diff options
| author |   Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2018-12-03 12:28:41 +0100 |
|---|---|---|
| committer | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2018-12-07 14:50:10 +0100 |
| commit | 27b6e6483e73e37a235b8160ad9a1c9f3f68d5ea (patch) | |
| tree | 3d99f292f243d17eee2a47386950f198013a7c02 /src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | |
| parent | 1afc93ddb4afc226562043822f6c5e9dc0ed4b2a (diff) | |
Remove clear text password
Change to SHA256
Change-Id: I1c41247cf4094523b61487cbce0030d585982b06
Issue-ID: DCAEGEN2-978
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java')
| -rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 8061ec5a..6b5a64aa 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -20,19 +20,20 @@ package org.onap.dcae.restapi; import io.vavr.control.Option; +import java.io.IOException; +import java.util.Base64; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.Base64; - final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); + private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -65,11 +66,11 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && maybeSavedPassword.get().equals(providedPassword); + return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); return false; } } -} +}
\ No newline at end of file |