AppWithRolesForUser sonar security issue

I used Lombok annotation to provide accessors. Issue-ID: PORTAL-645 Change-Id: Iad852434f30b81535398913df162fa8f4bd1ecff Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
author: Dominik Mizyn <d.mizyn@samsung.com> 2019-06-18 13:50:01 +0200
committer: Dominik Mizyn <d.mizyn@samsung.com> 2019-06-18 13:50:10 +0200
commit: 38bc3cb1b318a7b1ccfe0c37e835ac68ac9c60e5 (patch)
tree: 109da1bc69d06008c6222f53490b8c790e834e71 /ecomp-portal-BE-common/src/main
parent: d9a26e7fe8c2dfee2ea43ae697278e11f10f31e9 (diff)
3 files changed, 42 insertions, 82 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java
index 97888e56..0d665a98 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserRolesController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -354,18 +354,18 @@ public class UserRolesController extends EPRestrictedBaseController {
 		PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
 		StringBuilder sbUserApps = new StringBuilder();
 		if (newAppRolesForUser != null) {
-			sbUserApps.append("User '" + newAppRolesForUser.orgUserId);
-			if (newAppRolesForUser.appRoles != null && newAppRolesForUser.appRoles.size() >= 1) {
+			sbUserApps.append("User '" + newAppRolesForUser.getOrgUserId());
+			if (newAppRolesForUser.getAppId() != null && !newAppRolesForUser.getAppRoles().isEmpty()) {
 				sbUserApps.append("' has roles = { ");
-				for (RoleInAppForUser appRole : newAppRolesForUser.appRoles) {
+				for (RoleInAppForUser appRole : newAppRolesForUser.getAppRoles()) {
 					if (appRole.isApplied) {
 						sbUserApps.append(appRole.roleName + " ,");
 					}
 				}
 				sbUserApps.deleteCharAt(sbUserApps.length() - 1);
-				sbUserApps.append("} assigned for the app " + newAppRolesForUser.appId);
+				sbUserApps.append("} assigned for the app " + newAppRolesForUser.getAppId());
 			} else {
-				sbUserApps.append("' has no roles assigned for app " + newAppRolesForUser.appId);
+				sbUserApps.append("' has no roles assigned for app " + newAppRolesForUser.getAppId());
 			}
 		}
 		logger.info(EELFLoggerDelegate.applicationLogger, "putAppWithUserRoleStateForUser: {}", sbUserApps.toString());
@@ -383,14 +383,14 @@ public class UserRolesController extends EPRestrictedBaseController {
 			try{
 				if (changesApplied.isResult()) {
 				logger.info(EELFLoggerDelegate.applicationLogger,
-						"putAppWithUserRoleStateForUser: succeeded for app {}, user {}", newAppRolesForUser.appId,
-						newAppRolesForUser.orgUserId);
+						"putAppWithUserRoleStateForUser: succeeded for app {}, user {}", newAppRolesForUser.getAppId(),
+						newAppRolesForUser.getAppId());
 
 				MDC.put(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP, EPEELFLoggerAdvice.getCurrentDateTimeUTC());
 				AuditLog auditLog = new AuditLog();
 				auditLog.setUserId(user.getId());
 				auditLog.setActivityCode(EcompAuditLog.CD_ACTIVITY_UPDATE_USER);
-				auditLog.setAffectedRecordId(newAppRolesForUser.orgUserId);
+				auditLog.setAffectedRecordId(newAppRolesForUser.getOrgUserId());
 				auditLog.setComments(EcompPortalUtils.truncateString(sbUserApps.toString(), PortalConstants.AUDIT_LOG_COMMENT_SIZE));
 				auditService.logActivity(auditLog, null);
 				
@@ -401,7 +401,7 @@ public class UserRolesController extends EPRestrictedBaseController {
 				logger.info(EELFLoggerDelegate.auditLogger,
 						EPLogUtil.formatAuditLogMessage("UserRolesController.putAppWithUserRoleStateForUser",
 								EcompAuditLog.CD_ACTIVITY_UPDATE_USER, user.getOrgUserId(),
-								newAppRolesForUser.orgUserId, sbUserApps.toString()));
+							newAppRolesForUser.getOrgUserId(), sbUserApps.toString()));
 				MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
 				MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
 				MDC.remove(SystemProperties.MDC_TIMER);
@@ -413,8 +413,8 @@ public class UserRolesController extends EPRestrictedBaseController {
 			
 		}catch (Exception e){
 				logger.error(EELFLoggerDelegate.errorLogger,
-						"putAppWithUserRoleStateForUser: failed for app {}, user {}", newAppRolesForUser.appId,
-						newAppRolesForUser.orgUserId);
+						"putAppWithUserRoleStateForUser: failed for app {}, user {}", newAppRolesForUser.getAppId(),
+					newAppRolesForUser.getOrgUserId());
 				portalResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), null);
 			}
 		}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 1904d8e2..ae1670d2 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -1001,11 +1001,11 @@ public class UserRolesCommonServiceImpl  {
 		boolean epRequestValue = false;
 		String userId = "";
 		String reqMessage = "";
-		if (newAppRolesForUser != null && newAppRolesForUser.orgUserId != null) {
-			userId = newAppRolesForUser.orgUserId.trim();
+		if (newAppRolesForUser != null && newAppRolesForUser.getOrgUserId() != null) {
+			userId = newAppRolesForUser.getOrgUserId().trim();
 		}
-		Long appId = newAppRolesForUser.appId;
-		List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.appRoles;
+		Long appId = newAppRolesForUser.getAppId();
+		List<RoleInAppForUser> roleInAppForUserList = newAppRolesForUser.getAppRoles();
 		if (userId.length() > 0 ) {
 			ObjectMapper mapper = new ObjectMapper();
 			mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
@@ -1014,7 +1014,7 @@ public class UserRolesCommonServiceImpl  {
 				EPApp app = appsService.getApp(appId);
 				applyChangesToUserAppRolesForMyLoginsRequest(user, appId);
 
-				boolean systemUser = newAppRolesForUser.isSystemUser;
+				boolean systemUser = newAppRolesForUser.isSystemUser();
 				if ((app.getCentralAuth() || app.getId().equals(PortalConstants.PORTAL_APP_ID)) && systemUser) {
 
 					Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
@@ -2056,17 +2056,18 @@ public class UserRolesCommonServiceImpl  {
 		List<EPUserAppRoles>  appRole= null;
 		try {
 			logger.error(EELFLoggerDelegate.errorLogger,"Should not be reached here, still the endpoint is yet to be defined");
-			boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService, userAppRolesData.appId, user.getId());
+			boolean result = postUserRolesToMylogins(userAppRolesData, applicationsRestClientService,
+				userAppRolesData.getAppId(), user.getId());
 			logger.debug(EELFLoggerDelegate.debugLogger,"putUserAppRolesRequest: result {}", result);
 						
-			params.put("appId", userAppRolesData.appId);
+			params.put("appId", userAppRolesData.getAppId());
 			EPUserAppRolesRequest epAppRolesRequestData = new EPUserAppRolesRequest();
 			epAppRolesRequestData.setCreatedDate(new Date());
 			epAppRolesRequestData.setUpdatedDate(new Date());
 			epAppRolesRequestData.setUserId(user.getId());
-			epAppRolesRequestData.setAppId(userAppRolesData.appId);
+			epAppRolesRequestData.setAppId(userAppRolesData.getAppId());
 			epAppRolesRequestData.setRequestStatus("P");
-			List<RoleInAppForUser> appRoleIdList = userAppRolesData.appRoles;
+			List<RoleInAppForUser> appRoleIdList = userAppRolesData.getAppRoles();
 			Set<EPUserAppRolesRequestDetail> appRoleDetails = new LinkedHashSet<EPUserAppRolesRequestDetail>();
 			dataAccessService.saveDomainObject(epAppRolesRequestData, null);
 			for (RoleInAppForUser userAppRoles : appRoleIdList) {
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java
index e2336dbd..cbfe1787 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/AppWithRolesForUser.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -38,65 +38,24 @@
 package org.onap.portalapp.portal.transport;
 
 import java.util.List;
-
+import lombok.AllArgsConstructor;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
+
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+@EqualsAndHashCode
+@ToString
 public class AppWithRolesForUser {
-
-	public String orgUserId;
-		
-	public boolean isSystemUser;
-
-	public Long appId;
-
-	public String appName;
-
-	public List<RoleInAppForUser> appRoles;
-
-	public String getOrgUserId() {
-		return orgUserId;
-	}
-
-	public void setOrgUserId(String orgUserId) {
-		this.orgUserId = orgUserId;
-	}
-
-	public Long getAppId() {
-		return appId;
-	}
-
-	public void setAppId(Long appId) {
-		this.appId = appId;
-	}
-
-	public String getAppName() {
-		return appName;
-	}
-
-	public void setAppName(String appName) {
-		this.appName = appName;
-	}
-
-	public List<RoleInAppForUser> getAppRoles() {
-		return appRoles;
-	}
-
-	public void setAppRoles(List<RoleInAppForUser> appRoles) {
-		this.appRoles = appRoles;
-	}
-
-	
-
-	public boolean isSystemUser() {
-		return isSystemUser;
-	}
-
-	public void setSystemUser(boolean isSystemUser) {
-		this.isSystemUser = isSystemUser;
-	}
-
-	@Override
-	public String toString() {
-		return "AppWithRolesForUser [orgUserId=" + orgUserId + ", isSystemUser=" + isSystemUser + ", appId=" + appId
-				+ ", appName=" + appName + ", appRoles=" + appRoles + "]";
-	}
+	private String orgUserId;
+	private boolean isSystemUser;
+	private Long appId;
+	private String appName;
+	private List<RoleInAppForUser> appRoles;
 
 }
author	Dominik Mizyn <d.mizyn@samsung.com>	2019-06-18 13:50:01 +0200
committer	Dominik Mizyn <d.mizyn@samsung.com>	2019-06-18 13:50:10 +0200
commit	38bc3cb1b318a7b1ccfe0c37e835ac68ac9c60e5 (patch)
tree	109da1bc69d06008c6222f53490b8c790e834e71 /ecomp-portal-BE-common/src/main
parent	d9a26e7fe8c2dfee2ea43ae697278e11f10f31e9 (diff)