<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <version>1.0.0-oss</version>
+ <version>1.0.1-oss</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
- <version>5.2.5.Final</version>
+ <version>6.0.17.Final</version>
</dependency>
<!-- hibernate-core depends on dom4j, which has optional dependencies.
On jenkins, contrary to doc, mvn 3.0.5 packages the optional dependencies
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-client</artifactId>
- <version>3.1.16</version>
+ <version>3.3.3</version>
</dependency>
<!-- Mapper -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
- <version>${fasterxml.version}</version>
+ <version>2.8.10</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
- <version>${fasterxml.version}</version>
+ <version>2.8.10</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${fasterxml.version}</version>
+ <version>2.8.11.4</version>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
- <version>6.8.2</version>
+ <version>7.4.1</version>
<exclusions>
<exclusion>
<groupId>org.apache.lucene</groupId>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-websocket</artifactId>
- <version>8.0.52</version>
+ <version>9.0.27</version>
<scope>provided</scope>
</dependency>
<dependency>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi</artifactId>
- <version>3.17</version>
+ <version>4.1.1</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<dependency>
<groupId>org.apache.poi</groupId>
<artifactId>poi-scratchpad</artifactId>
- <version>3.17</version>
+ <version>4.1.1</version>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<dependency>
<groupId>org.quartz-scheduler</groupId>
<artifactId>quartz</artifactId>
- <version>2.2.1</version>
+ <version>2.3.1</version>
<exclusions>
<!-- SDK brings a new version of c3p0 -->
<exclusion>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
- <version>1.60</version>
+ <version>1.64</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<dependency>
<groupId>com.orbitz.consul</groupId>
<artifactId>consul-client</artifactId>
- <version>1.3.6</version>
+ <version>1.3.9</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>jackson-jaxrs-json-provider</artifactId>
<version>2.10.0</version>
</dependency>
- <!-- https://mvnrepository.com/artifact/org.glassfish.web/javax.el -->
+ <!-- https://mvnrepository.com/artifact/org.glassfish/javax.el -->
<dependency>
- <groupId>org.glassfish.web</groupId>
+ <groupId>org.glassfish</groupId>
<artifactId>javax.el</artifactId>
- <version>2.2.6</version>
+ <version>3.0.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.el/el-api -->
<dependency>
<groupId>javax.el</groupId>
- <artifactId>el-api</artifactId>
- <version>2.2.1-b04</version>
+ <artifactId>javax.el-api</artifactId>
+ <version>3.0.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.jsoup/jsoup -->
<dependency>
<dependency>
<groupId>org.glassfish.jersey.connectors</groupId>
<artifactId>jersey-jetty-connector</artifactId>
- <version>2.28</version>
+ <version>2.29.1</version>
</dependency>
<!-- Jacoco for offline instrumentation -->
<dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
- <version>1.4.11</version>
+ <version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
- <version>1.2.25</version>
+ <version>1.2.62</version>
</dependency>
</dependencies>
user = EPUserUtils.getUserSession(request);
if (!adminRolesService.isSuperAdmin(user) && !adminRolesService.isAccountAdminOfAnyActiveorInactiveApplication(user, oldEPApp) ) {
EcompPortalUtils.setBadPermissions(user, response, "putOnboardingApp");
+ } else if(!dataValidator.isValid(modifiedOnboardingApp)){
+ logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApp is not valid");
+ EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =",
+ response.getStatus());
+ return fieldsValidator;
} else {
if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null))
{
import org.onap.portalapp.portal.service.AdminRolesService;
import org.onap.portalapp.portal.service.BasicAuthAccountService;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
private static final String ADMIN_ONLY_OPERATIONS = "Admin Only Operation! ";
private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(BasicAuthAccountController.class);
+ private final DataValidator dataValidator = new DataValidator();
@Autowired
private BasicAuthAccountService basicAuthAccountService;
public PortalRestResponse<String> createBasicAuthAccount(HttpServletRequest request, HttpServletResponse response,
@RequestBody BasicAuthCredentials newBasicAuthAccount) throws Exception {
+
+
EPUser user = EPUserUtils.getUserSession(request);
if (!adminRolesService.isSuperAdmin(user)) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, AUTHORIZATION_REQUIRED,
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
"newBasicAuthAccount cannot be null or empty");
}
- long accountId = basicAuthAccountService.saveBasicAuthAccount(newBasicAuthAccount);
+
+ if(!dataValidator.isValid(newBasicAuthAccount)){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "createBasicAuthAccount() failed, new credential are not safe",
+ "");
+ }
+
+ long accountId;
+ try {
+ accountId = basicAuthAccountService.saveBasicAuthAccount(newBasicAuthAccount);
+ } catch (Exception e){
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, e.getMessage());
+ }
List<Long> endpointIdList = new ArrayList<>();
try {
*
* ============LICENSE_END============================================
*
- *
+ *
*/
package org.onap.portalapp.portal.controller;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.util.SystemProperties;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
* Supports menus at the top of the Portal app landing page.
*/
@RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
@EnableAspectJAutoProxy
@EPAuditLog
public class FunctionalMenuController extends EPRestrictedBaseController {
private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(FunctionalMenuController.class);
+ private final DataValidator dataValidator = new DataValidator();
@Autowired
private AdminRolesService adminRolesService;
/**
* RESTful service method to fetch all the FunctionalMenuItems.
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service method to get ONAP Portal Title.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* RESTful service method to fetch all the FunctionalMenuItems, both active and
* inactive, for the EditFunctionalMenu feature. Can only be accessed by the
* portal admin.
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service method to fetch all the FunctionalMenuItems, active , for the
* Functional menu in notification Tree feature.
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service method to fetch all FunctionalMenuItems associated with an
* application.
- *
+ *
* @param request
* HttpServletRequest
* @param appId
/**
* RESTful service method to fetch all FunctionalMenuItems associated with the
* applications and roles that a user has access to.
- *
+ *
* @param request
* HttpServletRequest
* @param orgUserId
/**
* RESTful service method to fetch all FunctionalMenuItems associated with the
* applications and roles that the authenticated user has access to.
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service method to fetch the details for a functional menu item.
* Requirement: you must be the ONAP portal super admin user.
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service method to create a new menu item.
- *
+ *
* Requirement: you must be the ONAP portal super admin user.
- *
+ *
* @param request
* HttpServletRequest
* @param response
@RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
FieldsValidator fieldsValidator = null;
+
+ if(!dataValidator.isValid(menuItemJson)){
+ fieldsValidator = new FieldsValidator();
+ logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object");
+ fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+ return fieldsValidator;
+ }
+
if (!adminRolesService.isSuperAdmin(user)) {
logger.debug(EELFLoggerDelegate.debugLogger,
"FunctionalMenuController.createFunctionalMenuItem bad permissions");
/**
* RESTful service method to update an existing menu item
- *
+ *
* Requirement: you must be the ONAP portal super admin user.
- *
+ *
* @param request
* HttpServletRequest
* @param response
@RequestBody FunctionalMenuItemWithRoles menuItemJson, HttpServletResponse response) {
EPUser user = EPUserUtils.getUserSession(request);
FieldsValidator fieldsValidator = null;
+
+ if(!dataValidator.isValid(menuItemJson)){
+ fieldsValidator = new FieldsValidator();
+ logger.warn(EELFLoggerDelegate.debugLogger,"FunctionalMenuController.createFunctionalMenuItem not valid object");
+ fieldsValidator.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+ return fieldsValidator;
+ }
+
if (!adminRolesService.isSuperAdmin(user)) {
EcompPortalUtils.setBadPermissions(user, response, "editFunctionalMenuItem");
} else {
/**
* RESTful service method to delete a menu item
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service to regenerate table
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESful service to set a favorite item.
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service to get favorites for the current user as identified in the
* session
- *
+ *
* @param request
* HttpServletRequest
* @param response
/**
* RESTful service to delete a favorite menu item for the current user as
* identified in the session.
- *
+ *
* @param request
* HttpServletRequest
* @param response
* session (i.e., the CSP cookie); if that fails, calls the shared context
* service to read the information from the database. Gives back what it found,
* any of which may be null, as a JSON collection.
- *
+ *
* @param request
* HttpServletRequest
* @param response
};
/**
- *
+ *
* @param request
* HttpServletRequest
* @param userId
import org.onap.portalapp.portal.service.WidgetMService;
import org.onap.portalapp.portal.service.MicroserviceService;
import org.onap.portalapp.portal.utils.EcompPortalUtils;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.util.SystemProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
@EnableAspectJAutoProxy
@EPAuditLog
public class MicroserviceController extends EPRestrictedBaseController {
- public static final ValidatorFactory VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+ private final DataValidator dataValidator = new DataValidator();
String whatService = "widgets-service";
RestTemplate template = new RestTemplate();
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
"MicroserviceData cannot be null or empty");
}else {
- Validator validator = VALIDATOR_FACTORY.getValidator();
-
- Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
- if(!constraintViolations.isEmpty()){
+ if(!dataValidator.isValid(newServiceData)){
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"ERROR", "MicroserviceData is not valid");
}
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "FAILURE",
"MicroserviceData cannot be null or empty");
}else {
- Validator validator = VALIDATOR_FACTORY.getValidator();
-
- Set<ConstraintViolation<MicroserviceData>> constraintViolations = validator.validate(newServiceData);
- if(!constraintViolations.isEmpty()){
+ if(!dataValidator.isValid(newServiceData)){
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
"ERROR", "MicroserviceData is not valid");
}
import java.util.List;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
public class BasicAuthCredentials extends DomainVo {
private static final long serialVersionUID = 1L;
- public BasicAuthCredentials() {
-
- }
-
private Long id;
+ @SafeHtml
private String applicationName;
+ @SafeHtml
private String username;
+ @SafeHtml
private String password;
+ @SafeHtml
private String isActive;
+ @Valid
private List<EPEndpoint> endpoints;
public Long getId() {
*/
package org.onap.portalapp.portal.domain;
+import org.hibernate.validator.constraints.SafeHtml;
import org.onap.portalsdk.core.domain.support.DomainVo;
public class EPEndpoint extends DomainVo {
}
private Long id;
+ @SafeHtml
private String name;
public Long getId() {
import org.onap.portalapp.portal.domain.EPEndpointAccount;
import org.onap.portalapp.portal.logging.aop.EPMetricsLog;
import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.onboarding.util.CipherUtil;
import org.onap.portalsdk.core.service.DataAccessService;
@EPMetricsLog
public class BasicAuthAccountServiceImpl implements BasicAuthAccountService{
EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MicroserviceServiceImpl.class);
-
+ private final DataValidator dataValidator = new DataValidator();
@Autowired
private DataAccessService dataAccessService;
@Override
public Long saveBasicAuthAccount(BasicAuthCredentials newCredential) throws Exception {
+
+ if(!dataValidator.isValid(newCredential)){
+ throw new Exception("saveBasicAuthAccount() failed, new credential are not safe");
+ }
if (newCredential.getPassword() != null)
newCredential.setPassword(encryptedPassword(newCredential.getPassword()));
try{
import java.io.Serializable;
import java.util.List;
+import org.hibernate.validator.constraints.SafeHtml;
// This type is used to read the Json in from the API call from the Front End
public class FunctionalMenuItemWithRoles implements Serializable {
public Long menuId;
public Integer column;
-
+ @SafeHtml
public String text;
public Integer parentMenuId;
-
+ @SafeHtml
public String url;
public Integer appid;
MockEPUser mockUser = new MockEPUser();
+ @Test
+ public void putOnboardingAppXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ OnboardingApp onboardingApp = new OnboardingApp();
+ onboardingApp.setUebTopicName("test<img src=‘~‘ onerror=prompt(123)>");
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(appService.modifyOnboardingApp(onboardingApp, user)).thenReturn(null);
+ Mockito.when(mockedResponse.getStatus()).thenReturn(200);
+ FieldsValidator actualFieldValidator = appsController.putOnboardingApp(mockedRequest, onboardingApp,
+ mockedResponse);
+ assertNull(actualFieldValidator);
+ }
+
+ @Test
+ public void postOnboardingAppXSSTest() {
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ OnboardingApp onboardingApp = new OnboardingApp();
+ onboardingApp.setUebKey("test<img src=‘~‘ onerror=prompt(123)>");
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(appService.addOnboardingApp(onboardingApp, user)).thenReturn(null);
+ FieldsValidator actualFieldValidator = appsController.postOnboardingApp(mockedRequest, onboardingApp,
+ mockedResponse);
+ assertNull(actualFieldValidator);
+ }
+
@Test
public void getUserAppsTest() {
EPUser user = mockUser.mockEPUser();
assertEquals(actualResponse, expectedResponse);
}
+ @Test
+ public void createBasicAuthAccountXSSTest() throws Exception {
+ BasicAuthCredentials basicAuthCredentials = basicAuthCredentials();
+ basicAuthCredentials.setPassword("<script>alert(“XSS”);</script>");
+
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ PortalRestResponse<String> expectedResponse = new PortalRestResponse<String>();
+ expectedResponse.setMessage("createBasicAuthAccount() failed, new credential are not safe");
+ expectedResponse.setResponse("");
+ PortalRestStatusEnum portalRestStatusEnum = null;
+ expectedResponse.setStatus(portalRestStatusEnum.ERROR);
+ long accountd = 1;
+
+ Mockito.when(basicAuthAccountService.saveBasicAuthAccount(basicAuthCredentials)).thenReturn(accountd);
+
+ PortalRestResponse<String> actualResponse = basicAuthAccountController.createBasicAuthAccount(mockedRequest,
+ mockedResponse, basicAuthCredentials);
+ assertEquals(actualResponse, expectedResponse);
+ }
+
@Test
public void createBasicAuthAccountAdminTest() throws Exception {
BasicAuthCredentials basicAuthCredentials = basicAuthCredentials();
}
+ @Test
+ public void editFunctionalMenuItemXSSTest(){
+ FunctionalMenuItemWithRoles menuItemJson = new FunctionalMenuItemWithRoles();
+ menuItemJson.url = "1<b>tes<img src=‘~‘ onerror=prompt(32)>t_menu";
+ FieldsValidator actualFieldsValidator = new FieldsValidator();
+ FieldsValidator expectedFieldsValidator = new FieldsValidator();
+ List<FieldName> fields = new ArrayList<>();
+ expectedFieldsValidator.setHttpStatusCode(406L);
+ expectedFieldsValidator.setFields(fields);
+ expectedFieldsValidator.setErrorCode(null);
+ EPUser user = mockUser.mockEPUser();
+ Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+ Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(true);
+ Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator);
+ actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse);
+ assertEquals(actualFieldsValidator, expectedFieldsValidator);
+ }
+
@Test
public void getAppListTestIfAppDoesnotExistsInBusinessCardApplicationRolesList() throws IOException {
Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false);
Mockito.when(functionalMenuService.createFunctionalMenuItem(menuItemJson)).thenReturn(expectedFieldsValidator);
actualFieldsValidator = functionalMenuController.createFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse);
- assertEquals(actualFieldsValidator, expectedFieldsValidator);
+ assertEquals(expectedFieldsValidator, actualFieldsValidator);
}
@Test
Mockito.when(adminRolesService.isSuperAdmin(user)).thenReturn(false);
Mockito.when(functionalMenuService.editFunctionalMenuItem(menuItemJson)).thenReturn(actualFieldsValidator);
actualFieldsValidator = functionalMenuController.editFunctionalMenuItem(mockedRequest, menuItemJson, mockedResponse);
- assertEquals(actualFieldsValidator, expectedFieldsValidator);
+ assertEquals(expectedFieldsValidator, actualFieldsValidator);
}
@Test
Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null);
basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials);
+ }
+
+ @Test(expected= Exception.class)
+ public void saveBasicAuthAccountValidTest() throws Exception {
+ BasicAuthCredentials basicAuthCredentials = new BasicAuthCredentials();
+ basicAuthCredentials.setPassword("<IMG SRC=\"jav\tascript:alert('XSS');\">");
+ Mockito.doNothing().when(dataAccessService).saveDomainObject(basicAuthCredentials, null);
+ basicAuthAccountServiceImpl.saveBasicAuthAccount(basicAuthCredentials);
+
}
@Test
import org.onap.portalapp.portal.logging.aop.EPAuditLog;
import org.onap.portalapp.portal.service.UserService;
import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
import org.onap.portalapp.validation.SecureString;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.springframework.beans.factory.annotation.Autowired;
@EPAuditLog
@NoArgsConstructor
public class AppsOSController extends AppsController {
- private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
+ private final DataValidator dataValidator = new DataValidator();
private static final String FAILURE = "failure";
private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
if (newUser == null)
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
"New User cannot be null or empty");
-
+ if (!dataValidator.isValid(newUser)) {
+ return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
+ "New User is not safe html");
+ }
if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))
&& !user.getLoginId().equalsIgnoreCase(newUser.getLoginId())) {
return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
public String getCurrentUserProfile(HttpServletRequest request, @PathVariable("loginId") String loginId) {
if (loginId != null) {
- Validator validator = validatorFactory.getValidator();
- SecureString secureString = new SecureString(loginId);
- Set<ConstraintViolation<SecureString>> constraintViolations = validator.validate(secureString);
-
- if (!constraintViolations.isEmpty()) {
+ if (!dataValidator.isValid(new SecureString(loginId))) {
return "loginId is not valid";
}
}
<springframework.version>4.3.24.RELEASE</springframework.version>
<springframework.security.version>4.2.13.RELEASE</springframework.security.version>
<hibernate.version>4.3.11.Final</hibernate.version>
- <fasterxml.version>2.8.10</fasterxml.version>
- <eelf.version>1.0.0</eelf.version>
+ <fasterxml.version>2.8.11.4</fasterxml.version>
<!-- NOT provided by OParent, unfortunately -->
<jacocoVersion>0.7.6.201602180812</jacocoVersion>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
Code Review / portal.git / commitdiff