diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-10-04 18:16:26 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2022-10-04 18:54:54 +0000 |
commit | 0899720f168c09d037e577109d7cab665fe1fb91 (patch) | |
tree | c6c210914a6fb029841d28de92cb760cdad6088d /utils/webseal-simulator/src/main/java/org | |
parent | ca487f60c2ca67794b16c0ff0cf5cc6deca556fc (diff) |
Fix bug 'X-Frame-Options not configured: Lack of clickjacking protection'
Add new Filter (ContentSecurityPolicyHeaderFilter)
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ic8151df64e4b95b3d59b44a5f74dd12210f55e87
Issue-ID: SDC-4192
Diffstat (limited to 'utils/webseal-simulator/src/main/java/org')
2 files changed, 74 insertions, 58 deletions
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java new file mode 100644 index 0000000000..ed4b4c1c39 --- /dev/null +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/ContentSecurityPolicyHeaderFilter.java @@ -0,0 +1,32 @@ +/* + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2022 Nordix Foundation. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.webseal.simulator; + +import org.openecomp.sdc.common.filters.ContentSecurityPolicyHeaderFilterAbstract; +import org.openecomp.sdc.webseal.simulator.conf.Conf; + +public class ContentSecurityPolicyHeaderFilter extends ContentSecurityPolicyHeaderFilterAbstract { + + @Override + protected String getPermittedAncestors() { + return Conf.getInstance().getPermittedAncestors(); + } +} diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java index 449fe62f49..eb498c975e 100644 --- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java +++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/conf/Conf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,75 +22,59 @@ package org.openecomp.sdc.webseal.simulator.conf; import com.typesafe.config.Config; import com.typesafe.config.ConfigFactory; -import org.openecomp.sdc.webseal.simulator.User; - import java.io.File; import java.util.HashMap; import java.util.List; import java.util.Map; +import lombok.Getter; +import lombok.Setter; +import org.openecomp.sdc.webseal.simulator.User; +@Getter +@Setter public class Conf { - private static Conf conf = new Conf(); - private String feHost; - private Map<String,User> users = new HashMap<String,User>(); + private static Conf conf = new Conf(); + private String feHost; + private Map<String, User> users = new HashMap<String, User>(); private String portalCookieName; + private String permittedAncestors; // Space separated list of permitted ancestors - private void setPortalCookieName(String portalCookieName) { - this.portalCookieName = portalCookieName; + private Conf() { + initConf(); } - public String getPortalCookieName() { - return portalCookieName; - } + private void initConf() { + try { + String confPath = System.getProperty("config.resource"); + if (confPath == null) { + System.out.println("config.resource is empty - goint to get it from config.home"); + confPath = System.getProperty("config.home") + "/webseal.conf"; + } + System.out.println("confPath=" + confPath); + final Config confFile = ConfigFactory.parseFileAnySyntax(new File(confPath)); + final Config resolve = confFile.resolve(); + setFeHost(resolve.getString("webseal.fe")); + setPortalCookieName(resolve.getString("webseal.portalCookieName")); + final List<? extends Config> list = resolve.getConfigList("webseal.users"); - private Conf(){ - initConf(); - } - - private void initConf() { - try{ - String confPath = System.getProperty("config.resource"); - if (confPath == null){ - System.out.println("config.resource is empty - goint to get it from config.home"); - confPath = System.getProperty("config.home") + "/webseal.conf"; - } - System.out.println("confPath=" + confPath ); - Config confFile = ConfigFactory.parseFileAnySyntax(new File(confPath)); - Config resolve = confFile.resolve(); - setFeHost(resolve.getString("webseal.fe")); - setPortalCookieName(resolve.getString("webseal.portalCookieName")); - List<? extends Config> list = resolve.getConfigList("webseal.users"); + for (final Config config : list) { + String userId = config.getString("userId"); + String password = config.getString("password"); + String firstName = config.getString("firstName"); + String lastName = config.getString("lastName"); + String email = config.getString("email"); + String role = config.getString("role"); + users.put(userId, new User(firstName, lastName, email, userId, role, password)); + } - for (Config conf : list ){ - String userId = conf.getString("userId"); - String password = conf.getString("password"); - String firstName = conf.getString("firstName"); - String lastName = conf.getString("lastName"); - String email = conf.getString("email"); - String role = conf.getString("role"); - users.put(userId,new User(firstName,lastName,email,userId,role,password)); - } - - }catch(Exception e){ - e.printStackTrace(); - } - } - - public static Conf getInstance(){ - return conf; - } + } catch (Exception e) { + e.printStackTrace(); + } + } - public String getFeHost() { - return feHost; - } + public static Conf getInstance() { + return conf; + } - public void setFeHost(String feHost) { - this.feHost = feHost; - } - - public Map<String,User> getUsers() { - return users; - } - } |