From 4082d3936832a2b6e3ba6c025ed5decf97baacbc Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Tue, 19 Nov 2019 11:31:19 +0000
Subject: Fix Security Hotspots issues

Change-Id: Icc45769cff71c8153c0afba6e2363b0399144175
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Issue-ID: SDC-2671
---
 .../org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'openecomp-be/backend/openecomp-sdc-security-util/src')

diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
index cf22a3a574..f0a33da8a7 100644
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtils.java
@@ -31,6 +31,9 @@ public class AuthenticationCookieUtils {
 
     private static final Logger log = LoggerFactory.getLogger(SessionValidationFilter.class.getName());
 
+    private AuthenticationCookieUtils() {
+    }
+
     /**
      * Update given cookie session time value to current time
      *
@@ -58,6 +61,7 @@ public class AuthenticationCookieUtils {
      */
     public static Cookie createUpdatedCookie(Cookie cookie, String encryptedCookie, ISessionValidationCookieConfiguration cookieConfiguration) {
         Cookie updatedCookie = new Cookie(cookie.getName(), encryptedCookie );
+        updatedCookie.setSecure(true);
         updatedCookie.setPath(cookieConfiguration.getCookiePath());
         updatedCookie.setDomain(cookieConfiguration.getCookieDomain());
         updatedCookie.setHttpOnly(cookieConfiguration.isCookieHttpOnly());
@@ -116,12 +120,11 @@ public class AuthenticationCookieUtils {
      * @param filterConfiguration
      * @return
      */
-    public static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
+    private static boolean isSessionIdle(long sessionTimeValue, long currentTime, ISessionValidationFilterConfiguration filterConfiguration) {
         long currentIdleTime = currentTime - sessionTimeValue;
         long maxIdleTime = filterConfiguration.getSessionIdleTimeOut();
         log.debug("SessionValidationFilter: Checking if session idle: session time: {}, current idle time: {}, max idle time: {}", currentTime, currentIdleTime, maxIdleTime);
         return currentIdleTime >= maxIdleTime;
     }
 
-
 }
-- 
cgit 1.2.3-korg