X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-hello%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fhello%2FAPI_Hello.java;h=cdaa6a76a53e50a7d3cd717f5a6aa0b2cba16b46;hb=9602ca33aef3a2a441513359b2750e9fbee11cb4;hp=814dff27e4741f7b49e1e3abbc3bc866e14f3b21;hpb=5b247eb1e55ab15744187c30911fd4b5f6de8271;p=aaf%2Fauthz.git diff --git a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java index 814dff27..cdaa6a76 100644 --- a/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java +++ b/auth/auth-hello/src/main/java/org/onap/aaf/auth/hello/API_Hello.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,6 +35,8 @@ import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; +import org.owasp.encoder.Encode; + /** * API Apis * @author Jonathan @@ -48,10 +50,10 @@ public class API_Hello { // Hide Public Constructor private API_Hello() {} - + /** * Normal Init level APIs - * + * * @param oauthHello * @param facade * @throws Exception @@ -60,7 +62,7 @@ public class API_Hello { //////// // Simple "GET" API /////// - + oauthHello.route(HttpMethods.GET,"/hello/:perm*",API.TOKEN,new HttpCode(oauthHello,"Hello OAuth"){ @Override public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { @@ -70,7 +72,7 @@ public class API_Hello { String perm = pathParam(req, "perm"); if (perm!=null && perm.length()>0) { os.print('('); - os.print(req.getUserPrincipal().getName()); + os.print(Encode.forJava(req.getUserPrincipal().getName())); TimeTaken tt = trans.start("Authorize perm", Env.REMOTE); try { if (req.isUserInRole(perm)) { @@ -82,14 +84,14 @@ public class API_Hello { tt.done(); } os.print("Permission: "); - os.print(perm); + os.print(Encode.forJava(perm)); os.print(')'); } os.println(); - + trans.info().printf("Said 'Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); } - }); + }); //////////////// // REST APIs @@ -115,7 +117,7 @@ public class API_Hello { resp.setStatus(406); } } - },APPLICATION_JSON); + },APPLICATION_JSON); //////////////// @@ -144,11 +146,11 @@ public class API_Hello { } sb.append("}"); ServletOutputStream os = resp.getOutputStream(); - os.println(sb.toString()); + os.println(Encode.forJava(sb.toString())); trans.info().printf("Said 'RESTful Hello' to %s, Authentication type: %s",trans.getUserPrincipal().getName(),trans.getUserPrincipal().getClass().getSimpleName()); } - },APPLICATION_JSON); - + },APPLICATION_JSON); + //////////////// // UPDATE/PUT //////////////// @@ -164,13 +166,13 @@ public class API_Hello { trans.info().printf("Content from %s: %s\n", pathParam(req, ":id"),content); if (content.startsWith("{") && content.endsWith("}")) { resp.setStatus(200 /* OK */); - resp.getOutputStream().print(content); + resp.getOutputStream().print(Encode.forJava(content)); } else { resp.getOutputStream().write(NOT_JSON); resp.setStatus(406); } } - },APPLICATION_JSON); + },APPLICATION_JSON); //////////////// @@ -182,7 +184,7 @@ public class API_Hello { trans.info().printf("Delete requested on %s\n", pathParam(req, ":id")); resp.setStatus(200 /* OK */); } - },APPLICATION_JSON); + },APPLICATION_JSON); } }