From a37fe92b5daca76aabd50ff1e6920670b30b84ee Mon Sep 17 00:00:00 2001
From: st782s <statta@research.att.com>
Date: Thu, 2 Nov 2017 17:05:10 -0400
Subject: Security vulnerability

Handle Session issues and security vulnerability login issue to by
preventing sql injection attack

Issue: PORTAL-137
Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f
Signed-off-by: st782s <statta@research.att.com>
---
 ecomp-sdk/epsdk-app-common/README.md                                 | 3 +++
 ecomp-sdk/epsdk-app-common/pom.xml                                   | 2 +-
 .../openecomp/portalapp/controller/core/SingleSignOnController.java  | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'ecomp-sdk/epsdk-app-common')

diff --git a/ecomp-sdk/epsdk-app-common/README.md b/ecomp-sdk/epsdk-app-common/README.md
index 8a7d0e60..edca9b5d 100644
--- a/ecomp-sdk/epsdk-app-common/README.md
+++ b/ecomp-sdk/epsdk-app-common/README.md
@@ -24,6 +24,9 @@ AngularJS version 1.5.0.
 
 ### ONAP Distributions
 
+Version 1.3.2, 1 November 2017
+- PORTAL-137 Enhance authentication
+
 Version 1.3.1, 15 October 2017
 - No changes
 
diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml
index bacab499..d10e4739 100644
--- a/ecomp-sdk/epsdk-app-common/pom.xml
+++ b/ecomp-sdk/epsdk-app-common/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>org.onap.portal.sdk</groupId>
 		<artifactId>epsdk-project</artifactId>
-		<version>1.3.1</version>
+		<version>1.3.2</version>
 	</parent>
 
 	<!-- GroupId is inherited from parent -->
diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
index 766d9eb9..f921581f 100644
--- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
+++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java
@@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController {
 			final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl;
 			logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}",
 					redirectUrl);
+
+			// this line may not be necessary but jsessionid cookie is not getting created in all cases,
+			// so force the cookie creation
+			request.getSession(true);
+
 			return new ModelAndView("redirect:" + redirectUrl);
 		}
 	}
-- 
cgit 1.2.3-korg