From 039595ca28f6dee552bab00bd1df167c0ea97ae3 Mon Sep 17 00:00:00 2001 From: Zlatko Murgoski Date: Thu, 13 Dec 2018 14:08:41 +0100 Subject: Remove clear text password Add common library to hash Issue-ID: DCAEGEN2-978 Change-Id: Ieb20f6a28aea3b9e8322df7b65b6441e12d4627a Signed-off-by: Zlatko Murgoski --- src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/main') diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 6b5a64aa..3b76ae46 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -25,15 +25,15 @@ import java.util.Base64; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; +import org.onap.dcaegen2.services.sdk.security.CryptPassword; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; final class ApiAuthInterceptor extends HandlerInterceptorAdapter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); - private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + private final CryptPassword cryptPassword = new CryptPassword(); private final ApplicationSettings applicationSettings; private Logger errorLog; @@ -66,7 +66,7 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { String providedPassword = decodedData.split(":")[1].trim(); Option maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser); boolean userRegistered = maybeSavedPassword.isDefined(); - return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get()); + return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get()); } catch (Exception e) { LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.", authorizationHeader), e); -- cgit 1.2.3-korg