Medium Vulnerabilities CodeFix: 1. URL Redirection 2. AAF-1111

[aaf/authz.git] / auth / auth-fs / src / main / java / org / onap / aaf / auth / fs / AAF_FS.java

diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
index 19a150d..fdedd6b 100644 (file)
--- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
+++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
@@ -44,8 +44,8 @@ import org.onap.aaf.cadi.PropAccess;
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.register.Registrant;
 import org.onap.aaf.cadi.register.RemoteRegistrant;
-import org.onap.aaf.misc.env.APIException;
 
+import org.owasp.esapi.reference.DefaultHTTPUtilities;
 
 public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans>  {
 
@@ -58,7 +58,7 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans>  {
             // creates StaticSlot, needed for CachingFileAccess, and sets to public Dir
             env.staticSlot(CachingFileAccess.CFA_WEB_PATH,"aaf_public_dir");
 
-            CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env);
+            CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<>(env);
             route(env,GET,"/:key*", cfa);
             final String aaf_locate_url = Config.getAAFLocateUrl(access);
             if (aaf_locate_url == null) {
@@ -82,7 +82,8 @@ public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans>  {
         @Override
         public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
             trans.info().printf("Redirecting %s to HTTP/S %s", req.getRemoteAddr(), req.getLocalAddr());
-            resp.sendRedirect(url);
+            DefaultHTTPUtilities util = new DefaultHTTPUtilities();            
+            util.sendRedirect(url);
         }
     };