From a37fe92b5daca76aabd50ff1e6920670b30b84ee Mon Sep 17 00:00:00 2001 From: st782s Date: Thu, 2 Nov 2017 17:05:10 -0400 Subject: Security vulnerability Handle Session issues and security vulnerability login issue to by preventing sql injection attack Issue: PORTAL-137 Change-Id: I16eeacd6958af1a8274259e5dc0a008c5f64fb9f Signed-off-by: st782s --- ecomp-sdk/epsdk-app-common/README.md | 3 +++ ecomp-sdk/epsdk-app-common/pom.xml | 2 +- .../openecomp/portalapp/controller/core/SingleSignOnController.java | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) (limited to 'ecomp-sdk/epsdk-app-common') diff --git a/ecomp-sdk/epsdk-app-common/README.md b/ecomp-sdk/epsdk-app-common/README.md index 8a7d0e60..edca9b5d 100644 --- a/ecomp-sdk/epsdk-app-common/README.md +++ b/ecomp-sdk/epsdk-app-common/README.md @@ -24,6 +24,9 @@ AngularJS version 1.5.0. ### ONAP Distributions +Version 1.3.2, 1 November 2017 +- PORTAL-137 Enhance authentication + Version 1.3.1, 15 October 2017 - No changes diff --git a/ecomp-sdk/epsdk-app-common/pom.xml b/ecomp-sdk/epsdk-app-common/pom.xml index bacab499..d10e4739 100644 --- a/ecomp-sdk/epsdk-app-common/pom.xml +++ b/ecomp-sdk/epsdk-app-common/pom.xml @@ -5,7 +5,7 @@ org.onap.portal.sdk epsdk-project - 1.3.1 + 1.3.2 diff --git a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java index 766d9eb9..f921581f 100644 --- a/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java +++ b/ecomp-sdk/epsdk-app-common/src/main/java/org/openecomp/portalapp/controller/core/SingleSignOnController.java @@ -187,6 +187,11 @@ public class SingleSignOnController extends UnRestrictedBaseController { final String redirectUrl = portalUrl + "?uebAppKey=" + uebAppKey + "&redirectUrl=" + encodedReturnToAppUrl; logger.debug(EELFLoggerDelegate.debugLogger, "singleSignOnLogin: portal-bound redirect URL is {}", redirectUrl); + + // this line may not be necessary but jsessionid cookie is not getting created in all cases, + // so force the cookie creation + request.getSession(true); + return new ModelAndView("redirect:" + redirectUrl); } } -- cgit 1.2.3-korg