From 4082d3936832a2b6e3ba6c025ed5decf97baacbc Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 19 Nov 2019 11:31:19 +0000
Subject: Fix Security Hotspots issues

Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-2671
---
 .../main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java    | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'catalog-fe/src')

diff --git a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
index 84e0226e7a..d72268314a 100644
--- a/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
+++ b/catalog-fe/src/main/java/org/openecomp/sdc/fe/servlets/PortalServlet.java
@@ -20,6 +20,7 @@
 
 package org.openecomp.sdc.fe.servlets;
 
+import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
 import org.onap.portalsdk.core.onboarding.util.CipherUtil;
 import org.openecomp.sdc.common.impl.MutableHttpServletRequest;
 import org.openecomp.sdc.fe.Constants;
@@ -59,6 +60,7 @@ public class PortalServlet extends HttpServlet {
      */
     @GET
     @Path("/portal")
+    @Override
     public void doGet(@Context final HttpServletRequest request, @Context final HttpServletResponse response) {
         try {
             addRequestHeadersUsingWebseal(request, response);
@@ -190,7 +192,9 @@ public class PortalServlet extends HttpServlet {
             String currHeader = headers[i];
             String headerValue = request.getHeader(currHeader);
             if (headerValue != null) {
-                response.addCookie(new Cookie(currHeader, headerValue));
+                final Cookie cookie = new Cookie(currHeader, headerValue);
+                cookie.setSecure(true);
+                response.addCookie(cookie);
             }
         }
     }
@@ -273,7 +277,7 @@ public class PortalServlet extends HttpServlet {
         return newHeaderIsSet;
     }
 
-    private static String getUserIdFromCookie(HttpServletRequest request) throws Exception {
+    private static String getUserIdFromCookie(HttpServletRequest request) throws CipherUtilException {
         String userId = "";
         Cookie[] cookies = request.getCookies();
         Cookie userIdcookie = null;
-- 
cgit 1.2.3-korg