ceeef0d4d086085547218d5f4e8d6 (patch) | |
tree | 6d3fb2fa3bb90576481d4a4292664ee24a619918 /ms/vlantag-api/src | |
parent | faf965656265dd96a350ce03bb478ef2b9a3805b (diff) |
Address weak crypto issues
Fix 2 weak cryptography issues identified by SonarCloud scans.
Issue-ID: CCSDK-3196
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I0fee14e7a96badeac8a278de4d74ef244c24f06f
Diffstat (limited to 'ms/vlantag-api/src')
-rw-r--r-- | ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java b/ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java index bd0abe6f..80c42fb2 100644 --- a/ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java +++ b/ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java @@ -29,6 +29,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@@ -51,7 +52,8 @@ public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter{ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
List<UserDetails> userDetails = new ArrayList<>();
- PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+ // Explicitly set bcrypt password encoder rather than using default
+ PasswordEncoder encoder = new BCryptPasswordEncoder();
final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);
String authString = environment.getProperty("application.authToken");
|