Added Junits

Issue-ID: PORTAL-155

Includes JUNITS, security issues fix


Change-Id: I7c4032808163c46bf53477195823c7ed9dc99edc
Signed-off-by:GUJJA <kg811t@research.att.com>

3 files changed, 9 insertions, 8 deletions

diff --git a/ecomp-portal-BE-os/README.md b/ecomp-portal-BE-os/README.md
index d1262b6d..6ca4b1ed 100644
--- a/ecomp-portal-BE-os/README.md
+++ b/ecomp-portal-BE-os/README.md
@@ -36,6 +36,7 @@ Version 2.2
 - [Portal-162] CVE-2015-5211 - Spring - File Upload issue. Upgrade to 4.2.2
 - [Portal-163] NVD - CVE-2016-1000341: bouncycastle issue. Upgrade to 2.4.4
 - [Portal-168] CVE-2015-0254 JSTL-Upgrade to 1.2.3+
+- [Portal-155] Review security issues: portal
 
 Version 1.1.0 (Amsterdam), November 2017
 - [Portal-6] Updates to License and Trademark in the PORTAL Source Code
diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml
index 975f6dec..41722611 100644
--- a/ecomp-portal-BE-os/pom.xml
+++ b/ecomp-portal-BE-os/pom.xml
@@ -318,17 +318,17 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.6.3</version>
+			<version>2.9.2</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.6.3</version>
+			<version>2.9.2</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.6.3</version>
+			<version>2.9.2</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml</groupId>
@@ -380,7 +380,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi</artifactId>
-			<version>3.5-FINAL</version>
+			<version>3.17</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
@@ -395,7 +395,7 @@
 		<dependency>
 			<groupId>org.apache.poi</groupId>
 			<artifactId>poi-ooxml</artifactId>
-			<version>3.5-FINAL</version>
+			<version>3.17</version>
 			<exclusions>
 				<exclusion>
 					<groupId>commons-logging</groupId>
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java
index 88f7651c..0ee11715 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java
@@ -200,7 +200,7 @@ public class LoginController extends EPUnRestrictedBaseController implements Log
 		Map<Object, Object> model = new HashMap<Object, Object>();
 		HashMap<Object, Object> additionalParamsMap = new HashMap<Object, Object>();
 		EPLoginBean commandBean = new EPLoginBean();
-		MDC.put(MDC_KEY_REQUEST_ID, getRequestId(request));
+		MDC.put(MDC_KEY_REQUEST_ID, (getRequestId(request)==null || getRequestId(request).isEmpty()) ? UUID.randomUUID().toString():getRequestId(request));
 		// get userId from cookie
 		String orgUserId = SessionCookieUtil.getUserIdFromCookie(request, response);
 		logger.info(EELFLoggerDelegate.debugLogger, "processSingleSignOn: begins with orgUserId {}", orgUserId);
@@ -230,11 +230,11 @@ public class LoginController extends EPUnRestrictedBaseController implements Log
 						additionalParamsMap);
 
 				stopWatch.stop();
-				MDC.put(EPSystemProperties.MDC_TIMER, stopWatch.getTotalTimeMillis() + "ms");
+				MDC.put(EPSystemProperties.MDC_TIMER, String.valueOf(stopWatch.getTotalTimeMillis()));
 				logger.info(EELFLoggerDelegate.debugLogger, "Operation findUser is completed.");
 			} catch (Exception e) {
 				stopWatch.stop();
-				MDC.put(EPSystemProperties.MDC_TIMER, stopWatch.getTotalTimeMillis() + "ms");
+				MDC.put(EPSystemProperties.MDC_TIMER, String.valueOf(stopWatch.getTotalTimeMillis()));
 				logger.info(EELFLoggerDelegate.errorLogger, "processSingleSignOn failed on user " + orgUserId, e);
 			} finally {
 				MDC.remove(EPSystemProperties.MDC_TIMER);