diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-06-06 10:52:16 +0200 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-07-12 11:21:04 +0200 |
commit | 5aab72338c356e035862b914be4ca294c9d17fc8 (patch) | |
tree | 38cf51ce3bc3c08765a62d05540014e07b90dc50 /ecomp-portal-BE-os/src/main/java | |
parent | 73248465fc2867a3dd1a6494afb6b0774c9028f2 (diff) |
XSS Vulnerability fix in AppsController
Custom XSS filter used to fix thisa issue.
DataValidator upgrade to single instance of ValidatorFactory;
Issue-ID: OJSI-15
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Change-Id: I7222cfb84e1e5bb240619aac9c7bca85d215229a
Diffstat (limited to 'ecomp-portal-BE-os/src/main/java')
-rw-r--r-- | ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java index 915c5e08..e109ef5d 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java @@ -47,8 +47,8 @@ import javax.validation.ConstraintViolation; import javax.validation.Validation; import javax.validation.Validator; import javax.validation.ValidatorFactory; +import lombok.NoArgsConstructor; import org.json.JSONObject; -import org.onap.portalapp.portal.controller.AppsController; import org.onap.portalapp.portal.domain.EPUser; import org.onap.portalapp.portal.ecomp.model.PortalRestResponse; import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum; @@ -61,6 +61,7 @@ import org.onap.portalapp.util.EPUserUtils; import org.onap.portalapp.validation.SecureString; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -69,27 +70,20 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; @RestController -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog +@NoArgsConstructor public class AppsOSController extends AppsController { private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory(); - static final String FAILURE = "failure"; - EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); + private static final String FAILURE = "failure"; + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class); @Autowired - AdminRolesService adminRolesService; - @Autowired - EPAppService appService; - @Autowired - PersUserAppService persUserAppService; - @Autowired UserService userService; - - - /** + /** * Create new application's contact us details. * * @param contactUs @@ -102,9 +96,9 @@ public class AppsOSController extends AppsController { return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE, "New User cannot be null or empty"); - if (!(adminRolesService.isSuperAdmin(user) || adminRolesService.isAccountAdmin(user))){ + if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))){ if(!user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE, + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "UnAuthorized"); } @@ -113,9 +107,9 @@ public class AppsOSController extends AppsController { try { saveNewUser = userService.saveNewUser(newUser,checkDuplicate); } catch (Exception e) { - return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage()); + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage()); } - return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveNewUser, ""); + return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, ""); } @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json") |