diff options
author | guangxingwang <gw1218@att.com> | 2018-02-15 11:13:18 -0600 |
---|---|---|
committer | guangxingwang <gw1218@att.com> | 2018-02-19 16:42:19 -0600 |
commit | 5ba143338d6fbc2b4d1e36c0efcbbabe15c65301 (patch) | |
tree | 7b5898632763ee06f09a2fd548107bd4e5750f8f /POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java | |
parent | e5c628fee6a6e6bb57a34d5b73e092d89ee26a5c (diff) |
Fix Fortify Scan Issue:
1) Fix Fortify Header Manipulation issue by checking the format of the
message before adding it response header.
2) Fix Fortify Hardcoded Password issue by using encryption and decryption
Issue-ID: POLICY-543
Change-Id: I16b44b9b0670b1af75094c9ae9d1f7d352fa894a
Signed-off-by: guangxingwang <gw1218@att.com>
Diffstat (limited to 'POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java')
-rw-r--r-- | POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java index 507f19820..801d4ec9d 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/PolicyRestController.java @@ -66,7 +66,7 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; import org.springframework.web.servlet.ModelAndView; - +import org.onap.policy.utils.CryptoUtils; import com.att.research.xacml.util.XACMLProperties; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.JsonNode; @@ -195,7 +195,7 @@ public class PolicyRestController extends RestrictedBaseController{ private ResponseEntity<?> sendToPAP(String body, String requestURI, HttpMethod method){ String papUrl = PolicyController.getPapUrl(); String papID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); - String papPass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS); + String papPass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); Base64.Encoder encoder = Base64.getEncoder(); String encoding = encoder.encodeToString((papID+":"+papPass).getBytes(StandardCharsets.UTF_8)); @@ -245,7 +245,7 @@ public class PolicyRestController extends RestrictedBaseController{ String boundary = null; String papUrl = PolicyController.getPapUrl(); String papID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); - String papPass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS); + String papPass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS)); Base64.Encoder encoder = Base64.getEncoder(); String encoding = encoder.encodeToString((papID+":"+papPass).getBytes(StandardCharsets.UTF_8)); |