diff options
Diffstat (limited to 'ecomp-portal-BE-common/src/main')
8 files changed, 83 insertions, 38 deletions
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java index 0be0d357..c34311c3 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java @@ -739,6 +739,11 @@ public class AppsController extends EPRestrictedBaseController { user = EPUserUtils.getUserSession(request); if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(user, oldEPApp) ) { EcompPortalUtils.setBadPermissions(user, response, "putOnboardingApp"); + } else if(!dataValidator.isValid(modifiedOnboardingApp)){ + logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApp is not valid"); + EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =", + response.getStatus()); + return fieldsValidator; } else { if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null)) { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java index 9024570c..f655d352 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/BasicAuthAccountController.java @@ -53,6 +53,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.AdminRolesService; import org.onap.portalapp.portal.service.BasicAuthAccountService; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -74,6 +75,7 @@ public class BasicAuthAccountController extends EPRestrictedBaseController { private static final String ADMIN_ONLY_OPERATIONS = "Admin Only Operation! "; private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(BasicAuthAccountController.class); + private final DataValidator dataValidator = new DataValidator(); @Autowired private BasicAuthAccountService basicAuthAccountService; @@ -98,6 +100,8 @@ public class BasicAuthAccountController extends EPRestrictedBaseController { public PortalRestResponse<String> createBasicAuthAccount(HttpServletRequest request, HttpServletResponse response, @RequestBody BasicAuthCredentials newBasicAuthAccount) throws Exception { + + EPUser user = EPUserUtils.getUserSession(request); if (!adminRolesService.isSuperAdmin(user)) { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, AUTHORIZATION_REQUIRED, @@ -108,7 +112,18 @@ public class BasicAuthAccountController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "newBasicAuthAccount cannot be null or empty"); } - long accountId = basicAuthAccountService.saveBasicAuthAccount(newBasicAuthAccount); + + if(!dataValidator.isValid(newBasicAuthAccount)){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "createBasicAuthAccount() failed, new credential are not safe", + ""); + } + + long accountId; + try { + accountId = basicAuthAccountService.saveBasicAuthAccount(newBasicAuthAccount); + } catch (Exception e){ + return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, e.getMessage()); + } List<Long> endpointIdList = new ArrayList<>(); try { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java index 4326eac3..97af4373 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/FunctionalMenuController.java @@ -33,7 +33,7 @@ * * ============LICENSE_END============================================ * - * + * */ package org.onap.portalapp.portal.controller; @@ -71,9 +71,11 @@ import org.onap.portalapp.portal.transport.FunctionalMenuItemWithRoles; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; import org.onap.portalapp.portal.utils.EcompPortalUtils; import org.onap.portalapp.util.EPUserUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -86,12 +88,13 @@ import org.springframework.web.bind.annotation.RestController; * Supports menus at the top of the Portal app landing page. */ @RestController -@org.springframework.context.annotation.Configuration +@Configuration @EnableAspectJAutoProxy @EPAuditLog public class FunctionalMenuController extends EPRestrictedBaseController { private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(FunctionalMenuController.class); + private final DataValidator dataValidator = new DataValidator(); @Autowired private AdminRolesService adminRolesService; @@ -104,7 +107,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all the FunctionalMenuItems. - * + * * @param request * HttpServletRequest * @param response @@ -127,7 +130,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to get ONAP Portal Title. - * + * * @param request * HttpServletRequest * @param response @@ -152,7 +155,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * RESTful service method to fetch all the FunctionalMenuItems, both active and * inactive, for the EditFunctionalMenu feature. Can only be accessed by the * portal admin. - * + * * @param request * HttpServletRequest * @param response @@ -182,7 +185,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all the FunctionalMenuItems, active , for the * Functional menu in notification Tree feature. - * + * * @param request * HttpServletRequest * @param response @@ -209,7 +212,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with an * application. - * + * * @param request * HttpServletRequest * @param appId @@ -236,7 +239,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with the * applications and roles that a user has access to. - * + * * @param request * HttpServletRequest * @param orgUserId @@ -264,7 +267,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch all FunctionalMenuItems associated with the * applications and roles that the authenticated user has access to. - * + * * @param request * HttpServletRequest * @param response @@ -299,7 +302,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to fetch the details for a functional menu item. * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -333,9 +336,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to create a new menu item. - * + * * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -349,6 +352,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); FieldsValidator fieldsValidator = null; + + if(!dataValidator.isValid(menuItemJson)){ + fieldsValidator = new FieldsValidator(); + logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object"); + fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE; + return fieldsValidator; + } + if (!adminRolesService.isSuperAdmin(user)) { logger.debug(EELFLoggerDelegate.debugLogger, "FunctionalMenuController.createFunctionalMenuItem bad permissions"); @@ -365,9 +376,9 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to update an existing menu item - * + * * Requirement: you must be the ONAP portal super admin user. - * + * * @param request * HttpServletRequest * @param response @@ -381,6 +392,14 @@ public class FunctionalMenuController extends EPRestrictedBaseController { @RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) { EPUser user = EPUserUtils.getUserSession(request); FieldsValidator fieldsValidator = null; + + if(!dataValidator.isValid(menuItemJson)){ + fieldsValidator = new FieldsValidator(); + logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object"); + fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE; + return fieldsValidator; + } + if (!adminRolesService.isSuperAdmin(user)) { EcompPortalUtils.setBadPermissions(user, response, "editFunctionalMenuItem"); } else { @@ -395,7 +414,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service method to delete a menu item - * + * * @param request * HttpServletRequest * @param response @@ -423,7 +442,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to regenerate table - * + * * @param request * HttpServletRequest * @param response @@ -450,7 +469,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESful service to set a favorite item. - * + * * @param request * HttpServletRequest * @param response @@ -476,7 +495,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to get favorites for the current user as identified in the * session - * + * * @param request * HttpServletRequest * @param response @@ -499,7 +518,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { /** * RESTful service to delete a favorite menu item for the current user as * identified in the session. - * + * * @param request * HttpServletRequest * @param response @@ -528,7 +547,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { * session (i.e., the CSP cookie); if that fails, calls the shared context * service to read the information from the database. Gives back what it found, * any of which may be null, as a JSON collection. - * + * * @param request * HttpServletRequest * @param response @@ -611,7 +630,7 @@ public class FunctionalMenuController extends EPRestrictedBaseController { }; /** - * + * * @param request * HttpServletRequest * @param userId diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java index 3f507726..2e1a2b46 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java @@ -58,6 +58,7 @@ import org.onap.portalapp.portal.logging.aop.EPAuditLog; import org.onap.portalapp.portal.service.WidgetMService; import org.onap.portalapp.portal.service.MicroserviceService; import org.onap.portalapp.portal.utils.EcompPortalUtils; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.EnableAspectJAutoProxy; @@ -78,7 +79,7 @@ import org.springframework.web.client.RestTemplate; @EnableAspectJAutoProxy @EPAuditLog public class MicroserviceController extends EPRestrictedBaseController { - public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory(); + private final DataValidator dataValidator = new DataValidator(); String whatService = "widgets-service"; RestTemplate template = new RestTemplate(); @@ -96,10 +97,7 @@ public class MicroserviceController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", "MicroserviceData cannot be null or empty"); }else { - Validator validator = VALIDATOR_FACTORY.getValidator(); - - Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData); - if(!constraintViolations.isEmpty()){ + if(!dataValidator.isValid(newServiceData)){ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "MicroserviceData is not valid"); } @@ -129,10 +127,7 @@ public class MicroserviceController extends EPRestrictedBaseController { return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", "MicroserviceData cannot be null or empty"); }else { - Validator validator = VALIDATOR_FACTORY.getValidator(); - - Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData); - if(!constraintViolations.isEmpty()){ + if(!dataValidator.isValid(newServiceData)){ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR", "MicroserviceData is not valid"); } diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java index f0e93bcb..6d8a3f87 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/BasicAuthCredentials.java @@ -39,21 +39,24 @@ package org.onap.portalapp.portal.domain; import java.util.List; +import javax.validation.Valid; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; public class BasicAuthCredentials extends DomainVo { private static final long serialVersionUID = 1L; - public BasicAuthCredentials() { - - } - private Long id; + @SafeHtml private String applicationName; + @SafeHtml private String username; + @SafeHtml private String password; + @SafeHtml private String isActive; + @Valid private List<EPEndpoint> endpoints; public Long getId() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java index 92c8572b..97ecbcbe 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPEndpoint.java @@ -37,6 +37,7 @@ */ package org.onap.portalapp.portal.domain; +import org.hibernate.validator.constraints.SafeHtml; import org.onap.portalsdk.core.domain.support.DomainVo; public class EPEndpoint extends DomainVo { @@ -48,6 +49,7 @@ public class EPEndpoint extends DomainVo { } private Long id; + @SafeHtml private String name; public Long getId() { diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java index 74cf1726..98b0f127 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/BasicAuthAccountServiceImpl.java @@ -49,6 +49,7 @@ import org.onap.portalapp.portal.domain.EPEndpoint; import org.onap.portalapp.portal.domain.EPEndpointAccount; import org.onap.portalapp.portal.logging.aop.EPMetricsLog; import org.onap.portalapp.portal.utils.EPCommonSystemProperties; +import org.onap.portalapp.validation.DataValidator; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.onboarding.util.CipherUtil; import org.onap.portalsdk.core.service.DataAccessService; @@ -62,12 +63,16 @@ import org.springframework.stereotype.Service; @EPMetricsLog public class BasicAuthAccountServiceImpl implements BasicAuthAccountService{ EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MicroserviceServiceImpl.class); - + private final DataValidator dataValidator = new DataValidator(); @Autowired private DataAccessService dataAccessService; @Override public Long saveBasicAuthAccount(BasicAuthCredentials newCredential) throws Exception { + + if(!dataValidator.isValid(newCredential)){ + throw new Exception("saveBasicAuthAccount() failed, new credential are not safe"); + } if (newCredential.getPassword() != null) newCredential.setPassword(encryptedPassword(newCredential.getPassword())); try{ diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java index 825cad46..9226f220 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItemWithRoles.java @@ -39,6 +39,7 @@ package org.onap.portalapp.portal.transport; import java.io.Serializable; import java.util.List; +import org.hibernate.validator.constraints.SafeHtml; // This type is used to read the Json in from the API call from the Front End public class FunctionalMenuItemWithRoles implements Serializable { @@ -47,11 +48,11 @@ public class FunctionalMenuItemWithRoles implements Serializable { public Long menuId; public Integer column; - + @SafeHtml public String text; public Integer parentMenuId; - + @SafeHtml public String url; public Integer appid; |