added annotations

[portal.git] / ecomp-portal-BE-os / src / main / java / org / onap / portalapp / portal / controller / AppsOSController.java

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
index b1154aa..1715864 100644 (file)
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
@@ -52,6 +52,7 @@ import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
 import org.onap.portalapp.portal.service.UserService;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
 import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -60,6 +61,8 @@ import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 import lombok.NoArgsConstructor;
@@ -70,7 +73,7 @@ import lombok.NoArgsConstructor;
 @EPAuditLog
 @NoArgsConstructor
 public class AppsOSController extends AppsController {
-    private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
+    private final DataValidator dataValidator = new DataValidator();
 
     private static final String FAILURE = "failure";
     private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
@@ -84,13 +87,16 @@ public class AppsOSController extends AppsController {
      * @param contactUs
      * @return
      */
-    @RequestMapping(value = "/portalApi/saveNewUser", method = RequestMethod.POST, produces = "application/json")
+    @PostMapping(value = "/portalApi/saveNewUser", produces = "application/json")
     public PortalRestResponse<String> saveNewUser(HttpServletRequest request, @RequestBody EPUser newUser) {
         EPUser user = EPUserUtils.getUserSession(request);
         if (newUser == null)
             return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
                     "New User cannot be null or empty");
-
+        if (!dataValidator.isValid(newUser)) {
+            return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
+                    "New User is not safe html");
+        }
         if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))
                 && !user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) {
             return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
@@ -108,16 +114,12 @@ public class AppsOSController extends AppsController {
         return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, "");
     }
 
-    @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET,
+    @GetMapping(value = { "/portalApi/currentUserProfile/{loginId}" },
             produces = "application/json")
     public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) {
 
         if (loginId != null) {
-            Validator validator = validatorFactory.getValidator();
-            SecureString secureString = new SecureString(loginId);
-            Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
-
-            if (!constraintViolations.isEmpty()) {
+            if (!dataValidator.isValid(new SecureString(loginId))) {
                 return "loginId is not valid";
             }
         }