diff options
| author |   st782s <statta@research.att.com> | 2017-11-02 17:05:10 -0400 |
|---|---|---|
| committer | st782s <statta@research.att.com> | 2017-11-02 17:07:34 -0400 |
| commit | a37fe92b5daca76aabd50ff1e6920670b30b84ee (patch) | |
| tree | 35c4bf73f1235830054967352a816e0f05329599 /ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF | |
| parent | 5eb302b890ef11d7bab5b27b91c77c5d9175a7f4 (diff) | |
Security vulnerabilityv1.3.21.0.0-ONAP1.0.0-Amsterdamrelease-1.3.2amsterdam
Handle Session issues and security vulnerability login issue to by
preventing sql injection attack
Issue: PORTAL-137
Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF')
| -rw-r--r-- | ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml index 098a5857..dbe53d5b 100644 --- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml +++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml @@ -352,14 +352,14 @@ <query name="getAllUsers"> select id, firstName, lastName from User where active = true order by lastName, firstName </query> - + <query name="getRoleNameById"> select name from Role where id = :role_id </query> <query name="getAllRoles"> select id, name from Role order by name - </query> + </query> <query name="getReportSecurityUsers"> select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and userId is not null @@ -369,11 +369,6 @@ select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and roleId is not null </query> -<!-- <query name="insertReportSecurityUsers"> - insert into ReportUserRole (repId, roleId, userId, readOnlyYn) values (:report_id, :role_id, :user_id, :read_only_yn) - </query> --> - - <query name="deleteReportSecurityUsers"> delete from ReportUserRole where repId = :report_id and userId =:user_id </query> @@ -390,4 +385,16 @@ select id from User where orgUserId = :orgUserId </query> + <query name="getUserByOrgUserId"> + FROM User WHERE orgUserId = :org_user_id + </query> + + <query name="getUserByLoginId"> + FROM User WHERE loginId = :login_id + </query> + + <query name="getUserByLoginIdLoginPwd"> + FROM User WHERE loginId = :login_id and loginPwd = :login_pwd + </query> + </hibernate-mapping> |