Merge "Fixed few security issues from the dependencies"

diff --combined ecomp-portal-BE-common/pom.xml
index 3623109,526619f..8e89aa2
--- 1/ecomp-portal-BE-common/pom.xml
--- 2/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@@ -184,17 -184,7 +184,7 @@@
                        <artifactId>jaxb-api</artifactId>
                        <version>2.4.0-b180830.0359</version>
                </dependency>
-               <dependency>
-                       <groupId>org.springframework.boot</groupId>
-                       <artifactId>spring-boot-starter</artifactId>
-                       <version>1.3.1.RELEASE</version>
-                       <exclusions>
-                               <exclusion>
-                                       <groupId>org.slf4j</groupId>
-                                       <artifactId>log4j-over-slf4j</artifactId>
-                               </exclusion>
-                       </exclusions>
-               </dependency>
+               
                <!-- Hibernate -->
                <dependency>
                        <groupId>org.hibernate</groupId>
@@@ -290,17 -280,17 +280,17 @@@
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-annotations</artifactId>
-                       <version>2.8.10</version>
+                       <version>2.10.0</version>
                </dependency>
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-core</artifactId>
-                       <version>2.8.10</version>
+                       <version>2.10.0</version>
                </dependency>
                <dependency>
                        <groupId>com.fasterxml.jackson.core</groupId>
                        <artifactId>jackson-databind</artifactId>
-                       <version>2.8.11.4</version>
+                       <version>2.10.0</version>
                </dependency>
                <dependency>
                        <groupId>postgresql</groupId>
@@@ -740,6 -730,8 +730,6 @@@
                                <artifactId>jersey-servlet</artifactId> 
                                </exclusion> 
                        </exclusions> 
 -      
 -                      
                </dependency>
                <dependency>
                        <groupId>org.projectlombok</groupId>

diff --combined ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
index dc652d5,9b03b46..8bf9354
--- 1/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
--- 2/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/MicroserviceProxyController.java
@@@ -53,7 -53,9 +53,7 @@@ import org.onap.portalsdk.core.logging.
  import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.context.annotation.EnableAspectJAutoProxy;
  import org.springframework.web.bind.annotation.PathVariable;
 -import org.springframework.web.bind.annotation.RequestMapping;
  import org.springframework.web.bind.annotation.GetMapping;
 -import org.springframework.web.bind.annotation.RequestMethod;
  import org.springframework.web.bind.annotation.RestController;
  import org.springframework.web.client.HttpClientErrorException;
  
@@@ -103,9 -105,16 +103,16 @@@ public class MicroserviceProxyControlle
         */
        private boolean isValidJSON(String response) {
                try {
+                       if(response != null && !response.isEmpty())
+                       {
                        final ObjectMapper mapper = new ObjectMapper();
                        mapper.readTree(response);
                        return true;
+                       }
+                       else
+                       {
+                       return false;
+                       }
                } catch (IOException e) {
                        logger.debug(EELFLoggerDelegate.debugLogger, "isValidJSON failed", e);
                        return false;

diff --combined ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
index 0253afd,b40b8db..1ac21b6
--- 1/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
--- 2/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
@@@ -63,7 -63,6 +63,7 @@@ import org.onap.portalapp.portal.core.M
  import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
  import org.onap.portalapp.portal.domain.EPApp;
  import org.onap.portalapp.portal.domain.EPUser;
 +import org.onap.portalapp.portal.domain.EpAppType;
  import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
  import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
  import org.onap.portalapp.portal.framework.MockitoTestSuite;
@@@ -126,23 -125,23 +126,23 @@@ public class ExternalAccessRolesControl
                EPApp app = new EPApp();
                app.setName("Test");
                app.setImageUrl("test");
 -              app.setDescription("test");
 -              app.setNotes("test");
 -              app.setUrl("test");
 +              app.setAppDescription("test");
 +              app.setAppNotes("test");
 +              app.setLandingPage("test");
                app.setId((long) 1);
                app.setAppRestEndpoint("test");
 -              app.setAlternateUrl("test");
 +              app.setAlternateLandingPage("test");
                app.setName("test");
                app.setMlAppName("test");
                app.setMlAppAdminId("test");
 -              app.setUsername("test");
 -              app.setAppPassword("test");
 +              app.setAppBasicAuthUsername("test");
 +              app.setAppBasicAuthPassword("test");
                app.setOpen(false);
                app.setEnabled(false);
                app.setUebKey("test");
                app.setUebSecret("test");
                app.setUebTopicName("test");
 -              app.setAppType(1);
 +              app.setAppType(EpAppType.GUI);
                return app;
        }
  
@@@ -167,7 -166,7 +167,7 @@@
                PrintWriter writer = new PrintWriter(sw);
                Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@@ -208,7 -207,7 +208,7 @@@
                String expectedCentralUser = "test";
                String loginId = "test";
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@@ -226,7 -225,7 +226,7 @@@
                String expectedCentralUser = null;
                String loginId = "test";
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@@ -246,7 -245,7 +246,7 @@@
                List<CentralV2Role> centralV2RoleList = new ArrayList<>();
                List<CentralRole> centralRoleList = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@@ -268,7 -267,7 +268,7 @@@
                List<CentralV2Role> centralV2RoleList = new ArrayList<>();
                List<CentralRole> centralRoleList = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = null;
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@@ -290,7 -289,7 +290,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> centralV2Role = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@@ -310,7 -309,7 +310,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2Role> centralV2Role = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = null;
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@@ -355,7 -354,7 +355,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@@ -388,7 -387,7 +388,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
                Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
@@@ -420,7 -419,7 +420,7 @@@
                long roleId = 1;
                CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@@ -468,7 -467,7 +468,7 @@@
                long roleId = 1;
                CentralV2Role centralV2Role = new CentralV2Role.CentralV2RoleBuilder().createCentralV2Role();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@@ -517,7 -516,7 +517,7 @@@
                CentralV2RoleFunction centralV2RoleFunction = new CentralV2RoleFunction();
                centralV2RoleFunction.setCode("test");
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@@ -538,7 -537,7 +538,7 @@@
                String code = "test";
                CentralV2RoleFunction centralV2RoleFunction = null;
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@@ -566,7 -565,7 +566,7 @@@
        @Test
        public void getRoleFunctionTest() throws Exception {
                EPApp mockApp = mockApp();
 -              mockApp.setCentralAuth(true);
 +              mockApp.setRolesInAAF(true);
                List<EPApp> mockAppList = new ArrayList<>();
                mockAppList.add(mockApp);
                StringWriter sw = new StringWriter();
@@@ -608,7 -607,7 +608,7 @@@
        public void getRoleFunctionXSSTest() throws Exception {
                String expected = getXSSKeyJson();
                EPApp mockApp = mockApp();
 -              mockApp.setCentralAuth(true);
 +              mockApp.setRolesInAAF(true);
                List<EPApp> mockAppList = new ArrayList<>();
                mockAppList.add(mockApp);
                StringWriter sw = new StringWriter();
@@@ -657,12 -656,12 +657,12 @@@
        public void saveRoleFunctionExceptionTest() throws Exception {
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                PortalRestResponse<String> portalRestResponse = null;
                PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
-               expectedportalRestResponse.setMessage(null);
+               expectedportalRestResponse.setMessage("argument \"content\" is null");
                expectedportalRestResponse.setResponse("Failed");
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
                Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
@@@ -680,7 -679,7 +680,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                JSONObject roleFunc = new JSONObject();
                roleFunc.put("type", "test_type");
@@@ -721,7 -720,7 +721,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                JSONObject roleFunc = new JSONObject();
                roleFunc.put("type", "<script>alert(“XSS”)</script> ");
@@@ -769,7 -768,7 +769,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@@ -800,7 -799,7 +800,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                String code = "<script>alert(‘XSS’)</script>";
@@@ -832,7 -831,7 +832,7 @@@
        public void getActiveRolesValidationTest() throws Exception {
                List<CentralRole> expectedRolesList = null;
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                List<CentralV2Role> cenRoles = new ArrayList<>();
@@@ -1113,7 -1112,7 +1113,7 @@@
                Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                Mockito.when(externalAccessRolesService.getAllAppUsers(mockedRequest.getHeader(uebKey))).thenReturn(users);
@@@ -1210,7 -1209,7 +1210,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
@@@ -1223,7 -1222,7 +1223,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
@@@ -1242,7 -1241,7 +1242,7 @@@
        public void getEpUserExceptionTest() throws Exception {
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
@@@ -1255,7 -1254,7 +1255,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
@@@ -1280,7 -1279,7 +1280,7 @@@
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
                app.setUebKey("uebKey");
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                applicationList.add(app);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
@@@ -1298,7 -1297,7 +1298,7 @@@
        public void getEPRolesOfApplicationExceptionTest() throws Exception {
                List<EPApp> applicationList = new ArrayList<>();
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
                StringWriter sw = new StringWriter();
                PrintWriter writer = new PrintWriter(sw);
@@@ -1320,7 -1319,7 +1320,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@@ -1352,7 -1351,7 +1352,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@@ -1384,7 -1383,7 +1384,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@@ -1436,7 -1435,7 +1436,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@@ -1468,7 -1467,7 +1468,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                String code = "<img src=xss onerror=alert(1)>";
@@@ -1498,7 -1497,7 +1498,7 @@@
                List<EPUser> userList = new ArrayList<>();
                userList.add(user);
                EPApp app = mockApp();
 -              app.setCentralAuth(true);
 +              app.setRolesInAAF(true);
                List<EPApp> appList = new ArrayList<>();
                appList.add(app);
                expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);