import static com.att.eelf.configuration.Configuration.MDC_KEY_REQUEST_ID;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import org.onap.portalsdk.core.util.SystemProperties;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.util.StopWatch;
+import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
this.sharedContextService = sharedContextService;
}
+ @ExceptionHandler(Exception.class)
+ protected void handleBadRequests(Exception e, HttpServletResponse response) throws IOException {
+ logger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+ response.sendError(HttpStatus.BAD_REQUEST.value());
+ }
}
-
/*-
* ============LICENSE_START==========================================
* ONAP Portal
* ===================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (c) 2019 Samsung
* ===================================================================
*
* Unless otherwise specified, all software contained herein is licensed
*
*
*/
+
package org.onap.portalapp.filter;
import java.io.BufferedReader;
import javax.servlet.FilterChain;
import javax.servlet.ReadListener;
-import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class SecurityXssFilter extends OncePerRequestFilter {
- private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
+ private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
private static final String APPLICATION_JSON = "application/json";
@Override
public void setReadListener(ReadListener readListener) {
-
+ // do nothing
}
-
}
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
- throws ServletException, IOException {
+ throws IOException {
StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
- String queryString = request.getQueryString();
- String requestUrl = "";
- if (queryString == null) {
- requestUrl = requestURL.toString();
- } else {
- requestUrl = requestURL.append('?').append(queryString).toString();
- }
- validateRequest(requestUrl, response);
+ String queryString = request.getQueryString();
+ String requestUrl;
+
+ if (queryString == null) {
+ requestUrl = requestURL.toString();
+ } else {
+ requestUrl = requestURL.append('?').append(queryString).toString();
+ }
+
+ validateRequest(requestUrl, response);
StringBuilder headerValues = new StringBuilder();
Enumeration<String> headerNames = request.getHeaderNames();
+
while (headerNames.hasMoreElements()) {
- String key = (String) headerNames.nextElement();
+ String key = headerNames.nextElement();
String value = request.getHeader(key);
headerValues.append(value);
}
+
validateRequest(headerValues.toString(), response);
+
if (validateRequestType(request)) {
request = new RequestWrapper(request);
String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
validateRequest(requestData, response);
- filterChain.doFilter(request, response);
+ }
- } else {
+ try {
filterChain.doFilter(request, response);
+ } catch (Exception e) {
+ sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
+ response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
}
}
throw new SecurityException(ERROR_BAD_REQUEST);
}
} catch (Exception e) {
- logger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
+ sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
response.getWriter().close();
- return;
}
}
-}
\ No newline at end of file
+}