From 8886b47bca90cb0e84478d24e5c9afb3a9054b63 Mon Sep 17 00:00:00 2001 From: "Kishore Reddy, Gujja (kg811t)" Date: Fri, 23 Mar 2018 18:16:50 -0400 Subject: [PATCH] Security fixes Issue-ID: PORTAL-136, PORTAL-155, PORTAL-210,PORTAL-217 Includes JUNITS and docker changes, music integration and security fixes Change-Id: Ib9205d7e8aa31c525a87e9d9a8076906ea4c7f0a Signed-off-by: Kishore Reddy, Gujja (kg811t) --- deliveries/portal.cql | 54 ++++++++++++++++++++++ deliveries/portalsdk.cql | 54 ++++++++++++++++++++++ ecomp-portal-BE-common/pom.xml | 11 ++--- .../service/ExternalAccessRolesServiceImpl.java | 9 +++- .../ExternalAccessRolesServiceImplTest.java | 2 +- ecomp-portal-BE-os/README.md | 1 + ecomp-portal-BE-os/pom.xml | 7 +-- ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql | 54 +++++++++++++++++++--- .../functionalMenu-dialog/menu-details.modal.html | 2 +- ecomp-portal-widget-ms/widget-ms/pom.xml | 15 ++++++ pom.xml | 2 +- 11 files changed, 188 insertions(+), 23 deletions(-) create mode 100644 deliveries/portal.cql create mode 100644 deliveries/portalsdk.cql diff --git a/deliveries/portal.cql b/deliveries/portal.cql new file mode 100644 index 00000000..6cb62713 --- /dev/null +++ b/deliveries/portal.cql @@ -0,0 +1,54 @@ +CREATE KEYSPACE IF NOT EXISTS portal + WITH REPLICATION = { + 'class' : 'SimpleStrategy', + 'replication_factor': 1 + } + AND DURABLE_WRITES = true; + + +CREATE TABLE portal.spring_session ( + primary_id text PRIMARY KEY, + creation_time text, + expiry_time text, + last_access_time text, + max_inactive_interval text, + principal_name text, + session_id text, + vector_ts text +) WITH bloom_filter_fp_chance = 0.01 + AND caching = {'keys': 'ALL', 'rows_per_partition': '10'} + AND comment = '' + AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'} + AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'} + AND crc_check_chance = 1.0 + AND dclocal_read_repair_chance = 0.1 + AND default_time_to_live = 0 + AND gc_grace_seconds = 864000 + AND max_index_interval = 2048 + AND memtable_flush_period_in_ms = 0 + AND min_index_interval = 128 + AND read_repair_chance = 0.0 + AND speculative_retry = '99PERCENTILE'; + + +CREATE TABLE portal.spring_session_attributes ( + primary_id text, + attribute_name text, + attribute_bytes blob, + vector_ts text, + PRIMARY KEY (primary_id, attribute_name) +) WITH CLUSTERING ORDER BY (attribute_name ASC) + AND bloom_filter_fp_chance = 0.01 + AND caching = {'keys': 'ALL', 'rows_per_partition': '1'} + AND comment = '' + AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'} + AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'} + AND crc_check_chance = 1.0 + AND dclocal_read_repair_chance = 0.1 + AND default_time_to_live = 0 + AND gc_grace_seconds = 864000 + AND max_index_interval = 2048 + AND memtable_flush_period_in_ms = 0 + AND min_index_interval = 128 + AND read_repair_chance = 0.0 + AND speculative_retry = '99PERCENTILE'; diff --git a/deliveries/portalsdk.cql b/deliveries/portalsdk.cql new file mode 100644 index 00000000..62da5dd7 --- /dev/null +++ b/deliveries/portalsdk.cql @@ -0,0 +1,54 @@ +CREATE KEYSPACE IF NOT EXISTS portalsdk + WITH REPLICATION = { + 'class' : 'SimpleStrategy', + 'replication_factor': 1 + } + AND DURABLE_WRITES = true; + + +CREATE TABLE portalsdk.spring_session ( + primary_id text PRIMARY KEY, + creation_time text, + expiry_time text, + last_access_time text, + max_inactive_interval text, + principal_name text, + session_id text, + vector_ts text +) WITH bloom_filter_fp_chance = 0.01 + AND caching = {'keys': 'ALL', 'rows_per_partition': '10'} + AND comment = '' + AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'} + AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'} + AND crc_check_chance = 1.0 + AND dclocal_read_repair_chance = 0.1 + AND default_time_to_live = 0 + AND gc_grace_seconds = 864000 + AND max_index_interval = 2048 + AND memtable_flush_period_in_ms = 0 + AND min_index_interval = 128 + AND read_repair_chance = 0.0 + AND speculative_retry = '99PERCENTILE'; + + +CREATE TABLE portalsdk.spring_session_attributes ( + primary_id text, + attribute_name text, + attribute_bytes blob, + vector_ts text, + PRIMARY KEY (primary_id, attribute_name) +) WITH CLUSTERING ORDER BY (attribute_name ASC) + AND bloom_filter_fp_chance = 0.01 + AND caching = {'keys': 'ALL', 'rows_per_partition': '1'} + AND comment = '' + AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'} + AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'} + AND crc_check_chance = 1.0 + AND dclocal_read_repair_chance = 0.1 + AND default_time_to_live = 0 + AND gc_grace_seconds = 864000 + AND max_index_interval = 2048 + AND memtable_flush_period_in_ms = 0 + AND min_index_interval = 128 + AND read_repair_chance = 0.0 + AND speculative_retry = '99PERCENTILE'; diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml index 7cdc7968..ce394eaf 100644 --- a/ecomp-portal-BE-common/pom.xml +++ b/ecomp-portal-BE-common/pom.xml @@ -340,7 +340,7 @@ org.apache.poi poi - 3.17 + 3.15 commons-logging @@ -355,7 +355,7 @@ org.apache.poi poi-ooxml - 3.17 + 3.15 commons-logging @@ -547,7 +547,7 @@ commons-beanutils commons-beanutils - 1.9.2 + 1.9.3 com.ecwid.consul @@ -632,11 +632,6 @@ spring-security-config ${springframework.version} - - org.apache.lucene - lucene-queryparser - 7.2.1 - com.thoughtworks.xstream xstream diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java index 678672b1..a2226944 100644 --- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java +++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java @@ -1507,7 +1507,12 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic return roleFunc; roleFunc = checkIfPipesExitsInFunctionCode(cenV2RoleFunction); } else { - roleFunc = getRoleFuncList.get(0); + // Check even if single record have pipes + if (!getRoleFuncList.isEmpty() && getRoleFuncList.get(0).getCode().contains(FUNCTION_PIPE)) { + roleFunc = checkIfPipesExitsInFunctionCode(getRoleFuncList.get(0)); + } else { + roleFunc = getRoleFuncList.get(0); + } } } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction: failed", e); @@ -3434,8 +3439,8 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic @Override public List convertV2CentralRoleListToOldVerisonCentralRoleList(List v2CenRoleList) { List cenRoleList = new ArrayList<>(); - SortedSet cenRoleFuncList = new TreeSet<>(); for(CentralV2Role v2CenRole : v2CenRoleList){ + SortedSet cenRoleFuncList = new TreeSet<>(); for(CentralV2RoleFunction v2CenRoleFunc: v2CenRole.getRoleFunctions()){ CentralRoleFunction roleFunc = new CentralRoleFunction(v2CenRoleFunc.getCode(), v2CenRoleFunc.getName()); cenRoleFuncList.add(roleFunc); diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java index bb408b26..295ba74b 100644 --- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java +++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImplTest.java @@ -533,7 +533,7 @@ public class ExternalAccessRolesServiceImplTest { .thenReturn(getRoleFuncList); CentralV2RoleFunction actual = externalAccessRolesServiceImpl.getRoleFunction("test_type|type_code|*", app.getUebKey()); - assertEquals(getCenRole.getCode(), actual.getCode()); + assertEquals("type_code", actual.getCode()); } @Test diff --git a/ecomp-portal-BE-os/README.md b/ecomp-portal-BE-os/README.md index 6ca4b1ed..06f9ae3d 100644 --- a/ecomp-portal-BE-os/README.md +++ b/ecomp-portal-BE-os/README.md @@ -15,6 +15,7 @@ https://www.eclipse.org/m2e-wtp/ ## Release Notes Version 2.2 +- [PORTAL-179] wrong menu available to App Admin User - [PORTAL-207] Raise 4 % percentage (from 44 to 48) sonar code coverage for ONAP PORTAL - [PORTAL-136] Raise JUnit test coverage ONAP Portal to 50% for Beijing - [PORTAL-133] replace ECOMP to ONAP on Contact Us and Get Access page diff --git a/ecomp-portal-BE-os/pom.xml b/ecomp-portal-BE-os/pom.xml index 3eae6860..ed42c061 100644 --- a/ecomp-portal-BE-os/pom.xml +++ b/ecomp-portal-BE-os/pom.xml @@ -386,7 +386,7 @@ org.apache.poi poi - 3.17 + 3.15 commons-logging @@ -401,7 +401,7 @@ org.apache.poi poi-ooxml - 3.17 + 3.15 commons-logging @@ -609,7 +609,7 @@ commons-beanutils commons-beanutils - 1.9.2 + 1.9.3 @@ -656,6 +656,7 @@ org.onap.portal.sdk epsdk-music ${epsdk.version} + jar-with-dependencies org.onap.music diff --git a/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql b/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql index 18d79fa8..6461b13d 100644 --- a/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql +++ b/ecomp-portal-DB-os/PortalDMLMySql_2_1_OS.sql @@ -3,7 +3,18 @@ -- First run the common Opensource DML; then run this file to add The Opensource only data USE portal; -set foreign_key_checks=1; +set foreign_key_checks=1; + +--- update fn_menu for roles +UPDATE fn_menu +SET function_cd = 'menu_acc_admin' +WHERE label = 'Roles'; + +--- update fn_menu for users +UPDATE fn_menu +SET function_cd = 'menu_acc_admin' +WHERE label = 'Users'; + -- fn_user Insert into fn_user (USER_ID, ORG_ID, MANAGER_ID,FIRST_NAME,MIDDLE_NAME,LAST_NAME,PHONE,FAX,CELLULAR,EMAIL,ADDRESS_ID,ALERT_METHOD_CD,HRID,ORG_USER_ID,ORG_CODE,LOGIN_ID,LOGIN_PWD,LAST_LOGIN_DATE,ACTIVE_YN,CREATED_ID,CREATED_DATE,MODIFIED_ID,MODIFIED_DATE,IS_INTERNAL_YN,ADDRESS_LINE_1,ADDRESS_LINE_2,CITY,STATE_CD,ZIP_CODE,COUNTRY_CD,LOCATION_CLLI,ORG_MANAGER_USERID,COMPANY,DEPARTMENT_NAME,JOB_TITLE,TIMEZONE,DEPARTMENT,BUSINESS_UNIT,BUSINESS_UNIT_NAME,COST_CENTER,FIN_LOC_CODE,SILO_STATUS) values (1,NULL,NULL,'Demo',NULL,'User',NULL,NULL,NULL,'demo@openecomp.org',NULL,NULL,NULL,'demo',NULL,'demo','4Gl6WL1bmwviYm+XZa6pS1vC0qKXWtn9wcZWdLx61L0=','2016-10-20 15:11:16','Y',NULL,'2016-10-14 21:00:00',1,'2016-10-20 15:11:16','N',NULL,NULL,NULL,'NJ',NULL,'US',NULL,NULL,NULL,NULL,NULL,10,NULL,NULL,NULL,NULL,NULL,NULL); @@ -89,7 +100,24 @@ insert into ep_app_function (app_id, function_cd, function_name) values (1, 'url|saveNotification|*','publish notifications'), (1, 'url|url_role.htm|*','role page'), (1, 'url|url_welcome.htm|*','welcome page'), -(1, 'menu|menu_acc_admin|*','Admin Acc Menu'); +(1, 'menu|menu_acc_admin|*','Admin Account Menu'), +(1,'url|addWebAnalyticsReport|*','Add Web Analytics Report'), +(1,'url|appsFullList|*','Apps Full List'), +(1,'url|centralizedApps|*','Centralized Apps'), +(1,'url|functionalMenu|*','Functional Menu'), +(1,'url|getAllWebAnalytics|*','Get All Web Analytics'), +(1,'url|getFunctionalMenuRole|*','Get Functional Menu Role'), +(1,'url|getNotificationAppRoles|*','Get Notification App Roles'), +(1,'url|getUserAppsWebAnalytics|*','Get User Apps Web Analytics'), +(1,'url|getUserJourneyAnalyticsReport|*','Get User Journey Report'), +(1,'url|get_roles%2f%2a|*','getRolesOfApp'), +(1,'url|get_role_functions%2f%2a|*','Get Role Functions'), +(1,'url|notification_code|*','Notification Code'), +(1,'url|role_function_list%2fsaveRoleFunction%2f%2a|*','Save Role Function'), +(1,'url|syncRoles|*','SyncRoles'), +(1,'url|userAppRoles|*','userAppRoles'), +(1,'url|userApps|*','User Apps') +; insert into ep_app_role_function (id, app_id, role_id, function_cd, role_app_id) values @@ -102,12 +130,24 @@ insert into ep_app_role_function (id, app_id, role_id, function_cd, role_app_id) (7, 1, 16, 'menu|menu_logout|*', null), (8, 1, 950, 'url|edit_notification|*', null), (9, 1, 950, 'url|getAdminNotifications|*', null), -(10, 1, 950, 'url|saveNotification|*', null), -(11, 1, 999, 'url|edit_notification|*', null), -(12, 1, 999, 'url|getAdminNotifications|*', null), -(13, 1, 999, 'menu|menu_admin|*', null), -(14, 1, 1010, 'menu|menu_web_analytics|*', null), +(10,1, 950, 'url|saveNotification|*', null), +(11,1, 999,'url|userAppRoles|*','userAppRoles', null), +(12,1, 999, 'url|getAdminNotifications|*', null), +(13,1, 999,'url|userApps|*','User Apps'), +(14,1, 1010, 'menu|menu_web_analytics|*', null), (15, 1, 2115, 'menu|menu_web_analytics|*', null), (16, 1 , 1, 'menu|menu_acc_admin|*' , null), (17, 1 , 999 ,'menu|menu_acc_admin|*', null); +(18,1,999,'url|centralizedApps|*','Centralized Apps', null), +(19,1,999,'url|getAllWebAnalytics|*','Get All Web Analytics', null), +(20,1,999,'url|getFunctionalMenuRole|*','Get Functional Menu Role', null), +(21,1,999,'url|getNotificationAppRoles|*','Get Notification App Roles', null), +(22,1,999,'url|getUserAppsWebAnalytics|*','Get User Apps Web Analytics', null), +(23,1,999,'url|getUserJourneyAnalyticsReport|*','Get User Journey Report', null), +(24,1,999,'url|get_roles%2f%2a|*','getRolesOfApp', null), +(25,1,999,'url|get_role_functions%2f%2a|*','Get Role Functions', null), +(26,1,999,'url|notification_code|*','Notification Code', null), +(27,1,999,'url|role_function_list%2fsaveRoleFunction%2f%2a|*','Save Role Function', null), +(28,1,999,'url|syncRoles|*','SyncRoles', null); + commit; \ No newline at end of file diff --git a/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html b/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html index 508db70a..cb29ef73 100644 --- a/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html +++ b/ecomp-portal-FE-common/client/app/views/functionalMenu/functionalMenu-dialog/menu-details.modal.html @@ -60,7 +60,7 @@
Title
- +
diff --git a/ecomp-portal-widget-ms/widget-ms/pom.xml b/ecomp-portal-widget-ms/widget-ms/pom.xml index a3c5546e..5d8896c2 100644 --- a/ecomp-portal-widget-ms/widget-ms/pom.xml +++ b/ecomp-portal-widget-ms/widget-ms/pom.xml @@ -152,6 +152,21 @@ logback-classic 1.2.3 + + com.fasterxml.jackson.core + jackson-annotations + 2.8.10 + + + com.fasterxml.jackson.core + jackson-core + 2.8.10 + + + com.fasterxml.jackson.core + jackson-databind + 2.8.10 + diff --git a/pom.xml b/pom.xml index c1b07e00..d3571b3c 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ 0 2.2.0-SNAPSHOT - 4.2.2.RELEASE + 4.2.3.RELEASE 4.3.11.Final 2.8.10 1.0.0 -- 2.16.6