summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF
diff options
context:
space:
mode:
authorst782s <statta@research.att.com>2017-11-02 17:05:10 -0400
committerst782s <statta@research.att.com>2017-11-02 17:07:34 -0400
commita37fe92b5daca76aabd50ff1e6920670b30b84ee (patch)
tree35c4bf73f1235830054967352a816e0f05329599 /ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF
parent5eb302b890ef11d7bab5b27b91c77c5d9175a7f4 (diff)
Handle Session issues and security vulnerability login issue to by preventing sql injection attack Issue: PORTAL-137 Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF')
-rw-r--r--ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml21
1 files changed, 14 insertions, 7 deletions
diff --git a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
index 098a5857..dbe53d5b 100644
--- a/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
+++ b/ecomp-sdk/epsdk-app-overlay/src/main/webapp/WEB-INF/fusion/orm/Fusion.hbm.xml
@@ -352,14 +352,14 @@
<query name="getAllUsers">
select id, firstName, lastName from User where active = true order by lastName, firstName
</query>
-
+
<query name="getRoleNameById">
select name from Role where id = :role_id
</query>
<query name="getAllRoles">
select id, name from Role order by name
- </query>
+ </query>
<query name="getReportSecurityUsers">
select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and userId is not null
@@ -369,11 +369,6 @@
select repId, orderNo, roleId, userId, readOnlyYn from ReportUserRole where repId = :report_id and roleId is not null
</query>
-<!-- <query name="insertReportSecurityUsers">
- insert into ReportUserRole (repId, roleId, userId, readOnlyYn) values (:report_id, :role_id, :user_id, :read_only_yn)
- </query> -->
-
-
<query name="deleteReportSecurityUsers">
delete from ReportUserRole where repId = :report_id and userId =:user_id
</query>
@@ -390,4 +385,16 @@
select id from User where orgUserId = :orgUserId
</query>
+ <query name="getUserByOrgUserId">
+ FROM User WHERE orgUserId = :org_user_id
+ </query>
+
+ <query name="getUserByLoginId">
+ FROM User WHERE loginId = :login_id
+ </query>
+
+ <query name="getUserByLoginIdLoginPwd">
+ FROM User WHERE loginId = :login_id and loginPwd = :login_pwd
+ </query>
+
</hibernate-mapping>