From 4082d3936832a2b6e3ba6c025ed5decf97baacbc Mon Sep 17 00:00:00 2001 From: vasraz Date: Tue, 19 Nov 2019 11:31:19 +0000 Subject: Fix Security Hotspots issues Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175 Signed-off-by: Vasyl Razinkov Issue-ID: SDC-2671 --- .../org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/main') diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java index cf22a3a574..f0a33da8a7 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java @@ -31,6 +31,9 @@ public class AuthenticationCookieUtils { private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName()); + private AuthenticationCookieUtils() { + } + /** * Update given cookie session time value to current time * @@ -58,6 +61,7 @@ public class AuthenticationCookieUtils { */ public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) { Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie ); + updatedCookie.setSecure(true); updatedCookie.setPath(cookieConfiguration.getCookiePath()); updatedCookie.setDomain(cookieConfiguration.getCookieDomain()); updatedCookie.setHttpOnly(cookieConfiguration.isCookieHttpOnly()); @@ -116,12 +120,11 @@ public class AuthenticationCookieUtils { * @param filterConfiguration * @return */ - public static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) { + private static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) { long currentIdleTime = currentTime - sessionTimeValue; long maxIdleTime = filterConfiguration.getSessionIdleTimeOut(); log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime, currentIdleTime, maxIdleTime); return currentIdleTime >= maxIdleTime; } - } -- cgit 1.2.3-korg