Code Review / aai / sparky-be.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
fix backdoor issue when using portal
[aai/sparky-be.git] / sparkybe-onap-service / src / main / java / org / onap / aai / sparky / security / filter / LoginFilter.java
diff --git a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java
index 5599384..c31cf5b 100644 (file)
--- a/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java
+++ b/sparkybe-onap-service/src/main/java/org/onap/aai/sparky/security/filter/LoginFilter.java
@@ -127,17 +127,18 @@ public class LoginFilter implements Filter {
         // Redirect to Portal UI
         redirectURL = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
         logMessage = "Unauthorized login attempt.";
-        
+
         LOG.debug(AaiUiMsgs.LOGIN_FILTER_DEBUG,
-            logMessage + 
-            " | Remote IP: " + request.getRemoteAddr() + 
-            " | User agent: " + request.getHeader(HttpHeaders.USER_AGENT) + 
+            logMessage +
+            " | Remote IP: " + request.getRemoteAddr() +
+            " | User agent: " + request.getHeader(HttpHeaders.USER_AGENT) +
             " | Request URL: " + request.getRequestURL() +
-            " | Redirecting to: " + redirectURL); 
-        
+            " | Redirecting to: " + redirectURL);
+
         response.sendRedirect(redirectURL);
       } else {
         HttpSession session = request.getSession(false);
+        response.addHeader("Cache-Control", "no-cache, no-store");
         if (session == null) {
           // New session
           session = request.getSession(true);
AAI user interface back end