summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-fw/src
diff options
context:
space:
mode:
authorChristopher Lott (cl778h) <clott@research.att.com>2017-10-20 08:22:19 -0400
committerChristopher Lott (cl778h) <clott@research.att.com>2017-10-20 08:44:33 -0400
commite3982f6c2a13c903947a66d89e1af1ccbb161e5f (patch)
tree07db289541228dfaef258c267dd33635c33ebb34 /ecomp-sdk/epsdk-fw/src
parentddd8720d597fc9053a455b10445fb253adbc4bf7 (diff)
Role management; security vulnerabilities.
Extend user/role management interface to allow role deletion. Add filters to defend against common web Javascript attacks. Drop Greensock code with unusable license. Use OParent in EPSDK web application. Issue: US324470, US342324, PORTAL-127 Change-Id: I3a10744fbbbdbda7c88d2b2e542e72e779c9b142 Signed-off-by: Christopher Lott (cl778h) <clott@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src')
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java4
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java4
2 files changed, 5 insertions, 3 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java
index 1533db79..91f019be 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/rest/RestWebServiceClient.java
@@ -49,6 +49,8 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+import org.owasp.esapi.ESAPI;
+
/**
* Simple REST client for GET, POST and DELETE operations against the Portal
@@ -209,7 +211,7 @@ public class RestWebServiceClient {
// add request header
con.setRequestProperty("uebkey", appUebKey);
- con.setRequestProperty("LoginId", loginId);
+ con.setRequestProperty("LoginId", ESAPI.encoder().canonicalize(loginId));
con.setRequestProperty("user-agent", appName);
con.setRequestProperty("X-ECOMP-RequestID", requestId);
con.setRequestProperty("username", appUserName);
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java
index ce70c717..92d9ffc3 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java
@@ -143,7 +143,7 @@ public class CipherUtil {
return CipherUtil.decrypt(encryptedText, key);
}
- public static void main(String[] args) throws CipherUtilException {
+/* public static void main(String[] args) throws CipherUtilException {
String testValue = "Welcome123";
String encrypted;
@@ -170,5 +170,5 @@ public class CipherUtil {
System.out.println("Encrypted Text" + encrypted);
}
}
- }
+ }*/
}