company: 'ATT'
id: 'st782s'
timezone: 'America/New_York'
+ - name: 'Lorraine A Welch'
+ email: 'lb2391@att.com'
+ company: 'ATT'
+ id: 'lorraineawelch'
+ timezone: 'America/New_York'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2017-2018 AT&T Intellectual Property. All rights reserved
+.. Copyright 2017-2019 AT&T Intellectual Property. All rights reserved
Portal Platform Release Notes
=============================
+Version: 2.5.0
+--------------
+:Release Date: 2019-06-13
+
+.. toctree::
+ :maxdepth: 1
+
+We worked on SDK upgrade to integrate with AAF. We partially implemented multi-language.
+
+**New Features**
+ * SDK upgrade to integrate with AAF
+ * Use of CADI
+ * 68% JUnit Test Coverage
+ * Addressing security issues
+ * Internationalization language support - partially implemented
+ * Reporting feature enhancement in portal/sdk - design and partial code changes
+
+**Bug Fixes**
+ * Fixed Sonar reported critical issues.
+
+**Known Issues**
+ * Mismatch while displaying active online user in Portal.
+ * Internationalization Language component partially completed.
+ * Functional Menu change requires manual refresh.
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+*Known Security Issues*
+
+ * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+ * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+ * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
+ * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+ * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+ * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+ * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
+ * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_.
+
+Quick Links:
+ - `PORTAL project page <https://wiki.onap.org/display/DW/Portal+Platform+Project>`_
+
+ - `Passing Badge information for PORTAL <https://bestpractices.coreinfrastructure.org/en/projects/1441>`_
+
+ - `Project Vulnerability Review Table for PORTAL <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_
+
+**Upgrade Notes**
+ * For https Apps onboarded to portal, a certificate has to be downloaded in the browser when first trying to access the landing page of the App.
+ * For onboarded Apps using http (since Portal is using https) the browser asks the user to click to Proceed to the unsafe URL.
+ * For onboarded Apps using http the icon in the URL bar will appear red, click on it and allow unsafe scripts.
+ * The first time some apps are selected in the Applications panel, an error stating the webpage might be temporarily down, copy the presented URL to a new browser; once that is done, the application will open in the Portal.
+
+**Deprecation Notes**
+
+**Other**
+ * Below are the docker images released as part of Portal Platform project:
+ * onap/portal-app:2.5.0
+ * onap/portal-db:2.5.0
+ * onap/portal-sdk:2.5.0
+ * onap/portal-wms:2.5.0
+ * portal/sdk java artifacts - (Release branch: “release-2.5.0”)
-Version: 2.3.2
+Version: 2.3.2
--------------
:Release Date: 2019-04-15
**Known Issues**
* The issue is an application running on HTTPS will not open in Portal if the AAF root CA is missing.
- An error message will appear in a separate tab in Portal. It will say something like:
- “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might
+ An error message will appear in a separate tab in Portal. It will say something like:
+ “The webpage at https://portal.api.simpledemo.onap.org:30200/vid/welcome.htm?cc=........ might
be temporarily down or it may have moved permanently to a new web address.”
- Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm
+ Here is the work-around, copy above VID (or other app) URL and replace welcome.htm to login.htm
in a new browser window; after login come back to Portal home page and click VID, it will now work.
* For applications running on HTTP (for example SDC), the user needs to disable the security check in the browser to access the application.
<artifactId>jackson-jaxrs-json-provider</artifactId>
<version>2.8.10</version>
</dependency>
+ <!-- https://mvnrepository.com/artifact/org.glassfish.web/javax.el -->
+ <dependency>
+ <groupId>org.glassfish.web</groupId>
+ <artifactId>javax.el</artifactId>
+ <version>2.2.6</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/javax.el/el-api -->
+ <dependency>
+ <groupId>javax.el</groupId>
+ <artifactId>el-api</artifactId>
+ <version>2.2.1-b04</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.jsoup/jsoup -->
+ <dependency>
+ <groupId>org.jsoup</groupId>
+ <artifactId>jsoup</artifactId>
+ <version>1.12.1</version>
+ </dependency>
<dependency>
<groupId>org.glassfish.jersey.connectors</groupId>
<artifactId>jersey-jetty-connector</artifactId>
import java.util.List;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.onap.portalapp.portal.domain.EPApp;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
@EnableAspectJAutoProxy
@EPAuditLog
public class AppsControllerExternalRequest implements BasicAuthenticationController {
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsControllerExternalRequest.class);
private static final String ONBOARD_APP = "/onboardApp";
- // Where is this used?
- public boolean isAuxRESTfulCall() {
- return true;
- }
-
/**
* For testing whether a user is a superadmin.
*/
@RequestMapping(value = "/portalAdmin", method = RequestMethod.POST, produces = "application/json")
@ResponseBody
public PortalRestResponse<String> postPortalAdmin(HttpServletRequest request, HttpServletResponse response,
- @RequestBody EPUser epUser) {
+ @Valid @RequestBody EPUser epUser) {
EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "request", epUser);
PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
+ if (epUser!=null){
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<EPUser>> constraintViolations = validator.validate(epUser);
+ if (!constraintViolations.isEmpty()){
+ portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+ portalResponse.setMessage("Data is not valid");
+ return portalResponse;
+ }
+ }
+
// Check mandatory fields.
if (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 //
|| epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 //
@RequestMapping(value = { ONBOARD_APP }, method = RequestMethod.POST, produces = "application/json")
@ResponseBody
public PortalRestResponse<String> postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
- @RequestBody OnboardingApp newOnboardApp) {
+ @Valid @RequestBody OnboardingApp newOnboardApp) {
EcompPortalUtils.logAndSerializeObject(logger, "postOnboardAppExternal", "request", newOnboardApp);
PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
-
+ if (newOnboardApp != null){
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<OnboardingApp>> constraintViolations = validator.validate(newOnboardApp);
+ if (!constraintViolations.isEmpty()){
+ portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+ portalResponse.setMessage("Data is not valid");
+ return portalResponse;
+ }
+ }
// Validate fields
if (newOnboardApp.id != null) {
portalResponse.setStatus(PortalRestStatusEnum.ERROR);
@RequestMapping(value = { ONBOARD_APP + "/{appId}" }, method = RequestMethod.PUT, produces = "application/json")
@ResponseBody
public PortalRestResponse<String> putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
- @PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) {
+ @PathVariable("appId") Long appId, @Valid @RequestBody OnboardingApp oldOnboardApp) {
EcompPortalUtils.logAndSerializeObject(logger, "putOnboardAppExternal", "request", oldOnboardApp);
PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
+
+ if (oldOnboardApp != null){
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<OnboardingApp>> constraintViolations = validator.validate(oldOnboardApp);
+ if (!constraintViolations.isEmpty()){
+ portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+ portalResponse.setMessage("Data is not valid");
+ return portalResponse;
+ }
+ }
+
// Validate fields.
if (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id)) {
portalResponse.setStatus(PortalRestStatusEnum.ERROR);
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.transport.CommonWidget;
import org.onap.portalapp.portal.transport.CommonWidgetMeta;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.domain.support.CollaborateList;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
@RestController
@RequestMapping("/portalApi/search")
public class DashboardSearchResultController extends EPRestrictedBaseController {
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class);
@RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json")
public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request,
@RequestParam String resourceType) {
- return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success",
- searchService.getWidgetData(resourceType));
+ if (stringIsNotSafeHtml(resourceType)) {
+ return new PortalRestResponse(PortalRestStatusEnum.ERROR, "resourceType: String string is not valid", "");
+ }
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+ searchService.getWidgetData(resourceType));
}
/**
* @return Rest response wrapped around a String; e.g., "success" or "ERROR"
*/
@RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json")
- public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) {
+ public PortalRestResponse<String> saveWidgetDataBulk(@Valid @RequestBody CommonWidgetMeta commonWidgetMeta) {
logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta);
- if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals(""))
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
- "Category cannot be null or empty");
+ if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Cateogry cannot be null or empty");
+ }else {
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<CommonWidgetMeta>> constraintViolations = validator.validate(commonWidgetMeta);
+ if (!constraintViolations.isEmpty())
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category is not valid");
+ }
// validate dates
for (CommonWidget cw : commonWidgetMeta.getItems()) {
String err = validateCommonWidget(cw);
if (err != null)
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
}
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
- searchService.saveWidgetDataBulk(commonWidgetMeta));
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+ searchService.saveWidgetDataBulk(commonWidgetMeta));
}
/**
* @return Rest response wrapped around a String; e.g., "success" or "ERROR"
*/
@RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json")
- public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) {
+ public PortalRestResponse<String> saveWidgetData(@Valid @RequestBody CommonWidget commonWidget) {
logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget);
- if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals(""))
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
- "Cateogry cannot be null or empty");
+ if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category cannot be null or empty");
+ }else {
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<CommonWidget>> constraintViolations = validator.validate(commonWidget);
+ if (!constraintViolations.isEmpty())
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category is not valid");
+ }
String err = validateCommonWidget(commonWidget);
if (err != null)
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
- searchService.saveWidgetData(commonWidget));
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+ searchService.saveWidgetData(commonWidget));
}
/**
* @return Rest response wrapped around a String; e.g., "success" or "ERROR"
*/
@RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json")
- public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) {
+ public PortalRestResponse<String> deleteWidgetData(@Valid @RequestBody CommonWidget commonWidget) {
+ if (commonWidget!=null){
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<CommonWidget>> constraintViolations = validator.validate(commonWidget);
+ if (!constraintViolations.isEmpty())
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "CommonWidget is not valid");
+ }
logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget);
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
- searchService.deleteWidgetData(commonWidget));
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+ searchService.deleteWidgetData(commonWidget));
}
/**
if (user == null) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"searchPortal: User object is null? - check logs",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
} else if (searchString == null || searchString.trim().length() == 0) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null",
- new HashMap<String, List<SearchResultItem>>());
- } else {
+ new HashMap<>());
+ }else if (stringIsNotSafeHtml(searchString)){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is not valid",
+ new HashMap<>());
+ }else {
logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'",
user.getLoginId(), searchString);
Map<String, List<SearchResultItem>> results = searchService.searchResults(user.getLoginId(),
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e);
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
}
}
}
}
+ private boolean stringIsNotSafeHtml(String string){
+ SecureString secureString = new SecureString(string);
+
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+ return !constraintViolations.isEmpty();
+ }
+
}
import java.util.List;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.portal.domain.MicroserviceData;
import org.onap.portalapp.portal.domain.WidgetCatalog;
@EnableAspectJAutoProxy
@EPAuditLog
public class MicroserviceController extends EPRestrictedBaseController {
+ public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
String whatService = "widgets-service";
RestTemplate template = new RestTemplate();
@RequestMapping(value = { "/portalApi/microservices" }, method = RequestMethod.POST)
public PortalRestResponse<String> createMicroservice(HttpServletRequest request, HttpServletResponse response,
- @RequestBody MicroserviceData newServiceData) throws Exception {
+ @Valid @RequestBody MicroserviceData newServiceData) throws Exception {
if (newServiceData == null) {
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE",
- "MicroserviceData cannot be null or empty");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
+ "MicroserviceData cannot be null or empty");
+ }else {
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+
+ Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
+ if(!constraintViolations.isEmpty()){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+ "ERROR", "MicroserviceData is not valid");
+ }
}
long serviceId = microserviceService.saveMicroservice(newServiceData);
try {
microserviceService.saveServiceParameters(serviceId, newServiceData.getParameterList());
} catch (Exception e) {
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
}
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", "");
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", "");
}
@RequestMapping(value = { "/portalApi/microservices" }, method = RequestMethod.GET)
public List<MicroserviceData> getMicroservice(HttpServletRequest request, HttpServletResponse response)
throws Exception {
- List<MicroserviceData> list = microserviceService.getMicroserviceData();
- return list;
+ return microserviceService.getMicroserviceData();
}
@RequestMapping(value = { "/portalApi/microservices/{serviceId}" }, method = RequestMethod.PUT)
public PortalRestResponse<String> updateMicroservice(HttpServletRequest request, HttpServletResponse response,
- @PathVariable("serviceId") long serviceId, @RequestBody MicroserviceData newServiceData) throws Exception {
+ @PathVariable("serviceId") long serviceId, @Valid @RequestBody MicroserviceData newServiceData) {
if (newServiceData == null) {
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE",
- "MicroserviceData cannot be null or empty");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
+ "MicroserviceData cannot be null or empty");
+ }else {
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+
+ Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
+ if(!constraintViolations.isEmpty()){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+ "ERROR", "MicroserviceData is not valid");
+ }
}
try {
microserviceService.updateMicroservice(serviceId, newServiceData);
} catch (Exception e) {
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
}
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", "");
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", "");
}
@RequestMapping(value = { "/portalApi/microservices/{serviceId}" }, method = RequestMethod.DELETE)
public PortalRestResponse<String> deleteMicroservice(HttpServletRequest request, HttpServletResponse response,
- @PathVariable("serviceId") long serviceId) throws Exception {
+ @PathVariable("serviceId") long serviceId) {
try {
ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() {
};
// If this service is assoicated with widgets, cannnot be deleted
- ResponseEntity<List<WidgetCatalog>> ans = (ResponseEntity<List<WidgetCatalog>>) template.exchange(
+ ResponseEntity<List<WidgetCatalog>> ans = template.exchange(
EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+ "/widget/microservices/widgetCatalog/service/" + serviceId,
HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef);
else{
StringBuilder sb = new StringBuilder();
for(int i = 0; i < widgets.size(); i++){
- sb.append("'" + widgets.get(i).getName() + "' ");
+ sb.append("'").append(widgets.get(i).getName()).append("' ");
if(i < (widgets.size()-1)){
sb.append(",");
}
}
- return new PortalRestResponse<String>(PortalRestStatusEnum.WARN, "SOME WIDGETS ASSOICATE WITH THIS SERVICE", sb.toString());
+ return new PortalRestResponse<>(PortalRestStatusEnum.WARN, "SOME WIDGETS ASSOICATE WITH THIS SERVICE",
+ sb.toString());
}
} catch (Exception e) {
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE", e.getMessage());
}
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "SUCCESS", "");
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "SUCCESS", "");
}
}
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.validation.ConstraintViolation;
+import javax.validation.Valid;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.apache.commons.lang.StringUtils;
import org.json.JSONObject;
import org.onap.portalapp.controller.EPRestrictedBaseController;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.portal.utils.PortalConstants;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.domain.AuditLog;
import org.onap.portalsdk.core.domain.Role;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@EnableAspectJAutoProxy
@EPAuditLog
public class RoleManageController extends EPRestrictedBaseController {
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+
private static final String PIPE = "|";
private static final String ROLE_INVALID_CHARS = "%=():,\"\"";
}
@RequestMapping(value = { "/portalApi/role_function_list/saveRoleFunction/{appId}" }, method = RequestMethod.POST)
- public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @RequestBody CentralV2RoleFunction roleFunc,
+ public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response, @Valid @RequestBody CentralV2RoleFunction roleFunc,
@PathVariable("appId") Long appId) throws Exception {
+ if (roleFunc!=null) {
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<CentralV2RoleFunction>> constraintViolations = validator.validate(roleFunc);
+
+ if(!constraintViolations.isEmpty()){
+ logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction: Failed");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+ }
+ }
EPUser user = EPUserUtils.getUserSession(request);
boolean saveOrUpdateResponse = false;
try {
public PortalRestResponse<String> removeRoleFunction(HttpServletRequest request, HttpServletResponse response,
@RequestBody String roleFunc, @PathVariable("appId") Long appId) throws Exception {
EPUser user = EPUserUtils.getUserSession(request);
+
+ if (roleFunc!=null) {
+ SecureString secureString = new SecureString(roleFunc);
+
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+ if(!constraintViolations.isEmpty()){
+ logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Data is not valid", "ERROR");
+ }
+ }
+
try {
EPApp requestedApp = appService.getApp(appId);
if (isAuthorizedUser(user, requestedApp)) {
@RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET)
public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException {
+ if(userId!=null) {
+ SecureString secureString = new SecureString(userId);
+
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+ if(!constraintViolations.isEmpty()){
+ logger.error(EELFLoggerDelegate.errorLogger, "removeRoleFunction: Failed");
+ return null;
+ }
+ }
+
EPUser user = EPUserUtils.getUserSession(request);
List<CentralizedApp> applicationsList = null;
if (adminRolesService.isAccountAdmin(user) || adminRolesService.isSuperAdmin(user) || adminRolesService.isRoleAdmin(user)) {
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
import org.onap.portalapp.portal.transport.EpNotificationItem;
import org.onap.portalapp.portal.transport.EpRoleNotificationItem;
import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
@EnableAspectJAutoProxy
@EPAuditLog
public class TicketEventController implements BasicAuthenticationController {
-
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
@Autowired
private UserNotificationService userNotificationService;
logger.debug(EELFLoggerDelegate.debugLogger, "Ticket Event notification" + ticketEventJson);
PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
+
+ if (ticketEventJson!=null){
+ SecureString secureString = new SecureString(ticketEventJson);
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+ if (!constraintViolations.isEmpty()){
+ portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+ portalResponse.setMessage("Data is not valid");
+ return portalResponse;
+ }
+ }
+
try {
JsonNode ticketEventNotif = mapper.readTree(ticketEventJson);
@Autowired
private UserService userService;
+ private static final String HIDDEN_DEFAULT_PASSWORD = "*****";
+
/**
* RESTful service method to get ONAP Logged in User details.
*
try {
EPUser user = EPUserUtils.getUserSession(request);
ProfileDetail profileDetail = new ProfileDetail(user.getFirstName(), user.getLastName(),
- user.getMiddleInitial(), user.getEmail(), user.getLoginId(), CipherUtil.decryptPKC(user.getLoginPwd()));
+ user.getMiddleInitial(), user.getEmail(), user.getLoginId(), HIDDEN_DEFAULT_PASSWORD);
portalRestResponse = new PortalRestResponse<ProfileDetail>(PortalRestStatusEnum.OK, "success",
profileDetail);
EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/loggedinUser", "result =", profileDetail);
user.setEmail(profileDetail.getEmail());
user.setMiddleInitial(profileDetail.getMiddleName());
user.setLoginId(profileDetail.getLoginId());
- user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword()));
+ if (!HIDDEN_DEFAULT_PASSWORD.equals(profileDetail.getLoginPassword())){
+ user.setLoginPwd(CipherUtil.encryptPKC(profileDetail.getLoginPassword()));
+ }
userService.saveUser(user);
// Update user info in the session
request.getSession().setAttribute(SystemProperties.getProperty(SystemProperties.USER_ATTRIBUTE_NAME),
*/
package org.onap.portalapp.portal.domain;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
import com.fasterxml.jackson.annotation.JsonBackReference;
private static final long serialVersionUID = -2742197830465055134L;
@JsonBackReference private EPApp app;
+ @SafeHtml
private String description;
+ @SafeHtml
private String contactEmail;
+ @SafeHtml
private String contactName;
+ @SafeHtml
private String url;
+ @SafeHtml
private String activeYN;
public EPApp getApp() {
import java.io.Serializable;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
import com.fasterxml.jackson.annotation.JsonIgnore;
*
*/
private static final long serialVersionUID = -4018975640065252688L;
+ @SafeHtml
private String code;
+ @SafeHtml
private String name;
@JsonIgnore
private Long appId;
@JsonIgnore
private Long roleId;
private String type;
+ @SafeHtml
private String action;
+ @SafeHtml
private String editUrl;
import javax.persistence.Lob;
+import javax.validation.Valid;
import org.apache.commons.lang.StringUtils;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
/**
public class EPApp extends DomainVo {
private static final long serialVersionUID = 1L;
-
+ @SafeHtml
private String name;
+ @SafeHtml
private String imageUrl;
+ @SafeHtml
private String description;
+ @SafeHtml
private String notes;
+ @SafeHtml
private String url;
+ @SafeHtml
private String alternateUrl;
+ @SafeHtml
private String appRestEndpoint;
+ @SafeHtml
private String mlAppName;
+ @SafeHtml
private String mlAppAdminId;
private Long motsId;
+ @SafeHtml
private String username;
+ @SafeHtml
private String appPassword;
@Lob
private byte[] thumbnail;
private Boolean open;
private Boolean enabled;
+ @SafeHtml
private String uebTopicName;
+ @SafeHtml
private String uebKey;
+ @SafeHtml
private String uebSecret;
private Integer appType;
+ @Valid
private AppContactUs contactUs;
private Boolean centralAuth;
+ @SafeHtml
private String nameSpace;
public EPApp() {
import java.util.SortedSet;
import java.util.TreeSet;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.RoleFunction;
import org.onap.portalsdk.core.domain.support.DomainVo;
import com.fasterxml.jackson.annotation.JsonIgnore;
public class EPRole extends DomainVo {
private static final long serialVersionUID = 1L;
+ @SafeHtml
private String name;
private boolean active;
private Integer priority;
private Long appRoleId; // used by ONAP only
private SortedSet<RoleFunction> roleFunctions = new TreeSet<RoleFunction>();
-
+ @Valid
private SortedSet<EPRole> childRoles = new TreeSet<EPRole>();
@JsonIgnore
import java.util.SortedSet;
import java.util.TreeSet;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalapp.portal.utils.PortalConstants;
import org.onap.portalsdk.core.domain.User;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
private Long orgId;
private Long managerId;
+ @SafeHtml
private String firstName;
+ @SafeHtml
private String middleInitial;
+ @SafeHtml
private String lastName;
+ @SafeHtml
private String phone;
+ @SafeHtml
private String fax;
+ @SafeHtml
private String cellular;
+ @SafeHtml
private String email;
private Long addressId;
+ @SafeHtml
private String alertMethodCd;
+ @SafeHtml
private String hrid;
+ @SafeHtml
private String orgUserId;
+ @SafeHtml
private String orgCode;
+ @SafeHtml
private String address1;
+ @SafeHtml
private String address2;
+ @SafeHtml
private String city;
+ @SafeHtml
private String state;
+ @SafeHtml
private String zipCode;
+ @SafeHtml
private String country;
+ @SafeHtml
private String orgManagerUserId;
+ @SafeHtml
private String locationClli;
+ @SafeHtml
private String businessCountryCode;
+ @SafeHtml
private String businessCountryName;
+ @SafeHtml
private String businessUnit;
+ @SafeHtml
private String businessUnitName;
+ @SafeHtml
private String department;
+ @SafeHtml
private String departmentName;
+ @SafeHtml
private String companyCode;
+ @SafeHtml
private String company;
+ @SafeHtml
private String zipCodeSuffix;
+ @SafeHtml
private String jobTitle;
+ @SafeHtml
private String commandChain;
+ @SafeHtml
private String siloStatus;
+ @SafeHtml
private String costCenter;
+ @SafeHtml
private String financialLocCode;
-
+ @SafeHtml
private String loginId;
+ @SafeHtml
private String loginPwd;
private Date lastLoginDate;
private boolean active;
private Long selectedProfileId;
private Long timeZoneId;
private boolean online;
+ @SafeHtml
private String chatId;
private Integer languageId;
private static final long serialVersionUID = 1L;
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(EPUser.class);
private static final String ECOMP_PORTAL_NAME = "ECOMP";
private boolean isGuest = false;
-
+ @Valid
private SortedSet<EPUserApp> userApps = new TreeSet<EPUserApp>();
+ @Valid
private SortedSet<EPRole> pseudoRoles = new TreeSet<EPRole>();
public EPUser() {}
*/
package org.onap.portalapp.portal.domain;
+import javax.validation.Valid;
import org.onap.portalsdk.core.domain.support.DomainVo;
@SuppressWarnings("rawtypes")
private static final long serialVersionUID = 1L;
private Long userId;
+ @Valid
private EPApp app;
+ @Valid
private EPRole role;
private Integer priority;
package org.onap.portalapp.portal.domain;
import java.util.List;
-
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Transient;
+import javax.validation.constraints.DecimalMax;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.NotNull;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import org.hibernate.validator.constraints.SafeHtml;
+
/***
*
* This class is almost identical to org.onap.portalapp.portal.transport.FunctionalMenuItem
*
*/
@Entity
+@NoArgsConstructor
+@AllArgsConstructor
public class FunctionalMenuItemWithAppID{
private static final long serialVersionUID = 1L;
@Id
@GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name = "MENU_ID")
+ @Digits(integer = 11, fraction = 0)
public Long menuId;
@Column(name = "COLUMN_NUM")
+ @Digits(integer = 2, fraction = 0)
+ @NotNull
public Integer column;
@Column(name = "TEXT")
+ @Max(value = 100)
+ @SafeHtml
+ @NotNull
public String text;
@Column(name = "PARENT_MENU_ID")
+ @Digits(integer = 11, fraction = 0)
public Integer parentMenuId;
@Column(name = "URL")
+ @Max(value = 128)
+ @SafeHtml
+ @NotNull
public String url;
@Column(name="ACTIVE_YN")
+ @Max(value = 1)
+ @SafeHtml
+ @NotNull
public String active_yn;
@Column(name="APP_ID")
public void normalize() {
if (this.column == null)
- this.column = new Integer(1);
+ this.column = 1;
this.text = (this.text == null) ? "" : this.text.trim();
if (this.parentMenuId == null)
- this.parentMenuId = new Integer(-1);
+ this.parentMenuId = -1;
this.url = (this.url == null) ? "" : this.url.trim();
}
import javax.persistence.GenerationType;
import javax.persistence.Id;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
public class MicroserviceData extends DomainVo {
}
private Long id;
-
+ @SafeHtml
private String name;
-
+ @SafeHtml
private String active;
-
+ @SafeHtml
private String desc;
private long appId;
-
+ @SafeHtml
private String url;
-
+ @SafeHtml
private String securityType;
-
+ @SafeHtml
private String username;
-
+ @SafeHtml
private String password;
-
+ @Valid
private List<MicroserviceParameter> parameterList;
public Long getId() {
*/
package org.onap.portalapp.portal.domain;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
public class MicroserviceParameter extends DomainVo {
private Long id;
private long serviceId;
-
+ @SafeHtml
private String para_key;
-
+ @SafeHtml
private String para_value;
public Long getId() {
import java.io.Serializable;
import java.util.Set;
+import lombok.Getter;
+import lombok.Setter;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.ManyToMany;
-import javax.persistence.ManyToOne;
-
-import com.fasterxml.jackson.annotation.JsonIgnore;
-
-//@Entity
-//@Table(name = "FN_ROLE")
+@Getter
+@Setter
public class RoleApp implements Serializable{
private static final long serialVersionUID = 1L;
- //@Id
- //@Column(name = "ROLE_ID")
- //@GeneratedValue(strategy=GenerationType.AUTO)
private Long roleId;
-
-
- //@Column(name = "ROLE_Name")
- private String roleName;
-
- //@ManyToOne(fetch = FetchType.EAGER)
- //@JoinColumn(name="APP_ID")
- private App app;
-
- //@JsonIgnore
- //@ManyToMany(fetch = FetchType.EAGER, cascade = {CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH}, mappedBy="widgetRoles")
- private Set<WidgetCatalog> widgets;
-
- /*@PreRemove
- private void removeGroupsFromUsers() {
- for (WidgetCatalog w : widgets) {
- w.getWidgetRoles().remove(this);
- }
- }*/
-
- /*@ManyToOne
- @JoinColumn(name = "WIDGET_ID", nullable = false)
- WidgetCatalog widgetCatalog;*/
-
- //@JsonIgnore
- //@ManyToMany(mappedBy = "widgetRoles")
- //@ManyToMany(fetch = FetchType.EAGER, mappedBy = "widgetRoles")
- //private Set<WidgetCatalog> widgets = new HashSet<WidgetCatalog>();
-
- public Long getRoleId() {
- return roleId;
- }
-
- public void setRoleId(Long roleId) {
- this.roleId = roleId;
- }
-
- public String getRoleName() {
- return roleName;
- }
-
- public void setRoleName(String roleName) {
- this.roleName = roleName;
- }
-
- public App getApp() {
- return app;
- }
- public void setApp(App app) {
- this.app = app;
- }
-
-
+ private String roleName;
- public Set<WidgetCatalog> getWidgets() {
- return widgets;
- }
+ private App app;
- public void setWidgets(Set<WidgetCatalog> widgets) {
- this.widgets = widgets;
- }
+ private Set<WidgetCatalog> widgets;
@Override
public String toString() {
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
package org.onap.portalapp.portal.scheduler;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
+import org.onap.portalapp.util.DateUtil;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
public class SchedulerRestInt {
/** The logger. */
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerRestInterface.class);
-
- /** The Constant dateFormat. */
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
- /** The request date format. */
- public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
-
+
public SchedulerRestInt() {
- requestDateFormat.setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
+ DateUtil.getRequestDateFormat().setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
}
}
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
*/
package org.onap.portalapp.portal.scheduler;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
import org.onap.portalapp.portal.scheduler.restobjects.GetTimeSlotsRestObject;
import org.onap.portalapp.portal.scheduler.restobjects.PostCreateNewVnfRestObject;
import org.onap.portalapp.portal.scheduler.restobjects.PostSubmitVnfChangeRestObject;
import org.onap.portalapp.portal.scheduler.wrapper.GetTimeSlotsWrapper;
import org.onap.portalapp.portal.scheduler.wrapper.PostCreateNewVnfWrapper;
import org.onap.portalapp.portal.scheduler.wrapper.PostSubmitVnfChangeTimeSlotsWrapper;
+import org.onap.portalapp.util.DateUtil;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Date;
public class SchedulerUtil {
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerUtil.class);
-
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
public static GetTimeSlotsWrapper getTimeSlotsWrapResponse (GetTimeSlotsRestObject<String> rs) {
r_json_str = mapper.writeValueAsString(t);
}
catch ( com.fasterxml.jackson.core.JsonProcessingException j ) {
- logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Unable to parse object as json");
- }
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ DateUtil.getDateFormat().format(new Date()) + "<== " + methodName + " Unable " + "to "
+ + "parse object as json");
+ }
}
return (r_json_str);
}
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
package org.onap.portalapp.portal.scheduler.client;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
import javax.servlet.ServletContext;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
/** The logger. */
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpBasicClient.class);
-
- /** The Constant dateFormat. */
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
/**
* Obtain a basic HTTP client .
*
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
package org.onap.portalapp.portal.scheduler.client;
import java.io.File;
-import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.glassfish.jersey.client.ClientProperties;
import org.onap.portalapp.portal.scheduler.SchedulerProperties;
import org.onap.portalapp.portal.scheduler.util.CustomJacksonJaxBJsonProvider;
+import org.onap.portalapp.util.DateUtil;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.util.SystemProperties;
/**
* General SSL client using the VID tomcat keystore. It doesn't use client certificates.
/** The logger. */
static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(HttpsBasicClient.class);
-
- /** The Constant dateFormat. */
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
+
/**
* Retrieve an SSL client.
*
SSLContext ctx = null;
try {
-
+
+ SimpleDateFormat dateFormat = DateUtil.getDateFormat();
config.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true);
String truststore_path = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_FILENAME);
- logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " truststore_path=" + truststore_path);
+ logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " "
+ + "truststore_path=" +
+ truststore_path);
String truststore_password = SchedulerProperties.getProperty(SchedulerProperties.VID_TRUSTSTORE_PASSWD_X);
//logger.debug(dateFormat.format(new Date()) + " " + methodName + " decrypted_truststore_password=" + decrypted_truststore_password);
File tr = new File (truststore_path);
- logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " absolute truststore path=" + tr.getAbsolutePath());
+ logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + " " + methodName + " absolute "
+ + "truststore path=" + tr.getAbsolutePath());
//String keystore_path = certFilePath + AAIProperties.FILESEPARTOR + SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_FILENAME);
//String keystore_password = SystemProperties.getProperty(AAIProperties.AAI_KEYSTORE_PASSWD_X);
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
package org.onap.portalapp.portal.scheduleraux;
-import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.onap.portalapp.portal.scheduler.policy.rest.RequestDetails;
+import org.onap.portalapp.util.DateUtil;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import com.fasterxml.jackson.databind.ObjectMapper;
/** The logger. */
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxRestInterface.class);
-
- /** The Constant dateFormat. */
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
- /** The request date format. */
- public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
-
+
public SchedulerAuxRestInt() {
- requestDateFormat.setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
+ DateUtil.getRequestDateFormat().setTimeZone(java.util.TimeZone.getTimeZone("GMT"));
}
/**
* @param r the r
*/
public void logRequest ( RequestDetails r ) {
+ SimpleDateFormat dateFormat = DateUtil.getDateFormat();
String methodName = "logRequest";
ObjectMapper mapper = new ObjectMapper();
String r_json_str = "";
r_json_str = mapper.writeValueAsString(r);
}
catch ( com.fasterxml.jackson.core.JsonProcessingException j ) {
- logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Unable to parse request as json");
+ logger.debug(EELFLoggerDelegate.debugLogger, dateFormat.format(new Date()) + "<== " + methodName + " "
+ + "Unable to "
+ + "parse request as json");
}
}
- logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Request=(" + r_json_str + ")");
+ logger.debug(EELFLoggerDelegate.debugLogger,dateFormat.format(new Date()) + "<== " + methodName + " Request="
+ + "(" +
+ r_json_str + ")");
}
-}
\ No newline at end of file
+}
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
*/
package org.onap.portalapp.portal.scheduleraux;
-import java.lang.reflect.Type;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Collections;
-import java.util.Date;
-
-import javax.annotation.PostConstruct;
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedHashMap;
-import javax.ws.rs.core.Response;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParseException;
import org.apache.commons.codec.binary.Base64;
import org.apache.cxf.jaxrs.impl.ResponseImpl;
import org.eclipse.jetty.util.security.Password;
import org.onap.portalapp.portal.scheduler.SchedulerProperties;
import org.onap.portalapp.portal.scheduler.client.HttpBasicClient;
import org.onap.portalapp.portal.scheduler.policy.rest.RequestDetails;
+import org.onap.portalapp.util.DateUtil;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.http.HttpStatus;
import org.springframework.web.client.HttpClientErrorException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializationContext;
-import com.google.gson.JsonDeserializer;
-import com.google.gson.JsonElement;
-import com.google.gson.JsonParseException;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedHashMap;
+import javax.ws.rs.core.Response;
+import java.lang.reflect.Type;
+import java.text.SimpleDateFormat;
+import java.util.Collections;
+import java.util.Date;
public class SchedulerAuxRestInterface extends SchedulerAuxRestInt implements SchedulerAuxRestInterfaceIfc {
/** The logger. */
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxRestInterface.class);
- /** The Constant dateFormat. */
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
/** The client. */
private static Client client = null;
String methodName = "Get";
logger.debug(EELFLoggerDelegate.debugLogger, " start", methodName);
+ SimpleDateFormat dateFormat = DateUtil.getDateFormat();
String url = "";
restObject.set(t);
if (status == 200) {
t = (T) cres.readEntity(t.getClass());
restObject.set(t);
- logger.debug(EELFLoggerDelegate.debugLogger, " REST api was successfull!", dateFormat.format(new Date()),
- methodName);
+ logger.debug(EELFLoggerDelegate.debugLogger, " REST api was successfull!",
+ dateFormat.format(new Date()), methodName);
} else {
throw new Exception(methodName + " with status=" + status + ", url= " + url);
String methodName = "Delete";
String url = "";
Response cres = null;
+ SimpleDateFormat dateFormat = DateUtil.getDateFormat();
logRequest(r);
url = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULERAUX_SERVER_URL_VAL) + path;
logger.debug(EELFLoggerDelegate.debugLogger, " methodName sending request to: ",
- dateFormat.format(new Date()), url, methodName);
+ dateFormat.format(new Date()), url, methodName);
cres = client.target(url).request().accept("application/json").headers(commonHeaders)
// .entity(r)
url, e);
EPLogUtil.schedulerAccessAlarm(logger, e.getStatusCode().value());
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "Exception with the URL ", dateFormat.format(new Date()),
- methodName, url, e);
+ logger.error(EELFLoggerDelegate.errorLogger, "Exception with the URL ",
+ dateFormat.format(new Date()), methodName, url, e);
EPLogUtil.schedulerAccessAlarm(logger, HttpStatus.INTERNAL_SERVER_ERROR.value());
throw e;
public void logRequest(RequestDetails r) {
// TODO Auto-generated method stub
}
-}
\ No newline at end of file
+}
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
*/
package org.onap.portalapp.portal.scheduleraux;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
import org.glassfish.jersey.client.ClientResponse;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
public class SchedulerAuxUtil {
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerAuxUtil.class);
-
- final static DateFormat dateFormat = new SimpleDateFormat("HH:mm:ss:SSSS");
-
+
public static SchedulerAuxResponseWrapper wrapResponse ( String body, int statusCode ) {
SchedulerAuxResponseWrapper w = new SchedulerAuxResponseWrapper();
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel;
import org.onap.portalapp.portal.domain.AppsResponse;
import org.onap.portalapp.portal.domain.EPApp;
-import org.onap.portalapp.portal.domain.EPRole;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.domain.EPUserAppRolesRequest;
import org.onap.portalapp.portal.domain.EPUserAppRolesRequestDetail;
if (onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.url == null
|| onboardingApp.url.length() == 0 || onboardingApp.restrictedApp == null
|| onboardingApp.isOpen == null || onboardingApp.isEnabled == null
- || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID))
+ || (onboardingApp.id != null && ECOMP_APP_ID.equals(onboardingApp.id.toString()))
// For a normal app (appType == PortalConstants.PortalAppId),
// these fields must be filled
// in.
if (onboardingApp.name == null || onboardingApp.name.length() == 0 || onboardingApp.url == null
|| onboardingApp.url.length() == 0 || onboardingApp.restrictedApp == null
|| onboardingApp.isOpen == null || onboardingApp.isEnabled == null
- || (onboardingApp.id != null && onboardingApp.id.equals(ECOMP_APP_ID))
+ || (onboardingApp.id != null && ECOMP_APP_ID.equals(onboardingApp.id.toString()))
// For a normal app (appType == PortalConstants.PortalAppId),
// these fields must be filled
// in.
// Don't encrypt or decrypt the password if it is null or the empty string
private String decryptedPassword(String encryptedAppPwd, EPApp app) {
String result = "";
- if (encryptedAppPwd != null & encryptedAppPwd.length() > 0) {
+ if (encryptedAppPwd != null && !encryptedAppPwd.isEmpty()) {
try {
result = CipherUtil.decryptPKC(encryptedAppPwd,
SystemProperties.getProperty(SystemProperties.Decryption_Key));
protected String encryptedPassword(String decryptedAppPwd, EPApp app) {
String result = "";
- if (decryptedAppPwd != null & decryptedAppPwd.length() > 0) {
+ if (decryptedAppPwd != null && !decryptedAppPwd.isEmpty()) {
try {
result = CipherUtil.encryptPKC(decryptedAppPwd,
SystemProperties.getProperty(SystemProperties.Decryption_Key));
return userAndRoles;
}
-}
\ No newline at end of file
+}
* ===================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
* under the Apache License, Version 2.0 (the "License");
import java.util.List;
import java.util.Map;
-import javax.crypto.BadPaddingException;
-
import org.hibernate.criterion.Criterion;
import org.hibernate.criterion.Restrictions;
import org.onap.portalapp.portal.domain.MicroserviceData;
return newService.getId();
}
- public void saveServiceParameters(long serviceId, List<MicroserviceParameter> list) throws Exception {
- for (int i = 0; i < list.size(); i++) {
- MicroserviceParameter para = list.get(i);
+ public void saveServiceParameters(long serviceId, List<MicroserviceParameter> list) {
+ for (MicroserviceParameter para : list) {
para.setServiceId(serviceId);
getDataAccessService().saveDomainObject(para, null);
}
@Override
public MicroserviceData getMicroserviceDataById(long id) {
- MicroserviceData data = null;
+ MicroserviceData data;
try {
- List<Criterion> restrictionsList = new ArrayList<Criterion>();
+ List<Criterion> restrictionsList = new ArrayList<>();
Criterion idCriterion = Restrictions.eq("id", id);
restrictionsList.add(idCriterion);
data = (MicroserviceData) dataAccessService.getList(MicroserviceData.class, null, restrictionsList, null).get(0);
@SuppressWarnings("unchecked")
@Override
- public List<MicroserviceData> getMicroserviceData() throws Exception {
+ public List<MicroserviceData> getMicroserviceData() {
List<MicroserviceData> list = (List<MicroserviceData>) dataAccessService.getList(MicroserviceData.class, null);
- for (int i = 0; i < list.size(); i++) {
- if (list.get(i).getPassword() != null)
- list.get(i).setPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD); //to hide password from get request
- list.get(i).setParameterList(getServiceParameters(list.get(i).getId()));
+ for (MicroserviceData microserviceData : list) {
+ if (microserviceData.getPassword() != null) {
+ microserviceData
+ .setPassword(EPCommonSystemProperties.APP_DISPLAY_PASSWORD); //to hide password from get request
+ }
+ microserviceData.setParameterList(getServiceParameters(microserviceData.getId()));
}
return list;
}
private List<MicroserviceParameter> getServiceParameters(long serviceId) {
- List<MicroserviceParameter> list = getMicroServiceParametersList(serviceId);
- return list;
+ return getMicroServiceParametersList(serviceId);
}
@SuppressWarnings("unchecked")
private List<MicroserviceParameter> getMicroServiceParametersList(long serviceId) {
- List<Criterion> restrictionsList = new ArrayList<Criterion>();
+ List<Criterion> restrictionsList = new ArrayList<>();
Criterion serviceIdCriterion = Restrictions.eq("serviceId", serviceId);
restrictionsList.add(serviceIdCriterion);
return (List<MicroserviceParameter>) dataAccessService.getList(MicroserviceParameter.class, null, restrictionsList, null);
}
@Override
- public void deleteMicroservice(long serviceId) throws Exception {
+ public void deleteMicroservice(long serviceId) {
try {
- Map<String, String> params = new HashMap<String, String>();
+ Map<String, String> params = new HashMap<>();
params.put("serviceId", Long.toString(serviceId));
dataAccessService.executeNamedQuery("deleteMicroserviceParameter", params, null);
getDataAccessService().saveDomainObject(newService, null);
List<MicroserviceParameter> oldService = getServiceParameters(serviceId);
boolean foundParam;
- for (int i = 0; i < oldService.size(); i++) {
+ for (MicroserviceParameter microserviceParameter : oldService) {
foundParam = false;
for (int n = 0; n < newService.getParameterList().size(); n++) {
- if (newService.getParameterList().get(n).getId().equals(oldService.get(i).getId())) {
+ if (newService.getParameterList().get(n).getId().equals(microserviceParameter.getId())) {
foundParam = true;
break;
}
}
- if (foundParam == false) {
- MicroserviceParameter pd = oldService.get(i);
- getDataAccessService().deleteDomainObject(pd, null);
+ if (!foundParam) {
+ getDataAccessService().deleteDomainObject(microserviceParameter, null);
}
}
for (int i = 0; i < newService.getParameterList().size(); i++) {
@Override
@SuppressWarnings("unchecked")
public List<MicroserviceParameter> getParametersById(long serviceId) {
- List<Criterion> restrictionsList = new ArrayList<Criterion>();
+ List<Criterion> restrictionsList = new ArrayList<>();
Criterion contextIdCrit = Restrictions.eq("serviceId", serviceId);
restrictionsList.add(contextIdCrit);
List<MicroserviceParameter> list = (List<MicroserviceParameter>) dataAccessService
private String decryptedPassword(String encryptedPwd) throws Exception {
String result = "";
- if (encryptedPwd != null & encryptedPwd.length() > 0) {
+ if (encryptedPwd != null && !encryptedPwd.isEmpty()) {
try {
result = CipherUtil.decryptPKC(encryptedPwd,
SystemProperties.getProperty(SystemProperties.Decryption_Key));
private String encryptedPassword(String decryptedPwd) throws Exception {
String result = "";
- if (decryptedPwd != null & decryptedPwd.length() > 0) {
+ if (decryptedPwd != null && !decryptedPwd.isEmpty()) {
try {
result = CipherUtil.encryptPKC(decryptedPwd,
SystemProperties.getProperty(SystemProperties.Decryption_Key));
*
* @param userId
*/
- protected void createLocalUserIfNecessary(String userId) {
+ protected boolean createLocalUserIfNecessary(String userId) {
if (StringUtils.isEmpty(userId)) {
logger.error(EELFLoggerDelegate.errorLogger, "createLocalUserIfNecessary : empty userId!");
- return;
+ return false;
}
Session localSession = null;
Transaction transaction = null;
transaction = localSession.beginTransaction();
@SuppressWarnings("unchecked")
List<EPUser> userList = localSession
- .createQuery("from " + EPUser.class.getName() + " where orgUserId='" + userId + "'").list();
+ .createQuery("from :name where orgUserId=:userId")
+ .setParameter("name",EPUser.class.getName())
+ .setParameter("userId",userId)
+ .list();
if (userList.size() == 0) {
EPUser client = searchService.searchUserByUserId(userId);
if (client == null) {
}
}
transaction.commit();
+ return true;
} catch (Exception e) {
EPLogUtil.logEcompError(logger, EPAppMessagesEnum.BeDaoSystemError, e);
EcompPortalUtils.rollbackTransaction(transaction, "searchOrCreateUser rollback, exception = " + e);
+ return false;
} finally {
EcompPortalUtils.closeLocalSession(localSession, "searchOrCreateUser");
}
package org.onap.portalapp.portal.transport;
import java.io.Serializable;
+import java.util.Objects;
@SuppressWarnings("rawtypes")
public class CentralV2UserApp implements Serializable, Comparable{
this.priority = priority;
}
-
+ @Override
+ public boolean equals(Object other) {
+ if (this == other) {
+ return true;
+ }
+ if (!(other instanceof CentralV2UserApp)) {
+ return false;
+ }
+ CentralV2UserApp castOther = (CentralV2UserApp) other;
+ return Objects.equals(this.userId, castOther.userId) &&
+ Objects.equals(this.app, castOther.app) &&
+ Objects.equals(this.role, castOther.role) &&
+ Objects.equals(this.priority, castOther.priority);
+ }
public int compareTo(Object other){
CentralV2UserApp castOther = (CentralV2UserApp) other;
import javax.persistence.Id;
import javax.persistence.Table;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
import com.fasterxml.jackson.annotation.JsonInclude;
private Long id;
@Column(name = "category")
+ @SafeHtml
public String category;
@Column(name = "href")
+ @SafeHtml
public String href;
@Column(name = "title")
+ @SafeHtml
public String title;
@Column(name = "content")
+ @SafeHtml
public String content;
@Column(name = "event_date")
+ @SafeHtml
public String eventDate;
@Column(name = "sort_order")
public Integer sortOrder;
-
+
public CommonWidget(){
-
+
}
-
+
public CommonWidget(String category, String href, String title, String content, String eventDate, Integer sortOrder){
this.category = category;
this.href = href;
package org.onap.portalapp.portal.transport;
import java.util.List;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
public class CommonWidgetMeta {
-
+ @SafeHtml
private String category;
+ @Valid
private List<CommonWidget> items;
-
- public CommonWidgetMeta(){
-
+
+ public CommonWidgetMeta(){
+
}
public CommonWidgetMeta(String category, List<CommonWidget> items){
import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Transient;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.NotNull;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import org.hibernate.validator.constraints.SafeHtml;
@Entity
@Table(name="fn_menu_functional")
+@NoArgsConstructor
+@AllArgsConstructor
public class FunctionalMenuItem implements Serializable {
- public FunctionalMenuItem(){};
-
private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy=GenerationType.IDENTITY)
+ @GeneratedValue(strategy=GenerationType.IDENTITY)
@Column(name = "MENU_ID")
+ @Digits(integer = 11, fraction = 0)
public Long menuId;
-
+
@Column(name = "COLUMN_NUM")
+ @Digits(integer = 2, fraction = 0)
+ @NotNull
public Integer column;
-
+
@Column(name = "TEXT")
+ @Max(value = 100)
+ @SafeHtml
+ @NotNull
public String text;
-
+
@Column(name = "PARENT_MENU_ID")
+ @Digits(integer = 11, fraction = 0)
public Integer parentMenuId;
-
+
@Column(name = "URL")
+ @Max(value = 128)
+ @SafeHtml
+ @NotNull
public String url;
-
+
@Column(name="ACTIVE_YN")
+ @Max(value = 1)
+ @SafeHtml
+ @NotNull
public String active_yn;
@Transient
public Integer appid;
+ @Transient
+ private List<Integer> roles;
+
+ @Transient
+ public Boolean restrictedApp;
+
public List<Integer> getRoles() {
return roles;
}
this.roles = roles;
}
- @Transient
- private List<Integer> roles;
-
- @Transient
- public Boolean restrictedApp;
-
public void normalize() {
if (this.column == null)
- this.column = new Integer(1);
+ this.column = 1;
this.text = (this.text == null) ? "" : this.text.trim();
if (this.parentMenuId == null)
- this.parentMenuId = new Integer(-1);
+ this.parentMenuId = -1;
this.url = (this.url == null) ? "" : this.url.trim();
}
*/
package org.onap.portalapp.portal.transport;
+import org.hibernate.validator.constraints.SafeHtml;
+
/**
* Model of rows in the fn_app table; serialized as a message add or update an
* on-boarded application.
public class OnboardingApp {
public Long id;
-
+ @SafeHtml
public String name;
-
+ @SafeHtml
public String imageUrl;
-
+ @SafeHtml
public String imageLink;
-
+ @SafeHtml
public String description;
-
+ @SafeHtml
public String notes;
-
+ @SafeHtml
public String url;
-
+ @SafeHtml
public String alternateUrl;
-
+ @SafeHtml
public String restUrl;
public Boolean isOpen;
public Boolean isEnabled;
public Long motsId;
-
+ @SafeHtml
public String myLoginsAppName;
-
+ @SafeHtml
public String myLoginsAppOwner;
-
+ @SafeHtml
public String username;
-
+ @SafeHtml
public String appPassword;
-
+ @SafeHtml
public String thumbnail;
-
+ @SafeHtml
public String uebTopicName;
-
+ @SafeHtml
public String uebKey;
-
+ @SafeHtml
public String uebSecret;
public Boolean restrictedApp;
public Boolean isCentralAuth;
-
+ @SafeHtml
public String nameSpace;
/**
--- /dev/null
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (c) 2019 Samsung. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.util;
+
+import java.text.SimpleDateFormat;
+
+public class DateUtil {
+
+ private DateUtil() {
+ throw new IllegalStateException("Utility class");
+ }
+
+ public static SimpleDateFormat getDateFormat() {
+ return new SimpleDateFormat("HH:mm:ss:SSSS");
+ }
+
+ public static SimpleDateFormat getRequestDateFormat(){
+ return new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.validation;
+
+import java.util.Set;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class DataValidator {
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+
+ public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid){
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<E>> constraintViolations = validator.validate(classToValid);
+ return constraintViolations;
+ }
+
+ public <E> boolean isValid(E classToValid){
+ Set<ConstraintViolation<E>> constraintViolations = getConstraintViolations(classToValid);
+ return constraintViolations.isEmpty();
+ }
+
+}
--- /dev/null
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.validation;
+
+import org.hibernate.validator.constraints.SafeHtml;
+
+public class SecureString {
+
+ @SafeHtml
+ private String data;
+
+ public SecureString(String string) {
+ this.data = string;
+ }
+
+ public String getString() {
+ return data;
+ }
+}
assertEquals(actualPortalRestResponse, expectedportalRestResponse);
}
+ @Test
+ public void postPortalAdminXSSTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ expectedportalRestResponse.setMessage("Data is not valid");
+ expectedportalRestResponse.setResponse(null);
+ PortalRestStatusEnum portalRestStatusEnum = null;
+ expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+ EPUser user = mockUser.mockEPUser();
+ user.setEmail("“><script>alert(“XSS”)</script>");
+ user.setLoginPwd("pwd");
+ user.setLoginId("Test");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(userService.getUserByUserId(user.getOrgUserId())).thenThrow(nullPointerException);
+ PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+ .postPortalAdmin(mockedRequest, mockedResponse, user);
+ assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+ }
+
@Test
public void postPortalAdminCreateUserIfNotFoundTest() throws Exception {
PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
}
+ @Test
+ public void postOnboardAppExternalXSSTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ expectedportalRestResponse.setMessage(
+ "Data is not valid");
+ expectedportalRestResponse.setResponse(null);
+ PortalRestStatusEnum portalRestStatusEnum = null;
+ expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+ OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+ expectedOnboardingApp.name = "test";
+ expectedOnboardingApp.url="test.com";
+ expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>";
+ expectedOnboardingApp.myLoginsAppOwner="testUser";
+ expectedOnboardingApp.restrictedApp=false;
+ expectedOnboardingApp.isOpen=true;
+ expectedOnboardingApp.isEnabled=true;
+ EPUser user = mockUser.mockEPUser();
+ user.setEmail("guestT@test.portal.onap.org");
+ user.setLoginPwd("pwd");
+ user.setLoginId("Test");
+ List<EPUser> expectedList = new ArrayList<EPUser>();
+ expectedList.add(user);
+
+ PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+ .postOnboardAppExternal(mockedRequest, mockedResponse, expectedOnboardingApp);
+ assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+ }
+
@Test
public void putOnboardAppExternalifAppNullTest() {
PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
assertEquals(actualPortalRestResponse, expectedportalRestResponse);
}
+ @Test
+ public void putOnboardAppExternalXSSTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ expectedportalRestResponse.setMessage(
+ "Data is not valid");
+ expectedportalRestResponse.setResponse(null);
+ PortalRestStatusEnum portalRestStatusEnum = null;
+ expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+
+ OnboardingApp expectedOnboardingApp = new OnboardingApp();;
+ expectedOnboardingApp.name = "test";
+ expectedOnboardingApp.url="test.com";
+ expectedOnboardingApp.restUrl="<script>alert(/XSS”)</script>";
+ expectedOnboardingApp.myLoginsAppOwner="testUser";
+ expectedOnboardingApp.restrictedApp=false;
+ expectedOnboardingApp.isOpen=true;
+ expectedOnboardingApp.isEnabled=true;
+ EPUser user = mockUser.mockEPUser();
+ user.setEmail("guestT@test.portal.onap.org");
+ user.setLoginPwd("pwd");
+ user.setLoginId("Test");
+ List<EPUser> expectedList = new ArrayList<EPUser>();
+ expectedList.add(user);
+
+ Long appId = (long) 1;
+
+ PortalRestResponse<String> actualPortalRestResponse = appsControllerExternalRequest
+ .putOnboardAppExternal(mockedRequest, mockedResponse, appId, expectedOnboardingApp);
+ assertEquals(expectedportalRestResponse, actualPortalRestResponse);
+
+ }
+
@Test
public void putOnboardAppExternalIfOnboardingAppDetailsNullTest() {
PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
@Test
public void getWidgetDataTest() {
String resourceType = "test";
- PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<CommonWidgetMeta>();
+ PortalRestResponse<CommonWidgetMeta> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
}
+ @Test
+ public void getWidgetDataXSSTest() {
+ String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"";
+ PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("resourceType: String string is not valid");
+ expectedPortalRestResponse.setResponse("");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null);
+ PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController
+ .getWidgetData(mockedRequest, resourceType);
+ assertEquals(expectedPortalRestResponse,acutualPoratlRestResponse);
+ }
+
@Test
public void saveWidgetDataBulkTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
commonWidgetMeta.setCategory("test");
- List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>();
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
CommonWidget commonWidget = new CommonWidget();
commonWidget.setId((long) 1);
commonWidget.setCategory("test");
assertEquals(actualPortalRestResponse, ecpectedPortalRestResponse);
}
+ @Test
+ public void saveWidgetDataBulkXSSTest() {
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
+ ecpectedPortalRestResponse.setMessage("ERROR");
+ ecpectedPortalRestResponse.setResponse("Category is not valid");
+ ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+
+ CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
+ commonWidgetMeta.setCategory("test");
+
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ commonWidgetList.add(commonWidget);
+
+ commonWidgetMeta.setItems(commonWidgetList);
+
+ Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetDataBulk(commonWidgetMeta);
+ assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
+ }
+
@Test
public void saveWidgetDataBulkIfCategoryNullTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\"");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
commonWidgetMeta.setCategory("test");
- List<CommonWidget> commonWidgetList = new ArrayList<CommonWidget>();
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
CommonWidget commonWidget = new CommonWidget();
commonWidget.setId(null);
commonWidget.setCategory(null);
@Test
public void saveWidgetDataTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
}
+ @Test
+ public void saveWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("Category is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetData(commonWidget);
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+
+ }
+
@Test
public void saveWidgetDataExceptionTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("ERROR");
- ecpectedPortalRestResponse.setResponse("Cateogry cannot be null or empty");
+ ecpectedPortalRestResponse.setResponse("Category cannot be null or empty");
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
CommonWidget commonWidget = new CommonWidget();
commonWidget.setId((long) 1);
@Test
public void saveWidgetDataDateErrorTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("java.text.ParseException: Unparseable date: \"1\"");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
}
+ @Test
public void deleteWidgetDataTest() {
- PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
ecpectedPortalRestResponse.setMessage("success");
ecpectedPortalRestResponse.setResponse(null);
ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.OK);
assertEquals(actualPortalRestResponse, ecpectedPortalRestResponse);
}
+ @Test
+ public void deleteWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("CommonWidget is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("test_href");
+ commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+ Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .deleteWidgetData(commonWidget);
+
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+ }
+
@Test
public void searchPortalIfUserIsNull() {
EPUser user = null;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = "test";
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("searchPortal: User object is null? - check logs");
- expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+ expectedResult.setResponse(new HashMap<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
.searchPortal(mockedRequest, searchString);
@Test
public void searchPortalIfSearchStringNullTest() {
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = null;
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("searchPortal: String string is null");
- expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+ expectedResult.setResponse(new HashMap<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
@Test
public void searchPortalIfSearchTest() {
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = "test";
- List<SearchResultItem> searchResultItemList = new ArrayList<SearchResultItem>();
+ List<SearchResultItem> searchResultItemList = new ArrayList<>();
SearchResultItem searchResultItem = new SearchResultItem();
searchResultItem.setId((long) 1);
searchResultItem.setTarget("test_target");
searchResultItem.setUuid("test_UUId");
searchResultItemList.add(searchResultItem);
- Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<String, List<SearchResultItem>>();
+ Map<String, List<SearchResultItem>> expectedResultMap = new HashMap<>();
expectedResultMap.put(searchString, searchResultItemList);
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("success");
expectedResult.setResponse(expectedResultMap);
expectedResult.setStatus(PortalRestStatusEnum.OK);
@Test
public void searchPortalIfSearchExcptionTest() {
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String searchString = "test";
- PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("null - check logs.");
- expectedResult.setResponse(new HashMap<String, List<SearchResultItem>>());
+ expectedResult.setResponse(new HashMap<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
Mockito.when(searchService.searchResults(user.getLoginId(), searchString)).thenThrow(nullPointerException);
@Test
public void getActiveUsersTest() {
- List<String> expectedActiveUsers = new ArrayList<String>();
+ List<String> expectedActiveUsers = new ArrayList<>();
EPUser user = mockUser.mockEPUser();
- ;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String userId = user.getOrgUserId();
Mockito.when(searchService.getRelatedUsers(userId)).thenReturn(expectedActiveUsers);
@Test
public void getActiveUsersExceptionTest() {
- List<String> expectedActiveUsers = new ArrayList<String>();
+ List<String> expectedActiveUsers = new ArrayList<>();
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
String userId = user.getOrgUserId();
public void activeUsersTest() {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
- PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+ PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("success");
expectedResult.setResponse(new ArrayList<>());
expectedResult.setStatus(PortalRestStatusEnum.OK);
public void activeUsersIfUserNullTest() {
EPUser user = null;
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
- PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+ PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("User object is null? - check logs");
expectedResult.setResponse(new ArrayList<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
public void activeUsersExceptionTest() {
EPUser user = mockUser.mockEPUser();
Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
- PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<List<String>>();
+ PortalRestResponse<List<String>> expectedResult = new PortalRestResponse<>();
expectedResult.setMessage("null - check logs.");
expectedResult.setResponse(new ArrayList<>());
expectedResult.setStatus(PortalRestStatusEnum.ERROR);
@SuppressWarnings("rawtypes")
@Mock
- ResponseEntity<List<WidgetCatalog>> ans = new ResponseEntity<List<WidgetCatalog>>(HttpStatus.OK);
+ ResponseEntity<List<WidgetCatalog>> ans = new ResponseEntity<>(HttpStatus.OK);
@Before
public void setup() {
@Test
public void createMicroserviceIfServiceDataNullTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("FAILURE");
expectedportalRestResponse.setResponse("MicroserviceData cannot be null or empty");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
MicroserviceData microserviceData = null;
PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
mockedResponse, microserviceData);
@Test
public void createMicroserviceTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("SUCCESS");
expectedportalRestResponse.setResponse("");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.OK);
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
mockedResponse, microserviceData);
assertEquals(actualportalRestResponse, expectedportalRestResponse);
}
+ @Test
+ public void createMicroserviceXSSTest() throws Exception {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+ expectedportalRestResponse.setMessage("ERROR");
+ expectedportalRestResponse.setResponse("MicroserviceData is not valid");
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ MicroserviceData XSSMicroserviceData = new MicroserviceData();
+ XSSMicroserviceData.setActive("<script>alert(123);</script>");
+ XSSMicroserviceData.setName("<script>alert(/XSS”)</script>");
+ PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
+ mockedResponse, XSSMicroserviceData);
+ assertEquals(expectedportalRestResponse, actualportalRestResponse);
+ }
+
@Test
public void createMicroserviceExceptionTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("FAILURE");
expectedportalRestResponse.setResponse(null);
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
Mockito.when(microserviceService.saveMicroservice(microserviceData)).thenReturn((long) 1);
Mockito.when(microserviceData.getParameterList()).thenThrow(nullPointerException);
PortalRestResponse<String> actualportalRestResponse = microserviceController.createMicroservice(mockedRequest,
}
@Test
- public void updateMicroserviceIfServiceISNullTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ public void updateMicroserviceIfServiceISNullTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("FAILURE");
expectedportalRestResponse.setResponse("MicroserviceData cannot be null or empty");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
MicroserviceData microserviceData = null;
PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
mockedResponse, 1, microserviceData);
}
@Test
- public void updateMicroserviceTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ public void updateMicroserviceTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("SUCCESS");
expectedportalRestResponse.setResponse("");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.OK);
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
- mockedResponse, 1, microserviceData);
+ mockedResponse, 1, microserviceData);
assertEquals(actualportalRestResponse, expectedportalRestResponse);
}
@Test
- public void updateMicroserviceExceptionTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ public void updateMicroserviceXSSTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+ expectedportalRestResponse.setMessage("ERROR");
+ expectedportalRestResponse.setResponse("MicroserviceData is not valid");
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ MicroserviceData XSSMicroserviceData = new MicroserviceData();
+ XSSMicroserviceData.setActive("<script>alert(123);</script>");
+ XSSMicroserviceData.setName("<script>alert(/XSS”)</script>");
+ PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
+ mockedResponse, 1, XSSMicroserviceData);
+ assertEquals(expectedportalRestResponse, actualportalRestResponse);
+ }
+
+ @Test
+ public void updateMicroserviceExceptionTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("FAILURE");
expectedportalRestResponse.setResponse(null);
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
Mockito.when(microserviceController.updateMicroservice(mockedRequest, mockedResponse, 1, microserviceData))
.thenThrow(nullPointerException);
PortalRestResponse<String> actualportalRestResponse = microserviceController.updateMicroservice(mockedRequest,
}
@Test
- public void deleteMicroserviceExceptionTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ public void deleteMicroserviceExceptionTest() {
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("FAILURE");
PowerMockito.mockStatic(EcompPortalUtils.class);
expectedportalRestResponse.setResponse(
- "I/O error on GET request for \"" + EcompPortalUtils.widgetMsProtocol() + "://null/widget/microservices/widgetCatalog/service/1\":null; nested exception is java.net.UnknownHostException: null");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.ERROR);
+ "I/O error on GET request for \"" + org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol()
+ + "://null/widget/microservices/widgetCatalog/service/1\":null; nested exception is java.net.UnknownHostException: null");
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
PowerMockito.mockStatic(WidgetServiceHeaders.class);
PortalRestResponse<String> actuaPportalRestResponse = microserviceController.deleteMicroservice(mockedRequest,
mockedResponse, 1);
@SuppressWarnings("unchecked")
@Test
public void deleteMicroserviceTest() throws Exception {
- String HTTPS = "https://";
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("SOME WIDGETS ASSOICATE WITH THIS SERVICE");
expectedportalRestResponse.setResponse("'null' ,'null' ");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.WARN);
- List<WidgetCatalog> List = new ArrayList<WidgetCatalog>();
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.WARN);
+ List<WidgetCatalog> List = new ArrayList<>();
WidgetCatalog widgetCatalog = new WidgetCatalog();
widgetCatalog.setId(1);
WidgetCatalog widgetCatalog1 = new WidgetCatalog();
ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() {
};
Mockito.when(template.exchange(
- EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+ org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+ "/widget/microservices/widgetCatalog/service/" + 1,
HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef)).thenReturn(ans);
@SuppressWarnings("unchecked")
@Test
public void deleteMicroserviceWhenNoWidgetsAssociatedTest() throws Exception {
- PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+ PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
expectedportalRestResponse.setMessage("SUCCESS");
expectedportalRestResponse.setResponse("");
- PortalRestStatusEnum portalRestStatusEnum = null;
- expectedportalRestResponse.setStatus(portalRestStatusEnum.OK);
- List<WidgetCatalog> List = new ArrayList<WidgetCatalog>();
+ expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
+ List<WidgetCatalog> List = new ArrayList<>();
PowerMockito.mockStatic(WidgetServiceHeaders.class);
PowerMockito.mockStatic(EcompPortalUtils.class);
String whatService = "widgets-service";
ParameterizedTypeReference<List<WidgetCatalog>> typeRef = new ParameterizedTypeReference<List<WidgetCatalog>>() {
};
Mockito.when(template.exchange(
- EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+ org.onap.portalapp.portal.utils.EcompPortalUtils.widgetMsProtocol() + "://" + consulHealthService.getServiceLocation(whatService, SystemProperties.getProperty("microservices.widget.local.port"))
+ "/widget/microservices/widgetCatalog/service/" + 1,
HttpMethod.GET, new HttpEntity(WidgetServiceHeaders.getInstance()), typeRef)).thenReturn(ans);
PortalRestResponse<String> actuaPportalRestResponse = microserviceController.deleteMicroservice(mockedRequest,
assertEquals(expected, actual);
}
+ @Test
+ public void saveRoleFunctionXSSTest() throws Exception {
+ PowerMockito.mockStatic(EPUserUtils.class);
+ PowerMockito.mockStatic(EcompPortalUtils.class);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+ Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+ Mockito.doNothing().when(roleFunctionListController).saveRoleFunction(mockedRequest, mockedResponse, "test");
+ CentralV2RoleFunction addNewFunc = new CentralV2RoleFunction();
+ addNewFunc.setCode("“><script>alert(“XSS”)</script>");
+ addNewFunc.setType("Test");
+ addNewFunc.setAction("Test");
+ addNewFunc.setName("Test");
+ CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+ roleFunction.setCode("Test|Test|Test");
+ Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+ Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.anyObject(), Matchers.anyObject()))
+ .thenReturn(true);
+ Mockito.when(EcompPortalUtils.getFunctionCode(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EcompPortalUtils.getFunctionType(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EcompPortalUtils.getFunctionAction(roleFunction.getCode())).thenReturn("Test");
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ List<EPUser> userList = new ArrayList<>();
+ userList.add(user);
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(CentralApp());
+ Mockito.when(externalAccessRolesService.getUser("guestT")).thenReturn(userList);
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+ Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+ PortalRestResponse<String> actual = roleManageController.saveRoleFunction(mockedRequest, mockedResponse,
+ addNewFunc, (long) 1);
+ PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+ "Data is not valid", "ERROR");
+ assertEquals(expected, actual);
+ }
+
@Test
public void saveRoleFunctionExceptionTest() throws Exception {
Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
assertEquals(expected, actual);
}
+ @Test
+ public void removeRoleFunctionXSSTest() throws Exception {
+ PowerMockito.mockStatic(EPUserUtils.class);
+ PowerMockito.mockStatic(EcompPortalUtils.class);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(EcompPortalUtils.checkIfRemoteCentralAccessAllowed()).thenReturn(true);
+ Mockito.when(adminRolesService.isAccountAdminOfApplication(user, CentralApp())).thenReturn(true);
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(appService.getApp((long) 1)).thenReturn(CentralApp());
+ String roleFun = "<script>alert(/XSS”)</script>";
+ CentralV2RoleFunction roleFunction = mockCentralRoleFunction();
+ Mockito.when(externalAccessRolesService.getRoleFunction("Test|Test|Test", "test")).thenReturn(roleFunction);
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+ Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(Matchers.anyString(), Matchers.anyObject()))
+ .thenReturn(true);
+ List<EPApp> appList = new ArrayList<>();
+ appList.add(CentralApp());
+ ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
+ Mockito.when(externalAccessRolesService.getNameSpaceIfExists(Matchers.anyObject())).thenReturn(response);
+ Mockito.when(externalAccessRolesService.getApp(Matchers.anyString())).thenReturn(appList);
+ PortalRestResponse<String> actual = roleManageController.removeRoleFunction(mockedRequest, mockedResponse,
+ roleFun, (long) 1);
+ PortalRestResponse<String> expected = new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
+ "Data is not valid", "ERROR");
+ assertEquals(expected, actual);
+ }
+
@Test
public void removeRoleFunctionExceptionTest() throws Exception {
EPUser user = mockUser.mockEPUser();
List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, user.getOrgUserId());
assertEquals(cenApps.size(), actual.size());
}
+
+ @Test
+ public void getCentralizedAppRolesXSSTest() throws IOException {
+ String id = ("<ScRipT>alert(\"XSS\");</ScRipT>");
+ List<CentralizedApp> actual = roleManageController.getCentralizedAppRoles(mockedRequest, mockedResponse, id);
+ assertNull(actual);
+ }
@Test
public void getCentralizedAppRolesExceptionTest() throws IOException {
assertTrue(actualPortalRestResponse.getStatus().compareTo(PortalRestStatusEnum.OK) == 0);
}
+ @Test
+ public void saveXSSTest() throws Exception {
+ String ticketEventJson = "<iframe %00 src=\"	javascript:prompt(1)	\"%00>";
+ PortalRestResponse<String> actualPortalRestResponse;
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ expectedPortalRestResponse.setMessage("Data is not valid");
+ actualPortalRestResponse = ticketEventController.handleRequest(mockedRequest,
+ mockedResponse, ticketEventJson);
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+ }
+
@Test
public void saveTestForException() throws Exception {
String ticketEventJson = "\"event\": {\"body\": {\"ticketStatePhrase\": \"We recently detected a problem with the equipment at your site. The event is in queue for immediate work.\", \"ivrNotificationFlag\": \"1\",\"expectedRestoreDate\": 0,\"bridgeTransport\": \"AOTS\", \"reptRequestType\": 0,\"ticketNum\": \"000002000857405\",\"assetID\": \"CISCO_1921C1_ISR_G2\", \"eventDate\": 1490545134601,\"eventAbstract\": \"ospfIfConfigError trap received from Cisco_1921c1_ISR_G2 with arguments: ospfRouterId=Cisco_1921c1_ISR_G2; ospfIfIpAddress=1921c1_288266; ospfAddressLessIf=0; ospfPacketSrc=172.17.0.11; ospfConfigErrorType=2; ospfPacketType=1\",\"severity\": \"2 - Major\",\"ticketPriority\": \"3\",\"reportedCustomerImpact\": 0,\"testAutoIndicator\": 0,\"supportGroupName\": \"US-TEST-ORT\",\"lastModifiedDate\": \"1487687703\",\"messageGroup\": \"SNMP\",\"csi\": 0,\"mfabRestoredTime\": 0},\"header\": {\"timestamp\": \"2017-02-21T14:35:05.219+0000\",\"eventSource\": \"aotstm\",\"entityId\": \"000002000857405\", \"sequenceNumber\": 2 },\"blinkMsgId\": \"f38c071e-1a47-4b55-9e72-1db830100a61\",\"sourceIP\": \"130.4.165.158\"},\"SubscriberInfo\": {\"UserList\": [\"hk8777\"] }}";
import javax.servlet.http.HttpServletResponse;
import org.apache.cxf.transport.http.HTTPException;
+import org.drools.core.command.assertion.AssertEquals;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
import org.hibernate.Session;
return mockRoleInAppForUserList;
}
+ @SuppressWarnings("unchecked")
+ @Test
+ public void checkTheProtectionAgainstSQLInjection() throws Exception {
+ EPUser user = mockUser.mockEPUser();
+ user.setId(1l);
+ user.setOrgId(2l);
+ Query epUserQuery = Mockito.mock(Query.class);
+ List<EPUser> mockEPUserList = new ArrayList<>();
+ mockEPUserList.add(user);
+
+ // test with SQL injection, should return false
+ Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId() + "; select * from " + EPUser.class.getName() +";")).thenReturn(epUserQuery);
+ boolean ret = userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId());
+ assertFalse(ret);
+
+ // test without SQL injection, should return true
+ Mockito.when(session.createQuery("from :name where orgUserId=:userId")).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("name",EPUser.class.getName())).thenReturn(epUserQuery);
+ Mockito.when(epUserQuery.setParameter("userId",user.getOrgUserId())).thenReturn(epUserQuery);
+ ret = userRolesCommonServiceImpl.createLocalUserIfNecessary(user.getOrgUserId());
+ assertTrue(ret);
+ }
+
@SuppressWarnings("unchecked")
@Test
public void getAppRolesForUserNonCentralizedForPortal() throws Exception {
assertEquals(centralV2UserApp.getApp(), app1);
assertEquals(centralV2UserApp.getRole(), role1);
}
+
+ @Test
+ public void centralUserAppEqualsTest(){
+ CentralV2UserApp centralV2UserApp = mockCentralUserApp();
+ CentralV2UserApp centralV2UserApp2 = mockCentralUserApp();
+
+ assertTrue(centralV2UserApp.equals(centralV2UserApp));
+ assertTrue(centralV2UserApp.equals(centralV2UserApp2));
+ assertFalse(centralV2UserApp.equals(new Long(1)));
+ centralV2UserApp2.setPriority(213);
+ assertFalse(centralV2UserApp.equals(centralV2UserApp2));
+ }
@Test
public void unt_hashCodeTest(){
--- /dev/null
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.validation;
+
+import static org.junit.Assert.*;
+
+import java.util.Set;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
+import org.drools.core.command.assertion.AssertEquals;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.onap.portalapp.portal.domain.EPUser;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.springframework.beans.factory.annotation.Autowired;
+
+@RunWith(PowerMockRunner.class)
+public class DataValidatorTest {
+ private static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+ @InjectMocks
+ DataValidator dataValidator;
+
+ @Test
+ public void getConstraintViolationsSecureString() {
+ SecureString secureString = new SecureString("<script>alert(“XSS”);</script>");
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<SecureString>> expectedConstraintViolations = validator.validate(secureString);
+ Set<ConstraintViolation<SecureString>> actualConstraintViolations = dataValidator.getConstraintViolations(secureString);
+ assertEquals(expectedConstraintViolations, actualConstraintViolations);
+ }
+
+ @Test
+ public void isValidSecureString() {
+ SecureString secureString = new SecureString("<script>alert(“XSS”);</script>");
+ assertFalse(dataValidator.isValid(secureString));
+ }
+
+ @Test
+ public void getConstraintViolationsEPUser() {
+ EPUser user = new EPUser();
+ user.setEmail("“><script>alert(“XSS”)</script>");
+ user.setLoginId("<IMG SRC=”javascript:alert(‘XSS’);”>");
+ user.setFinancialLocCode("<IMG SRC=javascript:alert(‘XSS’)> ");
+ Validator validator = VALIDATOR_FACTORY.getValidator();
+ Set<ConstraintViolation<EPUser>> expectedConstraintViolations = validator.validate(user);
+ Set<ConstraintViolation<EPUser>> actualConstraintViolations = dataValidator.getConstraintViolations(user);
+ assertEquals(expectedConstraintViolations, actualConstraintViolations);
+ }
+
+ @Test
+ public void isValidEPUser() {
+ EPUser user = new EPUser();
+ user.setEmail("“><script>alert(“XSS”)</script>");
+ user.setLoginId("<IMG SRC=”javascript:alert(‘XSS’);”>");
+ user.setFinancialLocCode("<IMG SRC=javascript:alert(‘XSS’)> ");
+ assertFalse(dataValidator.isValid(user));
+ }
+
+}
import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import org.onap.portalsdk.core.util.SystemProperties;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.util.StopWatch;
+import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
this.sharedContextService = sharedContextService;
}
+ @ExceptionHandler(Exception.class)
+ protected void handleBadRequests(Exception e, HttpServletResponse response) throws IOException {
+ logger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+ response.sendError(HttpStatus.BAD_REQUEST.value());
+ }
}
-
/*-
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (c) 2019 Samsung
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
*
*
*/
+
package org.onap.portalapp.filter;
import java.io.BufferedReader;
import javax.servlet.FilterChain;
import javax.servlet.ReadListener;
-import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class SecurityXssFilter extends OncePerRequestFilter {
- private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
+ private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
private static final String APPLICATION_JSON = "application/json";
@Override
public void setReadListener(ReadListener readListener) {
-
+ // do nothing
}
-
}
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
- throws ServletException, IOException {
+ throws IOException {
StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
- String queryString = request.getQueryString();
- String requestUrl = "";
- if (queryString == null) {
- requestUrl = requestURL.toString();
- } else {
- requestUrl = requestURL.append('?').append(queryString).toString();
- }
- validateRequest(requestUrl, response);
+ String queryString = request.getQueryString();
+ String requestUrl;
+
+ if (queryString == null) {
+ requestUrl = requestURL.toString();
+ } else {
+ requestUrl = requestURL.append('?').append(queryString).toString();
+ }
+
+ validateRequest(requestUrl, response);
StringBuilder headerValues = new StringBuilder();
Enumeration<String> headerNames = request.getHeaderNames();
+
while (headerNames.hasMoreElements()) {
- String key = (String) headerNames.nextElement();
+ String key = headerNames.nextElement();
String value = request.getHeader(key);
headerValues.append(value);
}
+
validateRequest(headerValues.toString(), response);
+
if (validateRequestType(request)) {
request = new RequestWrapper(request);
String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
validateRequest(requestData, response);
- filterChain.doFilter(request, response);
+ }
- } else {
+ try {
filterChain.doFilter(request, response);
+ } catch (Exception e) {
+ sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+ response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
}
}
throw new SecurityException(ERROR_BAD_REQUEST);
}
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+ sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
response.getWriter().close();
- return;
}
}
-}
\ No newline at end of file
+}
import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
+import javax.validation.ConstraintViolation;
+import javax.validation.Validation;
+import javax.validation.Validator;
+import javax.validation.ValidatorFactory;
import org.json.JSONObject;
import org.onap.portalapp.portal.controller.AppsController;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.service.PersUserAppService;
import org.onap.portalapp.portal.service.UserService;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
@EnableAspectJAutoProxy
@EPAuditLog
public class AppsOSController extends AppsController {
+ private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
static final String FAILURE = "failure";
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
@RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) {
+
+ if(loginId != null){
+ Validator validator = validatorFactory.getValidator();
+ SecureString secureString = new SecureString(loginId);
+ Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
+
+ if (!constraintViolations.isEmpty()){
+ return "loginId is not valid";
+ }
+ }
+
- Map<String,String> map = new HashMap<String,String>();
- EPUser user = null;
+ Map<String,String> map = new HashMap<>();
+ EPUser user;
try {
user = (EPUser) userService.getUserByUserId(loginId).get(0);
map.put("firstName", user.getFirstName());
logger.error(EELFLoggerDelegate.errorLogger, "Failed to get user info", e);
}
- JSONObject j = new JSONObject(map);;
+ JSONObject j = new JSONObject(map);
return j.toString();
}
import javax.servlet.http.HttpServletRequest;
import org.onap.portalapp.controller.EPRestrictedBaseController;
-import org.onap.portalapp.portal.controller.DashboardSearchResultController;
import org.onap.portalapp.portal.domain.EPUser;
import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
import org.onap.portalapp.portal.transport.CommonWidget;
import org.onap.portalapp.portal.transport.CommonWidgetMeta;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.domain.support.CollaborateList;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
public class DashboardSearchResultController extends EPRestrictedBaseController {
private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardSearchResultController.class);
+ private DataValidator dataValidator = new DataValidator();
@Autowired
private DashboardSearchService searchService;
@RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json")
public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request,
@RequestParam String resourceType) {
- return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success",
+ if (resourceType !=null){
+ SecureString secureString = new SecureString(resourceType);
+ if (!dataValidator.isValid(secureString))
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is invalid", null);
+ }
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
searchService.getWidgetData(resourceType));
}
@RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json")
public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) {
logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta);
- if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals(""))
+ if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")){
return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
"Category cannot be null or empty");
+ }else {
+ if(!dataValidator.isValid(commonWidgetMeta))
+ return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category is not valid");
+ }
// validate dates
for (CommonWidget cw : commonWidgetMeta.getItems()) {
String err = validateCommonWidget(cw);
@RequestMapping(value = "/widgetData", method = RequestMethod.POST, produces = "application/json")
public PortalRestResponse<String> saveWidgetData(@RequestBody CommonWidget commonWidget) {
logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget);
- if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals(""))
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
+ if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().equals("")){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
"Cateogry cannot be null or empty");
+ }else {
+ if(!dataValidator.isValid(commonWidget))
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Category is not valid");
+ }
String err = validateCommonWidget(commonWidget);
if (err != null)
- return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
searchService.saveWidgetData(commonWidget));
}
@RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json")
public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) {
logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget);
- return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
+ if(!dataValidator.isValid(commonWidget))
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+ "Data is not valid");
+ return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
searchService.deleteWidgetData(commonWidget));
}
@RequestMapping(value = "/allPortal", method = RequestMethod.GET, produces = "application/json")
public PortalRestResponse<Map<String, List<SearchResultItem>>> searchPortal(HttpServletRequest request,
@RequestParam String searchString) {
+ if(searchString!=null){
+ SecureString secureString = new SecureString(searchString);
+ if(!dataValidator.isValid(secureString)){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+ "searchPortal: User object is invalid",
+ null);
+ }
+ }
EPUser user = EPUserUtils.getUserSession(request);
try {
if (user == null) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"searchPortal: User object is null? - check logs",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
} else if (searchString == null || searchString.trim().length() == 0) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
} else {
logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'",
user.getLoginId(), searchString);
} catch (Exception e) {
logger.error(EELFLoggerDelegate.errorLogger, "searchPortal failed", e);
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.",
- new HashMap<String, List<SearchResultItem>>());
+ new HashMap<>());
}
}
assertEquals("{\"firstName\":\"test\",\"lastName\":\"test\"}", expectedString);
}
+ @Test
+ public void getCurrentUserProfileXSSTest() {
+ String loginId = "<iframe/src=\"data:text/html,<svg onload=alert(1)>\">";
+ EPUser user = mockUser.mockEPUser();
+ List<EPUser> expectedList = new ArrayList<>();
+ expectedList.add(user);
+ Mockito.when(userService.getUserByUserId(loginId)).thenReturn(expectedList);
+ String expectedString = appsOSController.getCurrentUserProfile(mockedRequest, loginId);
+ assertEquals("loginId is not valid", expectedString);
+ }
+
@Test
public void getCurrentUserProfileExceptionTest() {
String loginId = "guestT";
assertEquals(ecpectedPortalRestResponse.getStatus(), actualPortalRestResponse.getStatus());
}
+ @Test
+ public void getWidgetDataXSSTest() {
+ String resourceType = "\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"";
+ PortalRestResponse expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("Provided data is invalid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ Mockito.when(searchService.getWidgetData(resourceType)).thenReturn(null);
+ PortalRestResponse acutualPoratlRestResponse = dashboardSearchResultController
+ .getWidgetData(mockedRequest, resourceType);
+ assertEquals(acutualPoratlRestResponse, expectedPortalRestResponse);
+ }
+
@Test
public void saveWidgetDataBulkIfCatrgoryNullTest() {
PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
}
+ @Test
+ public void saveWidgetDataBulkXSSTest() {
+ PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<>();
+ ecpectedPortalRestResponse.setMessage("ERROR");
+ ecpectedPortalRestResponse.setResponse("Category is not valid");
+ ecpectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+
+ CommonWidgetMeta commonWidgetMeta = new CommonWidgetMeta();
+ commonWidgetMeta.setCategory("test");
+
+ List<CommonWidget> commonWidgetList = new ArrayList<>();
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\\\"jav\\tascript:alert('XSS');\\\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ commonWidgetList.add(commonWidget);
+
+ commonWidgetMeta.setItems(commonWidgetList);
+
+ Mockito.when(searchService.saveWidgetDataBulk(commonWidgetMeta)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetDataBulk(commonWidgetMeta);
+ assertEquals(ecpectedPortalRestResponse, actualPortalRestResponse);
+ }
+
+ @Test
+ public void saveWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("Category is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setTitle("test_title");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+
+ Mockito.when(searchService.saveWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .saveWidgetData(commonWidget);
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+
+ }
+
+ @Test
+ public void deleteWidgetDataXSSTest() {
+ PortalRestResponse<String> expectedPortalRestResponse = new PortalRestResponse<>();
+ expectedPortalRestResponse.setMessage("ERROR");
+ expectedPortalRestResponse.setResponse("Data is not valid");
+ expectedPortalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+ CommonWidget commonWidget = new CommonWidget();
+ commonWidget.setId((long) 1);
+ commonWidget.setCategory("test");
+ commonWidget.setHref("test_href");
+ commonWidget.setTitle("\"<IMG SRC=\"jav\\tascript:alert('XSS');\">\"");
+ commonWidget.setContent("test_content");
+ commonWidget.setEventDate(null);
+ commonWidget.setSortOrder(1);
+ Mockito.when(searchService.deleteWidgetData(commonWidget)).thenReturn(null);
+
+ PortalRestResponse<String> actualPortalRestResponse = dashboardSearchResultController
+ .deleteWidgetData(commonWidget);
+
+ assertEquals(expectedPortalRestResponse, actualPortalRestResponse);
+ }
+
@Test
public void saveWidgetDataIfCatagoryNullTest() {
PortalRestResponse<String> ecpectedPortalRestResponse = new PortalRestResponse<String>();
}
+ @Test
+ public void searchPortalXSS() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ String searchString = "<script>alert(“XSS”)</script> ";
+
+ PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<Map<String, List<SearchResultItem>>>();
+ expectedResult.setMessage("searchPortal: User object is invalid");
+ expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+
+ PortalRestResponse<Map<String, List<SearchResultItem>>> actualResult = dashboardSearchResultController
+ .searchPortal(mockedRequest, searchString);
+ assertEquals(actualResult, expectedResult);
+
+ }
+
@Test
public void searchPortalIfSearchExcptionTest() {
EPUser user = mockUser.mockEPUser();
this.email ='';
this.loginId ='';
this.loginPwd ='';
- this.confirmLoginPwd=''
this.isLoading = false;
let getUser = () => {
this.isLoading = true;
loginId :this.loginId,
loginPassword :this.loginPwd
}
- if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''|| this.confirmLoginPwd ==''){
+ if (this.firstName =='' || this.lastName == '' || this.email == '' || this.loginId =='' || this.loginPwd ==''){
var warningMsg = "Please enter a value for all fields marked with *.";
confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
return;
- } else if (this.loginPwd != this.confirmLoginPwd) {
- var warningMsg = "Passwords do not match, please try again.";
- confirmBoxService.showInformation(warningMsg).then(isConfirmed => {return;});
- return;
} else {
// check password length complexity.
var warningMsg = adminsService.isComplexPassword(this.loginPwd);
<div class="">*Login Password</div>
<input type="password" ng-model="profileDetail.loginPwd" />
</div>
- <div class="profile-edit-div">
- <div class="">*Confirm Login Password</div>
- <input type="password"
- ng-model="profileDetail.confirmLoginPwd" />
- </div>
</div>
</div>
<div class="dialog-control">
<artifactId>spring-security-web</artifactId>
<version>4.1.4.RELEASE</version>
</dependency>
+ <dependency>
+ <groupId>org.projectlombok</groupId>
+ <artifactId>lombok</artifactId>
+ <version>1.18.4</version>
+ </dependency>
</dependencies>
<build>
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+import org.hibernate.validator.constraints.SafeHtml;
@Entity
@Table(name = "FN_APP")
@Id
@Column(name = "APP_ID")
@GeneratedValue(strategy=GenerationType.AUTO)
+ @Digits(integer = 11, fraction = 0)
private Long appId;
-
+
@Column(name = "APP_Name")
+ @SafeHtml
+ @Size(max = 100)
+ @NotNull
private String appName;
public Long getAppId() {
import javax.persistence.Table;
import com.fasterxml.jackson.annotation.JsonIgnore;
+import javax.validation.Valid;
+import javax.validation.constraints.Digits;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+import lombok.Getter;
+import lombok.Setter;
+import org.hibernate.validator.constraints.SafeHtml;
@Entity
@Table(name = "FN_ROLE")
+@Getter
+@Setter
public class RoleApp implements Serializable{
private static final long serialVersionUID = 1L;
@Id
@Column(name = "ROLE_ID")
@GeneratedValue(strategy=GenerationType.AUTO)
+ @Digits(integer = 11, fraction = 0)
private Long roleId;
-
-
+
@Column(name = "ROLE_Name")
+ @SafeHtml
+ @Size(max = 300)
+ @NotNull
private String roleName;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name="APP_ID")
+ @Valid
private App app;
@JsonIgnore
@ManyToMany(fetch = FetchType.EAGER, cascade = {CascadeType.MERGE, CascadeType.PERSIST, CascadeType.REFRESH}, mappedBy="widgetRoles")
+ @Valid
private Set<WidgetCatalog> widgets;
- /*@PreRemove
- private void removeGroupsFromUsers() {
- for (WidgetCatalog w : widgets) {
- w.getWidgetRoles().remove(this);
- }
- }*/
-
- /*@ManyToOne
- @JoinColumn(name = "WIDGET_ID", nullable = false)
- WidgetCatalog widgetCatalog;*/
-
- //@JsonIgnore
- //@ManyToMany(mappedBy = "widgetRoles")
- //@ManyToMany(fetch = FetchType.EAGER, mappedBy = "widgetRoles")
- //private Set<WidgetCatalog> widgets = new HashSet<WidgetCatalog>();
-
- public Long getRoleId() {
- return roleId;
- }
-
- public void setRoleId(Long roleId) {
- this.roleId = roleId;
- }
-
- public String getRoleName() {
- return roleName;
- }
-
- public void setRoleName(String roleName) {
- this.roleName = roleName;
- }
-
- public App getApp() {
- return app;
- }
-
- public void setApp(App app) {
- this.app = app;
- }
-
- public Set<WidgetCatalog> getWidgets() {
- return widgets;
- }
-
- public void setWidgets(Set<WidgetCatalog> widgets) {
- this.widgets = widgets;
- }
-
@Override
public String toString() {
return "RoleApp [roleId=" + roleId + ", roleName=" + roleName + ", app=" + app + "]";