aboutsummaryrefslogtreecommitdiffstats
path: root/utils/webseal-simulator/src
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2021-10-21 17:32:16 +0100
committerMichael Morris <michael.morris@est.tech>2021-11-15 11:50:33 +0000
commitb08ac296b31f001c946b1371f213ac302ff9c12e (patch)
tree3be6bcc7c025a82ec15fc35061f5f0e7dc024aeb /utils/webseal-simulator/src
parent7353fb39790b51c593cb0f72c6ab46d906758244 (diff)
Fix critical cross site scripting
Change-Id: I66a220f71a2e950055107a725191b46bcbe8c6a6 Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Issue-ID: SDC-3607 Issue-ID: SDC-3755
Diffstat (limited to 'utils/webseal-simulator/src')
-rw-r--r--utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java266
-rw-r--r--utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java210
-rw-r--r--utils/webseal-simulator/src/main/resources/webseal.conf16
-rw-r--r--utils/webseal-simulator/src/main/webapp/login.html29
4 files changed, 251 insertions, 270 deletions
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java
index 3d4e772006..32d8c2916d 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/Login.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,149 +20,137 @@
package org.openecomp.sdc.webseal.simulator;
-import org.openecomp.sdc.webseal.simulator.conf.Conf;
-
-import javax.servlet.ServletConfig;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Collection;
+import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Collection;
-import java.util.Iterator;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
+import org.openecomp.sdc.webseal.simulator.conf.Conf;
public class Login extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
- @Override
- public void init(final ServletConfig config) throws ServletException {
- super.init(config);
- }
-
- @Override
- protected void doGet(final HttpServletRequest request, final HttpServletResponse response)
- throws ServletException, IOException {
-
- if (null != request.getParameter("userId")) {
- doPost(request, response);
- return;
- }
- System.out.println("about to build login page");
- response.setContentType("text/html");
- PrintWriter writer = response.getWriter();
-
- Collection<User> allUsers = Conf.getInstance().getUsers().values();
- writer.println("<html>");
-
- writer.println("<head>");
- writer.println("<style>");
- writer.println("body {padding: 40px; font-family: Arial; font-size: 14px;}");
- writer.println("h1 {background-color: #DDDDDD; padding: 4px 10px;}");
- writer.println("h2 {margin-top: 20px;}");
- writer.println(".label {width: 100px; float:left;}");
- writer.println(".break {display: block; margin-bottom: 10px;}");
- writer.println("tr {padding: 4px 10px;}");
- writer.println("th {padding: 4px 10px; text-align: left; background-color: #dddddd;}");
- writer.println("td {padding: 4px 10px; text-align: left;}");
- writer.println("</style>");
- writer.println("</head>");
-
- writer.println("<body>");
-
- writer.println("<h1>Webseal simulator</h1>");
- writer.println("<h2>Login:</h2>");
-
- writer.println("<form action=\"\" method=\"post\">");
- writer.println(" <div class='label'>User id:</div>");
- writer.println(" <input type='text' name='userId'>");
- writer.println(" <div class='break'></div>");
-
- writer.println(" <div class='label'>Password:</div>");
- writer.println(" <input type='password' name='password'>");
- writer.println(" <div class='break'></div>");
-
- writer.println(" <input type='submit' value='Login'>");
- writer.println(" <label name='message'></label>");
- writer.println("</form>");
-
- writer.println("<hr/>");
- writer.println("<h2>Quick links:</h2>");
- writer.println("<table>");
- writer.println("<tr>");
- writer.println("<th>full name</th>");
- writer.println("<th>user id</th>");
- writer.println("<th>role</th>");
- writer.println("<th>action</th>");
- writer.println("</tr>");
- Iterator<User> iterator = allUsers.iterator();
- while (iterator.hasNext()) {
- User user = iterator.next();
- writer.println("<tr>");
- writer.println("<td>" + user.getUserRef() + "</td>");
- writer.println("<td>" + user.getUserId() + "</td>");
- writer.println("<td>" + user.getRole() + "</td>");
- writer.println("<td>" + user.getUserCreateRef() + "</td>");
- writer.println("</tr>");
- }
- writer.println("</table>");
-
- writer.println("<a href='create?all=true' target='resultFrame'>Create All</a>");
- writer.println("<hr/><iframe name='resultFrame' width='400' height='300'></iframe>");
-
- writer.println("</body>");
- writer.println("</html>");
-
- }
-
- public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
-
- String userId = request.getParameter("userId");
- String password = request.getParameter("password");
- request.setAttribute("message", "OK");
-
- System.out.println("Login -> doPost userId=" + userId);
- User user = getUser(userId, password);
- if (user == null) {
- response.sendError(500, "ERROR: userId or password incorrect");
-// doGet(request, response);
- } else {
- System.out.println("Login -> doPost redirect to /sdc1 (to proxy)");
- Cookie cookieUser = new Cookie("HTTP_IV_USER", user.getUserId());
- Cookie cookieUserId = new Cookie("USER_ID", user.getUserId());
- Cookie cookieFirstName = new Cookie("HTTP_CSP_FIRSTNAME", user.getFirstName());
- Cookie cookieEmail = new Cookie("HTTP_CSP_EMAIL", user.getEmail());
- Cookie cookieLastName = new Cookie("HTTP_CSP_LASTNAME", user.getLastName());
- Cookie cookieRemoteAddress = new Cookie("HTTP_IV_REMOTE_ADDRESS", "0.0.0.0");
- Cookie cookieWsType = new Cookie("HTTP_CSP_WSTYPE", "Intranet");
- response.addCookie(cookieUser);
- response.addCookie(cookieUserId);
- response.addCookie(cookieFirstName);
- response.addCookie(cookieEmail);
- response.addCookie(cookieLastName);
- response.addCookie(cookieRemoteAddress);
- response.addCookie(cookieWsType);
- response.addCookie(new Cookie(Conf.getInstance().getPortalCookieName(), "portal"));
- response.sendRedirect("/sdc1");
- }
-
- }
-
- private User getUser(String userId, String password) {
- User user = Conf.getInstance().getUsers().get(userId);
- if (user == null) {
- return null;
- }
- if (!password.equals(user.getPassword())) {
- return null;
- }
- return user;
- }
-
- @Override
- public String getServletInfo() {
- return "Http Proxy Servlet";
- }
+ private static final long serialVersionUID = 1L;
+ private static final Logger logger = LoggerFactory.getLogger(Login.class);
+
+ @Override
+ protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
+
+ if (null != request.getParameter("userId")) {
+ doPost(request, response);
+ return;
+ }
+ logger.info("about to build login page");
+ response.setContentType("text/html");
+ PrintWriter writer = response.getWriter();
+
+ Collection<User> allUsers = Conf.getInstance().getUsers().values();
+ writer.println("<html>");
+
+ writer.println("<head>");
+ writer.println("<style>");
+ writer.println("body {padding: 40px; font-family: Arial; font-size: 14px;}");
+ writer.println("h1 {background-color: #DDDDDD; padding: 4px 10px;}");
+ writer.println("h2 {margin-top: 20px;}");
+ writer.println(".label {width: 100px; float:left;}");
+ writer.println(".break {display: block; margin-bottom: 10px;}");
+ writer.println("tr {padding: 4px 10px;}");
+ writer.println("th {padding: 4px 10px; text-align: left; background-color: #dddddd;}");
+ writer.println("td {padding: 4px 10px; text-align: left;}");
+ writer.println("</style>");
+ writer.println("</head>");
+
+ writer.println("<body>");
+
+ writer.println("<h1>Webseal simulator</h1>");
+ writer.println("<h2>Login:</h2>");
+
+ writer.println("<form action=\"\" method=\"post\">");
+ writer.println(" <div class='label'>User id:</div>");
+ writer.println(" <input type='text' name='userId'>");
+ writer.println(" <div class='break'></div>");
+
+ writer.println(" <div class='label'>Password:</div>");
+ writer.println(" <input type='password' name='password'>");
+ writer.println(" <div class='break'></div>");
+
+ writer.println(" <input type='submit' value='Login'>");
+ writer.println(" <label name='message'></label>");
+ writer.println("</form>");
+
+ writer.println("<hr/>");
+ writer.println("<h2>Quick links:</h2>");
+ writer.println("<table>");
+ writer.println("<tr>");
+ writer.println("<th>full name</th>");
+ writer.println("<th>user id</th>");
+ writer.println("<th>role</th>");
+ writer.println("<th>action</th>");
+ writer.println("</tr>");
+ Iterator<User> iterator = allUsers.iterator();
+ while (iterator.hasNext()) {
+ User user = iterator.next();
+ writer.println("<tr>");
+ writer.println("<td>" + user.getUserRef() + "</td>");
+ writer.println("<td>" + user.getUserId() + "</td>");
+ writer.println("<td>" + user.getRole() + "</td>");
+ writer.println("<td>" + user.getUserCreateRef() + "</td>");
+ writer.println("</tr>");
+ }
+ writer.println("</table>");
+
+ writer.println("<a href='create?all=true' target='resultFrame'>Create All</a>");
+ writer.println("<hr/><iframe name='resultFrame' width='400' height='300'></iframe>");
+
+ writer.println("</body>");
+ writer.println("</html>");
+
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ String userId = request.getParameter("userId");
+ String password = request.getParameter("password");
+ request.setAttribute("message", "OK");
+
+ logger.info("Login -> doPost userId={}", userId);
+ User user = getUser(userId, password);
+ if (user == null) {
+ response.sendError(500, "ERROR: userId or password incorrect");
+ } else {
+ logger.info("Login -> doPost redirect to /sdc1 (to proxy)");
+ response.addCookie(new Cookie("HTTP_IV_USER", user.getUserId()));
+ response.addCookie(new Cookie("USER_ID", user.getUserId()));
+ response.addCookie(new Cookie("HTTP_CSP_FIRSTNAME", user.getFirstName()));
+ response.addCookie(new Cookie("HTTP_CSP_EMAIL", user.getEmail()));
+ response.addCookie(new Cookie("HTTP_CSP_LASTNAME", user.getLastName()));
+ response.addCookie(new Cookie("HTTP_IV_REMOTE_ADDRESS", "0.0.0.0"));
+ response.addCookie(new Cookie("HTTP_CSP_WSTYPE", "Intranet"));
+ response.addCookie(new Cookie(Conf.getInstance().getPortalCookieName(), "portal"));
+ response.sendRedirect("/sdc1");
+ }
+
+ }
+
+ private User getUser(String userId, String password) {
+ User user = Conf.getInstance().getUsers().get(userId);
+ if (user == null) {
+ return null;
+ }
+ if (!password.equals(user.getPassword())) {
+ return null;
+ }
+ return user;
+ }
+
+ @Override
+ public String getServletInfo() {
+ return "Http Proxy Servlet";
+ }
}
diff --git a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
index ea4203dcc1..51d6796c4c 100644
--- a/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
+++ b/utils/webseal-simulator/src/main/java/org/openecomp/sdc/webseal/simulator/SdcProxy.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,8 +20,43 @@
package org.openecomp.sdc.webseal.simulator;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.zip.GZIPInputStream;
+import javax.net.ssl.SSLContext;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
import org.apache.http.Header;
-import org.apache.http.client.methods.*;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
@@ -35,54 +70,31 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
-import org.openecomp.sdc.logging.api.Logger;
-import org.openecomp.sdc.logging.api.LoggerFactory;
import org.openecomp.sdc.webseal.simulator.conf.Conf;
-import javax.net.ssl.SSLContext;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.net.URLEncoder;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.util.*;
-import java.util.stream.Collectors;
-import java.util.zip.GZIPInputStream;
-
public class SdcProxy extends HttpServlet {
private static final long serialVersionUID = 1L;
- private static URL url;
+ private static final Set<String> RESERVED_HEADERS =
+ Arrays.stream(ReservedHeaders.values()).map(ReservedHeaders::getValue).collect(Collectors.toSet());
+ private static final String USER_ID = "USER_ID";
+ private static final String HTTP_IV_USER = "HTTP_IV_USER";
+ private static final String SDC1 = "/sdc1";
+ private static final String ONBOARDING = "/onboarding/";
+ private static final String SCRIPTS = "/scripts";
+ private static final String STYLES = "/styles";
+ private static final String LANGUAGES = "/languages";
+ private static final String CONFIGURATIONS = "/configurations";
+ private URL url;
private CloseableHttpClient httpClient;
private Conf conf;
- private final String SDC1 = "/sdc1";
- private final String ONBOARDING = "/onboarding/";
- private final String SCRIPTS = "/scripts";
- private final String STYLES = "/styles";
- private final String LANGUAGES = "/languages";
- private final String CONFIGURATIONS = "/configurations";
- private static final Set<String> RESERVED_HEADERS = Arrays.stream(ReservedHeaders.values()).map(h -> h.getValue()).collect(Collectors.toSet());
-
- private static final Logger logger = LoggerFactory.getLogger(SdcProxy.class);
+ @Override
public void init(ServletConfig config) throws ServletException {
super.init(config);
conf = Conf.getInstance();
try {
- String feHost = conf.getFeHost();
- url = new URL(feHost);
+ url = new URL(conf.getFeHost());
} catch (MalformedURLException me) {
throw new ServletException("Proxy URL is invalid", me);
}
@@ -94,10 +106,12 @@ public class SdcProxy extends HttpServlet {
}
}
+ @Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
proxy(request, response, MethodEnum.GET);
}
+ @Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String userId = request.getParameter("userId");
@@ -105,7 +119,7 @@ public class SdcProxy extends HttpServlet {
// Already sign-in
if (userId == null) {
- userId = request.getHeader("USER_ID");
+ userId = request.getHeader(USER_ID);
}
System.out.println("SdcProxy -> doPost userId=" + userId);
@@ -117,25 +131,25 @@ public class SdcProxy extends HttpServlet {
view.forward(mutableRequest, response);
} else {
System.out.println("SdcProxy -> doPost going to doGet");
- request.setAttribute("HTTP_IV_USER", userId);
+ request.setAttribute(HTTP_IV_USER, userId);
proxy(request, response, MethodEnum.POST);
}
}
+ @Override
public void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
proxy(request, response, MethodEnum.PUT);
}
+ @Override
public void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
proxy(request, response, MethodEnum.DELETE);
}
- private synchronized void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException, UnsupportedEncodingException {
+ private synchronized void proxy(HttpServletRequest request, HttpServletResponse response, MethodEnum methodEnum) throws IOException {
Map<String, String[]> requestParameters = request.getParameterMap();
String userIdHeader = getUseridFromRequest(request);
- User user = getUser(userIdHeader);
-
// new request - forward to login page
if (userIdHeader == null) {
System.out.print("Going to login");
@@ -143,17 +157,19 @@ public class SdcProxy extends HttpServlet {
return;
}
+ final User user = getUser(userIdHeader);
+
String uri = getUri(request, requestParameters);
HttpRequestBase httpMethod = createHttpMethod(request, methodEnum, uri);
addHeadersToMethod(httpMethod, user, request);
- try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)){;
+ try (CloseableHttpResponse closeableHttpResponse = httpClient.execute(httpMethod)) {
response.setStatus(closeableHttpResponse.getStatusLine().getStatusCode());
if (request.getRequestURI().indexOf(".svg") > -1) {
response.setContentType("image/svg+xml");
}
- if(closeableHttpResponse.getEntity() != null) {
+ if (closeableHttpResponse.getEntity() != null) {
InputStream responseBodyStream = closeableHttpResponse.getEntity().getContent();
Header contentEncodingHeader = closeableHttpResponse.getLastHeader("Content-Encoding");
if (contentEncodingHeader != null && contentEncodingHeader.getValue().equalsIgnoreCase("gzip")) {
@@ -194,8 +210,7 @@ public class SdcProxy extends HttpServlet {
suffix = alignUrlProxy(suffix);
}
StringBuilder query = alignUrlParameters(requestParameters);
- String uri = String.format("%s%s", new Object[]{this.url.toString() + suffix, query.toString()});
- return uri;
+ return String.format("%s%s", url.toString() + suffix, query.toString());
}
private HttpRequestBase createHttpMethod(HttpServletRequest request, MethodEnum methodEnum, String uri) throws IOException {
@@ -228,20 +243,20 @@ public class SdcProxy extends HttpServlet {
private ContentType getContentType(HttpServletRequest request) {
String contentTypeStr = request.getContentType();
- if (contentTypeStr == null ){
- contentTypeStr = request.getHeader("contentType");
- }
+ if (contentTypeStr == null) {
+ contentTypeStr = request.getHeader("contentType");
+ }
ContentType contentType = ContentType.parse(contentTypeStr);
return ContentType.create(contentType.getMimeType());
}
private String getUseridFromRequest(HttpServletRequest request) {
- String userIdHeader = request.getHeader("USER_ID");
+ String userIdHeader = request.getHeader(USER_ID);
if (userIdHeader != null) {
return userIdHeader;
}
- Object o = request.getAttribute("HTTP_IV_USER");
+ Object o = request.getAttribute(HTTP_IV_USER);
if (o != null) {
return o.toString();
}
@@ -249,7 +264,7 @@ public class SdcProxy extends HttpServlet {
if (cookies != null) {
for (int i = 0; i < cookies.length; ++i) {
- if (cookies[i].getName().equals("USER_ID")) {
+ if (cookies[i].getName().equals(USER_ID)) {
userIdHeader = cookies[i].getValue();
}
}
@@ -257,7 +272,7 @@ public class SdcProxy extends HttpServlet {
return userIdHeader;
}
- private static void addHeadersToMethod(HttpUriRequest proxyMethod, User user, HttpServletRequest request) {
+ private void addHeadersToMethod(HttpUriRequest proxyMethod, User user, HttpServletRequest request) {
proxyMethod.setHeader(ReservedHeaders.HTTP_IV_USER.name(), user.getUserId());
proxyMethod.setHeader(ReservedHeaders.USER_ID.name(), user.getUserId());
@@ -266,19 +281,19 @@ public class SdcProxy extends HttpServlet {
proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_LASTNAME.name(), user.getLastName());
proxyMethod.setHeader(ReservedHeaders.HTTP_IV_REMOTE_ADDRESS.name(), "0.0.0.0");
proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_WSTYPE.name(), "Intranet");
- proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_EMAIL.name(), "me@mail.com");
-
- Enumeration<String> headerNames = request.getHeaderNames();
- while (headerNames.hasMoreElements()) {
- String headerName = headerNames.nextElement();
- if (!RESERVED_HEADERS.contains(headerName)) {
- Enumeration<String> headers = request.getHeaders(headerName);
- while (headers.hasMoreElements()) {
- String headerValue = headers.nextElement();
- proxyMethod.setHeader(headerName, headerValue);
- }
- }
- }
+ proxyMethod.setHeader(ReservedHeaders.HTTP_CSP_EMAIL.name(), "me@mail.com");
+
+ Enumeration<String> headerNames = request.getHeaderNames();
+ while (headerNames.hasMoreElements()) {
+ String headerName = headerNames.nextElement();
+ if (!RESERVED_HEADERS.contains(headerName)) {
+ Enumeration<String> headers = request.getHeaders(headerName);
+ while (headers.hasMoreElements()) {
+ String headerValue = headers.nextElement();
+ proxyMethod.setHeader(headerName, headerValue);
+ }
+ }
+ }
}
private String alignUrlProxy(String requestURI) {
@@ -301,19 +316,16 @@ public class SdcProxy extends HttpServlet {
return SDC1 + requestURI;
}
- private static StringBuilder alignUrlParameters(Map<String, String[]> requestParameters) throws UnsupportedEncodingException {
- StringBuilder query = new StringBuilder();
- for (String name : requestParameters.keySet()) {
- for (String value : (String[]) requestParameters.get(name)) {
+ private StringBuilder alignUrlParameters(Map<String, String[]> requestParameters) throws UnsupportedEncodingException {
+ final var query = new StringBuilder();
+ for (final Entry<String, String[]> entry : requestParameters.entrySet()) {
+ for (final String value : entry.getValue()) {
if (query.length() == 0) {
query.append("?");
} else {
query.append("&");
}
- name = URLEncoder.encode(name, "UTF-8");
- value = URLEncoder.encode(value, "UTF-8");
-
- query.append(String.format("&%s=%s", new Object[]{name, value}));
+ query.append(String.format("&%s=%s", URLEncoder.encode(entry.getKey(), "UTF-8"), URLEncoder.encode(value, "UTF-8")));
}
}
return query;
@@ -327,38 +339,36 @@ public class SdcProxy extends HttpServlet {
outputStream.flush();
}
+ @Override
public String getServletInfo() {
return "Http Proxy Servlet";
}
- enum ReservedHeaders {
- HTTP_IV_USER("HTTP_IV_USER"), USER_ID("USER_ID"), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL("HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE("HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length");
-
- private String value;
-
- ReservedHeaders(String value) {
- this.value = value;
- }
-
- public String getValue() {
- return value;
- }
- }
-
-
- private static CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException {
- SSLContextBuilder builder = new SSLContextBuilder();
+ private CloseableHttpClient buildRestClient() throws NoSuchAlgorithmException, KeyStoreException {
+ final var builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContext.getDefault(),
- NoopHostnameVerifier.INSTANCE);
+ NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
- .register("http", new PlainConnectionSocketFactory())
- .register("https", sslsf)
- .build();
+ .register("http", new PlainConnectionSocketFactory())
+ .register("https", sslsf)
+ .build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
return HttpClients.custom()
- .setSSLSocketFactory(sslsf)
- .setConnectionManager(cm)
- .build();
+ .setSSLSocketFactory(sslsf)
+ .setConnectionManager(cm)
+ .build();
+ }
+
+ @AllArgsConstructor
+ @Getter
+ enum ReservedHeaders {
+ HTTP_IV_USER(SdcProxy.HTTP_IV_USER), USER_ID(SdcProxy.USER_ID), HTTP_CSP_FIRSTNAME("HTTP_CSP_FIRSTNAME"), HTTP_CSP_EMAIL(
+ "HTTP_CSP_EMAIL"), HTTP_CSP_LASTNAME("HTTP_CSP_LASTNAME"), HTTP_IV_REMOTE_ADDRESS("HTTP_IV_REMOTE_ADDRESS"), HTTP_CSP_WSTYPE(
+ "HTTP_CSP_WSTYPE"), HOST("Host"), CONTENTLENGTH("Content-Length");
+
+ private final String value;
+
}
+
}
diff --git a/utils/webseal-simulator/src/main/resources/webseal.conf b/utils/webseal-simulator/src/main/resources/webseal.conf
index 7065725ab1..c711a73113 100644
--- a/utils/webseal-simulator/src/main/resources/webseal.conf
+++ b/utils/webseal-simulator/src/main/resources/webseal.conf
@@ -11,14 +11,6 @@
email="csantana@sdc.com"
},
{
- userId="op0001"
- password="123123a"
- firstName="Aretha"
- lastName="Franklin"
- role="Ops"
- email="afranklin@sdc.com"
- },
- {
userId="jh0003"
password="123123a"
firstName="Jimmy"
@@ -35,14 +27,6 @@
email="tester@sdc.com"
},
{
- userId="gv0001"
- password="123123a"
- firstName="David"
- lastName="Shadmi"
- role="Governor"
- email="governor@sdc.com"
- },
- {
userId="pm0001"
password="123123a"
firstName="Teddy"
diff --git a/utils/webseal-simulator/src/main/webapp/login.html b/utils/webseal-simulator/src/main/webapp/login.html
index 2f6a324fcf..4d9eccb670 100644
--- a/utils/webseal-simulator/src/main/webapp/login.html
+++ b/utils/webseal-simulator/src/main/webapp/login.html
@@ -1,5 +1,5 @@
<!--
- ~ Copyright © 2016-2018 European Support Limited
+ ~ Copyright (C) 2016-2018 European Support Limited
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
@@ -13,22 +13,21 @@
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
-
-<html>
+
+<!DOCTYPE html>
+<html lang="en">
+<head><title>Login page</title></head>
<body>
Login
-
-
<form action="access" method="post">
- UserId:<br>
- <input type="text" name="userId" >
- <br>
- PASSWORD:<br>
- <input type="password" name="password" >
- <br><br>
- <input type="submit" value="Submit">
-
- <label name="message"/>
+ <label>UserId:<br>
+ <input type="text" name="userId">
+ </label>
+ <label>PASSWORD:<br>
+ <input type="password" name="password">
+ </label>
+ <input type="submit" value="Submit">
+
+ <label name="message"></label>
</form>
</body>
-</html> \ No newline at end of file