* ========================LICENSE_START=================================
* O-RAN-SC
* %%
- * Copyright (C) 2019 AT&T Intellectual Property and Nokia
+ * Copyright (C) 2019 AT&T Intellectual Property
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.onap.portalsdk.core.onboarding.util.KeyProperties;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
import org.onap.portalsdk.core.restful.domain.EcompRole;
import org.onap.portalsdk.core.restful.domain.EcompUser;
import org.oransc.ric.portal.dashboard.DashboardConstants;
+import org.oransc.ric.portal.dashboard.DashboardUserManager;
import org.oransc.ric.portal.dashboard.model.EcompUserDetails;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
* created and EPService cookie is set.
* </UL>
*
- * TODO: What about sessions? Will this be stateless?
+ * Open question: what about sessions? Will this be stateless?
*
* This filter uses no annotations to avoid Spring's automatic registration,
* which add this filter in the chain in the wrong order.
private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
- // Unfortunately these names are not available as constants
- private static final String[] securityPropertyFiles = { "ESAPI.properties", "key.properties", "portal.properties",
+ // Unfortunately not all file names are defined as constants
+ private static final String[] securityPropertyFiles = { KeyProperties.PROPERTY_FILE_NAME,
+ PortalApiProperties.PROPERTY_FILE_NAME, DefaultSecurityConfiguration.DEFAULT_RESOURCE_FILE,
"validation.properties" };
public static final String REDIRECT_URL_KEY = "redirectUrl";
if (in == null) {
String msg = "Failed to find property file on classpath: " + pf;
logger.error(msg);
- throw new RuntimeException(msg);
+ throw new SecurityException(msg);
} else {
try {
in.close();
String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl;
String aHref = "<a href=\"" + redirectUrl + "\">";
// If only Java had "here" documents.
- String body = String.join(//
+ return String.join(//
System.getProperty("line.separator"), //
"<html>", //
"<head>", //
"</p>", //
"</body>", //
"</html>");
- return body;
}
/**