From 179ff1eb0c1ac9eef4d152c47df5cb12a4584c0f Mon Sep 17 00:00:00 2001
From: "Kotta, Shireesha (sk434m)" <sk434m@att.com>
Date: Fri, 28 Jun 2019 15:27:29 -0400
Subject: PENTEST:Do not display stack trace for the api's

Issue-ID: PORTAL-654

PENTEST:Do not display stack trace for the api's and all users info for
get_user api

Change-Id: I68a4e3c7eba2628363275d63535290034591aa07
Signed-off-by: Kotta, Shireesha (sk434m) <sk434m@att.com>
---
 .../onboarding/crossapi/IPortalRestAPIService.java |  3 +--
 .../crossapi/PortalRestAPICentralServiceImpl.java  | 15 ++++++------
 .../onboarding/crossapi/PortalRestAPIProxy.java    | 28 +++++++++++-----------
 3 files changed, 23 insertions(+), 23 deletions(-)

(limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi')

diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/IPortalRestAPIService.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/IPortalRestAPIService.java
index f82e8737..c707d137 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/IPortalRestAPIService.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/IPortalRestAPIService.java
@@ -176,8 +176,7 @@ public interface IPortalRestAPIService {
 	 * @throws PortalAPIException
 	 *             If an unexpected error occurs while processing the request.
 	 */
-	public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException;
-
+	public boolean isAppAuthenticated(HttpServletRequest request, Map<String,String> appCredentials) throws PortalAPIException;
 	/**
 	 * Gets and returns the userId for the logged-in user based on the request. If
 	 * any error occurs, the method should throw PortalApiException with an
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java
index d53c0eb6..ab9c608a 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java
@@ -48,6 +48,7 @@ import java.util.stream.Collectors;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
 import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
 import org.onap.portalsdk.core.onboarding.rest.RestWebServiceClient;
@@ -114,7 +115,7 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
 			user = mapper.readValue(responseString, EcompUser.class);
 
 		} catch (IOException e) {
-			String response = "PortalRestAPICentralServiceImpl.getUser failed";
+			String response = "Failed to get user from portal";
 			logger.error(response, e);
 			throw new PortalAPIException(response, e);
 		}
@@ -133,7 +134,7 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
 					TypeFactory.defaultInstance().constructCollectionType(List.class, EcompUser.class));
 
 		} catch (IOException e) {
-			String response = "PortalRestAPICentralServiceImpl.getUsers failed";
+			String response = "Failed to get the users from portal";
 			logger.error(response, e);
 			throw new PortalAPIException(response, e);
 		}
@@ -152,7 +153,7 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
 					TypeFactory.defaultInstance().constructCollectionType(List.class, EcompRole.class));
 
 		} catch (IOException e) {
-			String response = "PortalRestAPICentralServiceImpl.getRoles failed";
+			String response = "Failed to get Roles from portal";
 			logger.error(response, e);
 			throw new PortalAPIException(response, e);
 		}
@@ -180,7 +181,7 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
 			userRoles = (List<EcompRole>) roles.stream().collect(Collectors.toList());
 
 		} catch (IOException e) {
-			String response = "PortalRestAPICentralServiceImpl.getUserRoles failed";
+			String response = "Failed to get user roles from portal";
 			logger.error(response, e);
 			throw new PortalAPIException(response, e);
 		}
@@ -188,10 +189,10 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
 	}
 
 	@Override
-	public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException {
+	public boolean isAppAuthenticated(HttpServletRequest request, Map<String,String> appCredentials) throws PortalAPIException {
 		boolean accessAllowed = false;
 		try {
-			accessAllowed = AuthUtil.isAccessAllowed(request, nameSpace);
+			accessAllowed = AuthUtil.isAccessAllowed(request, nameSpace, appCredentials);
 		} catch (Exception e) {
 			logger.error(e);
 		}
@@ -213,4 +214,4 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
 		return credentialsMap;
 	}
 
-}
+}
\ No newline at end of file
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
index 71f66168..29095970 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
@@ -202,7 +202,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 					response.setStatus(HttpServletResponse.SC_OK);
 				} catch (Exception ex) {
 					logger.error("doPost: " + storeAnalyticsContextPath + " caught exception", ex);
-					responseJson = buildJsonResponse(ex);
+					responseJson = buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 				}
 			}
@@ -212,7 +212,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 
 		boolean secure = false;
 		try {
-			secure = isAppAuthenticated(request);
+			secure = isAppAuthenticated(request, getCredentials());
 		} catch (PortalAPIException ex) {
 			logger.error("doPost: isAppAuthenticated threw exception", ex);
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
@@ -282,7 +282,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 					responseJson = buildJsonResponse(true, "user saved successfully");
 					response.setStatus(HttpServletResponse.SC_OK);
 				} catch (Exception ex) {
-					responseJson = buildJsonResponse(ex);
+					responseJson =  buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doPost: pushUser: caught exception", ex);
 				}
@@ -301,7 +301,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 					responseJson = buildJsonResponse(true, "user saved successfully");
 					response.setStatus(HttpServletResponse.SC_OK);
 				} catch (Exception ex) {
-					responseJson = buildJsonResponse(ex);
+					responseJson =  buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doPost: editUser: caught exception", ex);
 				}
@@ -325,7 +325,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 						response.setStatus(HttpServletResponse.SC_OK);
 					}
 				} catch (Exception ex) {
-					responseJson = buildJsonResponse(ex);
+					responseJson = buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doPost: pushUserRole: caught exception", ex);
 				}
@@ -403,7 +403,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 						logger.debug("doGet: " + webAnalyticsContextPath + ": " + responseString);
 					response.setStatus(HttpServletResponse.SC_OK);
 				} catch (Exception ex) {
-					responseString = buildJsonResponse(ex);
+					responseString = buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doGet: " + webAnalyticsContextPath + " caught exception", ex);
 				}
@@ -414,7 +414,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 
 		boolean secure = false;
 		try {
-			secure = isAppAuthenticated(request);
+			secure = isAppAuthenticated(request, getCredentials());
 		} catch (PortalAPIException ex) {
 			logger.error("doGet: isAppAuthenticated threw exception", ex);
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
@@ -452,7 +452,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 				} catch(Exception ex) {
 					String msg = "Failed to get session time outs";
 					logger.error("doGet: " + msg);
-					responseJson = buildJsonResponse(false, msg);
+					responseJson =  buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 				}
 			} else
@@ -478,7 +478,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 					if (logger.isDebugEnabled())
 						logger.debug("doGet: getAvailableRoles: " + responseJson);
 				} catch (Exception ex) {
-					responseJson = buildJsonResponse(ex);
+					responseJson =  buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doGet: getAvailableRoles: caught exception", ex);
 				}
@@ -492,7 +492,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 					if (logger.isDebugEnabled())
 						logger.debug("doGet: getUser: " + responseJson);
 				} catch (Exception ex) {
-					responseJson = buildJsonResponse(ex);
+					responseJson =  buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doGet: getUser: caught exception", ex);
 				}
@@ -507,7 +507,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 					if (logger.isDebugEnabled())
 						logger.debug("doGet: getUserRoles: " + responseJson);
 				} catch (Exception ex) {
-					responseJson = buildJsonResponse(ex);
+					responseJson = buildShortJsonResponse(ex);
 					response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 					logger.error("doGet: getUserRoles: caught exception", ex);
 				}
@@ -573,8 +573,8 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 	}
 
 	@Override
-	public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException {
-		return portalRestApiServiceImpl.isAppAuthenticated(request);
+	public boolean isAppAuthenticated(HttpServletRequest request, Map<String,String> appCredentials) throws PortalAPIException {
+		return portalRestApiServiceImpl.isAppAuthenticated(request, appCredentials);
 	}
 
 	/**
@@ -739,4 +739,4 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
 		}
 		return userEcompRoles;
 	}
-}
+}
\ No newline at end of file
-- 
cgit 1.2.3-korg