diff options
author | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:22:19 -0400 |
---|---|---|
committer | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:44:33 -0400 |
commit | e3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch) | |
tree | 07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core | |
parent | ddd8720d597fc9053a455b10445fb253adbc4bf7 (diff) |
Role management; security vulnerabilities.
Extend user/role management interface to allow role deletion.
Add filters to defend against common web Javascript attacks.
Drop Greensock code with unusable license.
Use OParent in EPSDK web application.
Issue: US324470, US342324, PORTAL-127
Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core')
-rw-r--r-- | ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java index e7682809..b89cb43c 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/controller/core/RoleListController.java @@ -50,6 +50,8 @@ import org.onap.portalsdk.core.controller.RestrictedBaseController; import org.onap.portalsdk.core.domain.Role; import org.onap.portalsdk.core.domain.User; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; +import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; import org.onap.portalsdk.core.service.RoleService; import org.onap.portalsdk.core.web.support.JsonMessage; import org.onap.portalsdk.core.web.support.UserUtils; @@ -73,6 +75,11 @@ public class RoleListController extends RestrictedBaseController { private RoleService service; private String viewName; + + private static final String isAccessCentralized = PortalApiProperties + .getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED); + private static final String isCentralized = "remote"; + @RequestMapping(value = { "/role_list" }, method = RequestMethod.GET) public ModelAndView getRoleList(HttpServletRequest request) { @@ -151,8 +158,9 @@ public class RoleListController extends RestrictedBaseController { Role role = mapper.readValue(root.get("role").toString(), Role.class); Role domainRole = service.getRole(user.getOrgUserId(), role.getId()); - + if (!isCentralized.equals(isAccessCentralized)) { service.deleteDependcyRoleRecord(user.getOrgUserId(), role.getId()); + } service.deleteRole(user.getOrgUserId(), domainRole); logger.info(EELFLoggerDelegate.auditLogger, "Remove role " + domainRole.getId()); |