X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fportalapi%2FPortalAuthenticationFilter.java;h=2337e3f6834965813635d1144d041ef77c8617b7;hb=09a0d3c769ba83727fe454093cd6054eca77cfdf;hp=10fef82dece1c998f797367cecc8da0d4033e592;hpb=44203c43bb16a87eb54cc97431a026e111842c97;p=portal%2Fric-dashboard.git diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java index 10fef82d..2337e3f6 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java @@ -36,12 +36,15 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.onap.portalsdk.core.onboarding.util.KeyProperties; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; import org.onap.portalsdk.core.restful.domain.EcompRole; import org.onap.portalsdk.core.restful.domain.EcompUser; import org.oransc.ric.portal.dashboard.DashboardConstants; +import org.oransc.ric.portal.dashboard.DashboardUserManager; import org.oransc.ric.portal.dashboard.model.EcompUserDetails; +import org.owasp.esapi.reference.DefaultSecurityConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; @@ -69,7 +72,7 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA * created and EPService cookie is set. * * - * TODO: What about sessions? Will this be stateless? + * Open question: what about sessions? Will this be stateless? * * This filter uses no annotations to avoid Spring's automatic registration, * which add this filter in the chain in the wrong order. @@ -78,8 +81,9 @@ public class PortalAuthenticationFilter implements Filter { private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - // Unfortunately these names are not available as constants - private static final String[] securityPropertyFiles = { "ESAPI.properties", "key.properties", "portal.properties", + // Unfortunately not all file names are defined as constants + private static final String[] securityPropertyFiles = { KeyProperties.PROPERTY_FILE_NAME, + PortalApiProperties.PROPERTY_FILE_NAME, DefaultSecurityConfiguration.DEFAULT_RESOURCE_FILE, "validation.properties" }; public static final String REDIRECT_URL_KEY = "redirectUrl"; @@ -101,7 +105,7 @@ public class PortalAuthenticationFilter implements Filter { if (in == null) { String msg = "Failed to find property file on classpath: " + pf; logger.error(msg); - throw new RuntimeException(msg); + throw new SecurityException(msg); } else { try { in.close(); @@ -221,7 +225,7 @@ public class PortalAuthenticationFilter implements Filter { String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl; String aHref = ""; // If only Java had "here" documents. - String body = String.join(// + return String.join(// System.getProperty("line.separator"), // "", // "", // @@ -240,7 +244,6 @@ public class PortalAuthenticationFilter implements Filter { "

", // "", // ""); - return body; } /**