aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java')
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java15
1 files changed, 8 insertions, 7 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 8061ec5a..6b5a64aa 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -20,19 +20,20 @@
package org.onap.dcae.restapi;
import io.vavr.control.Option;
+import java.io.IOException;
+import java.util.Base64;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Base64;
-
final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
+ private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private final ApplicationSettings applicationSettings;
private Logger errorLog;
@@ -65,11 +66,11 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
String providedPassword = decodedData.split(":")[1].trim();
Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
boolean userRegistered = maybeSavedPassword.isDefined();
- return userRegistered && maybeSavedPassword.get().equals(providedPassword);
+ return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {
LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
authorizationHeader), e);
return false;
}
}
-}
+} \ No newline at end of file