aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2019-11-19 11:31:19 +0000
committerOfir Sonsino <ofir.sonsino@intl.att.com>2019-12-01 15:26:46 +0000
commit4082d3936832a2b6e3ba6c025ed5decf97baacbc (patch)
tree7aa98027d982056d6412d5f763ecc2cefb866ebd
parent4a9ddb2618b8dde8820c08d934c708216b0ebca9 (diff)
Fix Security Hotspots issues
Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-2671
-rw-r--r--catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java8
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java7
2 files changed, 11 insertions, 4 deletions
diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 84e0226e7a..d72268314a 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -20,6 +20,7 @@
package org.openecomp.sdc.fe.servlets;
+import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
import org.onap.portalsdk.core.onboarding.util.CipherUtil;
import org.openecomp.sdc.common.impl.MutableHttpServletRequest;
import org.openecomp.sdc.fe.Constants;
@@ -59,6 +60,7 @@ public class PortalServlet extends HttpServlet {
*/
@GET
@Path("/portal")
+ @Override
public void doGet(@Context final HttpServletRequest request, @Context final HttpServletResponse response) {
try {
addRequestHeadersUsingWebseal(request, response);
@@ -190,7 +192,9 @@ public class PortalServlet extends HttpServlet {
String currHeader = headers[i];
String headerValue = request.getHeader(currHeader);
if (headerValue != null) {
- response.addCookie(new Cookie(currHeader, headerValue));
+ final Cookie cookie = new Cookie(currHeader, headerValue);
+ cookie.setSecure(true);
+ response.addCookie(cookie);
}
}
}
@@ -273,7 +277,7 @@ public class PortalServlet extends HttpServlet {
return newHeaderIsSet;
}
- private static String getUserIdFromCookie(HttpServletRequest request) throws Exception {
+ private static String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException {
String userId = "";
Cookie[] cookies = request.getCookies();
Cookie userIdcookie = null;
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
index cf22a3a574..f0a33da8a7 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
@@ -31,6 +31,9 @@ public class AuthenticationCookieUtils {
private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
+ private AuthenticationCookieUtils() {
+ }
+
/**
* Update given cookie session time value to current time
*
@@ -58,6 +61,7 @@ public class AuthenticationCookieUtils {
*/
public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) {
Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie );
+ updatedCookie.setSecure(true);
updatedCookie.setPath(cookieConfiguration.getCookiePath());
updatedCookie.setDomain(cookieConfiguration.getCookieDomain());
updatedCookie.setHttpOnly(cookieConfiguration.isCookieHttpOnly());
@@ -116,12 +120,11 @@ public class AuthenticationCookieUtils {
* @param filterConfiguration
* @return
*/
- public static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
+ private static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
long currentIdleTime = currentTime - sessionTimeValue;
long maxIdleTime = filterConfiguration.getSessionIdleTimeOut();
log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime, currentIdleTime, maxIdleTime);
return currentIdleTime >= maxIdleTime;
}
-
}