From a37fe92b5daca76aabd50ff1e6920670b30b84ee Mon Sep 17 00:00:00 2001 From: st782s Date: Thu, 2 Nov 2017 17:05:10 -0400 Subject: Security vulnerability Handle Session issues and security vulnerability login issue to by preventing sql injection attack Issue: PORTAL-137 Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f Signed-off-by: st782s --- .../openecomp/portalapp/controller/core/SingleSignOnController.java | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'ecomp-sdk/epsdk-app-common/src/main/java') diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java index 766d9eb9..f921581f 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java @@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController { final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl; logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}", redirectUrl); + + // this line may not be necessary but jsessionid cookie is not getting created in all cases, + // so force the cookie creation + request.getSession(true); + return new ModelAndView("redirect:" + redirectUrl); } } -- cgit 1.2.3-korg