Merge "Change default character to utf8 for portal db"

diff --git a/INFO.yaml b/INFO.yaml
index 5ce7de9..7f6ab33 100644 (file)
--- a/INFO.yaml
+++ b/INFO.yaml
@@ -41,5 +41,10 @@ committers:
       company: 'ATT'
       id: 'st782s'
       timezone: 'America/New_York'
+    - name: 'Lorraine A Welch'
+      email: 'lb2391@att.com'
+      company: 'ATT'
+      id: 'lorraineawelch'
+      timezone: 'America/New_York'
 tsc:
     approval: 'https://lists.onap.org/pipermail/onap-tsc'

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index bc2e700..a1b6e09 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -1,12 +1,78 @@
 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2017-2018 AT&T Intellectual Property.  All rights reserved
+.. Copyright 2017-2019 AT&T Intellectual Property.  All rights reserved
 
 
 Portal Platform Release Notes
 =============================
+Version: 2.5.0
+--------------
+:Release Date: 2019-06-13
+
+.. toctree::
+    :maxdepth: 1
+
+We worked on SDK upgrade to integrate with AAF. We partially implemented multi-language.
+
+**New Features**
+        * SDK upgrade to integrate with AAF
+            * Use of CADI
+        * 68% JUnit Test Coverage
+        * Addressing security issues
+        * Internationalization language support - partially implemented
+        * Reporting feature enhancement in portal/sdk - design and partial code changes
+
+**Bug Fixes**
+        * Fixed Sonar reported critical issues.
+
+**Known Issues**
+        * Mismatch while displaying active online user in Portal.
+        * Internationalization Language component partially completed.
+        * Functional Menu change requires manual refresh.
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+        * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+        * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+        * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
+        * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+        * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+        * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+        * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
+        * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_.
+
+Quick Links:
+     - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_
+
+     - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_
+
+     - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_
+
+**Upgrade Notes**
+        * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
+        * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
+        * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+        * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
+
+**Deprecation Notes**
+
+**Other**
+        * Below are the docker images released as part of Portal Platform project:
+        * onap/portal-app:2.5.0
+        * onap/portal-db:2.5.0
+        * onap/portal-sdk:2.5.0
+        * onap/portal-wms:2.5.0
+        * portal/sdk java artifacts - (Release branch: “release-2.5.0”)
 
-Version: 2.3.2 
+Version: 2.3.2
 --------------
 :Release Date: 2019-04-15
 
@@ -17,10 +83,10 @@ This is the official release notes for the Casablanca Maintenance Release 3.0.2.
 
 **Known Issues**
         * The issue is an application running on HTTPS will not open in Portal if the AAF root CA is missing.
-          An error message will appear in a separate tab in Portal. It will say something like: 
-          “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might 
+          An error message will appear in a separate tab in Portal. It will say something like:
+          “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might
           be temporarily down or it may have moved permanently to a new web address.”
-          Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm 
+          Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm
           in a new browser window; after login come back to Portal home page and click VID, it will now work.
 
         * For applications running on HTTP (for example SDC), the user needs to disable the security check in the browser to access the application.

diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index b8787f7..aca5e2a 100644 (file)
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -600,6 +600,24 @@
                        <artifactId>jackson-jaxrs-json-provider</artifactId>
                        <version>2.8.10</version>
                </dependency>
+               <!-- https://mvnrepository.com/artifact/org.glassfish.web/javax.el -->
+               <dependency>
+                       <groupId>org.glassfish.web</groupId>
+                       <artifactId>javax.el</artifactId>
+                       <version>2.2.6</version>
+               </dependency>
+               <!-- https://mvnrepository.com/artifact/javax.el/el-api -->
+               <dependency>
+                       <groupId>javax.el</groupId>
+                       <artifactId>el-api</artifactId>
+                       <version>2.2.1-b04</version>
+               </dependency>
+               <!-- https://mvnrepository.com/artifact/org.jsoup/jsoup -->
+               <dependency>
+                       <groupId>org.jsoup</groupId>
+                       <artifactId>jsoup</artifactId>
+                       <version>1.12.1</version>
+               </dependency>
                <dependency>
                        <groupId>org.glassfish.jersey.connectors</groupId>
                        <artifactId>jersey-jetty-connector</artifactId>

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java
index cef5fa7..fe029e0 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java
@@ -39,9 +39,15 @@ package org.onap.portalapp.portal.controller;
 
 import java.util.List;
 
+import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.onap.portalapp.portal.domain.EPApp;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
@@ -88,16 +94,12 @@ import io.swagger.annotations.ApiOperation;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class AppsControllerExternalRequest implements BasicAuthenticationController {
+       private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
 
        private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsControllerExternalRequest.class);
 
        private static final String ONBOARD_APP = "/onboardApp";
 
-       // Where is this used?
-       public boolean isAuxRESTfulCall() {
-               return true;
-       }
-
        /**
         * For testing whether a user is a superadmin.
         */
@@ -145,10 +147,20 @@ public class AppsControllerExternalRequest implements BasicAuthenticationControl
        @RequestMapping(value = "/portalAdmin", method = RequestMethod.POST, produces = "application/json")
        @ResponseBody
        public PortalRestResponse<String> postPortalAdmin(HttpServletRequest request, HttpServletResponse response,
-                       @RequestBody EPUser epUser) {
+                       @Valid @RequestBody EPUser epUser) {
                EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "request", epUser);
                PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
 
+               if (epUser!=null){
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<EPUser>> constraintViolations = validator.validate(epUser);
+                       if (!constraintViolations.isEmpty()){
+                               portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                               portalResponse.setMessage("Data is not valid");
+                               return portalResponse;
+                       }
+               }
+
                // Check mandatory fields.
                if (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 //
                                || epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 //
@@ -248,10 +260,18 @@ public class AppsControllerExternalRequest implements BasicAuthenticationControl
        @RequestMapping(value = { ONBOARD_APP }, method = RequestMethod.POST, produces = "application/json")
        @ResponseBody
        public PortalRestResponse<String> postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
-                       @RequestBody OnboardingApp newOnboardApp) {
+                       @Valid @RequestBody OnboardingApp newOnboardApp) {
                EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "request", newOnboardApp);
                PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
-
+               if (newOnboardApp != null){
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<OnboardingApp>> constraintViolations = validator.validate(newOnboardApp);
+                       if (!constraintViolations.isEmpty()){
+                               portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                               portalResponse.setMessage("Data is not valid");
+                               return portalResponse;
+                       }
+               }
                // Validate fields
                if (newOnboardApp.id != null) {
                        portalResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -335,9 +355,20 @@ public class AppsControllerExternalRequest implements BasicAuthenticationControl
        @RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.PUT, produces = "application/json")
        @ResponseBody
        public PortalRestResponse<String> putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
-                       @PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) {
+                       @PathVariable("appId") Long appId, @Valid @RequestBody OnboardingApp oldOnboardApp) {
                EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "request", oldOnboardApp);
                PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
+
+               if (oldOnboardApp != null){
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<OnboardingApp>> constraintViolations = validator.validate(oldOnboardApp);
+                       if (!constraintViolations.isEmpty()){
+                               portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                               portalResponse.setMessage("Data is not valid");
+                               return portalResponse;
+                       }
+               }
+
                // Validate fields.
                if (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id)) {
                        portalResponse.setStatus(PortalRestStatusEnum.ERROR);

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java
index 29f5b20..04ee5e0 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java
@@ -45,8 +45,14 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
+import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
@@ -56,6 +62,7 @@ import org.onap.portalapp.portal.service.DashboardSearchService;
 import org.onap.portalapp.portal.transport.CommonWidget;
 import org.onap.portalapp.portal.transport.CommonWidgetMeta;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.support.CollaborateList;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -68,6 +75,7 @@ import org.springframework.web.bind.annotation.RestController;
 @RestController
 @RequestMapping("/portalApi/search")
 public class DashboardSearchResultController extends EPRestrictedBaseController {
+       private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
 
        private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class);
 
@@ -85,8 +93,11 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
        @RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json")
        public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request,
                        @RequestParam String resourceType) {
-               return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success",
-                               searchService.getWidgetData(resourceType));
+               if (stringIsNotSafeHtml(resourceType)) {
+                               return new PortalRestResponse(PortalRestStatusEnum.ERROR, "resourceType: String string is not valid", "");
+               }
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+                       searchService.getWidgetData(resourceType));
        }
 
        /**
@@ -97,19 +108,26 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
         * @return Rest response wrapped around a String; e.g., "success" or "ERROR"
         */
        @RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json")
-       public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) {
+       public PortalRestResponse<String> saveWidgetDataBulk(@Valid @RequestBody CommonWidgetMeta commonWidgetMeta) {
                logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta);
-               if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals(""))
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
-                                       "Category cannot be null or empty");
+               if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                               "Cateogry cannot be null or empty");
+               }else {
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<CommonWidgetMeta>> constraintViolations = validator.validate(commonWidgetMeta);
+                       if (!constraintViolations.isEmpty())
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                                       "Category is not valid");
+               }
                // validate dates
                for (CommonWidget cw : commonWidgetMeta.getItems()) {
                        String err = validateCommonWidget(cw);
                        if (err != null)
-                               return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
                }
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-                               searchService.saveWidgetDataBulk(commonWidgetMeta));
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+                       searchService.saveWidgetDataBulk(commonWidgetMeta));
        }
 
        /**
@@ -120,16 +138,23 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
         * @return Rest response wrapped around a String; e.g., "success" or "ERROR"
         */
        @RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json")
-       public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) {
+       public PortalRestResponse<String> saveWidgetData(@Valid @RequestBody CommonWidget commonWidget) {
                logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget);
-               if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals(""))
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
-                                       "Cateogry cannot be null or empty");
+               if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                               "Category cannot be null or empty");
+               }else {
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<CommonWidget>> constraintViolations = validator.validate(commonWidget);
+                       if (!constraintViolations.isEmpty())
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                                       "Category is not valid");
+               }
                String err = validateCommonWidget(commonWidget);
                if (err != null)
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-                               searchService.saveWidgetData(commonWidget));
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+                       searchService.saveWidgetData(commonWidget));
        }
 
        /**
@@ -162,10 +187,17 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
         * @return Rest response wrapped around a String; e.g., "success" or "ERROR"
         */
        @RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json")
-       public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) {
+       public PortalRestResponse<String> deleteWidgetData(@Valid @RequestBody CommonWidget commonWidget) {
+               if (commonWidget!=null){
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<CommonWidget>> constraintViolations = validator.validate(commonWidget);
+                       if (!constraintViolations.isEmpty())
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                                       "CommonWidget is not valid");
+               }
                logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget);
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-                               searchService.deleteWidgetData(commonWidget));
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+                       searchService.deleteWidgetData(commonWidget));
        }
 
        /**
@@ -185,11 +217,14 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
                        if (user == null) {
                                return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
                                                "searchPortal: User object is null? - check logs",
-                                               new HashMap<String, List<SearchResultItem>>());
+                                       new HashMap<>());
                        } else if (searchString == null || searchString.trim().length() == 0) {
                                return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null",
-                                               new HashMap<String, List<SearchResultItem>>());
-                       } else {
+                                       new HashMap<>());
+                       }else if (stringIsNotSafeHtml(searchString)){
+                                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is not valid",
+                                               new HashMap<>());
+                       }else {
                                logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'",
                                                user.getLoginId(), searchString);
                                Map<String, List<SearchResultItem>> results = searchService.searchResults(user.getLoginId(),
@@ -199,7 +234,7 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
                } catch (Exception e) {
                        logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e);
                        return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.",
-                                       new HashMap<String, List<SearchResultItem>>());
+                               new HashMap<>());
                }
        }
 
@@ -258,4 +293,13 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
                }
        }
 
+       private boolean stringIsNotSafeHtml(String string){
+               SecureString secureString = new SecureString(string);
+
+               Validator validator = VALIDATOR_FACTORY.getValidator();
+
+               Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+               return !constraintViolations.isEmpty();
+       }
+
 }

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
index 50eaa60..2f956cc 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceController.java
@@ -39,9 +39,15 @@ package org.onap.portalapp.portal.controller;
 
 import java.util.List;
 
+import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
 import org.onap.portalapp.portal.domain.MicroserviceData;
 import org.onap.portalapp.portal.domain.WidgetCatalog;
@@ -72,6 +78,7 @@ import org.springframework.web.client.RestTemplate;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class MicroserviceController extends EPRestrictedBaseController {
+       public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
        
        String whatService = "widgets-service";
        RestTemplate template = new RestTemplate();
@@ -84,53 +91,68 @@ public class MicroserviceController extends EPRestrictedBaseController {
 
        @RequestMapping(value = { "/portalApi/microservices" }, method = RequestMethod.POST)
        public PortalRestResponse<String> createMicroservice(HttpServletRequest request, HttpServletResponse response,
-                       @RequestBody MicroserviceData newServiceData) throws Exception {
+                       @Valid @RequestBody MicroserviceData newServiceData) throws Exception {
                if (newServiceData == null) {
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE",
-                                       "MicroserviceData cannot be null or empty");
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
+                               "MicroserviceData cannot be null or empty");
+               }else {
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+
+                       Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
+                       if(!constraintViolations.isEmpty()){
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+                                       "ERROR", "MicroserviceData is not valid");
+                       }
                }
                long serviceId = microserviceService.saveMicroservice(newServiceData);
 
                try {
                        microserviceService.saveServiceParameters(serviceId, newServiceData.getParameterList());
                } catch (Exception e) {
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
                }
 
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", "");
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", "");
        }
 
        @RequestMapping(value = { "/portalApi/microservices" }, method = RequestMethod.GET)
        public List<MicroserviceData> getMicroservice(HttpServletRequest request, HttpServletResponse response)
                        throws Exception {
-               List<MicroserviceData> list = microserviceService.getMicroserviceData();
-               return list;
+               return microserviceService.getMicroserviceData();
        }
 
        @RequestMapping(value = { "/portalApi/microservices/{serviceId}" }, method = RequestMethod.PUT)
        public PortalRestResponse<String> updateMicroservice(HttpServletRequest request, HttpServletResponse response,
-                       @PathVariable("serviceId") long serviceId, @RequestBody MicroserviceData newServiceData) throws Exception {
+                       @PathVariable("serviceId") long serviceId, @Valid @RequestBody MicroserviceData newServiceData) {
 
                if (newServiceData == null) {
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE",
-                                       "MicroserviceData cannot be null or empty");
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
+                               "MicroserviceData cannot be null or empty");
+               }else {
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+
+                       Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
+                       if(!constraintViolations.isEmpty()){
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+                                       "ERROR", "MicroserviceData is not valid");
+                       }
                }
                try {
                        microserviceService.updateMicroservice(serviceId, newServiceData);
                } catch (Exception e) {
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
                }
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", "");
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", "");
        }
        
        @RequestMapping(value = { "/portalApi/microservices/{serviceId}" }, method = RequestMethod.DELETE)
        public PortalRestResponse<String> deleteMicroservice(HttpServletRequest request, HttpServletResponse response,
-                       @PathVariable("serviceId") long serviceId) throws Exception {
+                       @PathVariable("serviceId") long serviceId) {
                try {
                        ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() {
                        };
                        // If this service is assoicated with widgets, cannnot be deleted
-                       ResponseEntity<List<WidgetCatalog>> ans = (ResponseEntity<List<WidgetCatalog>>) template.exchange(
+                       ResponseEntity<List<WidgetCatalog>> ans = template.exchange(
                                        EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
                                                        + "/widget/microservices/widgetCatalog/service/" + serviceId,
                                        HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef);
@@ -140,17 +162,18 @@ public class MicroserviceController extends EPRestrictedBaseController {
                        else{
                                StringBuilder sb = new StringBuilder();
                                for(int i = 0; i < widgets.size(); i++){
-                                       sb.append("'" + widgets.get(i).getName() + "' ");
+                                       sb.append("'").append(widgets.get(i).getName()).append("' ");
                                        if(i < (widgets.size()-1)){
                                                sb.append(",");
                                        }
                                }
-                               return new PortalRestResponse<String>(PortalRestStatusEnum.WARN, "SOME WIDGETS ASSOICATE WITH THIS SERVICE", sb.toString());
+                               return new PortalRestResponse<>(PortalRestStatusEnum.WARN, "SOME WIDGETS ASSOICATE WITH THIS SERVICE",
+                                       sb.toString());
                        }
                } catch (Exception e) {
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
                }
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", "");
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", "");
        }
 
 }

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
index c8e22d3..3fda539 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
@@ -50,6 +50,11 @@ import java.util.TreeSet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.apache.commons.lang.StringUtils;
 import org.json.JSONObject;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
@@ -79,6 +84,7 @@ import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.AuditLog;
 import org.onap.portalsdk.core.domain.Role;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@@ -111,6 +117,8 @@ import com.fasterxml.jackson.databind.type.TypeFactory;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class RoleManageController extends EPRestrictedBaseController {
+       private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+
        private static final String PIPE = "|";
 
        private static final String ROLE_INVALID_CHARS = "%=():,\"\"";
@@ -497,8 +505,17 @@ public class RoleManageController extends EPRestrictedBaseController {
        }
 
        @RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST)
-       public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc,
+       public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @Valid @RequestBody CentralV2RoleFunction roleFunc,
                        @PathVariable("appId") Long appId) throws Exception {
+               if (roleFunc!=null) {
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<CentralV2RoleFunction>> constraintViolations = validator.validate(roleFunc);
+
+                       if(!constraintViolations.isEmpty()){
+                               logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed");
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+                       }
+               }
                EPUser user = EPUserUtils.getUserSession(request);
                boolean saveOrUpdateResponse = false;
                try {
@@ -594,6 +611,19 @@ public class RoleManageController extends EPRestrictedBaseController {
        public PortalRestResponse<String> removeRoleFunction(HttpServletRequest request, HttpServletResponse response,
                        @RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception {
                EPUser user = EPUserUtils.getUserSession(request);
+
+               if (roleFunc!=null) {
+                       SecureString secureString = new SecureString(roleFunc);
+
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+                       if(!constraintViolations.isEmpty()){
+                               logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+                       }
+               }
+
                try {
                        EPApp requestedApp = appService.getApp(appId);
                        if (isAuthorizedUser(user, requestedApp)) {
@@ -656,6 +686,18 @@ public class RoleManageController extends EPRestrictedBaseController {
 
        @RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET)
        public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException {
+               if(userId!=null) {
+                       SecureString secureString = new SecureString(userId);
+
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+                       Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+                       if(!constraintViolations.isEmpty()){
+                               logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+                               return null;
+                       }
+               }
+
                EPUser user = EPUserUtils.getUserSession(request);
                List<CentralizedApp> applicationsList = null;
                        if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) || adminRolesService.isRoleAdmin(user)) {

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java
index b9f6f76..71f7f81 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/TicketEventController.java
@@ -47,6 +47,10 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -56,6 +60,7 @@ import org.onap.portalapp.portal.service.UserNotificationService;
 import org.onap.portalapp.portal.transport.EpNotificationItem;
 import org.onap.portalapp.portal.transport.EpRoleNotificationItem;
 import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -80,7 +85,7 @@ import io.swagger.annotations.ApiOperation;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class TicketEventController implements BasicAuthenticationController {
-
+       private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
 
        @Autowired
        private UserNotificationService userNotificationService;
@@ -105,6 +110,19 @@ public class TicketEventController implements BasicAuthenticationController {
 
                logger.debug(EELFLoggerDelegate.debugLogger, "Ticket Event notification" + ticketEventJson);
                PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
+
+               if (ticketEventJson!=null){
+                       SecureString secureString = new SecureString(ticketEventJson);
+                       Validator validator = VALIDATOR_FACTORY.getValidator();
+
+                       Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+                       if (!constraintViolations.isEmpty()){
+                               portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                               portalResponse.setMessage("Data is not valid");
+                               return portalResponse;
+                       }
+               }
+
                try {
                        JsonNode ticketEventNotif = mapper.readTree(ticketEventJson);
 

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java
index f4fab56..fc76a0e 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/UserController.java
@@ -69,6 +69,8 @@ public class UserController extends EPRestrictedBaseController {
        @Autowired
        private UserService userService;
 
+       private static final String HIDDEN_DEFAULT_PASSWORD = "*****";
+
        /**
         * RESTful service method to get ONAP Logged in User details.
         * 
@@ -83,7 +85,7 @@ public class UserController extends EPRestrictedBaseController {
                try {
                        EPUser user = EPUserUtils.getUserSession(request);
                        ProfileDetail profileDetail = new ProfileDetail(user.getFirstName(), user.getLastName(),
-                                       user.getMiddleInitial(), user.getEmail(), user.getLoginId(),  CipherUtil.decryptPKC(user.getLoginPwd()));
+                                       user.getMiddleInitial(), user.getEmail(), user.getLoginId(),  HIDDEN_DEFAULT_PASSWORD);
                        portalRestResponse = new PortalRestResponse<ProfileDetail>(PortalRestStatusEnum.OK, "success",
                                        profileDetail);
                        EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/loggedinUser", "result =", profileDetail);
@@ -124,7 +126,9 @@ public class UserController extends EPRestrictedBaseController {
                                user.setEmail(profileDetail.getEmail());
                                user.setMiddleInitial(profileDetail.getMiddleName());
                                user.setLoginId(profileDetail.getLoginId());
-                               user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword()));
+                               if (!HIDDEN_DEFAULT_PASSWORD.equals(profileDetail.getLoginPassword())){
+                                       user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword()));
+                               }
                                userService.saveUser(user);
                                // Update user info in the session
                                request.getSession().setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME),

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java
index 6cf2ea7..0fe8a35 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/AppContactUs.java
@@ -37,6 +37,7 @@
  */
 package org.onap.portalapp.portal.domain;
 
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 
 import com.fasterxml.jackson.annotation.JsonBackReference;
@@ -46,10 +47,15 @@ public class AppContactUs extends DomainVo {
        private static final long serialVersionUID = -2742197830465055134L;
 
        @JsonBackReference private EPApp app;
+       @SafeHtml
        private String description;
+       @SafeHtml
        private String contactEmail;
+       @SafeHtml
        private String contactName;
+       @SafeHtml
        private String url;
+       @SafeHtml
        private String activeYN;
 
        public EPApp getApp() {

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java
index d2ded5a..a761103 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/CentralV2RoleFunction.java
@@ -39,6 +39,7 @@ package org.onap.portalapp.portal.domain;
 
 import java.io.Serializable;
 
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
@@ -50,14 +51,18 @@ public class CentralV2RoleFunction extends DomainVo implements Serializable, Com
         * 
         */
        private static final long serialVersionUID = -4018975640065252688L;
+               @SafeHtml
           private String code;
+               @SafeHtml
           private String name;
           @JsonIgnore
           private Long appId;
           @JsonIgnore
           private Long roleId;
           private String type;
+          @SafeHtml
           private String action;
+          @SafeHtml
           private String editUrl;
           
           

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java
index 6e77e74..8227d9a 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPApp.java
@@ -41,7 +41,9 @@ import java.util.Arrays;
 
 import javax.persistence.Lob;
 
+import javax.validation.Valid;
 import org.apache.commons.lang.StringUtils;
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 
 /**
@@ -50,29 +52,44 @@ import org.onap.portalsdk.core.domain.support.DomainVo;
 public class EPApp extends DomainVo {
 
        private static final long serialVersionUID = 1L;
-
+       @SafeHtml
        private String name;
+       @SafeHtml
        private String imageUrl;
+       @SafeHtml
        private String description;
+       @SafeHtml
        private String notes;
+       @SafeHtml
        private String url;
+       @SafeHtml
        private String alternateUrl;
+       @SafeHtml
        private String appRestEndpoint;
+       @SafeHtml
        private String mlAppName;
+       @SafeHtml
        private String mlAppAdminId;
        private Long motsId;
+       @SafeHtml
        private String username;
+       @SafeHtml
        private String appPassword;
        @Lob
        private byte[] thumbnail;
        private Boolean open;
        private Boolean enabled;
+       @SafeHtml
        private String uebTopicName;
+       @SafeHtml
        private String uebKey;
+       @SafeHtml
        private String uebSecret;
        private Integer appType;
+       @Valid
        private AppContactUs contactUs;
        private Boolean centralAuth;
+       @SafeHtml
        private String  nameSpace;
 
        public EPApp() {

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java
index f9ff97d..55f7e0c 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPRole.java
@@ -41,6 +41,8 @@ import java.util.Iterator;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.RoleFunction;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 import com.fasterxml.jackson.annotation.JsonIgnore;
@@ -48,6 +50,7 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
 public class EPRole extends DomainVo {
 
        private static final long serialVersionUID = 1L;
+       @SafeHtml
        private String  name;
     private boolean active;
     private Integer priority;
@@ -57,7 +60,7 @@ public class EPRole extends DomainVo {
     private Long appRoleId; // used by ONAP only
 
     private SortedSet<RoleFunction>     roleFunctions = new TreeSet<RoleFunction>();
-    
+    @Valid
     private SortedSet<EPRole> childRoles = new TreeSet<EPRole>();
     
     @JsonIgnore

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java
index ce7495f..dff5601 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUser.java
@@ -42,6 +42,8 @@ import java.util.Iterator;
 import java.util.SortedSet;
 import java.util.TreeSet;
 
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalsdk.core.domain.User;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@@ -52,44 +54,78 @@ public class EPUser extends User {
            
            private Long   orgId;
            private Long   managerId;
+           @SafeHtml
            private String firstName;
+           @SafeHtml
            private String middleInitial;
+           @SafeHtml
            private String lastName;
+           @SafeHtml
            private String phone;
+           @SafeHtml
            private String fax;
+           @SafeHtml
            private String cellular;
+           @SafeHtml
            private String email;
            private Long   addressId;
+           @SafeHtml
            private String alertMethodCd;
+           @SafeHtml
            private String hrid;
+           @SafeHtml
            private String orgUserId;
+           @SafeHtml
            private String orgCode;
+           @SafeHtml
            private String address1;
+           @SafeHtml
            private String address2;
+           @SafeHtml
            private String city;
+           @SafeHtml
            private String state;
+           @SafeHtml
            private String zipCode;
+           @SafeHtml
            private String country;
+           @SafeHtml
            private String orgManagerUserId;
+           @SafeHtml
            private String locationClli;
+           @SafeHtml
            private String businessCountryCode;
+           @SafeHtml
            private String businessCountryName;
+           @SafeHtml
            private String businessUnit;
+           @SafeHtml
            private String businessUnitName;
+           @SafeHtml
            private String department;
+           @SafeHtml
            private String departmentName;
+           @SafeHtml
            private String companyCode;
+           @SafeHtml
            private String company;
+           @SafeHtml
            private String zipCodeSuffix;
+           @SafeHtml
            private String jobTitle;
+           @SafeHtml
            private String commandChain;
+           @SafeHtml
            private String siloStatus;
+           @SafeHtml
            private String costCenter;
+           @SafeHtml
            private String financialLocCode;
            
            
-         
+           @SafeHtml
            private String loginId;
+           @SafeHtml
            private String loginPwd;
            private Date   lastLoginDate;
            private boolean active;
@@ -97,6 +133,7 @@ public class EPUser extends User {
            private Long    selectedProfileId;
            private Long timeZoneId;
            private boolean online;
+           @SafeHtml
            private String chatId;
            private Integer languageId;
            private static final long serialVersionUID = 1L;
@@ -104,8 +141,9 @@ public class EPUser extends User {
            private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EPUser.class);
                private static final String ECOMP_PORTAL_NAME = "ECOMP";
                private boolean isGuest = false;
-               
+               @Valid
                private SortedSet<EPUserApp> userApps = new TreeSet<EPUserApp>();
+               @Valid
                private SortedSet<EPRole> pseudoRoles = new TreeSet<EPRole>();
 
            public EPUser() {}

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java
index 3470a9e..424a915 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/EPUserApp.java
@@ -37,6 +37,7 @@
  */
 package org.onap.portalapp.portal.domain;
 
+import javax.validation.Valid;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 
 @SuppressWarnings("rawtypes")
@@ -45,7 +46,9 @@ public class EPUserApp extends DomainVo implements java.io.Serializable, Compara
        private static final long serialVersionUID = 1L;
        
        private Long userId;
+       @Valid
        private EPApp app;
+       @Valid
        private EPRole role;
        private Integer priority;
        

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java
index 5b5e37c..9900827 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/FunctionalMenuItemWithAppID.java
@@ -38,13 +38,20 @@
 package org.onap.portalapp.portal.domain;
 
 import java.util.List;
-
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Transient;
+import javax.validation.constraints.DecimalMax;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.NotNull;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import org.hibernate.validator.constraints.SafeHtml;
+
 /***
  * 
  * This class is almost identical to org.onap.portalapp.portal.transport.FunctionalMenuItem
@@ -55,27 +62,42 @@ import javax.persistence.Transient;
  *
  */
 @Entity
+@NoArgsConstructor
+@AllArgsConstructor
 public class FunctionalMenuItemWithAppID{
        private static final long serialVersionUID = 1L;
 
        @Id
     @GeneratedValue(strategy=GenerationType.IDENTITY)
        @Column(name = "MENU_ID")
+       @Digits(integer = 11, fraction = 0)
        public Long menuId;
        
        @Column(name = "COLUMN_NUM")
+       @Digits(integer = 2, fraction = 0)
+       @NotNull
        public Integer column;
        
        @Column(name = "TEXT")
+       @Max(value = 100)
+       @SafeHtml
+       @NotNull
        public String text;
        
        @Column(name = "PARENT_MENU_ID")
+       @Digits(integer = 11, fraction = 0)
        public Integer parentMenuId;
        
        @Column(name = "URL")
+       @Max(value = 128)
+       @SafeHtml
+       @NotNull
        public String url;
        
        @Column(name="ACTIVE_YN")
+       @Max(value = 1)
+       @SafeHtml
+       @NotNull
        public String active_yn;
 
        @Column(name="APP_ID")
@@ -89,10 +111,10 @@ public class FunctionalMenuItemWithAppID{
        
        public void normalize() {
                if (this.column == null)
-                       this.column = new Integer(1);
+                       this.column = 1;
                this.text = (this.text == null) ? "" : this.text.trim();
                if (this.parentMenuId == null)
-                       this.parentMenuId = new Integer(-1);
+                       this.parentMenuId = -1;
                this.url = (this.url == null) ? "" : this.url.trim();
        }
 

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java
index f62b892..b8f79d0 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceData.java
@@ -44,6 +44,8 @@ import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 
 public class MicroserviceData extends DomainVo {
@@ -55,23 +57,23 @@ public class MicroserviceData extends DomainVo {
        }
 
        private Long id;
-
+       @SafeHtml
        private String name;
-
+       @SafeHtml
        private String active;
-
+       @SafeHtml
        private String desc;
 
        private long appId;
-
+       @SafeHtml
        private String url;
-
+       @SafeHtml
        private String securityType;
-
+       @SafeHtml
        private String username;
-
+       @SafeHtml
        private String password;
-
+       @Valid
        private List<MicroserviceParameter> parameterList;
 
        public Long getId() {

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java
index 0c64571..848c6a2 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/MicroserviceParameter.java
@@ -37,6 +37,7 @@
  */
 package org.onap.portalapp.portal.domain;
 
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 
 public class MicroserviceParameter extends DomainVo {
@@ -50,9 +51,9 @@ public class MicroserviceParameter extends DomainVo {
        private Long id;
 
        private long serviceId;
-
+       @SafeHtml
        private String para_key;
-
+       @SafeHtml
        private String para_value;
 
        public Long getId() {

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java
index d4ca545..cf3e06b 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/domain/RoleApp.java
@@ -39,90 +39,21 @@ package org.onap.portalapp.portal.domain;
 
 import java.io.Serializable;
 import java.util.Set;
+import lombok.Getter;
+import lombok.Setter;
 
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.ManyToMany;
-import javax.persistence.ManyToOne;
-
-import com.fasterxml.jackson.annotation.JsonIgnore;
-
-//@Entity
-//@Table(name = "FN_ROLE")
+@Getter
+@Setter
 public class RoleApp implements Serializable{
        private static final long serialVersionUID = 1L;
 
-       //@Id
-       //@Column(name = "ROLE_ID")
-       //@GeneratedValue(strategy=GenerationType.AUTO)
        private Long roleId;
-       
-       
-       //@Column(name = "ROLE_Name")
-       private String roleName;
-       
-       //@ManyToOne(fetch = FetchType.EAGER)
-       //@JoinColumn(name="APP_ID")
-       private App app;
-       
-       //@JsonIgnore
-       //@ManyToMany(fetch = FetchType.EAGER, cascade = {CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH}, mappedBy="widgetRoles")
-       private Set<WidgetCatalog> widgets;
-
-       /*@PreRemove
-       private void removeGroupsFromUsers() {
-           for (WidgetCatalog w : widgets) {
-               w.getWidgetRoles().remove(this);
-           }
-       }*/
-       
-       /*@ManyToOne
-       @JoinColumn(name = "WIDGET_ID", nullable = false)
-       WidgetCatalog widgetCatalog;*/
-
-       //@JsonIgnore
-       //@ManyToMany(mappedBy = "widgetRoles")
-       //@ManyToMany(fetch = FetchType.EAGER, mappedBy = "widgetRoles")
-       //private Set<WidgetCatalog> widgets  = new HashSet<WidgetCatalog>();
-       
-       public Long getRoleId() {
-               return roleId;
-       }
-
-       public void setRoleId(Long roleId) {
-               this.roleId = roleId;
-       }
-
-       public String getRoleName() {
-               return roleName;
-       }
-
-       public void setRoleName(String roleName) {
-               this.roleName = roleName;
-       }
-
-       public App getApp() {
-               return app;
-       }
 
-       public void setApp(App app) {
-               this.app = app;
-       }
-       
-       
+       private String roleName;
 
-       public Set<WidgetCatalog> getWidgets() {
-               return widgets;
-       }
+       private App app;
 
-       public void setWidgets(Set<WidgetCatalog> widgets) {
-               this.widgets = widgets;
-       }
+       private Set<WidgetCatalog> widgets;
 
        @Override
        public String toString() {

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java
index cc37171..098846f 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerRestInt.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -38,23 +40,15 @@
 
 package org.onap.portalapp.portal.scheduler;
 
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
+import org.onap.portalapp.util.DateUtil;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 
 public class SchedulerRestInt {
        
        /** The logger. */
        EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerRestInterface.class);
-       
-       /** The Constant dateFormat. */
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-       
-       /** The request date format. */
-       public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
-       
+
        public SchedulerRestInt() {
-               requestDateFormat.setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
+               DateUtil.getRequestDateFormat().setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
        }
 }

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java
index ce2048b..c1ca873 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/SchedulerUtil.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -37,25 +39,21 @@
  */
 package org.onap.portalapp.portal.scheduler;
 
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.onap.portalapp.portal.scheduler.restobjects.GetTimeSlotsRestObject;
 import org.onap.portalapp.portal.scheduler.restobjects.PostCreateNewVnfRestObject;
 import org.onap.portalapp.portal.scheduler.restobjects.PostSubmitVnfChangeRestObject;
 import org.onap.portalapp.portal.scheduler.wrapper.GetTimeSlotsWrapper;
 import org.onap.portalapp.portal.scheduler.wrapper.PostCreateNewVnfWrapper;
 import org.onap.portalapp.portal.scheduler.wrapper.PostSubmitVnfChangeTimeSlotsWrapper;
+import org.onap.portalapp.util.DateUtil;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Date;
 
 public class SchedulerUtil {
        
        private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerUtil.class);
-       
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
 
        public static GetTimeSlotsWrapper getTimeSlotsWrapResponse (GetTimeSlotsRestObject<String> rs) {        
                
@@ -127,8 +125,10 @@ public class SchedulerUtil {
                        r_json_str = mapper.writeValueAsString(t);
                    }
                    catch ( com.fasterxml.jackson.core.JsonProcessingException j ) {
-                       logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " +  methodName + " Unable to parse object as json");
-                   }
+                                       logger.debug(EELFLoggerDelegate.debugLogger,
+                                               DateUtil.getDateFormat().format(new Date()) + "<== " + methodName + " Unable " + "to "
+                                                       + "parse object as json");
+                               }
            }
            return (r_json_str);
        }

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java
index 14b0347..17dc3f1 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpBasicClient.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -39,9 +41,6 @@
 package org.onap.portalapp.portal.scheduler.client;
 
 
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
 import javax.servlet.ServletContext;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
@@ -64,10 +63,6 @@ public class HttpBasicClient{
        
        /** The logger. */
        EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpBasicClient.class);
-       
-       /** The Constant dateFormat. */
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-       
        /**
         * Obtain a basic HTTP client .
         *

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java
index 857bec3..d618a6e 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduler/client/HttpsBasicClient.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -39,7 +41,6 @@
 package org.onap.portalapp.portal.scheduler.client;
 
 import java.io.File;
-import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 
@@ -55,8 +56,8 @@ import org.glassfish.jersey.client.ClientConfig;
 import org.glassfish.jersey.client.ClientProperties;
 import org.onap.portalapp.portal.scheduler.SchedulerProperties;
 import org.onap.portalapp.portal.scheduler.util.CustomJacksonJaxBJsonProvider;
+import org.onap.portalapp.util.DateUtil;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.util.SystemProperties;
 
  /**
   *  General SSL client using the VID tomcat keystore. It doesn't use client certificates.
@@ -66,10 +67,7 @@ public class HttpsBasicClient{
        
        /** The logger. */
        static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsBasicClient.class);
-       
-       /** The Constant dateFormat. */
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-       
+
        /**
         * Retrieve an SSL client.
         *
@@ -85,11 +83,14 @@ public class HttpsBasicClient{
                SSLContext ctx = null;
                
                try {
-                       
+
+                       SimpleDateFormat dateFormat = DateUtil.getDateFormat();
                        config.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
                        
                        String truststore_path = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_FILENAME);
-                       logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " truststore_path=" + truststore_path);
+                       logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " "
+                               + "truststore_path=" +
+                               truststore_path);
                        String truststore_password = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_PASSWD_X);
                        
                        
@@ -97,7 +98,8 @@ public class HttpsBasicClient{
                        //logger.debug(dateFormat.format(new Date()) + " " + methodName + " decrypted_truststore_password=" + decrypted_truststore_password);
                        
                        File tr = new File (truststore_path);
-                       logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " absolute truststore path=" + tr.getAbsolutePath());
+                       logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " absolute "
+                               + "truststore path=" + tr.getAbsolutePath());
                        
                        //String keystore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_FILENAME);
                        //String keystore_password = SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_PASSWD_X);

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java
index 1785bd1..75919ee 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInt.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -38,11 +40,11 @@
 
 package org.onap.portalapp.portal.scheduleraux;
 
-import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 
 import org.onap.portalapp.portal.scheduler.policy.rest.RequestDetails;
+import org.onap.portalapp.util.DateUtil;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -51,15 +53,9 @@ public class SchedulerAuxRestInt {
        
        /** The logger. */
        EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxRestInterface.class);
-       
-       /** The Constant dateFormat. */
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-       
-       /** The request date format. */
-       public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
-       
+
        public SchedulerAuxRestInt() {
-               requestDateFormat.setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
+               DateUtil.getRequestDateFormat().setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
        }
 
        /**
@@ -68,6 +64,7 @@ public class SchedulerAuxRestInt {
         * @param r the r
         */
        public void logRequest ( RequestDetails r ) {
+                 SimpleDateFormat dateFormat = DateUtil.getDateFormat();
        String methodName = "logRequest";
            ObjectMapper mapper = new ObjectMapper();
            String r_json_str = "";
@@ -77,9 +74,13 @@ public class SchedulerAuxRestInt {
                        r_json_str = mapper.writeValueAsString(r);
                    }
                    catch ( com.fasterxml.jackson.core.JsonProcessingException j ) {
-                       logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " +  methodName + " Unable to parse request as json");
+                       logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + "<== " +  methodName + " "
+                                               + "Unable to "
+                                               + "parse request as json");
                    }
            }
-           logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " +  methodName + " Request=(" + r_json_str + ")");  
+           logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " +  methodName + " Request="
+                               + "(" +
+                               r_json_str + ")");
     }
-}
\ No newline at end of file
+}

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java
index e0a2fe5..01a52cc 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxRestInterface.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -37,19 +39,13 @@
  */
 package org.onap.portalapp.portal.scheduleraux;
 
-import java.lang.reflect.Type;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Collections;
-import java.util.Date;
-
-import javax.annotation.PostConstruct;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedHashMap;
-import javax.ws.rs.core.Response;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.cxf.jaxrs.impl.ResponseImpl;
 import org.eclipse.jetty.util.security.Password;
@@ -59,26 +55,26 @@ import org.onap.portalapp.portal.logging.logic.EPLogUtil;
 import org.onap.portalapp.portal.scheduler.SchedulerProperties;
 import org.onap.portalapp.portal.scheduler.client.HttpBasicClient;
 import org.onap.portalapp.portal.scheduler.policy.rest.RequestDetails;
+import org.onap.portalapp.util.DateUtil;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.client.HttpClientErrorException;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializationContext;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonParseException;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedHashMap;
+import javax.ws.rs.core.Response;
+import java.lang.reflect.Type;
+import java.text.SimpleDateFormat;
+import java.util.Collections;
+import java.util.Date;
 
 public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements SchedulerAuxRestInterfaceIfc {
 
        /** The logger. */
        EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxRestInterface.class);
 
-       /** The Constant dateFormat. */
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
        /** The client. */
        private static Client client = null;
 
@@ -147,6 +143,7 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc
                String methodName = "Get";
 
                logger.debug(EELFLoggerDelegate.debugLogger, " start", methodName);
+               SimpleDateFormat dateFormat = DateUtil.getDateFormat();
 
                String url = "";
                restObject.set(t);
@@ -165,8 +162,8 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc
                if (status == 200) {
                        t = (T) cres.readEntity(t.getClass());
                        restObject.set(t);
-                       logger.debug(EELFLoggerDelegate.debugLogger, " REST api was successfull!", dateFormat.format(new Date()),
-                                       methodName);
+                       logger.debug(EELFLoggerDelegate.debugLogger, " REST api was successfull!",
+                               dateFormat.format(new Date()), methodName);
 
                } else {
                        throw new Exception(methodName + " with status=" + status + ", url= " + url);
@@ -183,6 +180,7 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc
                String methodName = "Delete";
                String url = "";
                Response cres = null;
+               SimpleDateFormat dateFormat = DateUtil.getDateFormat();
 
                logRequest(r);
 
@@ -191,7 +189,7 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc
 
                        url = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULERAUX_SERVER_URL_VAL) + path;
                        logger.debug(EELFLoggerDelegate.debugLogger, " methodName sending request to: ",
-                                       dateFormat.format(new Date()), url, methodName);
+                               dateFormat.format(new Date()), url, methodName);
 
                        cres = client.target(url).request().accept("application/json").headers(commonHeaders)
                                        // .entity(r)
@@ -235,8 +233,8 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc
                                        url, e);
                        EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value());
                } catch (Exception e) {
-                       logger.error(EELFLoggerDelegate.errorLogger, "Exception with the URL ", dateFormat.format(new Date()),
-                                       methodName, url, e);
+                       logger.error(EELFLoggerDelegate.errorLogger, "Exception with the URL ",
+                               dateFormat.format(new Date()), methodName, url, e);
                        EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value());
 
                        throw e;
@@ -324,4 +322,4 @@ public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements Sc
        public void logRequest(RequestDetails r) {
                // TODO Auto-generated method stub
        }
-}
\ No newline at end of file
+}

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java
index 4a4c928..f0f0af5 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/scheduleraux/SchedulerAuxUtil.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -37,18 +39,13 @@
  */
 package org.onap.portalapp.portal.scheduleraux;
 
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
 import org.glassfish.jersey.client.ClientResponse;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 
 public class SchedulerAuxUtil {
        
        private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxUtil.class);
-       
-       final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-       
+
        public static SchedulerAuxResponseWrapper wrapResponse ( String body, int statusCode ) {
                
                SchedulerAuxResponseWrapper w = new SchedulerAuxResponseWrapper();

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java
index 5c3c51b..bbb8382 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/EPAppCommonServiceImpl.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -63,7 +65,6 @@ import org.onap.portalapp.portal.domain.AdminUserApplications;
 import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel;
 import org.onap.portalapp.portal.domain.AppsResponse;
 import org.onap.portalapp.portal.domain.EPApp;
-import org.onap.portalapp.portal.domain.EPRole;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.domain.EPUserAppRolesRequest;
 import org.onap.portalapp.portal.domain.EPUserAppRolesRequestDetail;
@@ -493,7 +494,7 @@ public class EPAppCommonServiceImpl implements EPAppService {
                if (onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.url == null
                                || onboardingApp.url.length() == 0 || onboardingApp.restrictedApp == null
                                || onboardingApp.isOpen == null || onboardingApp.isEnabled == null
-                               || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID))
+                               || (onboardingApp.id != null && ECOMP_APP_ID.equals(onboardingApp.id.toString()))
                                // For a normal app (appType == PortalConstants.PortalAppId),
                                // these fields must be filled
                                // in.
@@ -509,7 +510,7 @@ public class EPAppCommonServiceImpl implements EPAppService {
                        if (onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.url == null
                                        || onboardingApp.url.length() == 0 || onboardingApp.restrictedApp == null
                                        || onboardingApp.isOpen == null || onboardingApp.isEnabled == null
-                                       || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID))
+                                       || (onboardingApp.id != null && ECOMP_APP_ID.equals(onboardingApp.id.toString()))
                                        // For a normal app (appType == PortalConstants.PortalAppId),
                                        // these fields must be filled
                                        // in.
@@ -1494,7 +1495,7 @@ public class EPAppCommonServiceImpl implements EPAppService {
        // Don't encrypt or decrypt the password if it is null or the empty string
        private String decryptedPassword(String encryptedAppPwd, EPApp app) {
                String result = "";
-               if (encryptedAppPwd != null & encryptedAppPwd.length() > 0) {
+               if (encryptedAppPwd != null && !encryptedAppPwd.isEmpty()) {
                        try {
                                result = CipherUtil.decryptPKC(encryptedAppPwd,
                                                SystemProperties.getProperty(SystemProperties.Decryption_Key));
@@ -1507,7 +1508,7 @@ public class EPAppCommonServiceImpl implements EPAppService {
 
        protected String encryptedPassword(String decryptedAppPwd, EPApp app) {
                String result = "";
-               if (decryptedAppPwd != null & decryptedAppPwd.length() > 0) {
+               if (decryptedAppPwd != null && !decryptedAppPwd.isEmpty()) {
                        try {
                                result = CipherUtil.encryptPKC(decryptedAppPwd,
                                                SystemProperties.getProperty(SystemProperties.Decryption_Key));
@@ -1800,4 +1801,4 @@ public class EPAppCommonServiceImpl implements EPAppService {
                return userAndRoles;
                
        }
-}
\ No newline at end of file
+}

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java
index e90aeb7..b41d898 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/MicroserviceServiceImpl.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -42,8 +44,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import javax.crypto.BadPaddingException;
-
 import org.hibernate.criterion.Criterion;
 import org.hibernate.criterion.Restrictions;
 import org.onap.portalapp.portal.domain.MicroserviceData;
@@ -75,9 +75,8 @@ public class MicroserviceServiceImpl implements MicroserviceService {
                return newService.getId();
        }
 
-       public void saveServiceParameters(long serviceId, List<MicroserviceParameter> list) throws Exception {
-               for (int i = 0; i < list.size(); i++) {
-                       MicroserviceParameter para = list.get(i);
+       public void saveServiceParameters(long serviceId, List<MicroserviceParameter> list) {
+               for (MicroserviceParameter para : list) {
                        para.setServiceId(serviceId);
                        getDataAccessService().saveDomainObject(para, null);
                }
@@ -85,9 +84,9 @@ public class MicroserviceServiceImpl implements MicroserviceService {
 
        @Override
        public MicroserviceData getMicroserviceDataById(long id) {
-               MicroserviceData data = null;
+               MicroserviceData data;
                try {
-                       List<Criterion> restrictionsList = new ArrayList<Criterion>();
+                       List<Criterion> restrictionsList = new ArrayList<>();
                        Criterion idCriterion = Restrictions.eq("id", id);
                        restrictionsList.add(idCriterion);
                        data = (MicroserviceData) dataAccessService.getList(MicroserviceData.class, null, restrictionsList, null).get(0);
@@ -102,34 +101,35 @@ public class MicroserviceServiceImpl implements MicroserviceService {
 
        @SuppressWarnings("unchecked")
        @Override
-       public List<MicroserviceData> getMicroserviceData() throws Exception {
+       public List<MicroserviceData> getMicroserviceData() {
                List<MicroserviceData> list = (List<MicroserviceData>) dataAccessService.getList(MicroserviceData.class, null);
-               for (int i = 0; i < list.size(); i++) {
-                       if (list.get(i).getPassword() != null)
-                               list.get(i).setPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD);  //to hide password from get request
-                       list.get(i).setParameterList(getServiceParameters(list.get(i).getId()));
+               for (MicroserviceData microserviceData : list) {
+                       if (microserviceData.getPassword() != null) {
+                               microserviceData
+                                       .setPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD);  //to hide password from get request
+                       }
+                       microserviceData.setParameterList(getServiceParameters(microserviceData.getId()));
                }
                return list;
        }
 
        private List<MicroserviceParameter> getServiceParameters(long serviceId) {
-               List<MicroserviceParameter> list = getMicroServiceParametersList(serviceId);
-               return list;
+               return getMicroServiceParametersList(serviceId);
        }
 
        @SuppressWarnings("unchecked")
        private List<MicroserviceParameter> getMicroServiceParametersList(long serviceId) {
-               List<Criterion> restrictionsList = new ArrayList<Criterion>();
+               List<Criterion> restrictionsList = new ArrayList<>();
                Criterion serviceIdCriterion = Restrictions.eq("serviceId", serviceId);
                restrictionsList.add(serviceIdCriterion);
                return (List<MicroserviceParameter>) dataAccessService.getList(MicroserviceParameter.class, null, restrictionsList, null);
        }
 
        @Override
-       public void deleteMicroservice(long serviceId) throws Exception {
+       public void deleteMicroservice(long serviceId) {
 
                try {
-                       Map<String, String> params = new HashMap<String, String>();
+                       Map<String, String> params = new HashMap<>();
                        params.put("serviceId", Long.toString(serviceId));
 
                        dataAccessService.executeNamedQuery("deleteMicroserviceParameter", params, null);
@@ -156,17 +156,16 @@ public class MicroserviceServiceImpl implements MicroserviceService {
                        getDataAccessService().saveDomainObject(newService, null);
                        List<MicroserviceParameter> oldService = getServiceParameters(serviceId);
                        boolean foundParam;
-                       for (int i = 0; i < oldService.size(); i++) {
+                       for (MicroserviceParameter microserviceParameter : oldService) {
                                foundParam = false;
                                for (int n = 0; n < newService.getParameterList().size(); n++) {
-                                       if (newService.getParameterList().get(n).getId().equals(oldService.get(i).getId())) {
+                                       if (newService.getParameterList().get(n).getId().equals(microserviceParameter.getId())) {
                                                foundParam = true;
                                                break;
                                        }
                                }
-                               if (foundParam == false) {
-                                       MicroserviceParameter pd = oldService.get(i);
-                                       getDataAccessService().deleteDomainObject(pd, null);
+                               if (!foundParam) {
+                                       getDataAccessService().deleteDomainObject(microserviceParameter, null);
                                }
                        }
                        for (int i = 0; i < newService.getParameterList().size(); i++) {
@@ -184,7 +183,7 @@ public class MicroserviceServiceImpl implements MicroserviceService {
        @Override
        @SuppressWarnings("unchecked")
        public List<MicroserviceParameter> getParametersById(long serviceId) {
-               List<Criterion> restrictionsList = new ArrayList<Criterion>();
+               List<Criterion> restrictionsList = new ArrayList<>();
                Criterion contextIdCrit = Restrictions.eq("serviceId", serviceId);
                restrictionsList.add(contextIdCrit);
                List<MicroserviceParameter> list = (List<MicroserviceParameter>) dataAccessService
@@ -196,7 +195,7 @@ public class MicroserviceServiceImpl implements MicroserviceService {
 
        private String decryptedPassword(String encryptedPwd) throws Exception {
                String result = "";
-               if (encryptedPwd != null & encryptedPwd.length() > 0) {
+               if (encryptedPwd != null && !encryptedPwd.isEmpty()) {
                        try {
                                result = CipherUtil.decryptPKC(encryptedPwd,
                                                SystemProperties.getProperty(SystemProperties.Decryption_Key));
@@ -210,7 +209,7 @@ public class MicroserviceServiceImpl implements MicroserviceService {
 
        private String encryptedPassword(String decryptedPwd) throws Exception {
                String result = "";
-               if (decryptedPwd != null & decryptedPwd.length() > 0) {
+               if (decryptedPwd != null && !decryptedPwd.isEmpty()) {
                        try {
                                result = CipherUtil.encryptPKC(decryptedPwd,
                                                SystemProperties.getProperty(SystemProperties.Decryption_Key));

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 5d9761c..aaaf91b 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -176,10 +176,10 @@ public class UserRolesCommonServiceImpl  {
         * 
         * @param userId
         */
-       protected void createLocalUserIfNecessary(String userId) {
+       protected boolean createLocalUserIfNecessary(String userId) {
                if (StringUtils.isEmpty(userId)) {
                        logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!");
-                       return;
+                       return false;
                }
                Session localSession = null;
                Transaction transaction = null;
@@ -188,7 +188,10 @@ public class UserRolesCommonServiceImpl  {
                        transaction = localSession.beginTransaction();
                        @SuppressWarnings("unchecked")
                        List<EPUser> userList = localSession
-                                       .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+                                       .createQuery("from :name where orgUserId=:userId")
+                                       .setParameter("name",EPUser.class.getName())
+                                       .setParameter("userId",userId)
+                                       .list();
                        if (userList.size() == 0) {
                                EPUser client = searchService.searchUserByUserId(userId);
                                if (client == null) {
@@ -202,9 +205,11 @@ public class UserRolesCommonServiceImpl  {
                                }
                        }
                        transaction.commit();
+                       return true;
                } catch (Exception e) {
                        EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
                        EcompPortalUtils.rollbackTransaction(transaction, "searchOrCreateUser rollback, exception = " + e);
+                       return false;
                } finally {
                        EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser");
                }

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java
index 2ada8ed..17007a5 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CentralV2UserApp.java
@@ -38,6 +38,7 @@
 package org.onap.portalapp.portal.transport;
 
 import java.io.Serializable;
+import java.util.Objects;
 
 @SuppressWarnings("rawtypes")
 public class CentralV2UserApp implements Serializable, Comparable{
@@ -99,7 +100,20 @@ public class CentralV2UserApp implements Serializable, Comparable{
                this.priority = priority;
        }
 
-
+       @Override
+       public boolean equals(Object other) {
+               if (this == other) {
+                       return true;
+               }
+               if (!(other instanceof CentralV2UserApp)) {
+                       return false;
+               }
+               CentralV2UserApp castOther = (CentralV2UserApp) other;
+               return Objects.equals(this.userId, castOther.userId) &&
+                       Objects.equals(this.app, castOther.app) &&
+                       Objects.equals(this.role, castOther.role) &&
+                       Objects.equals(this.priority, castOther.priority);
+       }
 
        public int compareTo(Object other){
            CentralV2UserApp castOther = (CentralV2UserApp) other;

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java
index ec27d98..3fbdc3e 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java
@@ -44,6 +44,7 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 import com.fasterxml.jackson.annotation.JsonInclude;
 
@@ -63,28 +64,33 @@ public class CommonWidget extends DomainVo{
        private Long id;
 
        @Column(name = "category")
+       @SafeHtml
        public String category;
        
        @Column(name = "href")
+       @SafeHtml
        public String href;
 
        @Column(name = "title")
+       @SafeHtml
        public String title;
        
        @Column(name = "content")
+       @SafeHtml
        public String content;
 
        @Column(name = "event_date")
+       @SafeHtml
        public String eventDate;
        
        @Column(name = "sort_order")
        public Integer sortOrder;
 
-       
+
        public CommonWidget(){
-               
+
        }
-       
+
        public CommonWidget(String category, String href, String title, String content, String eventDate, Integer sortOrder){
                this.category = category;
                this.href = href;

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java
index 55dfc91..51a0265 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java
@@ -38,14 +38,17 @@
 package org.onap.portalapp.portal.transport;
 
 import java.util.List;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
 
 public class CommonWidgetMeta {
-       
+       @SafeHtml
        private String category;
+       @Valid
        private List<CommonWidget> items;
-       
-       public CommonWidgetMeta(){      
-               
+
+       public CommonWidgetMeta(){
+
        }
 
        public CommonWidgetMeta(String category, List<CommonWidget> items){

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java
index 06acdb7..14ad2f4 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/FunctionalMenuItem.java
@@ -47,37 +47,62 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import javax.persistence.Transient;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.NotNull;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import org.hibernate.validator.constraints.SafeHtml;
 
 @Entity
 @Table(name="fn_menu_functional")
+@NoArgsConstructor
+@AllArgsConstructor
 public class FunctionalMenuItem implements Serializable {
-       public FunctionalMenuItem(){};
-       
        private static final long serialVersionUID = 1L;
 
        @Id
-    @GeneratedValue(strategy=GenerationType.IDENTITY)
+       @GeneratedValue(strategy=GenerationType.IDENTITY)
        @Column(name = "MENU_ID")
+       @Digits(integer = 11, fraction = 0)
        public Long menuId;
-       
+
        @Column(name = "COLUMN_NUM")
+       @Digits(integer = 2, fraction = 0)
+       @NotNull
        public Integer column;
-       
+
        @Column(name = "TEXT")
+       @Max(value = 100)
+       @SafeHtml
+       @NotNull
        public String text;
-       
+
        @Column(name = "PARENT_MENU_ID")
+       @Digits(integer = 11, fraction = 0)
        public Integer parentMenuId;
-       
+
        @Column(name = "URL")
+       @Max(value = 128)
+       @SafeHtml
+       @NotNull
        public String url;
-       
+
        @Column(name="ACTIVE_YN")
+       @Max(value = 1)
+       @SafeHtml
+       @NotNull
        public String active_yn;
 
        @Transient
        public Integer appid;
        
+       @Transient
+       private List<Integer> roles;
+
+       @Transient
+       public Boolean restrictedApp;
+
        public List<Integer> getRoles() {
                return roles;
        }
@@ -86,18 +111,12 @@ public class FunctionalMenuItem implements Serializable {
                this.roles = roles;
        }
 
-       @Transient
-       private List<Integer> roles;
-       
-       @Transient
-       public Boolean restrictedApp;
-       
        public void normalize() {
                if (this.column == null)
-                       this.column = new Integer(1);
+                       this.column = 1;
                this.text = (this.text == null) ? "" : this.text.trim();
                if (this.parentMenuId == null)
-                       this.parentMenuId = new Integer(-1);
+                       this.parentMenuId = -1;
                this.url = (this.url == null) ? "" : this.url.trim();
        }
 

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java
index f2503b4..37ad5ad 100644 (file)
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingApp.java
@@ -37,6 +37,8 @@
  */
 package org.onap.portalapp.portal.transport;
 
+import org.hibernate.validator.constraints.SafeHtml;
+
 /**
  * Model of rows in the fn_app table; serialized as a message add or update an
  * on-boarded application.
@@ -44,21 +46,21 @@ package org.onap.portalapp.portal.transport;
 public class OnboardingApp {
 
        public Long id;
-
+       @SafeHtml
        public String name;
-
+       @SafeHtml
        public String imageUrl;
-
+       @SafeHtml
        public String imageLink;
-
+       @SafeHtml
        public String description;
-
+       @SafeHtml
        public String notes;
-
+       @SafeHtml
        public String url;
-
+       @SafeHtml
        public String alternateUrl;
-
+       @SafeHtml
        public String restUrl;
 
        public Boolean isOpen;
@@ -66,27 +68,27 @@ public class OnboardingApp {
        public Boolean isEnabled;
 
        public Long motsId;
-
+       @SafeHtml
        public String myLoginsAppName;
-
+       @SafeHtml
        public String myLoginsAppOwner;
-
+       @SafeHtml
        public String username;
-
+       @SafeHtml
        public String appPassword;
-
+       @SafeHtml
        public String thumbnail;
-
+       @SafeHtml
        public String uebTopicName;
-
+       @SafeHtml
        public String uebKey;
-
+       @SafeHtml
        public String uebSecret;
 
        public Boolean restrictedApp;
        
        public Boolean isCentralAuth;
-       
+       @SafeHtml
        public String nameSpace;
 
        /**

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/DateUtil.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/DateUtil.java
new file mode 100644 (file)
index 0000000..211f8ab
--- /dev/null
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/util/DateUtil.java
@@ -0,0 +1,56 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (c) 2019 Samsung. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.util;
+
+import java.text.SimpleDateFormat;
+
+public class DateUtil {
+
+    private DateUtil() {
+        throw new IllegalStateException("Utility class");
+    }
+
+    public static SimpleDateFormat getDateFormat() {
+        return new SimpleDateFormat("HH:mm:ss:SSSS");
+    }
+
+    public static SimpleDateFormat getRequestDateFormat(){
+        return new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
+    }
+}

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
new file mode 100644 (file)
index 0000000..46a60c8
--- /dev/null
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
@@ -0,0 +1,63 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.validation;
+
+import java.util.Set;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class DataValidator {
+       private static final ValidatorFactory VALIDATOR_FACTORY  = Validation.buildDefaultValidatorFactory();
+
+       public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid){
+              Validator validator = VALIDATOR_FACTORY.getValidator();
+              Set<ConstraintViolation<E>> constraintViolations = validator.validate(classToValid);
+              return constraintViolations;
+       }
+
+       public <E> boolean isValid(E classToValid){
+              Set<ConstraintViolation<E>> constraintViolations = getConstraintViolations(classToValid);
+              return constraintViolations.isEmpty();
+       }
+
+}

diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/SecureString.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/SecureString.java
new file mode 100644 (file)
index 0000000..2afbdda
--- /dev/null
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/SecureString.java
@@ -0,0 +1,55 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.validation;
+
+import org.hibernate.validator.constraints.SafeHtml;
+
+public class SecureString {
+
+       @SafeHtml
+       private String data;
+
+       public SecureString(String string) {
+              this.data = string;
+       }
+
+       public String getString() {
+              return data;
+       }
+}

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java
index 847d474..9d3c778 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequestTest.java
@@ -132,6 +132,24 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite {
                assertEquals(actualPortalRestResponse, expectedportalRestResponse);
        }
 
+       @Test
+       public void postPortalAdminXSSTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               expectedportalRestResponse.setMessage("Data is not valid");
+               expectedportalRestResponse.setResponse(null);
+               PortalRestStatusEnum portalRestStatusEnum = null;
+               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+               EPUser user = mockUser.mockEPUser();
+               user.setEmail("“><script>alert(“XSS”)</script>");
+               user.setLoginPwd("pwd");
+               user.setLoginId("Test");
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(userService.getUserByUserId(user.getOrgUserId())).thenThrow(nullPointerException);
+               PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+                       .postPortalAdmin(mockedRequest, mockedResponse, user);
+               assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+       }
+
        @Test
        public void postPortalAdminCreateUserIfNotFoundTest() throws Exception {
                PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
@@ -276,6 +294,36 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite {
 
        }
 
+       @Test
+       public void postOnboardAppExternalXSSTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               expectedportalRestResponse.setMessage(
+                       "Data is not valid");
+               expectedportalRestResponse.setResponse(null);
+               PortalRestStatusEnum portalRestStatusEnum = null;
+               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+               OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+               expectedOnboardingApp.name = "test";
+               expectedOnboardingApp.url="test.com";
+               expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>";
+               expectedOnboardingApp.myLoginsAppOwner="testUser";
+               expectedOnboardingApp.restrictedApp=false;
+               expectedOnboardingApp.isOpen=true;
+               expectedOnboardingApp.isEnabled=true;
+               EPUser user = mockUser.mockEPUser();
+               user.setEmail("guestT@test.portal.onap.org");
+               user.setLoginPwd("pwd");
+               user.setLoginId("Test");
+               List<EPUser> expectedList = new ArrayList<EPUser>();
+               expectedList.add(user);
+
+               PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+                       .postOnboardAppExternal(mockedRequest, mockedResponse, expectedOnboardingApp);
+               assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+       }
+
        @Test
        public void putOnboardAppExternalifAppNullTest() {
                PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
@@ -292,6 +340,38 @@ public class AppsControllerExternalRequestTest extends MockitoTestSuite {
                assertEquals(actualPortalRestResponse, expectedportalRestResponse);
        }
 
+       @Test
+       public void putOnboardAppExternalXSSTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               expectedportalRestResponse.setMessage(
+                       "Data is not valid");
+               expectedportalRestResponse.setResponse(null);
+               PortalRestStatusEnum portalRestStatusEnum = null;
+               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+               OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+               expectedOnboardingApp.name = "test";
+               expectedOnboardingApp.url="test.com";
+               expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>";
+               expectedOnboardingApp.myLoginsAppOwner="testUser";
+               expectedOnboardingApp.restrictedApp=false;
+               expectedOnboardingApp.isOpen=true;
+               expectedOnboardingApp.isEnabled=true;
+               EPUser user = mockUser.mockEPUser();
+               user.setEmail("guestT@test.portal.onap.org");
+               user.setLoginPwd("pwd");
+               user.setLoginId("Test");
+               List<EPUser> expectedList = new ArrayList<EPUser>();
+               expectedList.add(user);
+
+               Long appId = (long) 1;
+
+               PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+                       .putOnboardAppExternal(mockedRequest, mockedResponse, appId, expectedOnboardingApp);
+               assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+       }
+
        @Test
        public void putOnboardAppExternalIfOnboardingAppDetailsNullTest() {
                PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
index 839b9fd..3466785 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
@@ -93,7 +93,7 @@ public class DashboardSearchResultControllerTest {
        @Test
        public void getWidgetDataTest() {
                String resourceType = "test";
-               PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<CommonWidgetMeta>();
+               PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("success");
                ecpectedPortalRestResponse.setResponse(null);
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -104,9 +104,22 @@ public class DashboardSearchResultControllerTest {
 
        }
 
+       @Test
+       public void getWidgetDataXSSTest() {
+               String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"";
+               PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setMessage("resourceType: String string is not valid");
+               expectedPortalRestResponse.setResponse("");
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null);
+               PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController
+                       .getWidgetData(mockedRequest, resourceType);
+               assertEquals(expectedPortalRestResponse,acutualPoratlRestResponse);
+       }
+
        @Test
        public void saveWidgetDataBulkTest() {
-               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("success");
                ecpectedPortalRestResponse.setResponse(null);
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -114,7 +127,7 @@ public class DashboardSearchResultControllerTest {
                CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
                commonWidgetMeta.setCategory("test");
 
-               List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>();
+               List<CommonWidget> commonWidgetList = new ArrayList<>();
                CommonWidget commonWidget = new CommonWidget();
                commonWidget.setId((long) 1);
                commonWidget.setCategory("test");
@@ -135,9 +148,40 @@ public class DashboardSearchResultControllerTest {
                assertEquals(actualPortalRestResponse, ecpectedPortalRestResponse);
        }
 
+       @Test
+       public void saveWidgetDataBulkXSSTest() {
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
+               ecpectedPortalRestResponse.setMessage("ERROR");
+               ecpectedPortalRestResponse.setResponse("Category is not valid");
+               ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+
+               CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
+               commonWidgetMeta.setCategory("test");
+
+               List<CommonWidget> commonWidgetList = new ArrayList<>();
+               CommonWidget commonWidget = new CommonWidget();
+               commonWidget.setId((long) 1);
+               commonWidget.setCategory("test");
+               commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"");
+               commonWidget.setTitle("test_title");
+               commonWidget.setContent("test_content");
+               commonWidget.setEventDate(null);
+               commonWidget.setSortOrder(1);
+
+               commonWidgetList.add(commonWidget);
+
+               commonWidgetMeta.setItems(commonWidgetList);
+
+               Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null);
+
+               PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+                       .saveWidgetDataBulk(commonWidgetMeta);
+               assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
+       }
+
        @Test
        public void saveWidgetDataBulkIfCategoryNullTest() {
-               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\"");
                ecpectedPortalRestResponse.setResponse(null);
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -145,7 +189,7 @@ public class DashboardSearchResultControllerTest {
                CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
                commonWidgetMeta.setCategory("test");
 
-               List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>();
+               List<CommonWidget> commonWidgetList = new ArrayList<>();
                CommonWidget commonWidget = new CommonWidget();
                commonWidget.setId(null);
                commonWidget.setCategory(null);
@@ -166,7 +210,7 @@ public class DashboardSearchResultControllerTest {
 
        @Test
        public void saveWidgetDataTest() {
-               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("success");
                ecpectedPortalRestResponse.setResponse(null);
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -187,11 +231,34 @@ public class DashboardSearchResultControllerTest {
 
        }
 
+       @Test
+       public void saveWidgetDataXSSTest() {
+               PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setMessage("ERROR");
+               expectedPortalRestResponse.setResponse("Category is not valid");
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               CommonWidget commonWidget = new CommonWidget();
+               commonWidget.setId((long) 1);
+               commonWidget.setCategory("test");
+               commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+               commonWidget.setTitle("test_title");
+               commonWidget.setContent("test_content");
+               commonWidget.setEventDate(null);
+               commonWidget.setSortOrder(1);
+
+               Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null);
+
+               PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+                       .saveWidgetData(commonWidget);
+               assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+
+       }
+
        @Test
        public void saveWidgetDataExceptionTest() {
-               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("ERROR");
-               ecpectedPortalRestResponse.setResponse("Cateogry cannot be null or empty");
+               ecpectedPortalRestResponse.setResponse("Category cannot be null or empty");
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                CommonWidget commonWidget = new CommonWidget();
                commonWidget.setId((long) 1);
@@ -212,7 +279,7 @@ public class DashboardSearchResultControllerTest {
 
        @Test
        public void saveWidgetDataDateErrorTest() {
-               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\"");
                ecpectedPortalRestResponse.setResponse(null);
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -233,8 +300,9 @@ public class DashboardSearchResultControllerTest {
 
        }
 
+       @Test
        public void deleteWidgetDataTest() {
-               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
                ecpectedPortalRestResponse.setMessage("success");
                ecpectedPortalRestResponse.setResponse(null);
                ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -254,15 +322,37 @@ public class DashboardSearchResultControllerTest {
                assertEquals(actualPortalRestResponse, ecpectedPortalRestResponse);
        }
 
+       @Test
+       public void deleteWidgetDataXSSTest() {
+               PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setMessage("ERROR");
+               expectedPortalRestResponse.setResponse("CommonWidget is not valid");
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               CommonWidget commonWidget = new CommonWidget();
+               commonWidget.setId((long) 1);
+               commonWidget.setCategory("test");
+               commonWidget.setHref("test_href");
+               commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+               commonWidget.setContent("test_content");
+               commonWidget.setEventDate(null);
+               commonWidget.setSortOrder(1);
+               Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null);
+
+               PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+                       .deleteWidgetData(commonWidget);
+
+               assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+       }
+
        @Test
        public void searchPortalIfUserIsNull() {
                EPUser user = null;
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
                String searchString = "test";
 
-               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("searchPortal: User object is null? - check logs");
-               expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+               expectedResult.setResponse(new HashMap<>());
                expectedResult.setStatus(PortalRestStatusEnum.ERROR);
                PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
                                .searchPortal(mockedRequest, searchString);
@@ -272,13 +362,12 @@ public class DashboardSearchResultControllerTest {
        @Test
        public void searchPortalIfSearchStringNullTest() {
                EPUser user = mockUser.mockEPUser();
-               ;
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
                String searchString = null;
 
-               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("searchPortal: String string is null");
-               expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+               expectedResult.setResponse(new HashMap<>());
                expectedResult.setStatus(PortalRestStatusEnum.ERROR);
 
                PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
@@ -289,10 +378,9 @@ public class DashboardSearchResultControllerTest {
        @Test
        public void searchPortalIfSearchTest() {
                EPUser user = mockUser.mockEPUser();
-               ;
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
                String searchString = "test";
-               List<SearchResultItem> searchResultItemList = new ArrayList<SearchResultItem>();
+               List<SearchResultItem> searchResultItemList = new ArrayList<>();
                SearchResultItem searchResultItem = new SearchResultItem();
 
                searchResultItem.setId((long) 1);
@@ -301,10 +389,10 @@ public class DashboardSearchResultControllerTest {
                searchResultItem.setTarget("test_target");
                searchResultItem.setUuid("test_UUId");
                searchResultItemList.add(searchResultItem);
-               Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<String, List<SearchResultItem>>();
+               Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<>();
                expectedResultMap.put(searchString, searchResultItemList);
 
-               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("success");
                expectedResult.setResponse(expectedResultMap);
                expectedResult.setStatus(PortalRestStatusEnum.OK);
@@ -319,13 +407,12 @@ public class DashboardSearchResultControllerTest {
        @Test
        public void searchPortalIfSearchExcptionTest() {
                EPUser user = mockUser.mockEPUser();
-               ;
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
                String searchString = "test";
 
-               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("null - check logs.");
-               expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+               expectedResult.setResponse(new HashMap<>());
                expectedResult.setStatus(PortalRestStatusEnum.ERROR);
 
                Mockito.when(searchService.searchResults(user.getLoginId(), searchString)).thenThrow(nullPointerException);
@@ -336,9 +423,8 @@ public class DashboardSearchResultControllerTest {
 
        @Test
        public void getActiveUsersTest() {
-               List<String> expectedActiveUsers = new ArrayList<String>();
+               List<String> expectedActiveUsers = new ArrayList<>();
                EPUser user = mockUser.mockEPUser();
-               ;
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
                String userId = user.getOrgUserId();
                Mockito.when(searchService.getRelatedUsers(userId)).thenReturn(expectedActiveUsers);
@@ -349,7 +435,7 @@ public class DashboardSearchResultControllerTest {
 
        @Test
        public void getActiveUsersExceptionTest() {
-               List<String> expectedActiveUsers = new ArrayList<String>();
+               List<String> expectedActiveUsers = new ArrayList<>();
                EPUser user = mockUser.mockEPUser();
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
                String userId = user.getOrgUserId();
@@ -363,7 +449,7 @@ public class DashboardSearchResultControllerTest {
        public void activeUsersTest() {
                EPUser user = mockUser.mockEPUser();
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
-               PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+               PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("success");
                expectedResult.setResponse(new ArrayList<>());
                expectedResult.setStatus(PortalRestStatusEnum.OK);
@@ -377,7 +463,7 @@ public class DashboardSearchResultControllerTest {
        public void activeUsersIfUserNullTest() {
                EPUser user = null;
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
-               PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+               PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("User object is null? - check logs");
                expectedResult.setResponse(new ArrayList<>());
                expectedResult.setStatus(PortalRestStatusEnum.ERROR);
@@ -390,7 +476,7 @@ public class DashboardSearchResultControllerTest {
        public void activeUsersExceptionTest() {
                EPUser user = mockUser.mockEPUser();
                Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
-               PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+               PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
                expectedResult.setMessage("null - check logs.");
                expectedResult.setResponse(new ArrayList<>());
                expectedResult.setStatus(PortalRestStatusEnum.ERROR);

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java
index 21d0cf7..81e1f8b 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/MicroserviceControllerTest.java
@@ -96,7 +96,7 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
 
        @SuppressWarnings("rawtypes")
        @Mock
-       ResponseEntity<List<WidgetCatalog>> ans = new ResponseEntity<List<WidgetCatalog>>(HttpStatus.OK);
+       ResponseEntity<List<WidgetCatalog>> ans = new ResponseEntity<>(HttpStatus.OK);
 
        @Before
        public void setup() {
@@ -114,11 +114,10 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
 
        @Test
        public void createMicroserviceIfServiceDataNullTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("FAILURE");
                expectedportalRestResponse.setResponse("MicroserviceData cannot be null or empty");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                MicroserviceData microserviceData = null;
                PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
                                mockedResponse, microserviceData);
@@ -127,23 +126,35 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
 
        @Test
        public void createMicroserviceTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("SUCCESS");
                expectedportalRestResponse.setResponse("");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.OK);
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
                PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
                                mockedResponse, microserviceData);
                assertEquals(actualportalRestResponse, expectedportalRestResponse);
        }
 
+       @Test
+       public void createMicroserviceXSSTest() throws Exception {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+               expectedportalRestResponse.setMessage("ERROR");
+               expectedportalRestResponse.setResponse("MicroserviceData is not valid");
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               MicroserviceData XSSMicroserviceData = new MicroserviceData();
+               XSSMicroserviceData.setActive("<script>alert(123);</script>");
+               XSSMicroserviceData.setName("<script>alert(/XSS”)</script>");
+               PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
+                       mockedResponse, XSSMicroserviceData);
+               assertEquals(expectedportalRestResponse, actualportalRestResponse);
+       }
+
        @Test
        public void createMicroserviceExceptionTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("FAILURE");
                expectedportalRestResponse.setResponse(null);
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                Mockito.when(microserviceService.saveMicroservice(microserviceData)).thenReturn((long) 1);
                Mockito.when(microserviceData.getParameterList()).thenThrow(nullPointerException);
                PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
@@ -159,12 +170,11 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
        }
 
        @Test
-       public void updateMicroserviceIfServiceISNullTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+       public void updateMicroserviceIfServiceISNullTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("FAILURE");
                expectedportalRestResponse.setResponse("MicroserviceData cannot be null or empty");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                MicroserviceData microserviceData = null;
                PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
                                mockedResponse, 1, microserviceData);
@@ -172,24 +182,36 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
        }
 
        @Test
-       public void updateMicroserviceTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+       public void updateMicroserviceTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("SUCCESS");
                expectedportalRestResponse.setResponse("");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.OK);
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
                PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
-                               mockedResponse, 1, microserviceData);
+                       mockedResponse, 1, microserviceData);
                assertEquals(actualportalRestResponse, expectedportalRestResponse);
        }
 
        @Test
-       public void updateMicroserviceExceptionTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+       public void updateMicroserviceXSSTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+               expectedportalRestResponse.setMessage("ERROR");
+               expectedportalRestResponse.setResponse("MicroserviceData is not valid");
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               MicroserviceData XSSMicroserviceData = new MicroserviceData();
+               XSSMicroserviceData.setActive("<script>alert(123);</script>");
+               XSSMicroserviceData.setName("<script>alert(/XSS”)</script>");
+               PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
+                       mockedResponse, 1, XSSMicroserviceData);
+               assertEquals(expectedportalRestResponse, actualportalRestResponse);
+       }
+
+       @Test
+       public void updateMicroserviceExceptionTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("FAILURE");
                expectedportalRestResponse.setResponse(null);
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                Mockito.when(microserviceController.updateMicroservice(mockedRequest, mockedResponse, 1, microserviceData))
                                .thenThrow(nullPointerException);
                PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
@@ -198,14 +220,14 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
        }
 
        @Test
-       public void deleteMicroserviceExceptionTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+       public void deleteMicroserviceExceptionTest() {
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("FAILURE");
                PowerMockito.mockStatic(EcompPortalUtils.class);
                expectedportalRestResponse.setResponse(
-                               "I/O error on GET request for \""  + EcompPortalUtils.widgetMsProtocol() + "://null/widget/microservices/widgetCatalog/service/1\":null; nested exception is java.net.UnknownHostException: null");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+                               "I/O error on GET request for \""  + org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol()
+                                       + "://null/widget/microservices/widgetCatalog/service/1\":null; nested exception is java.net.UnknownHostException: null");
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                PowerMockito.mockStatic(WidgetServiceHeaders.class);
                PortalRestResponse<String> actuaPportalRestResponse = microserviceController.deleteMicroservice(mockedRequest,
                                mockedResponse, 1);
@@ -215,13 +237,11 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
        @SuppressWarnings("unchecked")
        @Test
        public void deleteMicroserviceTest() throws Exception {
-               String HTTPS = "https://";
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("SOME WIDGETS ASSOICATE WITH THIS SERVICE");
                expectedportalRestResponse.setResponse("'null' ,'null' ");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.WARN);
-               List<WidgetCatalog> List = new ArrayList<WidgetCatalog>();
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.WARN);
+               List<WidgetCatalog> List = new ArrayList<>();
                WidgetCatalog widgetCatalog = new WidgetCatalog();
                widgetCatalog.setId(1);
                WidgetCatalog widgetCatalog1 = new WidgetCatalog();
@@ -236,7 +256,7 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
                ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() {
                };
                Mockito.when(template.exchange(
-                               EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+                               org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
                                                + "/widget/microservices/widgetCatalog/service/" + 1,
                                HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef)).thenReturn(ans);
 
@@ -248,12 +268,11 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
        @SuppressWarnings("unchecked")
        @Test
        public void deleteMicroserviceWhenNoWidgetsAssociatedTest() throws Exception {
-               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+               PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
                expectedportalRestResponse.setMessage("SUCCESS");
                expectedportalRestResponse.setResponse("");
-               PortalRestStatusEnum portalRestStatusEnum = null;
-               expectedportalRestResponse.setStatus(portalRestStatusEnum.OK);
-               List<WidgetCatalog> List = new ArrayList<WidgetCatalog>();
+               expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
+               List<WidgetCatalog> List = new ArrayList<>();
                PowerMockito.mockStatic(WidgetServiceHeaders.class);
                PowerMockito.mockStatic(EcompPortalUtils.class);
                String whatService = "widgets-service";
@@ -262,7 +281,7 @@ public class MicroserviceControllerTest extends MockitoTestSuite{
                ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() {
                };
                Mockito.when(template.exchange(
-                               EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+                               org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
                                                + "/widget/microservices/widgetCatalog/service/" + 1,
                                HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef)).thenReturn(ans);
                PortalRestResponse<String> actuaPportalRestResponse = microserviceController.deleteMicroservice(mockedRequest,

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
index 8bfa39c..9673cb2 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/RoleManageControllerTest.java
@@ -370,6 +370,48 @@ public class RoleManageControllerTest {
                assertEquals(expected, actual);
        }
 
+       @Test
+       public void saveRoleFunctionXSSTest() throws Exception {
+               PowerMockito.mockStatic(EPUserUtils.class);
+               PowerMockito.mockStatic(EcompPortalUtils.class);
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+               Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+               Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+               Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test");
+               CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction();
+               addNewFunc.setCode("“><script>alert(“XSS”)</script>");
+               addNewFunc.setType("Test");
+               addNewFunc.setAction("Test");
+               addNewFunc.setName("Test");
+               CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+               roleFunction.setCode("Test|Test|Test");
+               Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+               Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject()))
+                       .thenReturn(true);
+               Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test");
+               Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test");
+               Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test");
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               List<EPUser> userList = new ArrayList<>();
+               userList.add(user);
+               List<EPApp> appList = new ArrayList<>();
+               appList.add(CentralApp());
+               Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList);
+               StringWriter sw = new StringWriter();
+               PrintWriter writer = new PrintWriter(sw);
+               Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+               PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse,
+                       addNewFunc, (long) 1);
+               PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+                       "Data is not valid", "ERROR");
+               assertEquals(expected, actual);
+       }
+
        @Test
        public void saveRoleFunctionExceptionTest() throws Exception {
                Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
@@ -420,6 +462,36 @@ public class RoleManageControllerTest {
                assertEquals(expected, actual);
        }
 
+       @Test
+       public void removeRoleFunctionXSSTest() throws Exception {
+               PowerMockito.mockStatic(EPUserUtils.class);
+               PowerMockito.mockStatic(EcompPortalUtils.class);
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+               Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+               String roleFun = "<script>alert(/XSS”)</script>";
+               CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+               Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+               StringWriter sw = new StringWriter();
+               PrintWriter writer = new PrintWriter(sw);
+               Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+               Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject()))
+                       .thenReturn(true);
+               List<EPApp> appList = new ArrayList<>();
+               appList.add(CentralApp());
+               ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+               Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+               Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+               PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse,
+                       roleFun, (long) 1);
+               PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+                       "Data is not valid", "ERROR");
+               assertEquals(expected, actual);
+       }
+
        @Test
        public void removeRoleFunctionExceptionTest() throws Exception {
                EPUser user = mockUser.mockEPUser();
@@ -908,6 +980,13 @@ public class RoleManageControllerTest {
                List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
                assertEquals(cenApps.size(), actual.size());
        }
+
+       @Test
+       public void getCentralizedAppRolesXSSTest() throws IOException {
+               String id = ("<ScRipT>alert(\"XSS\");</ScRipT>");
+               List<CentralizedApp> actual  = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id);
+               assertNull(actual);
+       }
        
        @Test
        public void getCentralizedAppRolesExceptionTest() throws IOException {

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java
index aca7c1b..211462d 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/TicketEventControllerTest.java
@@ -150,6 +150,18 @@ public class TicketEventControllerTest {
                assertTrue(actualPortalRestResponse.getStatus().compareTo(PortalRestStatusEnum.OK) == 0);
        }
 
+       @Test
+       public void saveXSSTest() throws Exception {
+               String ticketEventJson = "<iframe %00 src=\"&Tab;javascript:prompt(1)&Tab;\"%00>";
+               PortalRestResponse<String> actualPortalRestResponse;
+               PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               expectedPortalRestResponse.setMessage("Data is not valid");
+               actualPortalRestResponse = ticketEventController.handleRequest(mockedRequest,
+                       mockedResponse, ticketEventJson);
+               assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+       }
+
        @Test
        public void saveTestForException() throws Exception {
                String ticketEventJson = "\"event\": {\"body\": {\"ticketStatePhrase\": \"We recently detected a problem with the equipment at your site. The event is in queue for immediate work.\", \"ivrNotificationFlag\": \"1\",\"expectedRestoreDate\": 0,\"bridgeTransport\": \"AOTS\",  \"reptRequestType\": 0,\"ticketNum\": \"000002000857405\",\"assetID\": \"CISCO_1921C1_ISR_G2\", \"eventDate\": 1490545134601,\"eventAbstract\": \"ospfIfConfigError trap received from Cisco_1921c1_ISR_G2 with arguments: ospfRouterId=Cisco_1921c1_ISR_G2; ospfIfIpAddress=1921c1_288266; ospfAddressLessIf=0; ospfPacketSrc=172.17.0.11; ospfConfigErrorType=2; ospfPacketType=1\",\"severity\": \"2 - Major\",\"ticketPriority\": \"3\",\"reportedCustomerImpact\": 0,\"testAutoIndicator\": 0,\"supportGroupName\": \"US-TEST-ORT\",\"lastModifiedDate\": \"1487687703\",\"messageGroup\": \"SNMP\",\"csi\": 0,\"mfabRestoredTime\": 0},\"header\": {\"timestamp\": \"2017-02-21T14:35:05.219+0000\",\"eventSource\": \"aotstm\",\"entityId\": \"000002000857405\",      \"sequenceNumber\": 2 },\"blinkMsgId\": \"f38c071e-1a47-4b55-9e72-1db830100a61\",\"sourceIP\": \"130.4.165.158\"},\"SubscriberInfo\": {\"UserList\": [\"hk8777\"] }}";

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
index c907a6e..82b902a 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImplTest.java
@@ -55,6 +55,7 @@ import java.util.TreeSet;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.cxf.transport.http.HTTPException;
+import org.drools.core.command.assertion.AssertEquals;
 import org.hibernate.Query;
 import org.hibernate.SQLQuery;
 import org.hibernate.Session;
@@ -237,6 +238,31 @@ public class UserRolesCommonServiceImplTest {
                return mockRoleInAppForUserList;
        }
 
+       @SuppressWarnings("unchecked")
+       @Test
+       public void checkTheProtectionAgainstSQLInjection() throws Exception {
+               EPUser user = mockUser.mockEPUser();
+               user.setId(1l);
+               user.setOrgId(2l);
+               Query epUserQuery = Mockito.mock(Query.class);
+               List<EPUser> mockEPUserList = new ArrayList<>();
+               mockEPUserList.add(user);
+
+               // test with SQL injection, should return false
+               Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+               Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+               Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery);
+               boolean ret = userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId());
+               assertFalse(ret);
+
+               // test without SQL injection, should return true
+               Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+               Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+               Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery);
+               ret = userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId());
+               assertTrue(ret);
+       }
+
        @SuppressWarnings("unchecked")
        @Test
        public void getAppRolesForUserNonCentralizedForPortal() throws Exception {

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java
index 6340eb9..a41cbd8 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/CentralUserAppTest.java
@@ -117,6 +117,18 @@ public class CentralUserAppTest {
         assertEquals(centralV2UserApp.getApp(), app1);
         assertEquals(centralV2UserApp.getRole(), role1);
     }
+
+    @Test
+       public void centralUserAppEqualsTest(){
+               CentralV2UserApp centralV2UserApp = mockCentralUserApp();
+               CentralV2UserApp centralV2UserApp2 = mockCentralUserApp();
+
+               assertTrue(centralV2UserApp.equals(centralV2UserApp));
+               assertTrue(centralV2UserApp.equals(centralV2UserApp2));
+               assertFalse(centralV2UserApp.equals(new Long(1)));
+               centralV2UserApp2.setPriority(213);
+               assertFalse(centralV2UserApp.equals(centralV2UserApp2));
+       }
        
        @Test
        public void unt_hashCodeTest(){

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/validation/DataValidatorTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/validation/DataValidatorTest.java
new file mode 100644 (file)
index 0000000..2dbfdcd
--- /dev/null
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/validation/DataValidatorTest.java
@@ -0,0 +1,98 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.validation;
+
+import static org.junit.Assert.*;
+
+import java.util.Set;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
+import org.drools.core.command.assertion.AssertEquals;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.onap.portalapp.portal.domain.EPUser;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.springframework.beans.factory.annotation.Autowired;
+
+@RunWith(PowerMockRunner.class)
+public class DataValidatorTest {
+       private static final ValidatorFactory VALIDATOR_FACTORY  = Validation.buildDefaultValidatorFactory();
+       @InjectMocks
+       DataValidator dataValidator;
+
+       @Test
+       public void getConstraintViolationsSecureString() {
+              SecureString secureString = new SecureString("<script>alert(“XSS”);</script>");
+              Validator validator = VALIDATOR_FACTORY.getValidator();
+              Set<ConstraintViolation<SecureString>> expectedConstraintViolations = validator.validate(secureString);
+              Set<ConstraintViolation<SecureString>> actualConstraintViolations = dataValidator.getConstraintViolations(secureString);
+              assertEquals(expectedConstraintViolations, actualConstraintViolations);
+       }
+
+       @Test
+       public void isValidSecureString() {
+              SecureString secureString = new SecureString("<script>alert(“XSS”);</script>");
+              assertFalse(dataValidator.isValid(secureString));
+       }
+
+       @Test
+       public void getConstraintViolationsEPUser() {
+              EPUser user = new EPUser();
+              user.setEmail("“><script>alert(“XSS”)</script>");
+              user.setLoginId("<IMG SRC=”javascript:alert(‘XSS’);”>");
+              user.setFinancialLocCode("<IMG SRC=javascript:alert(‘XSS’)> ");
+              Validator validator = VALIDATOR_FACTORY.getValidator();
+              Set<ConstraintViolation<EPUser>> expectedConstraintViolations = validator.validate(user);
+              Set<ConstraintViolation<EPUser>> actualConstraintViolations = dataValidator.getConstraintViolations(user);
+              assertEquals(expectedConstraintViolations, actualConstraintViolations);
+       }
+
+       @Test
+       public void isValidEPUser() {
+              EPUser user = new EPUser();
+              user.setEmail("“><script>alert(“XSS”)</script>");
+              user.setLoginId("<IMG SRC=”javascript:alert(‘XSS’);”>");
+              user.setFinancialLocCode("<IMG SRC=javascript:alert(‘XSS’)> ");
+              assertFalse(dataValidator.isValid(user));
+       }
+
+}

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java
index 0ba7bdc..56064b9 100644 (file)
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/controller/LoginController.java
@@ -39,6 +39,7 @@ package org.onap.portalapp.controller;
 
 import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID;
 
+import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLDecoder;
@@ -68,8 +69,10 @@ import org.onap.portalsdk.core.menu.MenuProperties;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StopWatch;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -409,4 +412,9 @@ public class LoginController extends EPUnRestrictedBaseController implements Log
                this.sharedContextService = sharedContextService;
        }
 
+       @ExceptionHandler(Exception.class)
+       protected void handleBadRequests(Exception e, HttpServletResponse response) throws IOException {
+               logger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+               response.sendError(HttpStatus.BAD_REQUEST.value());
+       }
 }

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
index 25eee82..703019f 100644 (file)
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
@@ -1,9 +1,9 @@
-
 /*-
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
  * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (c) 2019 Samsung
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -36,6 +36,7 @@
  *
  * 
  */
+
 package org.onap.portalapp.filter;
 
 import java.io.BufferedReader;
@@ -48,7 +49,6 @@ import java.util.Enumeration;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ReadListener;
-import javax.servlet.ServletException;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
@@ -62,7 +62,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 
 public class SecurityXssFilter extends OncePerRequestFilter {
 
-       private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
+       private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
 
        private static final String APPLICATION_JSON = "application/json";
 
@@ -120,40 +120,47 @@ public class SecurityXssFilter extends OncePerRequestFilter {
 
                        @Override
                        public void setReadListener(ReadListener readListener) {
-
+                               // do nothing
                        }
-
                }
        }
 
        @Override
        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-                       throws ServletException, IOException {
+                       throws IOException {
                StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
-           String queryString = request.getQueryString();
-           String requestUrl = "";
-           if (queryString == null) {
-               requestUrl = requestURL.toString();
-           } else {
-               requestUrl = requestURL.append('?').append(queryString).toString();
-           }
-           validateRequest(requestUrl, response);
+               String queryString = request.getQueryString();
+               String requestUrl;
+
+               if (queryString == null) {
+                       requestUrl = requestURL.toString();
+               } else {
+                       requestUrl = requestURL.append('?').append(queryString).toString();
+               }
+
+               validateRequest(requestUrl, response);
                StringBuilder headerValues = new StringBuilder();
                Enumeration<String> headerNames = request.getHeaderNames();
+
                while (headerNames.hasMoreElements()) {
-                       String key = (String) headerNames.nextElement();
+                       String key = headerNames.nextElement();
                        String value = request.getHeader(key);
                        headerValues.append(value);
                }
+
                validateRequest(headerValues.toString(), response);
+
                if (validateRequestType(request)) {
                        request = new RequestWrapper(request);
                        String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
                        validateRequest(requestData, response);
-                       filterChain.doFilter(request, response);
+               }
 
-               } else {
+               try {
                        filterChain.doFilter(request, response);
+               } catch (Exception e) {
+                       sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+                       response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
                }
        }
 
@@ -171,9 +178,8 @@ public class SecurityXssFilter extends OncePerRequestFilter {
                                throw new SecurityException(ERROR_BAD_REQUEST);
                        }
                } catch (Exception e) {
-                       logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+                       sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
                        response.getWriter().close();
-                       return;
                }
        }
-}
\ No newline at end of file
+}

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
index ed54055..915c5e0 100644 (file)
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
@@ -40,8 +40,13 @@ package org.onap.portalapp.portal.controller;
 import java.util.HashMap;
 import java.util.Map;
 
+import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
 import org.json.JSONObject;
 import org.onap.portalapp.portal.controller.AppsController;
 import org.onap.portalapp.portal.domain.EPUser;
@@ -53,6 +58,7 @@ import org.onap.portalapp.portal.service.EPAppService;
 import org.onap.portalapp.portal.service.PersUserAppService;
 import org.onap.portalapp.portal.service.UserService;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
@@ -67,6 +73,7 @@ import org.springframework.web.bind.annotation.RestController;
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class AppsOSController extends AppsController {
+       private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
        
        static final String FAILURE = "failure";
        EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
@@ -113,9 +120,20 @@ public class AppsOSController extends AppsController {
        
        @RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
        public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) {
+
+               if(loginId != null){
+                       Validator validator = validatorFactory.getValidator();
+                       SecureString secureString = new SecureString(loginId);
+                       Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+                       if (!constraintViolations.isEmpty()){
+                               return "loginId is not valid";
+                       }
+               }
+
                
-               Map<String,String> map = new HashMap<String,String>();
-               EPUser user = null;
+               Map<String,String> map = new HashMap<>();
+               EPUser user;
                try {
                         user = (EPUser) userService.getUserByUserId(loginId).get(0);
                         map.put("firstName", user.getFirstName());
@@ -128,7 +146,7 @@ public class AppsOSController extends AppsController {
                        logger.error(EELFLoggerDelegate.errorLogger, "Failed to get user info", e);
                }
 
-               JSONObject j = new JSONObject(map);;
+               JSONObject j = new JSONObject(map);
                return j.toString();
        }
 

diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java
index 0be5712..1dff604 100644 (file)
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/DashboardSearchResultController.java
@@ -48,7 +48,6 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 
 import org.onap.portalapp.controller.EPRestrictedBaseController;
-import org.onap.portalapp.portal.controller.DashboardSearchResultController;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -57,6 +56,8 @@ import org.onap.portalapp.portal.service.DashboardSearchService;
 import org.onap.portalapp.portal.transport.CommonWidget;
 import org.onap.portalapp.portal.transport.CommonWidgetMeta;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.support.CollaborateList;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -71,6 +72,7 @@ import org.springframework.web.bind.annotation.RestController;
 public class DashboardSearchResultController extends EPRestrictedBaseController {
 
        private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class);
+       private DataValidator dataValidator = new DataValidator();
 
        @Autowired
        private DashboardSearchService searchService;
@@ -86,7 +88,12 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
        @RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json")
        public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request,
                        @RequestParam String resourceType) {
-               return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success",
+               if (resourceType !=null){
+                       SecureString secureString = new SecureString(resourceType);
+                       if (!dataValidator.isValid(secureString))
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is invalid", null);
+               }
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
                                searchService.getWidgetData(resourceType));
        }
 
@@ -100,9 +107,14 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
        @RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json")
        public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) {
                logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta);
-               if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals(""))
+               if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){
                        return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
                                        "Category cannot be null or empty");
+               }else {
+                       if(!dataValidator.isValid(commonWidgetMeta))
+                               return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
+                                       "Category is not valid");
+               }
                // validate dates
                for (CommonWidget cw : commonWidgetMeta.getItems()) {
                        String err = validateCommonWidget(cw);
@@ -123,13 +135,18 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
        @RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json")
        public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) {
                logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget);
-               if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals(""))
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
+               if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
                                        "Cateogry cannot be null or empty");
+               }else {
+                       if(!dataValidator.isValid(commonWidget))
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                                       "Category is not valid");
+               }
                String err = validateCommonWidget(commonWidget);
                if (err != null)
-                       return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
                                searchService.saveWidgetData(commonWidget));
        }
 
@@ -165,7 +182,10 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
        @RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json")
        public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) {
                logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget);
-               return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
+               if(!dataValidator.isValid(commonWidget))
+                       return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+                               "Data is not valid");
+               return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
                                searchService.deleteWidgetData(commonWidget));
        }
 
@@ -180,16 +200,24 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
        @RequestMapping(value = "/allPortal", method = RequestMethod.GET, produces = "application/json")
        public PortalRestResponse<Map<String, List<SearchResultItem>>> searchPortal(HttpServletRequest request,
                        @RequestParam String searchString) {
+               if(searchString!=null){
+                       SecureString secureString = new SecureString(searchString);
+                       if(!dataValidator.isValid(secureString)){
+                               return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+                                       "searchPortal: User object is invalid",
+                                       null);
+                       }
+               }
 
                EPUser user = EPUserUtils.getUserSession(request);
                try {
                        if (user == null) {
                                return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
                                                "searchPortal: User object is null? - check logs",
-                                               new HashMap<String, List<SearchResultItem>>());
+                                               new HashMap<>());
                        } else if (searchString == null || searchString.trim().length() == 0) {
                                return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null",
-                                               new HashMap<String, List<SearchResultItem>>());
+                                               new HashMap<>());
                        } else {
                                logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'",
                                                user.getLoginId(), searchString);
@@ -200,7 +228,7 @@ public class DashboardSearchResultController extends EPRestrictedBaseController
                } catch (Exception e) {
                        logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e);
                        return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.",
-                                       new HashMap<String, List<SearchResultItem>>());
+                                       new HashMap<>());
                }
        }
 

diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 0596e74..15fe1dd 100644 (file)
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -175,6 +175,17 @@ public class AppsOSControllerTest {
                assertEquals("{\"firstName\":\"test\",\"lastName\":\"test\"}", expectedString);
        }
 
+       @Test
+       public void getCurrentUserProfileXSSTest() {
+               String loginId = "<iframe/src=\"data:text/html,<svg &#111;&#110;load=alert(1)>\">";
+               EPUser user = mockUser.mockEPUser();
+               List<EPUser> expectedList = new ArrayList<>();
+               expectedList.add(user);
+               Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+               String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+               assertEquals("loginId is not valid", expectedString);
+       }
+
        @Test
        public void getCurrentUserProfileExceptionTest() {
                String loginId = "guestT";

diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
index 9edf99e..ff588da 100644 (file)
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/DashboardSearchResultControllerTest.java
@@ -98,6 +98,18 @@ public class DashboardSearchResultControllerTest {
                assertEquals(ecpectedPortalRestResponse.getStatus(), actualPortalRestResponse.getStatus());
        }
 
+       @Test
+       public void getWidgetDataXSSTest() {
+               String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"";
+               PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setMessage("Provided data is invalid");
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null);
+               PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController
+                       .getWidgetData(mockedRequest, resourceType);
+               assertEquals(acutualPoratlRestResponse, expectedPortalRestResponse);
+       }
+
        @Test
        public void saveWidgetDataBulkIfCatrgoryNullTest() {
                PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
@@ -151,6 +163,82 @@ public class DashboardSearchResultControllerTest {
                assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
        }
 
+       @Test
+       public void saveWidgetDataBulkXSSTest() {
+               PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
+               ecpectedPortalRestResponse.setMessage("ERROR");
+               ecpectedPortalRestResponse.setResponse("Category is not valid");
+               ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+
+               CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
+               commonWidgetMeta.setCategory("test");
+
+               List<CommonWidget> commonWidgetList = new ArrayList<>();
+               CommonWidget commonWidget = new CommonWidget();
+               commonWidget.setId((long) 1);
+               commonWidget.setCategory("test");
+               commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"");
+               commonWidget.setTitle("test_title");
+               commonWidget.setContent("test_content");
+               commonWidget.setEventDate(null);
+               commonWidget.setSortOrder(1);
+
+               commonWidgetList.add(commonWidget);
+
+               commonWidgetMeta.setItems(commonWidgetList);
+
+               Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null);
+
+               PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+                       .saveWidgetDataBulk(commonWidgetMeta);
+               assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
+       }
+
+       @Test
+       public void saveWidgetDataXSSTest() {
+               PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setMessage("ERROR");
+               expectedPortalRestResponse.setResponse("Category is not valid");
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               CommonWidget commonWidget = new CommonWidget();
+               commonWidget.setId((long) 1);
+               commonWidget.setCategory("test");
+               commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+               commonWidget.setTitle("test_title");
+               commonWidget.setContent("test_content");
+               commonWidget.setEventDate(null);
+               commonWidget.setSortOrder(1);
+
+               Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null);
+
+               PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+                       .saveWidgetData(commonWidget);
+               assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+
+       }
+
+       @Test
+       public void deleteWidgetDataXSSTest() {
+               PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+               expectedPortalRestResponse.setMessage("ERROR");
+               expectedPortalRestResponse.setResponse("Data is not valid");
+               expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+               CommonWidget commonWidget = new CommonWidget();
+               commonWidget.setId((long) 1);
+               commonWidget.setCategory("test");
+               commonWidget.setHref("test_href");
+               commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+               commonWidget.setContent("test_content");
+               commonWidget.setEventDate(null);
+               commonWidget.setSortOrder(1);
+               Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null);
+
+               PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+                       .deleteWidgetData(commonWidget);
+
+               assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+       }
+
        @Test
        public void saveWidgetDataIfCatagoryNullTest() {
                PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
@@ -339,6 +427,22 @@ public class DashboardSearchResultControllerTest {
 
        }
 
+       @Test
+       public void searchPortalXSS() {
+               EPUser user = mockUser.mockEPUser();
+               Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+               String searchString = "<script>alert(“XSS”)</script> ";
+
+               PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+               expectedResult.setMessage("searchPortal: User object is invalid");
+               expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+
+               PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
+                       .searchPortal(mockedRequest, searchString);
+               assertEquals(actualResult, expectedResult);
+
+       }
+
        @Test
        public void searchPortalIfSearchExcptionTest() {
                EPUser user = mockUser.mockEPUser();

diff --git a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js
index 385697f..597f9b3 100644 (file)
--- a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js
+++ b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.controller.js
@@ -45,7 +45,6 @@
                this.email ='';
                this.loginId ='';
                this.loginPwd ='';
-               this.confirmLoginPwd=''
                this.isLoading = false;
                let getUser  = () => {
                        this.isLoading = true;
@@ -75,14 +74,10 @@
                        loginId :this.loginId,
                        loginPassword :this.loginPwd
                        }
-                       if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''|| this.confirmLoginPwd ==''){
+                       if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''){
                                var warningMsg = "Please enter a value for all fields marked with *.";
                                confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
                                return;
-                       } else if (this.loginPwd != this.confirmLoginPwd) {
-                               var warningMsg = "Passwords do not match, please try again.";
-                               confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
-                               return;
                        } else {
                                // check password length complexity.
                                var warningMsg = adminsService.isComplexPassword(this.loginPwd);

diff --git a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html
index 79c85a1..2ccb03c 100644 (file)
--- a/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html
+++ b/ecomp-portal-FE-os/client/src/views/header/profile-edit-dialogs/profile-edit.modal.html
@@ -67,11 +67,6 @@
                                                <div class="">*Login Password</div>
                                                <input type="password" ng-model="profileDetail.loginPwd" />
                                        </div>
-                                       <div class="profile-edit-div">
-                                               <div class="">*Confirm Login Password</div>
-                                               <input type="password"
-                                                       ng-model="profileDetail.confirmLoginPwd" />
-                                       </div>
                                </div>
                        </div>
                        <div class="dialog-control">

diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml
index a6ed0aa..8f5a589 100644 (file)
--- a/ecomp-portal-widget-ms/widget-ms/pom.xml
+++ b/ecomp-portal-widget-ms/widget-ms/pom.xml
@@ -178,6 +178,11 @@
                <artifactId>spring-security-web</artifactId>
                <version>4.1.4.RELEASE</version>
                </dependency>
+               <dependency>
+                       <groupId>org.projectlombok</groupId>
+                       <artifactId>lombok</artifactId>
+                       <version>1.18.4</version>
+               </dependency>
        </dependencies>
 
        <build>

diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java
index d950d03..212826c 100644 (file)
--- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java
+++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/App.java
@@ -8,6 +8,10 @@ import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+import org.hibernate.validator.constraints.SafeHtml;
 
 @Entity
 @Table(name = "FN_APP")
@@ -18,9 +22,13 @@ public class App implements Serializable{
        @Id
        @Column(name = "APP_ID")
        @GeneratedValue(strategy=GenerationType.AUTO)
+       @Digits(integer = 11, fraction = 0)
        private Long appId;
-       
+
        @Column(name = "APP_Name")
+       @SafeHtml
+       @Size(max = 100)
+       @NotNull
        private String appName;
 
        public Long getAppId() {

diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java
index 807067b..aae9bfe 100644 (file)
--- a/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java
+++ b/ecomp-portal-widget-ms/widget-ms/src/main/java/org/onap/portalapp/widget/domain/RoleApp.java
@@ -16,77 +16,43 @@ import javax.persistence.ManyToOne;
 import javax.persistence.Table;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import javax.validation.Valid;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+import lombok.Getter;
+import lombok.Setter;
+import org.hibernate.validator.constraints.SafeHtml;
 
 @Entity
 @Table(name = "FN_ROLE")
+@Getter
+@Setter
 public class RoleApp implements Serializable{
        private static final long serialVersionUID = 1L;
 
        @Id
        @Column(name = "ROLE_ID")
        @GeneratedValue(strategy=GenerationType.AUTO)
+       @Digits(integer = 11, fraction = 0)
        private Long roleId;
-       
-       
+
        @Column(name = "ROLE_Name")
+       @SafeHtml
+       @Size(max = 300)
+       @NotNull
        private String roleName;
        
        @ManyToOne(fetch = FetchType.EAGER)
        @JoinColumn(name="APP_ID")
+       @Valid
        private App app;
        
        @JsonIgnore
        @ManyToMany(fetch = FetchType.EAGER, cascade = {CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH}, mappedBy="widgetRoles")
+       @Valid
        private Set<WidgetCatalog> widgets;
 
-       /*@PreRemove
-       private void removeGroupsFromUsers() {
-           for (WidgetCatalog w : widgets) {
-               w.getWidgetRoles().remove(this);
-           }
-       }*/
-       
-       /*@ManyToOne
-       @JoinColumn(name = "WIDGET_ID", nullable = false)
-       WidgetCatalog widgetCatalog;*/
-
-       //@JsonIgnore
-       //@ManyToMany(mappedBy = "widgetRoles")
-       //@ManyToMany(fetch = FetchType.EAGER, mappedBy = "widgetRoles")
-       //private Set<WidgetCatalog> widgets  = new HashSet<WidgetCatalog>();
-       
-       public Long getRoleId() {
-               return roleId;
-       }
-
-       public void setRoleId(Long roleId) {
-               this.roleId = roleId;
-       }
-
-       public String getRoleName() {
-               return roleName;
-       }
-
-       public void setRoleName(String roleName) {
-               this.roleName = roleName;
-       }
-
-       public App getApp() {
-               return app;
-       }
-
-       public void setApp(App app) {
-               this.app = app;
-       }
-       
-       public Set<WidgetCatalog> getWidgets() {
-               return widgets;
-       }
-
-       public void setWidgets(Set<WidgetCatalog> widgets) {
-               this.widgets = widgets;
-       }
-
        @Override
        public String toString() {
                return "RoleApp [roleId=" + roleId + ", roleName=" + roleName + ", app=" + app + "]";