summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-common/src
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2017-11-02 17:05:10 -0400
committerst782s <statta@research.att.com>2017-11-02 17:07:34 -0400
commita37fe92b5daca76aabd50ff1e6920670b30b84ee (patch)
tree35c4bf73f1235830054967352a816e0f05329599 /ecomp-sdk/epsdk-app-common/src
parent5eb302b890ef11d7bab5b27b91c77c5d9175a7f4 (diff)
Security vulnerabilityv1.3.21.0.0-ONAP1.0.0-Amsterdamrelease-1.3.2amsterdam
Handle Session issues and security vulnerability login issue to by preventing sql injection attack Issue: PORTAL-137 Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common/src')
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java5
1 files changed, 5 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
index 766d9eb9..f921581f 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
@@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController {
final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
redirectUrl);
+
+ // this line may not be necessary but jsessionid cookie is not getting created in all cases,
+ // so force the cookie creation
+ request.getSession(true);
+
return new ModelAndView("redirect:" + redirectUrl);
}
}