diff options
author | Vijay Venkatesh Kumar <vv770d@att.com> | 2018-12-12 21:25:56 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-12-12 21:25:56 +0000 |
commit | 142a1d4d8177e86eac9e1e534708c6e8cc9d4c22 (patch) | |
tree | 57487f99433255d64e40eadeabb3dab2902257ef /src/main/java | |
parent | 713bb43a00682ebaeb1ada4eb27af965a8d7d56d (diff) | |
parent | 27b6e6483e73e37a235b8160ad9a1c9f3f68d5ea (diff) |
Merge "Remove clear text password"
Diffstat (limited to 'src/main/java')
3 files changed, 13 insertions, 9 deletions
diff --git a/src/main/java/org/onap/dcae/ApplicationSettings.java b/src/main/java/org/onap/dcae/ApplicationSettings.java index ead148c4..f140def2 100644 --- a/src/main/java/org/onap/dcae/ApplicationSettings.java +++ b/src/main/java/org/onap/dcae/ApplicationSettings.java @@ -90,8 +90,10 @@ public class ApplicationSettings { } private Map<String, String> prepareUsersMap(@Nullable String allowedUsers) { - return allowedUsers == null ? HashMap.empty() : List.ofAll(stream(allowedUsers.split("\\|"))) - .toMap(t -> t.split(",")[0].trim(), t -> new String(Base64.getDecoder().decode(t.split(",")[1])).trim()); + return allowedUsers == null ? HashMap.empty() + : List.of(allowedUsers.split("\\|")) + .map(t->t.split(",")) + .toMap(t-> t[0].trim(), t -> t[1].trim()); } private String findOutConfigurationFileLocation(Map<String, String> parsedArgs) { diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 8061ec5a..6b5a64aa 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -20,19 +20,20 @@ package org.onap.dcae.restapi; import io.vavr.control.Option; +import java.io.IOException; +import java.util.Base64; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.Base64; - final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); + private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -65,11 +66,11 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && maybeSavedPassword.get().equals(providedPassword); + return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); return false; } } -} +}
\ No newline at end of file diff --git a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java index 9ebb5394..c44e0d45 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java +++ b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java @@ -32,6 +32,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @EnableWebMvc @Configuration public class ApiConfiguration implements WebMvcConfigurer { + private final ApplicationSettings applicationSettings; private Logger errorLogger; |