summaryrefslogtreecommitdiffstats
path: root/src/main/java
diff options
context:
space:
mode:
authorVijay Venkatesh Kumar <vv770d@att.com>2019-11-04 23:23:59 +0000
committerGerrit Code Review <gerrit@onap.org>2019-11-04 23:23:59 +0000
commitf6689f93640789c7d960eef879ef7cfce1b285d1 (patch)
tree0a9d922293ca2d12217bb9e369ae7d9c0e25af4a /src/main/java
parent076ca6ac8571ab775b5702651f625cacd9fde96e (diff)
parentdb5f3e1fc72065397898bf5e8d1f03f3140600d0 (diff)
Merge "Fix security issue in api interceptor"
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index a9281594..f1734080 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -55,8 +55,8 @@ public class ApiAuthInterceptor extends HandlerInterceptorAdapter {
SubjectMatcher subjectMatcher = new SubjectMatcher(settings,(X509Certificate[]) request.getAttribute(CERTIFICATE_X_509));
- if(!settings.authMethod().equalsIgnoreCase(AuthMethodType.NO_AUTH.value()) && request.getServerPort() == settings.httpPort() ){
- if(request.getRequestURI().replaceAll("^/|/$", "").equalsIgnoreCase("healthcheck")){
+ if(isHttpPortCalledWithAuthTurnedOn(request)){
+ if(isHealthcheckCalledFromInsideCluster(request)){
return true;
}
response.getWriter().write("Operation not permitted");
@@ -78,6 +78,16 @@ public class ApiAuthInterceptor extends HandlerInterceptorAdapter {
return true;
}
+ private boolean isHttpPortCalledWithAuthTurnedOn(HttpServletRequest request) {
+ return !settings.authMethod().equalsIgnoreCase(AuthMethodType.NO_AUTH.value())
+ && request.getLocalPort() == settings.httpPort();
+ }
+
+ private boolean isHealthcheckCalledFromInsideCluster(HttpServletRequest request) {
+ return request.getRequestURI().replaceAll("^/|/$", "").equalsIgnoreCase("healthcheck")
+ && request.getServerPort() == settings.httpPort();
+ }
+
private boolean validateBasicHeader(HttpServletRequest request, HttpServletResponse response)
throws IOException {
String authorizationHeader = request.getHeader("Authorization");