diff options
author | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:22:19 -0400 |
---|---|---|
committer | Christopher Lott (cl778h) <clott@research.att.com> | 2017-10-20 08:44:33 -0400 |
commit | e3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch) | |
tree | 07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-fw/src/main | |
parent | ddd8720d597fc9053a455b10445fb253adbc4bf7 (diff) |
Role management; security vulnerabilities.
Extend user/role management interface to allow role deletion.
Add filters to defend against common web Javascript attacks.
Drop Greensock code with unusable license.
Use OParent in EPSDK web application.
Issue: US324470, US342324, PORTAL-127
Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142
Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main')
2 files changed, 5 insertions, 3 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java index 1533db79..91f019be 100644 --- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java +++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java @@ -49,6 +49,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; +import org.owasp.esapi.ESAPI; + /** * Simple REST client for GET, POST and DELETE operations against the Portal @@ -209,7 +211,7 @@ public class RestWebServiceClient { // add request header con.setRequestProperty("uebkey", appUebKey); - con.setRequestProperty("LoginId", loginId); + con.setRequestProperty("LoginId", ESAPI.encoder().canonicalize(loginId)); con.setRequestProperty("user-agent", appName); con.setRequestProperty("X-ECOMP-RequestID", requestId); con.setRequestProperty("username", appUserName); diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java index ce70c717..92d9ffc3 100644 --- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java +++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java @@ -143,7 +143,7 @@ public class CipherUtil { return CipherUtil.decrypt(encryptedText, key); } - public static void main(String[] args) throws CipherUtilException { +/* public static void main(String[] args) throws CipherUtilException { String testValue = "Welcome123"; String encrypted; @@ -170,5 +170,5 @@ public class CipherUtil { System.out.println("Encrypted Text" + encrypted); } } - } + }*/ } |