diff options
Diffstat (limited to 'ecomp-portal-BE-os/src')
6 files changed, 78 insertions, 21 deletions
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java index 862bf399..43449b38 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java @@ -164,15 +164,15 @@ public class ExternalAppConfig extends AppConfig implements Configurable { MDC.put(MDC_ALERT_SEVERITY, AlarmSeverityEnum.INFORMATIONAL.severity()); MDC.put(MDC_INSTANCE_UUID, SystemProperties.getProperty(SystemProperties.INSTANCE_UUID)); - if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){ - importFromExternalAuth(); - } + if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){ + importFromExternalAuth(); + } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "init failed", e); } } - + private void importFromExternalAuth() throws Exception { JSONArray aafAppRoles = new JSONArray(); JSONArray aafUserList = new JSONArray(); @@ -189,8 +189,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable { for(int j = 0; j < aafAppRoles.length(); j++){ ObjectMapper mapper = new ObjectMapper(); String name = aafAppRoles.getJSONObject(j).getString("name"); - //String desc = aafAppRoles.getJSONObject(j).getString("description"); - //ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class); +// String desc = aafAppRoles.getJSONObject(j).getString("description"); +// ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class); aafUserList = externalAccessRolesService.getAllUsersByRole(name); if(aafUserList != null && aafUserList.length() > 0){ for(int k = 0; k < aafUserList.length(); k++){ @@ -222,6 +222,10 @@ public class ExternalAppConfig extends AppConfig implements Configurable { } } + public DataAccessService dataAccessService() { + return super.dataAccessService(); + } + @Override public String[] tileDefinitions() { return super.tileDefinitions(); diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java index bf09c122..25eee828 100644 --- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java +++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java @@ -44,6 +44,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; +import java.util.Enumeration; import javax.servlet.FilterChain; import javax.servlet.ReadListener; @@ -128,31 +129,51 @@ public class SecurityXssFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString()); + String queryString = request.getQueryString(); + String requestUrl = ""; + if (queryString == null) { + requestUrl = requestURL.toString(); + } else { + requestUrl = requestURL.append('?').append(queryString).toString(); + } + validateRequest(requestUrl, response); + StringBuilder headerValues = new StringBuilder(); + Enumeration<String> headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String key = (String) headerNames.nextElement(); + String value = request.getHeader(key); + headerValues.append(value); + } + validateRequest(headerValues.toString(), response); if (validateRequestType(request)) { request = new RequestWrapper(request); String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString()); - try { - if (StringUtils.isNotBlank(requestData) && validator.denyXSS(requestData)) { - response.setContentType(APPLICATION_JSON); - response.setStatus(HttpStatus.SC_BAD_REQUEST); - response.getWriter().write(ERROR_BAD_REQUEST); - throw new SecurityException(ERROR_BAD_REQUEST); - } - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); - response.getWriter().close(); - return; - } + validateRequest(requestData, response); filterChain.doFilter(request, response); } else { filterChain.doFilter(request, response); } - } private boolean validateRequestType(HttpServletRequest request) { return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT") || request.getMethod().equalsIgnoreCase("DELETE")); } + + private void validateRequest(String text, HttpServletResponse response) throws IOException { + try { + if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) { + response.setContentType(APPLICATION_JSON); + response.setStatus(HttpStatus.SC_BAD_REQUEST); + response.getWriter().write(ERROR_BAD_REQUEST); + throw new SecurityException(ERROR_BAD_REQUEST); + } + } catch (Exception e) { + logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e); + response.getWriter().close(); + return; + } + } }
\ No newline at end of file diff --git a/ecomp-portal-BE-os/src/main/resources/music.properties b/ecomp-portal-BE-os/src/main/resources/music.properties index 87c4c942..6669011d 100644 --- a/ecomp-portal-BE-os/src/main/resources/music.properties +++ b/ecomp-portal-BE-os/src/main/resources/music.properties @@ -15,7 +15,8 @@ music.cleanup.threshold = 10 cassandra.host=localhost zookeeper.host=localhost cassandra.user=cassandra -cassandra.password=cassandra +#cassandra.password=cassandra +cassandra.password=PIyMiPhYvQScMwiQT9UjvV8wBvXSiCN8ZEeiBC42Gp4= #Music API #music.endpoint = localhost diff --git a/ecomp-portal-BE-os/src/main/resources/portal.properties b/ecomp-portal-BE-os/src/main/resources/portal.properties index e853165d..156d1e27 100644 --- a/ecomp-portal-BE-os/src/main/resources/portal.properties +++ b/ecomp-portal-BE-os/src/main/resources/portal.properties @@ -65,3 +65,6 @@ role_access_centralized = remote ext_req_connection_timeout = 15000 ext_req_read_timeout = 20000 + +#Replace this based on the Env +auth_namespace = com.att.ecomp.portal.demeter
\ No newline at end of file diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties index 67d93285..cb187c8c 100644 --- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties +++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/conf/system.properties @@ -40,7 +40,7 @@ db.driver = org.mariadb.jdbc.Driver #db.connectionURL = jdbc:mariadb:failover://localhost:3306/ecomp_portal #db.userName = XXXX #db.password = XXXX -db.connectionURL = jdbc:mariadb:failover://demeter.homer.att.com:3306/ecomp_portal_1710_os +db.connectionURL = jdbc:mariadb:failover://localhost:3306/portal db.userName = portal db.password = P0rt@l # is the db.password property encrypted? diff --git a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml index 6984cc91..1181a2fd 100644 --- a/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml +++ b/ecomp-portal-BE-os/src/main/webapp/WEB-INF/web.xml @@ -106,4 +106,32 @@ <filter-name>SecurityXssFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> + <!-- <filter> + <filter-name>CadiAuthFilter</filter-name> + <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> + <init-param> + <param-name>cadi_prop_files</param-name> + Add Absolute path of cadi.properties + <param-value>{Path}/cadi.properties + </param-value> + </init-param> + Add param values with comma delimited values + <init-param> + <param-name>include_url_endpoints</param-name> + <param-value>/auxapi/*</param-value> + </init-param> + <init-param> + <param-name>exclude_url_endpoints</param-name> + <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> + </init-param> + </filter> + <filter-mapping> + <filter-name>CadiAuthFilter</filter-name> + <url-pattern>/auxapi/v3/*</url-pattern> + </filter-mapping> + <filter-mapping> + <filter-name>CadiAuthFilter</filter-name> + <url-pattern>/auxapi/v4/*</url-pattern> + + </filter-mapping> --> </web-app> |