diff options
author | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2018-12-13 14:08:41 +0100 |
---|---|---|
committer | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2018-12-14 16:47:02 +0100 |
commit | 039595ca28f6dee552bab00bd1df167c0ea97ae3 (patch) | |
tree | e671b6ea6928ef39bc16026ee6ba32bdefe97a6d | |
parent | 142a1d4d8177e86eac9e1e534708c6e8cc9d4c22 (diff) |
Remove clear text password
Add common library to hash
Issue-ID: DCAEGEN2-978
Change-Id: Ieb20f6a28aea3b9e8322df7b65b6441e12d4627a
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
-rw-r--r-- | README.md | 9 | ||||
-rw-r--r-- | pom.xml | 5 | ||||
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | 6 |
3 files changed, 15 insertions, 5 deletions
@@ -31,10 +31,15 @@ docker-compose up ### Generate auth credential -Util "crypt_password.py" to generate new cryptographic password is stored in dcaegen2/sdk +Library to generate new cryptographic password is stored in dcaegen2/sdk -"security/crypt-password" +or download artifact from: + +https://nexus.onap.org/#nexus-search;quick~crypt-password + +How to use: ``` -python crypt_password.py -p TestPassword +java -jar crypt-password-<version>.jar password_to_crypt ``` ### Environment variables in Docker Container @@ -462,6 +462,11 @@ limitations under the License. <version>2.1.0.RELEASE</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.onap.dcaegen2.services.sdk.security.crypt</groupId> + <artifactId>crypt-password</artifactId> + <version>1.0.0-SNAPSHOT</version> + </dependency> </dependencies> <repositories> <repository> diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 6b5a64aa..3b76ae46 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -25,15 +25,15 @@ import java.util.Base64; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; +import org.onap.dcaegen2.services.sdk.security.CryptPassword; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); - private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + private final CryptPassword cryptPassword = new CryptPassword(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -66,7 +66,7 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); + return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); |