diff options
Diffstat (limited to 'src')
8 files changed, 22 insertions, 17 deletions
diff --git a/src/main/java/org/onap/dcae/ApplicationSettings.java b/src/main/java/org/onap/dcae/ApplicationSettings.java index ead148c4..f140def2 100644 --- a/src/main/java/org/onap/dcae/ApplicationSettings.java +++ b/src/main/java/org/onap/dcae/ApplicationSettings.java @@ -90,8 +90,10 @@ public class ApplicationSettings { } private Map<String, String> prepareUsersMap(@Nullable String allowedUsers) { - return allowedUsers == null ? HashMap.empty() : List.ofAll(stream(allowedUsers.split("\\|"))) - .toMap(t -> t.split(",")[0].trim(), t -> new String(Base64.getDecoder().decode(t.split(",")[1])).trim()); + return allowedUsers == null ? HashMap.empty() + : List.of(allowedUsers.split("\\|")) + .map(t->t.split(",")) + .toMap(t-> t[0].trim(), t -> t[1].trim()); } private String findOutConfigurationFileLocation(Map<String, String> parsedArgs) { diff --git a/src/main/java/org/onap/dcae/commonFunction/ConfigProcessors.java b/src/main/java/org/onap/dcae/commonFunction/ConfigProcessors.java index a9d6b981..09ceeac7 100644 --- a/src/main/java/org/onap/dcae/commonFunction/ConfigProcessors.java +++ b/src/main/java/org/onap/dcae/commonFunction/ConfigProcessors.java @@ -166,7 +166,7 @@ public class ConfigProcessors { if (filter == null || isFilterMet(filter)) { final JSONObject oldValue = (JSONObject) getEventObjectVal(oldField); - if (!oldValue.equals(OBJECT_NOT_FOUND)) { + if (!oldValue.toString().equals(OBJECT_NOT_FOUND)) { setEventObjectVal(field, oldValue); removeEventKey(oldField); } @@ -293,7 +293,7 @@ public class ConfigProcessors { JSONObject tempJObj = null; String tempName = ""; String tempValue = ""; - if (!arrayValue.equals(OBJECT_NOT_FOUND)) { + if (!arrayValue.toString().equals(OBJECT_NOT_FOUND)) { log.info("old value ==" + arrayValue.toString()); // Loop thru the JSONArray, get the name:value pair and write to new JSONObject as hashmap elements for (int i = 0; i < arrayValue.length(); i++) { @@ -301,7 +301,7 @@ public class ConfigProcessors { tempJObj = arrayValue.getJSONObject(i); if (tempJObj != null) { tempName = tempJObj.get("name").toString(); - tempValue = tempJObj.get("value").toString(); + tempValue = tempJObj.get(VALUE).toString(); newHashMap.put(tempName, tempValue); } } diff --git a/src/main/java/org/onap/dcae/commonFunction/event/publishing/DMaaPPublishersCache.java b/src/main/java/org/onap/dcae/commonFunction/event/publishing/DMaaPPublishersCache.java index 4cdf92da..c66cee05 100644 --- a/src/main/java/org/onap/dcae/commonFunction/event/publishing/DMaaPPublishersCache.java +++ b/src/main/java/org/onap/dcae/commonFunction/event/publishing/DMaaPPublishersCache.java @@ -99,6 +99,7 @@ class DMaaPPublishersCache { } } catch (InterruptedException | IOException e) { log.error("Could not close Cambria publisher, some messages might have been dropped", e); + Thread.currentThread().interrupt(); } } } diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 8061ec5a..6b5a64aa 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -20,19 +20,20 @@ package org.onap.dcae.restapi; import io.vavr.control.Option; +import java.io.IOException; +import java.util.Base64; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.Base64; - final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); + private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -65,11 +66,11 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && maybeSavedPassword.get().equals(providedPassword); + return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); return false; } } -} +}
\ No newline at end of file diff --git a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java index 9ebb5394..c44e0d45 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java +++ b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java @@ -32,6 +32,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @EnableWebMvc @Configuration public class ApiConfiguration implements WebMvcConfigurer { + private final ApplicationSettings applicationSettings; private Logger errorLogger; diff --git a/src/test/java/org/onap/dcae/ApplicationSettingsTest.java b/src/test/java/org/onap/dcae/ApplicationSettingsTest.java index 55160ff5..0e91bc70 100644 --- a/src/test/java/org/onap/dcae/ApplicationSettingsTest.java +++ b/src/test/java/org/onap/dcae/ApplicationSettingsTest.java @@ -389,8 +389,8 @@ public class ApplicationSettingsTest { ).validAuthorizationCredentials(); // then - assertEquals(allowedUsers.get("pasza").get(), "simplepassword"); - assertEquals(allowedUsers.get("someoneelse").get(), "simplepassword"); + assertEquals(allowedUsers.get("pasza").get(), "c2ltcGxlcGFzc3dvcmQNCg=="); + assertEquals(allowedUsers.get("someoneelse").get(), "c2ltcGxlcGFzc3dvcmQNCg=="); } @Test diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java index 63099b7d..c73bb53b 100644 --- a/src/test/java/org/onap/dcae/TLSTest.java +++ b/src/test/java/org/onap/dcae/TLSTest.java @@ -113,7 +113,7 @@ public class TLSTest extends TLSTestBase { when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString()); when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString()); when(settings.authorizationEnabled()).thenReturn(true); - when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, PASSWORD)); + when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, "$2a$10$51tDgG2VNLde5E173Ay/YO.Fq.aD.LR2Rp8pY3QAKriOSPswvGviy")); } } diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java index cb4d334c..569fd969 100644 --- a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java +++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java @@ -139,9 +139,9 @@ public class ApiAuthInterceptionTest { public void shouldSucceed() throws IOException { // given final HttpServletRequest request = createRequestWithAuthorizationHeader(); - when(settings.authorizationEnabled()).thenReturn(true); - when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS); + when(settings.validAuthorizationCredentials()).thenReturn( + HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G")); when(response.getWriter()).thenReturn(writer); // when |