aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java
diff options
context:
space:
mode:
authorZlatko Murgoski <zlatko.murgoski@nokia.com>2018-12-13 14:08:41 +0100
committerZlatko Murgoski <zlatko.murgoski@nokia.com>2018-12-14 16:47:02 +0100
commit039595ca28f6dee552bab00bd1df167c0ea97ae3 (patch)
treee671b6ea6928ef39bc16026ee6ba32bdefe97a6d /src/main/java
parent142a1d4d8177e86eac9e1e534708c6e8cc9d4c22 (diff)
Remove clear text password
Add common library to hash Issue-ID: DCAEGEN2-978 Change-Id: Ieb20f6a28aea3b9e8322df7b65b6441e12d4627a Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 6b5a64aa..3b76ae46 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -25,15 +25,15 @@ import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
+import org.onap.dcaegen2.services.sdk.security.CryptPassword;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
- private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+ private final CryptPassword cryptPassword = new CryptPassword();
private final ApplicationSettings applicationSettings;
private Logger errorLog;
@@ -66,7 +66,7 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
String providedPassword = decodedData.split(":")[1].trim();
Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
boolean userRegistered = maybeSavedPassword.isDefined();
- return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
+ return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {
LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
authorizationHeader), e);