import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.DefaultHTTPUtilities;
+import org.owasp.encoder.Encode;
public class API_AAFAccess {
// private static String service, version, envContext;
ServletOutputStream sos;
try {
sos = resp.getOutputStream();
- sos.print(fp.value);
+ sos.print(Encode.forJava(fp.value));
} catch (IOException e) {
throw new CadiException(e);
}
User u = (User)d.data.get(0);
resp.setStatus(u.code);
ServletOutputStream sos = resp.getOutputStream();
- sos.print(u.resp);
+ sos.print(Encode.forJava(u.resp));
}
} finally {
tt.done();
});
}
- private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException, AccessControlException {
try {
if (loc.hasItems()) {
Item item = loc.best();
redirectURL.append(str);
}
trans.info().log("Redirect to",redirectURL);
- resp.sendRedirect(redirectURL.toString());
+ DefaultHTTPUtilities util = new DefaultHTTPUtilities();
+ util.sendRedirect(redirectURL.toString());
+ //resp.sendRedirect(redirectURL.toString());
} else {
context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
}