diff options
author | vasraz <vasyl.razinkov@est.tech> | 2019-11-19 11:31:19 +0000 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2019-12-01 15:26:46 +0000 |
commit | 4082d3936832a2b6e3ba6c025ed5decf97baacbc (patch) | |
tree | 7aa98027d982056d6412d5f763ecc2cefb866ebd | |
parent | 4a9ddb2618b8dde8820c08d934c708216b0ebca9 (diff) |
Fix Security Hotspots issues
Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-2671
2 files changed, 11 insertions, 4 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java index 84e0226e7a..d72268314a 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java @@ -20,6 +20,7 @@ package org.openecomp.sdc.fe.servlets; +import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; import org.onap.portalsdk.core.onboarding.util.CipherUtil; import org.openecomp.sdc.common.impl.MutableHttpServletRequest; import org.openecomp.sdc.fe.Constants; @@ -59,6 +60,7 @@ public class PortalServlet extends HttpServlet { */ @GET @Path("/portal") + @Override public void doGet(@Context final HttpServletRequest request, @Context final HttpServletResponse response) { try { addRequestHeadersUsingWebseal(request, response); @@ -190,7 +192,9 @@ public class PortalServlet extends HttpServlet { String currHeader = headers[i]; String headerValue = request.getHeader(currHeader); if (headerValue != null) { - response.addCookie(new Cookie(currHeader, headerValue)); + final Cookie cookie = new Cookie(currHeader, headerValue); + cookie.setSecure(true); + response.addCookie(cookie); } } } @@ -273,7 +277,7 @@ public class PortalServlet extends HttpServlet { return newHeaderIsSet; } - private static String getUserIdFromCookie(HttpServletRequest request) throws Exception { + private static String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException { String userId = ""; Cookie[] cookies = request.getCookies(); Cookie userIdcookie = null; diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java index cf22a3a574..f0a33da8a7 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java @@ -31,6 +31,9 @@ public class AuthenticationCookieUtils { private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName()); + private AuthenticationCookieUtils() { + } + /** * Update given cookie session time value to current time * @@ -58,6 +61,7 @@ public class AuthenticationCookieUtils { */ public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) { Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie ); + updatedCookie.setSecure(true); updatedCookie.setPath(cookieConfiguration.getCookiePath()); updatedCookie.setDomain(cookieConfiguration.getCookieDomain()); updatedCookie.setHttpOnly(cookieConfiguration.isCookieHttpOnly()); @@ -116,12 +120,11 @@ public class AuthenticationCookieUtils { * @param filterConfiguration * @return */ - public static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) { + private static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) { long currentIdleTime = currentTime - sessionTimeValue; long maxIdleTime = filterConfiguration.getSessionIdleTimeOut(); log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime, currentIdleTime, maxIdleTime); return currentIdleTime >= maxIdleTime; } - } |