Add tests and adjust code for Sonar rules

[portal/ric-dashboard.git] / webapp-backend / src / main / java / org / oransc / ric / portal / dashboard / portalapi / PortalAuthenticationFilter.java

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java
index 10fef82..2337e3f 100644 (file)
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java
@@ -36,12 +36,15 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.onap.portalsdk.core.onboarding.util.KeyProperties;
 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
 import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
 import org.onap.portalsdk.core.restful.domain.EcompRole;
 import org.onap.portalsdk.core.restful.domain.EcompUser;
 import org.oransc.ric.portal.dashboard.DashboardConstants;
+import org.oransc.ric.portal.dashboard.DashboardUserManager;
 import org.oransc.ric.portal.dashboard.model.EcompUserDetails;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
@@ -69,7 +72,7 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
  * created and EPService cookie is set.
  * </UL>
  * 
- * TODO: What about sessions? Will this be stateless?
+ * Open question: what about sessions? Will this be stateless?
  * 
  * This filter uses no annotations to avoid Spring's automatic registration,
  * which add this filter in the chain in the wrong order.
@@ -78,8 +81,9 @@ public class PortalAuthenticationFilter implements Filter {
 
        private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
-       // Unfortunately these names are not available as constants
-       private static final String[] securityPropertyFiles = { "ESAPI.properties", "key.properties", "portal.properties",
+       // Unfortunately not all file names are defined as constants
+       private static final String[] securityPropertyFiles = { KeyProperties.PROPERTY_FILE_NAME,
+                       PortalApiProperties.PROPERTY_FILE_NAME, DefaultSecurityConfiguration.DEFAULT_RESOURCE_FILE,
                        "validation.properties" };
 
        public static final String REDIRECT_URL_KEY = "redirectUrl";
@@ -101,7 +105,7 @@ public class PortalAuthenticationFilter implements Filter {
                                if (in == null) {
                                        String msg = "Failed to find property file on classpath: " + pf;
                                        logger.error(msg);
-                                       throw new RuntimeException(msg);
+                                       throw new SecurityException(msg);
                                } else {
                                        try {
                                                in.close();
@@ -221,7 +225,7 @@ public class PortalAuthenticationFilter implements Filter {
                String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl;
                String aHref = "<a href=\"" + redirectUrl + "\">";
                // If only Java had "here" documents.
-               String body = String.join(//
+               return String.join(//
                                System.getProperty("line.separator"), //
                                "<html>", //
                                "<head>", //
@@ -240,7 +244,6 @@ public class PortalAuthenticationFilter implements Filter {
                                "</p>", //
                                "</body>", //
                                "</html>");
-               return body;
        }
 
        /**