diff options
author | Michael Hwang <mhwang@research.att.com> | 2018-12-19 15:22:26 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2018-12-19 15:22:26 +0000 |
commit | bbdc49eecebbb6fd0289db18859b5d4360ce1701 (patch) | |
tree | 2d63f916f213ccda7f25a734ac8b1f08d9321da3 /src | |
parent | b95941adee2725406c194c710240a36a698a183a (diff) | |
parent | 039595ca28f6dee552bab00bd1df167c0ea97ae3 (diff) |
Merge "Remove clear text password"
Diffstat (limited to 'src')
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 6b5a64aa..3b76ae46 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -25,15 +25,15 @@ import java.util.Base64; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; +import org.onap.dcaegen2.services.sdk.security.CryptPassword; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); - private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + private final CryptPassword cryptPassword = new CryptPassword(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -66,7 +66,7 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); + return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); |