Harden code

Issue-ID: PORTAL-145 Harden code to address Open Redirect in Portal SDK Change-Id: If7e923366be11b78c1359dfe5b8fc14a2927c668 Signed-off-by: robertlo <wl849v@att.com>
author: robertlo <wl849v@att.com> 2018-01-08 17:08:00 -0500
committer: robertlo <wl849v@att.com> 2018-01-08 17:08:00 -0500
commit: 304033445a8333cd088910fc3e43ca9222237816 (patch)
tree: 403346f9dfc7da2a1535cb0ba3cd08e619c4c8ed /ecomp-sdk/epsdk-core
parent: 69062c0ec148ccadaced3ef1d6eff63ba422c055 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
index a6b98fdf..1c32ad80 100644
--- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/interceptor/SessionTimeoutInterceptor.java
@@ -102,7 +102,6 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 						// "/context/single_signon.htm"
 						final String redirectUrl = request.getContextPath() + singleSignonPrefix
 								+ "redirectToPortal=Yes&" + forwardUrlParm;
-						validateDomain(redirectUrl);
 						logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: session is expired, redirecting to {}",
 								redirectUrl);
 						response.sendRedirect(redirectUrl);
@@ -112,7 +111,6 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 						// Redirect to an absolute path in the webapp; e.g.,
 						// "/context/single_signon.htm"
 						final String redirectUrl = request.getContextPath() + singleSignonPrefix + forwardUrlParm;
-						validateDomain(redirectUrl);
 						logger.debug(EELFLoggerDelegate.debugLogger, "preHandle: took exception {}, redirecting to {}",
 								ex.getMessage(), redirectUrl);
 						response.sendRedirect(redirectUrl);
@@ -125,7 +123,7 @@ public class SessionTimeoutInterceptor extends HandlerInterceptorAdapter {
 		return super.preHandle(request, response, handler);
 	}
 
-	private void validateDomain(final String redirectUrl) throws MalformedURLException {
+	public void validateDomain(final String redirectUrl) throws MalformedURLException {
 		if (StringUtils.isNotBlank(redirectUrl)) {
 			String hostName = new URL(redirectUrl).getHost();
 			if (StringUtils.isNotBlank(hostName)
author	robertlo <wl849v@att.com>	2018-01-08 17:08:00 -0500
committer	robertlo <wl849v@att.com>	2018-01-08 17:08:00 -0500
commit	304033445a8333cd088910fc3e43ca9222237816 (patch)
tree	403346f9dfc7da2a1535cb0ba3cd08e619c4c8ed /ecomp-sdk/epsdk-core
parent	69062c0ec148ccadaced3ef1d6eff63ba422c055 (diff)