Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fixed health check issue
[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / controller / ExternalAccessRolesControllerTest.java
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
index b476a72..1ac21b6 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
@@ -63,16 +63,13 @@ import org.onap.portalapp.portal.core.MockEPUser;
 import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
 import org.onap.portalapp.portal.domain.EPApp;
 import org.onap.portalapp.portal.domain.EPUser;
+import org.onap.portalapp.portal.domain.EpAppType;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
 import org.onap.portalapp.portal.framework.MockitoTestSuite;
 import org.onap.portalapp.portal.service.ExternalAccessRolesService;
 import org.onap.portalapp.portal.service.ExternalAccessRolesServiceImpl;
-import org.onap.portalapp.portal.transport.CentralRole;
-import org.onap.portalapp.portal.transport.CentralRoleFunction;
-import org.onap.portalapp.portal.transport.CentralUser;
-import org.onap.portalapp.portal.transport.CentralV2Role;
-import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator;
+import org.onap.portalapp.portal.transport.*;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
@@ -103,7 +100,7 @@ public class ExternalAccessRolesControllerTest {
        @Mock
        ExternalAccessRolesService externalAccessRolesService = new ExternalAccessRolesServiceImpl();
        @InjectMocks
-       ExternalAccessRolesController externalAccessRolesController = new ExternalAccessRolesController();
+       ExternalAccessRolesController externalAccessRolesController;
        @Mock
        UserService userservice = new UserServiceCentalizedImpl();
        @Mock
@@ -129,39 +126,48 @@ public class ExternalAccessRolesControllerTest {
                EPApp app = new EPApp();
                app.setName("Test");
                app.setImageUrl("test");
-               app.setDescription("test");
-               app.setNotes("test");
-               app.setUrl("test");
+               app.setAppDescription("test");
+               app.setAppNotes("test");
+               app.setLandingPage("test");
                app.setId((long) 1);
                app.setAppRestEndpoint("test");
-               app.setAlternateUrl("test");
+               app.setAlternateLandingPage("test");
                app.setName("test");
                app.setMlAppName("test");
                app.setMlAppAdminId("test");
-               app.setUsername("test");
-               app.setAppPassword("test");
+               app.setAppBasicAuthUsername("test");
+               app.setAppBasicAuthPassword("test");
                app.setOpen(false);
                app.setEnabled(false);
                app.setUebKey("test");
                app.setUebSecret("test");
                app.setUebTopicName("test");
-               app.setAppType(1);
+               app.setAppType(EpAppType.GUI);
                return app;
        }
 
        @Test
        public void getUserTest() throws Exception {
-               CentralUser expectedCentralUser = new CentralUser(null, null, null, null, null, null, null, null, loginId,
-                               loginId, loginId, loginId, loginId, loginId, loginId, null, loginId, loginId, loginId, loginId, loginId,
-                               loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId,
-                               loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId, loginId,
-                               loginId, null, false, false, null, null, false, loginId, null);
+        CentralUser expectedCentralUser =
+                new CentralUser.CentralUserBuilder().setId(null).setCreated(null).setModified(null).setCreatedId(null)
+                        .setModifiedId(null).setRowNum(null).setOrgId(null).setManagerId(null).setFirstName(loginId)
+                        .setMiddleInitial(loginId).setLastName(loginId).setPhone(loginId).setFax(loginId)
+                        .setCellular(loginId).setEmail(loginId).setAddressId(null).setAlertMethodCd(loginId)
+                        .setHrid(loginId).setOrgUserId(loginId).setOrgCode(loginId).setAddress1(loginId)
+                        .setAddress2(loginId).setCity(loginId).setState(loginId).setZipCode(loginId).setCountry(loginId)
+                        .setOrgManagerUserId(loginId).setLocationClli(loginId).setBusinessCountryCode(loginId)
+                        .setBusinessCountryName(loginId).setBusinessUnit(loginId).setBusinessUnitName(loginId)
+                        .setDepartment(loginId).setDepartmentName(loginId).setCompanyCode(loginId).setCompany(loginId)
+                        .setZipCodeSuffix(loginId).setJobTitle(loginId).setCommandChain(loginId).setSiloStatus(loginId)
+                        .setCostCenter(loginId).setFinancialLocCode(loginId).setLoginId(loginId).setLoginPwd(loginId)
+                        .setLastLoginDate(null).setActive(false).setInternal(false).setSelectedProfileId(null)
+                        .setTimeZoneId(null).setOnline(false).setChatId(loginId).setUserApps(null).createCentralUser();
                String loginId = "test";
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
                Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@ -185,12 +191,24 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(reason, result);
        }
 
+       @Test
+       public void getUserXSSTest() throws Exception {
+               String loginId = "<script ~~~>alert(0%0)</script ~~~>";
+               String expected = getXSSKeyJson();
+               StringWriter sw = new StringWriter();
+               PrintWriter writer = new PrintWriter(sw);
+               Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+               externalAccessRolesController.getUser(mockedRequest, mockedResponse, loginId);
+               String actual = sw.getBuffer().toString().trim();
+               assertEquals(expected, actual);
+               }
+
        @Test
        public void getV2UserListTest() throws Exception {
                String expectedCentralUser = "test";
                String loginId = "test";
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@ -208,7 +226,7 @@ public class ExternalAccessRolesControllerTest {
                String expectedCentralUser = null;
                String loginId = "test";
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@ -223,12 +241,12 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getRolesForAppCentralRoleTest() throws Exception {
-               List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> centralV2RoleList = new ArrayList<>();
                List<CentralRole> centralRoleList = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@ -246,11 +264,11 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void getRolesForAppCentralRoleExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> centralV2RoleList = new ArrayList<>();
                List<CentralRole> centralRoleList = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = null;
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@ -268,11 +286,11 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getV2RolesForAppTest() throws Exception {
-               List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> centralV2Role = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@ -288,11 +306,11 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void getV2RolesForAppExceptionTest() throws Exception {
-               List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> centralV2Role = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = null;
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@ -308,7 +326,7 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void getRolesForAppTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> answer = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
@@ -320,7 +338,7 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void getRolesForAppExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -332,12 +350,12 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getRoleFunctionsListTest() throws Exception {
-               List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-               List<CentralRoleFunction> roleFuncList = new ArrayList<CentralRoleFunction>();
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+               List<CentralRoleFunction> roleFuncList = new ArrayList<>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@ -366,11 +384,11 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getV2RoleFunctionsListTest() throws Exception {
-               List<CentralV2RoleFunction> expectedCentralV2RoleFunctionList = new ArrayList<CentralV2RoleFunction>();
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<CentralV2RoleFunction> expectedCentralV2RoleFunctionList = new ArrayList<>();
+               List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@ -398,11 +416,11 @@ public class ExternalAccessRolesControllerTest {
        @Test
        public void getRoleInfoValidationTest() throws Exception {
                CentralRole expectedCentralRole = null;
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                long roleId = 1;
-               CentralV2Role centralV2Role = new CentralV2Role();
+               CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@ -421,7 +439,7 @@ public class ExternalAccessRolesControllerTest {
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
                Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
-               CentralV2Role answer = new CentralV2Role();
+               CentralV2Role answer = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                long roleId = 1;
                Mockito.when(externalAccessRolesService.getRoleInfo(roleId, mockedRequest.getHeader(uebKey)))
                                .thenReturn(answer);
@@ -444,13 +462,13 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getV2RoleInfoValidationTest() throws Exception {
-               CentralV2Role expectedCentralRole = new CentralV2Role();
+               CentralV2Role expectedCentralRole = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                expectedCentralRole.setActive(false);
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                long roleId = 1;
-               CentralV2Role centralV2Role = new CentralV2Role();
+               CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@ -469,7 +487,7 @@ public class ExternalAccessRolesControllerTest {
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
                Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
-               CentralV2Role answer = new CentralV2Role();
+               CentralV2Role answer = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                long roleId = 1;
                Mockito.when(externalAccessRolesService.getRoleInfo(roleId, mockedRequest.getHeader(uebKey)))
                                .thenReturn(answer);
@@ -491,15 +509,15 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void getV2RoleFunctionTest() throws HttpClientErrorException, Exception {
+       public void getV2RoleFunctionTest() throws Exception {
                CentralV2RoleFunction expectedCentralV2RoleFunction = new CentralV2RoleFunction();
                expectedCentralV2RoleFunction.setCode("test");
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                String code = "test";
                CentralV2RoleFunction centralV2RoleFunction = new CentralV2RoleFunction();
                centralV2RoleFunction.setCode("test");
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@ -512,14 +530,15 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(actualCentralV2RoleFunction.getCode(), expectedCentralV2RoleFunction.getCode());
        }
 
+
        @Test
-       public void getV2RoleFunctionNullCheckTest() throws HttpClientErrorException, Exception {
+       public void getV2RoleFunctionNullCheckTest() throws Exception {
                CentralV2RoleFunction expectedCentralV2RoleFunction = new CentralV2RoleFunction();
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                String code = "test";
                CentralV2RoleFunction centralV2RoleFunction = null;
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@ -547,7 +566,7 @@ public class ExternalAccessRolesControllerTest {
        @Test
        public void getRoleFunctionTest() throws Exception {
                EPApp mockApp = mockApp();
-               mockApp.setCentralAuth(true);
+               mockApp.setRolesInAAF(true);
                List<EPApp> mockAppList = new ArrayList<>();
                mockAppList.add(mockApp);
                StringWriter sw = new StringWriter();
@@ -585,14 +604,41 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(reason, result);
        }
 
+       @Test
+       public void getRoleFunctionXSSTest() throws Exception {
+               String expected = getXSSKeyJson();
+               EPApp mockApp = mockApp();
+               mockApp.setRolesInAAF(true);
+               List<EPApp> mockAppList = new ArrayList<>();
+               mockAppList.add(mockApp);
+               StringWriter sw = new StringWriter();
+               PrintWriter writer = new PrintWriter(sw);
+               Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+               CentralV2RoleFunction roleFunction1 = new CentralV2RoleFunction();
+               CentralRoleFunction roleFunction2 = new CentralRoleFunction();
+               roleFunction1.setCode("test2");
+               String code = "<script>alert(‘XSS’)</script>";
+               Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+               Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(mockAppList);
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(mockAppList.get(0))).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getRoleFunction(code, mockedRequest.getHeader("uebkey")))
+                       .thenReturn(roleFunction1);
+               CentralRoleFunction returnedValue = externalAccessRolesController.getRoleFunction(mockedRequest, mockedResponse,
+                       code);
+               assertEquals(returnedValue, roleFunction2);
+               String result = sw.getBuffer().toString().trim();
+               assertEquals(expected, result);
+       }
+
        @Test
        public void saveRoleFunctionIfIsNotDeletedTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage(null);
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -609,14 +655,14 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void saveRoleFunctionExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
-               expectedportalRestResponse.setMessage(null);
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+               expectedportalRestResponse.setMessage("argument \"content\" is null");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@ -627,15 +673,14 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(portalRestResponse, expectedportalRestResponse);
        }
 
-       @SuppressWarnings("static-access")
        @Test
        public void saveRoleFunctionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                JSONObject roleFunc = new JSONObject();
                roleFunc.put("type", "test_type");
@@ -648,7 +693,7 @@ public class ExternalAccessRolesControllerTest {
                saveRoleFunc.setAppId(app.getId());
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully saved!");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -669,6 +714,47 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(portalRestResponse, expectedportalRestResponse);
        }
 
+       @Test
+       public void saveRoleFunctionXSSTest() throws Exception {
+               List<EPApp> applicationList = new ArrayList<>();
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> userList = new ArrayList<>();
+               userList.add(user);
+               EPApp app = mockApp();
+               app.setRolesInAAF(true);
+               applicationList.add(app);
+               JSONObject roleFunc = new JSONObject();
+               roleFunc.put("type", "<script>alert(“XSS”)</script> ");
+               roleFunc.put("code", "test_instance");
+               roleFunc.put("action", "test_action");
+               roleFunc.put("name", "test_name");
+               ObjectMapper mapper = new ObjectMapper();
+               mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+               CentralV2RoleFunction saveRoleFunc = mapper.readValue(roleFunc.toString(), CentralV2RoleFunction.class);
+               saveRoleFunc.setAppId(app.getId());
+               Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
+               PortalRestResponse<String> portalRestResponse = null;
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+               expectedportalRestResponse.setMessage("Failed to roleFunc, not valid data.");
+               expectedportalRestResponse.setResponse("Failed");
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+               Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(applicationList);
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getRoleFunction("test_type|test_instance|test_action", app.getUebKey()))
+                       .thenReturn(null);
+               Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.any(CentralV2RoleFunction.class),
+                       Matchers.any(EPApp.class))).thenReturn(true);
+               Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader(Matchers.anyString())))
+                       .thenReturn(userList);
+               Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(Matchers.anyString())))
+                       .thenReturn(applicationList);
+               portalRestResponse = externalAccessRolesController.saveRoleFunction(mockedRequest, mockedResponse,
+                       roleFunc.toString());
+               assertEquals(expectedportalRestResponse, portalRestResponse);
+       }
+
        @Test
        public void deleteRoleFunctionTest() throws Exception {
                PowerMockito.mockStatic(EcompPortalUtils.class);
@@ -676,14 +762,14 @@ public class ExternalAccessRolesControllerTest {
                PowerMockito.mockStatic(EPCommonSystemProperties.class);
                PowerMockito.mockStatic(PortalConstants.class);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully Deleted");
                expectedportalRestResponse.setResponse("Success");
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -699,6 +785,36 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(portalRestResponse, expectedportalRestResponse);
        }
 
+       @Test
+       public void deleteRoleFunctionXSSTest() throws Exception {
+               PowerMockito.mockStatic(EcompPortalUtils.class);
+               PowerMockito.mockStatic(SystemProperties.class);
+               PowerMockito.mockStatic(EPCommonSystemProperties.class);
+               PowerMockito.mockStatic(PortalConstants.class);
+               PortalRestResponse<String> portalRestResponse = null;
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+               expectedportalRestResponse.setMessage("Failed to deleteRoleFunction, not valid data.");
+               expectedportalRestResponse.setResponse("Failed");
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> userList = new ArrayList<>();
+               userList.add(user);
+               EPApp app = mockApp();
+               app.setRolesInAAF(true);
+               List<EPApp> appList = new ArrayList<>();
+               appList.add(app);
+               String code = "<script>alert(‘XSS’)</script>";
+               Mockito.when(mockedRequest.getHeader("LoginId")).thenReturn("guestT");
+               Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+               Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(appList.get(0))).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader("LoginId"))).thenReturn(userList);
+               Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(code, app)).thenReturn(true);
+               portalRestResponse = externalAccessRolesController.deleteRoleFunction(mockedRequest, mockedResponse, code);
+               assertEquals(portalRestResponse, expectedportalRestResponse);
+       }
+
        @Test
        public void getActiveRolesTest() throws Exception {
                String reason = getInvalidKeyJson();
@@ -716,10 +832,10 @@ public class ExternalAccessRolesControllerTest {
        public void getActiveRolesValidationTest() throws Exception {
                List<CentralRole> expectedRolesList = null;
                EPApp app = mockApp();
-               app.setCentralAuth(true);
-               List<EPApp> appList = new ArrayList<EPApp>();
+               app.setRolesInAAF(true);
+               List<EPApp> appList = new ArrayList<>();
                appList.add(app);
-               List<CentralV2Role> cenRoles = new ArrayList<CentralV2Role>();
+               List<CentralV2Role> cenRoles = new ArrayList<>();
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@ -757,10 +873,19 @@ public class ExternalAccessRolesControllerTest {
                return reason;
        }
 
+       private String getXSSKeyJson() throws JsonProcessingException {
+               final Map<String, String> uebkeyResponse = new HashMap<>();
+               String reason = "";
+               ObjectMapper mapper = new ObjectMapper();
+               uebkeyResponse.put("error", "Data is not valid");
+               reason = mapper.writeValueAsString(uebkeyResponse);
+               return reason;
+       }
+
        @Test
-       public void deleteDependcyRoleRecordExceptionTest() throws Exception {
+       public void deleteDependcyRoleRecordExceptionTest() {
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Invalid credentials!");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -776,7 +901,7 @@ public class ExternalAccessRolesControllerTest {
                Mockito.when(externalAccessRolesService.bulkUploadFunctions(mockedRequest.getHeader(uebKey)))
                                .thenReturn(result);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added: 0");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -789,7 +914,7 @@ public class ExternalAccessRolesControllerTest {
                Mockito.when(externalAccessRolesService.bulkUploadFunctions(mockedRequest.getHeader(uebKey)))
                                .thenThrow(httpClientErrorException);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to bulkUploadFunctions");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -801,7 +926,7 @@ public class ExternalAccessRolesControllerTest {
        public void bulkUploadRolesTest() throws Exception {
                Integer result = 0;
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added: 0");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -815,7 +940,7 @@ public class ExternalAccessRolesControllerTest {
                Mockito.when(externalAccessRolesService.bulkUploadRoles(mockedRequest.getHeader(uebKey)))
                                .thenThrow(httpClientErrorException);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to bulkUploadRoles");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -827,7 +952,7 @@ public class ExternalAccessRolesControllerTest {
        public void bulkUploadRoleFunctionsTest() throws Exception {
                Integer result = 0;
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added: 0");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -842,7 +967,7 @@ public class ExternalAccessRolesControllerTest {
                Mockito.when(externalAccessRolesService.bulkUploadRolesFunctions(mockedRequest.getHeader(uebKey)))
                                .thenThrow(httpClientErrorException);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to bulkUploadRoleFunctions");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -854,7 +979,7 @@ public class ExternalAccessRolesControllerTest {
        public void bulkUploadUserRolesTest() throws Exception {
                Integer result = 0;
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added: 0");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -869,7 +994,7 @@ public class ExternalAccessRolesControllerTest {
                Mockito.when(externalAccessRolesService.bulkUploadUserRoles(mockedRequest.getHeader(uebKey)))
                                .thenThrow(httpClientErrorException);
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to bulkUploadUserRoles");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -878,9 +1003,9 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void bulkUploadPartnerFunctionsTest() throws Exception {
+       public void bulkUploadPartnerFunctionsTest() {
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added: '0' functions");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -889,9 +1014,9 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void bulkUploadPartnerRolesTest() throws Exception {
+       public void bulkUploadPartnerRolesTest() {
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -902,9 +1027,9 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void bulkUploadPartnerRolesExceptionTest() throws Exception {
+       public void bulkUploadPartnerRolesExceptionTest() {
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -942,10 +1067,10 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void saveRoleExceptionTest() throws Exception {
+       public void saveRoleExceptionTest() {
                Role role = new Role();
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Invalid credentials!");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -954,10 +1079,10 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void deleteRoleExceptionTest() throws Exception {
+       public void deleteRoleExceptionTest() {
                String role = "TestNew";
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Invalid credentials!");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -966,9 +1091,9 @@ public class ExternalAccessRolesControllerTest {
        }
 
        @Test
-       public void bulkUploadPartnerRoleFunctionsTest() throws Exception {
+       public void bulkUploadPartnerRoleFunctionsTest() {
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully added: '0' role functions");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -986,9 +1111,9 @@ public class ExternalAccessRolesControllerTest {
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
                Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                Mockito.when(externalAccessRolesService.getAllAppUsers(mockedRequest.getHeader(uebKey))).thenReturn(users);
@@ -1012,7 +1137,7 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void deleteRoleV2Test() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -1020,7 +1145,7 @@ public class ExternalAccessRolesControllerTest {
                                "Success");
                Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(),
                                Matchers.anyString())).thenReturn(externalRequestFieldsValidator);
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully Deleted");
                expectedportalRestResponse.setResponse("Success");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -1031,12 +1156,12 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void deleteRoleV2InvalidUebKeyTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey)))
                                .thenThrow(new Exception("Invalid credentials!"));
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Invalid credentials!");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1047,12 +1172,12 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void deleteRoleV2InvalidUebKeyWithDiffErrorTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey)))
                                .thenThrow(new Exception("test"));
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("test");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1063,7 +1188,7 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void deleteRoleV2ExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -1071,7 +1196,7 @@ public class ExternalAccessRolesControllerTest {
                                "failed");
                Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(),
                                Matchers.anyString())).thenReturn(externalRequestFieldsValidator);
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to deleteRole");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1082,10 +1207,10 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getEpUserNullTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
@@ -1095,15 +1220,15 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getEpUserTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(app)).thenReturn(response);
-               String user = "{\"id\":null,\"created\":null,\"modified\":null,\"createdId\":null,\"modifiedId\":null,\"rowNum\":null,\"auditUserId\":null,\"auditTrail\":null,\"orgId\":null,\"managerId\":null,\"firstName\":\"test\",\"middleInitial\":null,\"lastName\":null,\"phone\":null,\"fax\":null,\"cellular\":null,\"email\":null,\"addressId\":null,\"alertMethodCd\":null,\"hrid\":null,\"orgUserId\":null,\"orgCode\":null,\"address1\":null,\"address2\":null,\"city\":null,\"state\":null,\"zipCode\":null,\"country\":null,\"orgManagerUserId\":null,\"locationClli\":null,\"businessCountryCode\":null,\"businessCountryName\":null,\"businessUnit\":null,\"businessUnitName\":null,\"department\":null,\"departmentName\":null,\"companyCode\":null,\"company\":null,\"zipCodeSuffix\":null,\"jobTitle\":null,\"commandChain\":null,\"siloStatus\":null,\"costCenter\":null,\"financialLocCode\":null,\"loginId\":null,\"loginPwd\":null,\"lastLoginDate\":null,\"active\":false,\"internal\":false,\"selectedProfileId\":null,\"timeZoneId\":null,\"online\":false,\"chatId\":null,\"userApps\":[],\"pseudoRoles\":[],\"defaultUserApp\":null,\"roles\":[],\"fullName\":\"test null\"}";
+               String user = "{\"id\":null,\"created\":null,\"modified\":null,\"createdId\":null,\"modifiedId\":null,\"rowNum\":null,\"auditUserId\":null,\"auditTrail\":null,\"orgId\":null,\"managerId\":null,\"firstName\":\"test\",\"middleInitial\":null,\"lastName\":null,\"phone\":null,\"fax\":null,\"cellular\":null,\"email\":null,\"addressId\":null,\"alertMethodCd\":null,\"hrid\":null,\"orgUserId\":null,\"orgCode\":null,\"address1\":null,\"address2\":null,\"city\":null,\"state\":null,\"zipCode\":null,\"country\":null,\"orgManagerUserId\":null,\"locationClli\":null,\"businessCountryCode\":null,\"businessCountryName\":null,\"businessUnit\":null,\"businessUnitName\":null,\"department\":null,\"departmentName\":null,\"companyCode\":null,\"company\":null,\"zipCodeSuffix\":null,\"jobTitle\":null,\"commandChain\":null,\"siloStatus\":null,\"costCenter\":null,\"financialLocCode\":null,\"loginId\":null,\"loginPwd\":null,\"lastLoginDate\":null,\"active\":false,\"internal\":false,\"selectedProfileId\":null,\"timeZoneId\":null,\"online\":false,\"chatId\":null,\"userApps\":[],\"pseudoRoles\":[],\"roles\":[]}";
                Mockito.when(externalAccessRolesService.getV2UserWithRoles("test12", mockedRequest.getHeader(uebKey)))
                                .thenReturn(user);
                User EPuser = new User();
@@ -1115,9 +1240,9 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getEpUserExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
@@ -1127,10 +1252,10 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getEPRolesOfApplicationTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
@@ -1152,17 +1277,17 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getEPRolesOfApplicationNullTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(app)).thenReturn(response);
                Mockito.doNothing().when(externalAccessRolesService).syncApplicationRolesWithEcompDB(app);
                List<CentralV2Role> cenRoleList = new ArrayList<>();
-               CentralV2Role role = new CentralV2Role();
+               CentralV2Role role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                role.setName("test");
                cenRoleList.add(role);
                Mockito.when(externalAccessRolesService.getActiveRoles(mockedRequest.getHeader(uebKey))).thenReturn(null);
@@ -1171,9 +1296,9 @@ public class ExternalAccessRolesControllerTest {
 
        @Test
        public void getEPRolesOfApplicationExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
@@ -1188,14 +1313,14 @@ public class ExternalAccessRolesControllerTest {
                PowerMockito.mockStatic(EPCommonSystemProperties.class);
                PowerMockito.mockStatic(PortalConstants.class);
                PortalRestResponse<String> actualPortalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully Saved");
                expectedportalRestResponse.setResponse("Success");
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -1220,14 +1345,14 @@ public class ExternalAccessRolesControllerTest {
                PowerMockito.mockStatic(EPCommonSystemProperties.class);
                PowerMockito.mockStatic(PortalConstants.class);
                PortalRestResponse<String> actualPortalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully Saved");
                expectedportalRestResponse.setResponse("Success");
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1252,14 +1377,14 @@ public class ExternalAccessRolesControllerTest {
                PowerMockito.mockStatic(EPCommonSystemProperties.class);
                PowerMockito.mockStatic(PortalConstants.class);
                PortalRestResponse<String> actualPortalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully Saved");
                expectedportalRestResponse.setResponse("Failed");
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1279,7 +1404,7 @@ public class ExternalAccessRolesControllerTest {
 
        @Test(expected = NullPointerException.class)
        public void saveRoleNullExceptionTest() throws Exception {
-               List<EPApp> applicationList = new ArrayList<EPApp>();
+               List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                applicationList.add(app);
                Role role = new Role();
@@ -1288,7 +1413,7 @@ public class ExternalAccessRolesControllerTest {
                                "failed");
                Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(),
                                Matchers.anyString())).thenReturn(externalRequestFieldsValidator);
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to deleteRole");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1304,14 +1429,14 @@ public class ExternalAccessRolesControllerTest {
                PowerMockito.mockStatic(EPCommonSystemProperties.class);
                PowerMockito.mockStatic(PortalConstants.class);
                PortalRestResponse<String> actualPortalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Successfully Deleted");
                expectedportalRestResponse.setResponse("Success");
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -1328,6 +1453,37 @@ public class ExternalAccessRolesControllerTest {
                assertEquals(actualPortalRestResponse.getStatus(), expectedportalRestResponse.getStatus());
        }
 
+       @Test
+       public void deleteRoleXSSTest() throws Exception {
+               PowerMockito.mockStatic(EcompPortalUtils.class);
+               PowerMockito.mockStatic(SystemProperties.class);
+               PowerMockito.mockStatic(EPCommonSystemProperties.class);
+               PowerMockito.mockStatic(PortalConstants.class);
+               PortalRestResponse<String> actualPortalRestResponse = null;
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+               expectedportalRestResponse.setMessage("Failed to deleteRole, not valid data.");
+               expectedportalRestResponse.setResponse("Failed");
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> userList = new ArrayList<>();
+               userList.add(user);
+               EPApp app = mockApp();
+               app.setRolesInAAF(true);
+               List<EPApp> appList = new ArrayList<>();
+               appList.add(app);
+               String code = "<img src=xss onerror=alert(1)>";
+               boolean deleteResponse = true;
+               Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+               Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(appList.get(0))).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader("LoginId"))).thenReturn(userList);
+               Mockito.when(externalAccessRolesService.deleteRoleForApplication(code, mockedRequest.getHeader("uebkey")))
+                       .thenReturn(deleteResponse);
+               actualPortalRestResponse = externalAccessRolesController.deleteRole(mockedRequest, mockedResponse, code);
+               assertEquals(actualPortalRestResponse.getStatus(), expectedportalRestResponse.getStatus());
+       }
+
        @Test
        public void deleteRoleNegativeTest() throws Exception {
                PowerMockito.mockStatic(EcompPortalUtils.class);
@@ -1335,14 +1491,14 @@ public class ExternalAccessRolesControllerTest {
                PowerMockito.mockStatic(EPCommonSystemProperties.class);
                PowerMockito.mockStatic(PortalConstants.class);
                PortalRestResponse<String> actualPortalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Failed to delete Role for 'test");
                expectedportalRestResponse.setResponse("Failed");
                EPUser user = mockUser.mockEPUser();
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
-               app.setCentralAuth(true);
+               app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1363,13 +1519,13 @@ public class ExternalAccessRolesControllerTest {
        public void deleteDependcyRoleRecordTest() throws Exception {
                ExternalRequestFieldsValidator removeResult = new ExternalRequestFieldsValidator(true, "success");
                PortalRestResponse<String> portalRestResponse = null;
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("Invalid credentials!");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                long roleId = 123;
                String LoginId = "loginId";
-               List<EPApp> appList = new ArrayList<EPApp>();
+               List<EPApp> appList = new ArrayList<>();
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                Mockito.when(mockedRequest.getHeader("LoginId")).thenReturn(LoginId);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
ARCHIVED- 2022-02-15 at the request of the project