From 4082d3936832a2b6e3ba6c025ed5decf97baacbc Mon Sep 17 00:00:00 2001 From: vasraz Date: Tue, 19 Nov 2019 11:31:19 +0000 Subject: Fix Security Hotspots issues Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175 Signed-off-by: Vasyl Razinkov Issue-ID: SDC-2671 --- .../main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'catalog-fe/src/main') diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java index 84e0226e7a..d72268314a 100644 --- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java +++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java @@ -20,6 +20,7 @@ package org.openecomp.sdc.fe.servlets; +import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; import org.onap.portalsdk.core.onboarding.util.CipherUtil; import org.openecomp.sdc.common.impl.MutableHttpServletRequest; import org.openecomp.sdc.fe.Constants; @@ -59,6 +60,7 @@ public class PortalServlet extends HttpServlet { */ @GET @Path("/portal") + @Override public void doGet(@Context final HttpServletRequest request, @Context final HttpServletResponse response) { try { addRequestHeadersUsingWebseal(request, response); @@ -190,7 +192,9 @@ public class PortalServlet extends HttpServlet { String currHeader = headers[i]; String headerValue = request.getHeader(currHeader); if (headerValue != null) { - response.addCookie(new Cookie(currHeader, headerValue)); + final Cookie cookie = new Cookie(currHeader, headerValue); + cookie.setSecure(true); + response.addCookie(cookie); } } } @@ -273,7 +277,7 @@ public class PortalServlet extends HttpServlet { return newHeaderIsSet; } - private static String getUserIdFromCookie(HttpServletRequest request) throws Exception { + private static String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException { String userId = ""; Cookie[] cookies = request.getCookies(); Cookie userIdcookie = null; -- cgit 1.2.3-korg