diff options
author | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2018-12-13 14:08:41 +0100 |
---|---|---|
committer | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2018-12-14 16:47:02 +0100 |
commit | 039595ca28f6dee552bab00bd1df167c0ea97ae3 (patch) | |
tree | e671b6ea6928ef39bc16026ee6ba32bdefe97a6d /src/main/java/org/onap/dcae | |
parent | 142a1d4d8177e86eac9e1e534708c6e8cc9d4c22 (diff) |
Remove clear text password
Add common library to hash
Issue-ID: DCAEGEN2-978
Change-Id: Ieb20f6a28aea3b9e8322df7b65b6441e12d4627a
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'src/main/java/org/onap/dcae')
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 6b5a64aa..3b76ae46 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -25,15 +25,15 @@ import java.util.Base64; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; +import org.onap.dcaegen2.services.sdk.security.CryptPassword; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); - private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + private final CryptPassword cryptPassword = new CryptPassword(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -66,7 +66,7 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); + return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); |