aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/org
diff options
context:
space:
mode:
authorZlatko Murgoski <zlatko.murgoski@nokia.com>2018-12-03 12:28:41 +0100
committerZlatko Murgoski <zlatko.murgoski@nokia.com>2018-12-07 14:50:10 +0100
commit27b6e6483e73e37a235b8160ad9a1c9f3f68d5ea (patch)
tree3d99f292f243d17eee2a47386950f198013a7c02 /src/main/java/org
parent1afc93ddb4afc226562043822f6c5e9dc0ed4b2a (diff)
Remove clear text password
Change to SHA256 Change-Id: I1c41247cf4094523b61487cbce0030d585982b06 Issue-ID: DCAEGEN2-978 Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'src/main/java/org')
-rw-r--r--src/main/java/org/onap/dcae/ApplicationSettings.java6
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java15
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiConfiguration.java1
3 files changed, 13 insertions, 9 deletions
diff --git a/src/main/java/org/onap/dcae/ApplicationSettings.java b/src/main/java/org/onap/dcae/ApplicationSettings.java
index ead148c4..f140def2 100644
--- a/src/main/java/org/onap/dcae/ApplicationSettings.java
+++ b/src/main/java/org/onap/dcae/ApplicationSettings.java
@@ -90,8 +90,10 @@ public class ApplicationSettings {
}
private Map<String, String> prepareUsersMap(@Nullable String allowedUsers) {
- return allowedUsers == null ? HashMap.empty() : List.ofAll(stream(allowedUsers.split("\\|")))
- .toMap(t -> t.split(",")[0].trim(), t -> new String(Base64.getDecoder().decode(t.split(",")[1])).trim());
+ return allowedUsers == null ? HashMap.empty()
+ : List.of(allowedUsers.split("\\|"))
+ .map(t->t.split(","))
+ .toMap(t-> t[0].trim(), t -> t[1].trim());
}
private String findOutConfigurationFileLocation(Map<String, String> parsedArgs) {
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 8061ec5a..6b5a64aa 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -20,19 +20,20 @@
package org.onap.dcae.restapi;
import io.vavr.control.Option;
+import java.io.IOException;
+import java.util.Base64;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Base64;
-
final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
+ private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private final ApplicationSettings applicationSettings;
private Logger errorLog;
@@ -65,11 +66,11 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
String providedPassword = decodedData.split(":")[1].trim();
Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
boolean userRegistered = maybeSavedPassword.isDefined();
- return userRegistered && maybeSavedPassword.get().equals(providedPassword);
+ return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {
LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
authorizationHeader), e);
return false;
}
}
-}
+} \ No newline at end of file
diff --git a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java
index 9ebb5394..c44e0d45 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java
@@ -32,6 +32,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@Configuration
public class ApiConfiguration implements WebMvcConfigurer {
+
private final ApplicationSettings applicationSettings;
private Logger errorLogger;