diff options
author | st782s <statta@research.att.com> | 2017-11-06 16:05:26 -0500 |
---|---|---|
committer | st782s <statta@research.att.com> | 2017-11-07 14:03:14 -0500 |
commit | 418d7273d6d8f6fed2698df89c9910be8498a677 (patch) | |
tree | a022deb5da7a12c7f2c5e9c49b042bf76eca1b0a | |
parent | f11362ef34d550f8adff2067a136f660c1959e5e (diff) |
Release new SDK Version
Issue: PORTAL-19, PORTAL-135
Includes SDK 2.1 release updates deprecating certain methods to address
vulnerabilities
Change-Id: Ibf105a0cf3c7d7e89eb05862c54aadfacf575d97
Signed-off-by: st782s <statta@research.att.com>
19 files changed, 93 insertions, 12 deletions
diff --git a/ecomp-sdk/epsdk-analytics/pom.xml b/ecomp-sdk/epsdk-analytics/pom.xml index 3ef1ddb9..9d433363 100644 --- a/ecomp-sdk/epsdk-analytics/pom.xml +++ b/ecomp-sdk/epsdk-analytics/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml index ebb7c26a..cb14aec0 100644 --- a/ecomp-sdk/epsdk-app-common/pom.xml +++ b/ecomp-sdk/epsdk-app-common/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/LogoutController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/LogoutController.java index 548ad986..ba490d53 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/LogoutController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/LogoutController.java @@ -51,6 +51,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.ModelAndView; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Controller @RequestMapping("/") @@ -106,6 +107,7 @@ public class LogoutController extends UnRestrictedBaseController { return modelView; } + @MetricsLog public void chatRoomLogout(HttpServletRequest request) { request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()).getRequest(); setUser(UserUtils.getUserSession(request)); diff --git a/ecomp-sdk/epsdk-app-os/pom.xml b/ecomp-sdk/epsdk-app-os/pom.xml index 469cf37a..dc8e9d94 100644 --- a/ecomp-sdk/epsdk-app-os/pom.xml +++ b/ecomp-sdk/epsdk-app-os/pom.xml @@ -8,7 +8,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/epsdk-app-os/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-profile/self_profile.html b/ecomp-sdk/epsdk-app-os/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-profile/self_profile.html index 845681e3..ca317616 100644 --- a/ecomp-sdk/epsdk-app-os/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-profile/self_profile.html +++ b/ecomp-sdk/epsdk-app-os/src/main/webapp/app/fusion/scripts/DS2-view-models/ds2-profile/self_profile.html @@ -155,7 +155,7 @@ </div> </div> - <div> + <div class="form-row"> <button class="btn btn-alt btn-small" type="button" ng-click="saveProfile()" ng-show="(isAppCentralized=='false')">Save</button> </div> <br> diff --git a/ecomp-sdk/epsdk-app-overlay/pom.xml b/ecomp-sdk/epsdk-app-overlay/pom.xml index 6d4f95de..ebc9ccb9 100644 --- a/ecomp-sdk/epsdk-app-overlay/pom.xml +++ b/ecomp-sdk/epsdk-app-overlay/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/epsdk-core/README.md b/ecomp-sdk/epsdk-core/README.md index 2d65f17b..fbc2bf24 100644 --- a/ecomp-sdk/epsdk-core/README.md +++ b/ecomp-sdk/epsdk-core/README.md @@ -13,6 +13,9 @@ ECOMP SDK web application. ### ONAP Distributions +Version 2.1.0 +- PORTAL-19 Rename Java package base to org.onap + Version 1.4.0 - PORTAL-19 Rename Java package base to org.onap - PORTAL-42 Use OParent as parent POM diff --git a/ecomp-sdk/epsdk-core/pom.xml b/ecomp-sdk/epsdk-core/pom.xml index d9993110..49b8f901 100644 --- a/ecomp-sdk/epsdk-core/pom.xml +++ b/ecomp-sdk/epsdk-core/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/logging/aspect/EELFLoggerAspect.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/logging/aspect/EELFLoggerAspect.java index 3ffd0894..0e23a36f 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/logging/aspect/EELFLoggerAspect.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/logging/aspect/EELFLoggerAspect.java @@ -43,6 +43,7 @@ import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; import org.onap.portalsdk.core.util.SystemProperties.SecurityEventTypeEnum; import org.springframework.beans.factory.annotation.Autowired; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Aspect @org.springframework.context.annotation.Configuration @@ -108,4 +109,18 @@ public class EELFLoggerAspect { return result; } + + //Metrics Logging + @Pointcut("execution(* *(..))") + public void performMetricsLogging() {} + + @Around("performMetricsLogging() && @within(MetricsLog)") + public Object metricsLoggingAroundClass(ProceedingJoinPoint joinPoint, MetricsLog MetricsLog) throws Throwable { + return this.logAroundMethod(joinPoint, null); + } + + @Around("performMetricsLogging() && @annotation(MetricsLog)") + public Object metricsLoggingAroundMethod(ProceedingJoinPoint joinPoint, MetricsLog MetricsLog) throws Throwable { + return this.logAroundMethod(joinPoint, null); + } } diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/AuditServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/AuditServiceImpl.java index 1bc81d9a..68cbe11c 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/AuditServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/AuditServiceImpl.java @@ -43,9 +43,11 @@ import org.onap.portalsdk.core.domain.AuditLog; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Service("auditService") @Transactional +@MetricsLog public class AuditServiceImpl implements AuditService { @Autowired diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessService.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessService.java index 8eacefa9..f2863e06 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessService.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessService.java @@ -60,10 +60,31 @@ public interface DataAccessService { void saveDomainObject(DomainVo domainObject, Map additionalParams); // generic get list method(s) + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ + @Deprecated List getList(Class domainClass, Map additionalParams); + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ + @Deprecated List getList(Class domainClass, String filter, String orderBy, Map additionalParams); + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ + @Deprecated List getList(Class domainClass, String filter, int fromIndex, int toIndex, String orderBy, Map additionalParams); diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java index f34610cb..8fce7e89 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/DataAccessServiceImpl.java @@ -157,6 +157,11 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe /** * generic get list method * + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + * * @param domainClass * @param filterClause * @param fromIndex @@ -164,6 +169,7 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe * @param orderBy * @return */ + @Deprecated private List getListCommon(Class domainClass, String filterClause, Integer fromIndex, Integer toIndex, String orderBy) { String className = domainClass.getName(); @@ -186,17 +192,38 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe return list; } + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ @Override + @Deprecated public List getList(Class domainClass, Map additionalParams) { return getListCommon(domainClass, null, null, null, null); } + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ @Override + @Deprecated public List getList(Class domainClass, String filter, String orderBy, Map additionalParams) { return getListCommon(domainClass, filter, null, null, orderBy); } - + + /** + * @deprecated + * This method may be vulnerable to SQL Injection attacks depending on the usage and is being deprecated. Please use + * getList(Class<?> domainClass, ProjectionList projectionsList, List<Criterion> restrictionsList, + List<Order> orderByList) method instead + */ @Override + @Deprecated public List getList(Class domainClass, String filter, int fromIndex, int toIndex, String orderBy, Map additionalParams) { return getListCommon(domainClass, filter, new Integer(fromIndex), new Integer(toIndex), orderBy); @@ -401,8 +428,10 @@ public class DataAccessServiceImpl extends FusionService implements DataAccessSe @Override public int executeNamedUpdateQuery(String queryName, Map params, Map additionalParams) { - logger.error(EELFLoggerDelegate.errorLogger, "Not implemented"); - throw new UnsupportedOperationException(); + Session session = sessionFactory.getCurrentSession(); + Query query = session.getNamedQuery(queryName); + bindQueryParameters(query,params); + return query.executeUpdate(); } @Override diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LdapServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LdapServiceImpl.java index 6470ca63..9f078403 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LdapServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LdapServiceImpl.java @@ -58,6 +58,7 @@ import org.onap.portalsdk.core.util.SystemProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Service("ldapService") @Transactional @@ -144,6 +145,7 @@ public class LdapServiceImpl extends FusionService implements LdapService { } @SuppressWarnings({ "rawtypes", "unchecked" }) + @MetricsLog private ArrayList processResults(NamingEnumeration e) throws NamingException { ArrayList results = new ArrayList(); int count = 0; @@ -163,6 +165,7 @@ public class LdapServiceImpl extends FusionService implements LdapService { } @SuppressWarnings("rawtypes") + @MetricsLog private DomainVo processAttributes(Attributes resultAttributes) { User user = new User(); try { diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LoginServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LoginServiceImpl.java index d16a86d8..840c6063 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LoginServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/LoginServiceImpl.java @@ -56,8 +56,10 @@ import org.onap.portalsdk.core.web.support.AppUtils; import org.onap.portalsdk.core.web.support.UserUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Transactional +@MetricsLog public class LoginServiceImpl extends FusionService implements LoginService { private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(LoginServiceImpl.class); diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/ProfileServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/ProfileServiceImpl.java index 20b14eb6..f91cf2eb 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/ProfileServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/ProfileServiceImpl.java @@ -44,8 +44,10 @@ import org.onap.portalsdk.core.domain.Profile; import org.onap.portalsdk.core.domain.User; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Transactional +@MetricsLog public class ProfileServiceImpl implements ProfileService { @Autowired diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/RoleServiceImpl.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/RoleServiceImpl.java index e0e2d2e3..cfb1c34a 100644 --- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/RoleServiceImpl.java +++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/service/RoleServiceImpl.java @@ -52,8 +52,10 @@ import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.transaction.annotation.Transactional; +import org.onap.portalsdk.core.logging.aspect.MetricsLog; @Transactional +@MetricsLog public class RoleServiceImpl implements RoleService { private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(RoleServiceImpl.class); diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml index cb431a1a..de185f48 100644 --- a/ecomp-sdk/epsdk-fw/pom.xml +++ b/ecomp-sdk/epsdk-fw/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/epsdk-workflow/pom.xml b/ecomp-sdk/epsdk-workflow/pom.xml index 09b1eb36..077aa328 100644 --- a/ecomp-sdk/epsdk-workflow/pom.xml +++ b/ecomp-sdk/epsdk-workflow/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> </parent> <!-- GroupId is inherited from parent --> diff --git a/ecomp-sdk/pom.xml b/ecomp-sdk/pom.xml index 8cae0a58..788f63e0 100644 --- a/ecomp-sdk/pom.xml +++ b/ecomp-sdk/pom.xml @@ -14,7 +14,7 @@ <!-- Portal SDK Maven parent project --> <groupId>org.onap.portal.sdk</groupId> <artifactId>epsdk-project</artifactId> - <version>1.4.0-SNAPSHOT</version> + <version>2.1.0-SNAPSHOT</version> <packaging>pom</packaging> <name>portal-sdk</name> <url>https://wiki.onap.org/display/DW/Portal</url> |