diff options
author | Kotta, Shireesha (sk434m) <sk434m@att.com> | 2019-06-28 15:27:29 -0400 |
---|---|---|
committer | Kotta, Shireesha (sk434m) <sk434m@att.com> | 2019-06-28 15:27:29 -0400 |
commit | 179ff1eb0c1ac9eef4d152c47df5cb12a4584c0f (patch) | |
tree | b9b744e106d688e807ffb31b6a986230034423d5 /ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java | |
parent | d63c87226df57e7bd0513f9b17374716197056fa (diff) |
PENTEST:Do not display stack trace for the api's
Issue-ID: PORTAL-654
PENTEST:Do not display stack trace for the api's and all users info for
get_user api
Change-Id: I68a4e3c7eba2628363275d63535290034591aa07
Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java')
-rw-r--r-- | ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java | 41 |
1 files changed, 31 insertions, 10 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java index acf94bae..e2875125 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/onap/portalapp/service/OnBoardingApiServiceImpl.java @@ -193,7 +193,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR user.setRoles(roles); saveUserExtension(user); } catch (Exception e) { - String response = "OnboardingApiService.pushUser failed"; + String response = "Failed to save user"; logger.error(EELFLoggerDelegate.errorLogger, response, e); throw new PortalAPIException(response, e); } finally { @@ -276,7 +276,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR editUserExtension(domainUser); } catch (Exception e) { - String response = "OnboardingApiService.editUser failed"; + String response = "Failed to edit the user"; logger.error(EELFLoggerDelegate.errorLogger, response, e); throw new PortalAPIException(response, e); } finally { @@ -311,7 +311,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR } else return UserUtils.convertToEcompUser(user); } catch (Exception e) { - String response = "OnboardingApiService.getUser failed"; + String response = "failed to fetch the user"; logger.error(EELFLoggerDelegate.errorLogger, response, e); return null; // Unfortunately, Portal is not ready to accept proper error response @@ -346,7 +346,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR return ecompUsers; } } catch (Exception e) { - String response = "OnboardingApiService.getUsers failed"; + String response = "failed to fetch users"; logger.error(EELFLoggerDelegate.errorLogger, response, e); if (usersList.isEmpty()) { throw new PortalAPIException("Application is Inactive"); @@ -365,7 +365,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR ecompRoles.add(UserUtils.convertToEcompRole(role)); return ecompRoles; } catch (Exception e) { - String response = "OnboardingApiService.getAvailableRoles failed"; + String response = "Failed to fetch role"; logger.error(EELFLoggerDelegate.errorLogger, response, e); throw new PortalAPIException(response, e); } @@ -406,7 +406,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR // After successful creation, call admin auth extension saveUserRoleExtension(roles,user); } catch (Exception e) { - String response = "OnboardingApiService.pushUserRole failed"; + String response = "Failed to push userRole"; logger.error(EELFLoggerDelegate.errorLogger, response, e); throw new PortalAPIException(response, e); } finally { @@ -449,7 +449,7 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR } return ecompRoles; } catch (Exception e) { - String response = "OnboardingApiService.getUserRoles failed"; + String response = "Failed to fetch user roles"; logger.error(EELFLoggerDelegate.errorLogger, response, e); throw new PortalAPIException(response, e); } @@ -481,12 +481,33 @@ public class OnBoardingApiServiceImpl implements IPortalRestAPIService, IPortalR } @Override - public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException { - WebServiceCallService securityService = AppContextManager.getAppContext().getBean(WebServiceCallService.class); + public boolean isAppAuthenticated(HttpServletRequest request, Map<String,String> appCredentials) throws PortalAPIException { + if(appCredentials.isEmpty()) + { + logger.debug(EELFLoggerDelegate.debugLogger, "app credentails are empty"); + return false; + } + String appUserName = ""; + String appPassword = ""; + String appName = ""; + + for (Map.Entry<String, String> entry : appCredentials.entrySet()) { + if (entry.getKey().equalsIgnoreCase("username")) { + appUserName = entry.getValue(); + } else if (entry.getKey().equalsIgnoreCase("password")) { + appPassword = entry.getValue(); + } else { + appName = entry.getValue(); + } + } + try { String appUser = request.getHeader("username"); String password = request.getHeader("password"); - return securityService.verifyRESTCredential(null, appUser, password); + if (password.equals(appPassword) && appUserName.equals(appUser)) { + return true; + } + return false; } catch (Exception e) { String response = "OnboardingApiService.isAppAuthenticated failed"; logger.error(EELFLoggerDelegate.errorLogger, response, e); |