Role management; security vulnerabilities.

Extend user/role management interface to allow role deletion. Add filters to defend against common web Javascript attacks. Drop Greensock code with unusable license. Use OParent in EPSDK web application. Issue: US324470, US342324, PORTAL-127 Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142 Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
author: Christopher Lott (cl778h) <clott@research.att.com> 2017-10-20 08:22:19 -0400
committer: Christopher Lott (cl778h) <clott@research.att.com> 2017-10-20 08:44:33 -0400
commit: e3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch)
tree: 07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java
parent: ddd8720d597fc9053a455b10445fb253adbc4bf7 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java
index e7682809..b89cb43c 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java
@@ -50,6 +50,8 @@ import org.onap.portalsdk.core.controller.RestrictedBaseController;
 import org.onap.portalsdk.core.domain.Role;
 import org.onap.portalsdk.core.domain.User;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
+import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
 import org.onap.portalsdk.core.service.RoleService;
 import org.onap.portalsdk.core.web.support.JsonMessage;
 import org.onap.portalsdk.core.web.support.UserUtils;
@@ -73,6 +75,11 @@ public class RoleListController extends RestrictedBaseController {
 	private RoleService service;
 
 	private String viewName;
+	
+	private static final String isAccessCentralized = PortalApiProperties
+			.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED);
+	private static final String isCentralized = "remote";
+
 
 	@RequestMapping(value = { "/role_list" }, method = RequestMethod.GET)
 	public ModelAndView getRoleList(HttpServletRequest request) {
@@ -151,8 +158,9 @@ public class RoleListController extends RestrictedBaseController {
 			Role role = mapper.readValue(root.get("role").toString(), Role.class);
 
 			Role domainRole = service.getRole(user.getOrgUserId(), role.getId());
-
+			if (!isCentralized.equals(isAccessCentralized)) {
 			service.deleteDependcyRoleRecord(user.getOrgUserId(), role.getId());
+			}
 			service.deleteRole(user.getOrgUserId(), domainRole);
 			logger.info(EELFLoggerDelegate.auditLogger, "Remove role " + domainRole.getId());
author	Christopher Lott (cl778h) <clott@research.att.com>	2017-10-20 08:22:19 -0400
committer	Christopher Lott (cl778h) <clott@research.att.com>	2017-10-20 08:44:33 -0400
commit	e3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch)
tree	07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java
parent	ddd8720d597fc9053a455b10445fb253adbc4bf7 (diff)