summaryrefslogtreecommitdiffstats
path: root/ecomp-portal-BE-os/src
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-portal-BE-os/src')
-rw-r--r--ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java16
-rw-r--r--ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java47
-rw-r--r--ecomp-portal-BE-os/src/main/resources/music.properties3
-rw-r--r--ecomp-portal-BE-os/src/main/resources/portal.properties3
-rw-r--r--ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties2
-rw-r--r--ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml28
6 files changed, 78 insertions, 21 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
index 862bf399..43449b38 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
@@ -164,15 +164,15 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
MDC.put(MDC_ALERT_SEVERITY, AlarmSeverityEnum.INFORMATIONAL.severity());
MDC.put(MDC_INSTANCE_UUID, SystemProperties.getProperty(SystemProperties.INSTANCE_UUID));
- if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){
- importFromExternalAuth();
- }
+ if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){
+ importFromExternalAuth();
+ }
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "init failed", e);
}
}
-
+
private void importFromExternalAuth() throws Exception {
JSONArray aafAppRoles = new JSONArray();
JSONArray aafUserList = new JSONArray();
@@ -189,8 +189,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
for(int j = 0; j < aafAppRoles.length(); j++){
ObjectMapper mapper = new ObjectMapper();
String name = aafAppRoles.getJSONObject(j).getString("name");
- //String desc = aafAppRoles.getJSONObject(j).getString("description");
- //ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class);
+// String desc = aafAppRoles.getJSONObject(j).getString("description");
+// ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class);
aafUserList = externalAccessRolesService.getAllUsersByRole(name);
if(aafUserList != null && aafUserList.length() > 0){
for(int k = 0; k < aafUserList.length(); k++){
@@ -222,6 +222,10 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
}
}
+ public DataAccessService dataAccessService() {
+ return super.dataAccessService();
+ }
+
@Override
public String[] tileDefinitions() {
return super.tileDefinitions();
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index bf09c122..25eee828 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -44,6 +44,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
+import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.ReadListener;
@@ -128,31 +129,51 @@ public class SecurityXssFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
+ StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
+ String queryString = request.getQueryString();
+ String requestUrl = "";
+ if (queryString == null) {
+ requestUrl = requestURL.toString();
+ } else {
+ requestUrl = requestURL.append('?').append(queryString).toString();
+ }
+ validateRequest(requestUrl, response);
+ StringBuilder headerValues = new StringBuilder();
+ Enumeration<String> headerNames = request.getHeaderNames();
+ while (headerNames.hasMoreElements()) {
+ String key = (String) headerNames.nextElement();
+ String value = request.getHeader(key);
+ headerValues.append(value);
+ }
+ validateRequest(headerValues.toString(), response);
if (validateRequestType(request)) {
request = new RequestWrapper(request);
String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
- try {
- if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) {
- response.setContentType(APPLICATION_JSON);
- response.setStatus(HttpStatus.SC_BAD_REQUEST);
- response.getWriter().write(ERROR_BAD_REQUEST);
- throw new SecurityException(ERROR_BAD_REQUEST);
- }
- } catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
- response.getWriter().close();
- return;
- }
+ validateRequest(requestData, response);
filterChain.doFilter(request, response);
} else {
filterChain.doFilter(request, response);
}
-
}
private boolean validateRequestType(HttpServletRequest request) {
return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT")
|| request.getMethod().equalsIgnoreCase("DELETE"));
}
+
+ private void validateRequest(String text, HttpServletResponse response) throws IOException {
+ try {
+ if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) {
+ response.setContentType(APPLICATION_JSON);
+ response.setStatus(HttpStatus.SC_BAD_REQUEST);
+ response.getWriter().write(ERROR_BAD_REQUEST);
+ throw new SecurityException(ERROR_BAD_REQUEST);
+ }
+ } catch (Exception e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+ response.getWriter().close();
+ return;
+ }
+ }
} \ No newline at end of file
diff --git a/ecomp-portal-BE-os/src/main/resources/music.properties b/ecomp-portal-BE-os/src/main/resources/music.properties
index 87c4c942..6669011d 100644
--- a/ecomp-portal-BE-os/src/main/resources/music.properties
+++ b/ecomp-portal-BE-os/src/main/resources/music.properties
@@ -15,7 +15,8 @@ music.cleanup.threshold = 10
cassandra.host=localhost
zookeeper.host=localhost
cassandra.user=cassandra
-cassandra.password=cassandra
+#cassandra.password=cassandra
+cassandra.password=PIyMiPhYvQScMwiQT9UjvV8wBvXSiCN8ZEeiBC42Gp4=
#Music API
#music.endpoint = localhost
diff --git a/ecomp-portal-BE-os/src/main/resources/portal.properties b/ecomp-portal-BE-os/src/main/resources/portal.properties
index e853165d..156d1e27 100644
--- a/ecomp-portal-BE-os/src/main/resources/portal.properties
+++ b/ecomp-portal-BE-os/src/main/resources/portal.properties
@@ -65,3 +65,6 @@ role_access_centralized = remote
ext_req_connection_timeout = 15000
ext_req_read_timeout = 20000
+
+#Replace this based on the Env
+auth_namespace = com.att.ecomp.portal.demeter \ No newline at end of file
diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties
index 67d93285..cb187c8c 100644
--- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties
+++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties
@@ -40,7 +40,7 @@ db.driver = org.mariadb.jdbc.Driver
#db.connectionURL = jdbc:mariadb:failover://localhost:3306/ecomp_portal
#db.userName = XXXX
#db.password = XXXX
-db.connectionURL = jdbc:mariadb:failover://demeter.homer.att.com:3306/ecomp_portal_1710_os
+db.connectionURL = jdbc:mariadb:failover://localhost:3306/portal
db.userName = portal
db.password = P0rt@l
# is the db.password property encrypted?
diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml
index 6984cc91..1181a2fd 100644
--- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml
+++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml
@@ -106,4 +106,32 @@
<filter-name>SecurityXssFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <!-- <filter>
+ <filter-name>CadiAuthFilter</filter-name>
+ <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class>
+ <init-param>
+ <param-name>cadi_prop_files</param-name>
+ Add Absolute path of cadi.properties
+ <param-value>{Path}/cadi.properties
+ </param-value>
+ </init-param>
+ Add param values with comma delimited values
+ <init-param>
+ <param-name>include_url_endpoints</param-name>
+ <param-value>/auxapi/*</param-value>
+ </init-param>
+ <init-param>
+ <param-name>exclude_url_endpoints</param-name>
+ <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value>
+ </init-param>
+ </filter>
+ <filter-mapping>
+ <filter-name>CadiAuthFilter</filter-name>
+ <url-pattern>/auxapi/v3/*</url-pattern>
+ </filter-mapping>
+ <filter-mapping>
+ <filter-name>CadiAuthFilter</filter-name>
+ <url-pattern>/auxapi/v4/*</url-pattern>
+
+ </filter-mapping> -->
</web-app>