Role management; security vulnerabilities.

Extend user/role management interface to allow role deletion.
Add filters to defend against common web Javascript attacks.
Drop Greensock code with unusable license.
Use OParent in EPSDK web application.

Issue: US324470, US342324, PORTAL-127
Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java
index 1533db79..91f019be 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java
@@ -49,6 +49,8 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
 import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.owasp.esapi.ESAPI;
+
 
 /**
  * Simple REST client for GET, POST and DELETE operations against the Portal
@@ -209,7 +211,7 @@ public class RestWebServiceClient {
 
 		// add request header
 		con.setRequestProperty("uebkey", appUebKey);
-		con.setRequestProperty("LoginId", loginId);
+		con.setRequestProperty("LoginId", ESAPI.encoder().canonicalize(loginId));
 		con.setRequestProperty("user-agent", appName);
 		con.setRequestProperty("X-ECOMP-RequestID", requestId);
 		con.setRequestProperty("username", appUserName);