summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-common
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2017-11-02 17:05:10 -0400
committerst782s <statta@research.att.com>2017-11-02 17:07:34 -0400
commita37fe92b5daca76aabd50ff1e6920670b30b84ee (patch)
tree35c4bf73f1235830054967352a816e0f05329599 /ecomp-sdk/epsdk-app-common
parent5eb302b890ef11d7bab5b27b91c77c5d9175a7f4 (diff)
Security vulnerabilityv1.3.21.0.0-ONAP1.0.0-Amsterdamrelease-1.3.2amsterdam
Handle Session issues and security vulnerability login issue to by preventing sql injection attack Issue: PORTAL-137 Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-common')
-rw-r--r--ecomp-sdk/epsdk-app-common/README.md3
-rw-r--r--ecomp-sdk/epsdk-app-common/pom.xml2
-rw-r--r--ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java5
3 files changed, 9 insertions, 1 deletions
diff --git a/ecomp-sdk/epsdk-app-common/README.md b/ecomp-sdk/epsdk-app-common/README.md
index 8a7d0e60..edca9b5d 100644
--- a/ecomp-sdk/epsdk-app-common/README.md
+++ b/ecomp-sdk/epsdk-app-common/README.md
@@ -24,6 +24,9 @@ AngularJS version 1.5.0.
### ONAP Distributions
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
Version 1.3.1, 15 October 2017
- No changes
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index bacab499..d10e4739 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>org.onap.portal.sdk</groupId>
<artifactId>epsdk-project</artifactId>
- <version>1.3.1</version>
+ <version>1.3.2</version>
</parent>
<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
index 766d9eb9..f921581f 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
@@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController {
final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
redirectUrl);
+
+ // this line may not be necessary but jsessionid cookie is not getting created in all cases,
+ // so force the cookie creation
+ request.getSession(true);
+
return new ModelAndView("redirect:" + redirectUrl);
}
}