Merge pull request #154 from Kamidu/master

Preventing infromation leakage
revert-70aa11f8
Prabath Abeysekara 9 years ago
commit f6bd2f3d54

@ -299,6 +299,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
public List<Device> getDevicesOfUser(String username, int tenantId) throws DeviceManagementDAOException { public List<Device> getDevicesOfUser(String username, int tenantId) throws DeviceManagementDAOException {
Connection conn; Connection conn;
PreparedStatement stmt = null; PreparedStatement stmt = null;
ResultSet rs = null;
List<Device> devices = new ArrayList<>(); List<Device> devices = new ArrayList<>();
try { try {
conn = this.getConnection(); conn = this.getConnection();
@ -311,7 +312,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
stmt = conn.prepareStatement(sql); stmt = conn.prepareStatement(sql);
stmt.setInt(1, tenantId); stmt.setInt(1, tenantId);
stmt.setString(2, username); stmt.setString(2, username);
ResultSet rs = stmt.executeQuery(); rs = stmt.executeQuery();
while (rs.next()) { while (rs.next()) {
Device device = DeviceManagementDAOUtil.loadDevice(rs); Device device = DeviceManagementDAOUtil.loadDevice(rs);
@ -321,7 +322,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
throw new DeviceManagementDAOException("Error occurred while fetching the list of devices belongs to '" + throw new DeviceManagementDAOException("Error occurred while fetching the list of devices belongs to '" +
username + "'", e); username + "'", e);
} finally { } finally {
DeviceManagementDAOUtil.cleanupResources(stmt, null); DeviceManagementDAOUtil.cleanupResources(stmt, rs);
} }
return devices; return devices;
} }
@ -594,6 +595,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
Connection conn; Connection conn;
PreparedStatement stmt = null; PreparedStatement stmt = null;
List<Device> devices = new ArrayList<>(); List<Device> devices = new ArrayList<>();
ResultSet rs = null;
try { try {
conn = this.getConnection(); conn = this.getConnection();
String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " +
@ -606,7 +608,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
stmt.setString(1, deviceName + "%"); stmt.setString(1, deviceName + "%");
stmt.setInt(2, tenantId); stmt.setInt(2, tenantId);
stmt.setInt(3, tenantId); stmt.setInt(3, tenantId);
ResultSet rs = stmt.executeQuery(); rs = stmt.executeQuery();
while (rs.next()) { while (rs.next()) {
Device device = DeviceManagementDAOUtil.loadDevice(rs); Device device = DeviceManagementDAOUtil.loadDevice(rs);
@ -616,7 +618,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
throw new DeviceManagementDAOException("Error occurred while fetching the list of devices that matches " + throw new DeviceManagementDAOException("Error occurred while fetching the list of devices that matches " +
"'" + deviceName + "'", e); "'" + deviceName + "'", e);
} finally { } finally {
DeviceManagementDAOUtil.cleanupResources(stmt, null); DeviceManagementDAOUtil.cleanupResources(stmt, rs);
} }
return devices; return devices;
} }
@ -823,6 +825,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
throws DeviceManagementDAOException { throws DeviceManagementDAOException {
Connection conn; Connection conn;
PreparedStatement stmt = null; PreparedStatement stmt = null;
ResultSet rs = null;
List<Device> devices = new ArrayList<>(); List<Device> devices = new ArrayList<>();
try { try {
conn = this.getConnection(); conn = this.getConnection();
@ -836,7 +839,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
stmt.setInt(1, tenantId); stmt.setInt(1, tenantId);
stmt.setString(2, status.toString()); stmt.setString(2, status.toString());
stmt.setInt(3, tenantId); stmt.setInt(3, tenantId);
ResultSet rs = stmt.executeQuery(); rs = stmt.executeQuery();
while (rs.next()) { while (rs.next()) {
Device device = DeviceManagementDAOUtil.loadDevice(rs); Device device = DeviceManagementDAOUtil.loadDevice(rs);
@ -846,7 +849,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO {
throw new DeviceManagementDAOException("Error occurred while fetching the list of devices that matches to status " + throw new DeviceManagementDAOException("Error occurred while fetching the list of devices that matches to status " +
"'" + status + "'", e); "'" + status + "'", e);
} finally { } finally {
DeviceManagementDAOUtil.cleanupResources(stmt, null); DeviceManagementDAOUtil.cleanupResources(stmt, rs);
} }
return devices; return devices;
} }

@ -234,6 +234,7 @@ public class ApplicationDAOImpl implements ApplicationDAO {
PreparedStatement stmt = null; PreparedStatement stmt = null;
List<Application> applications = new ArrayList<>(); List<Application> applications = new ArrayList<>();
Application application; Application application;
ResultSet rs = null;
try { try {
conn = this.getConnection(); conn = this.getConnection();
stmt = conn.prepareStatement("Select ID, NAME, APP_IDENTIFIER, PLATFORM, CATEGORY, VERSION, TYPE, " + stmt = conn.prepareStatement("Select ID, NAME, APP_IDENTIFIER, PLATFORM, CATEGORY, VERSION, TYPE, " +
@ -244,7 +245,7 @@ public class ApplicationDAOImpl implements ApplicationDAO {
"app.ID = APPMAP.APPLICATION_ID "); "app.ID = APPMAP.APPLICATION_ID ");
stmt.setInt(1, deviceId); stmt.setInt(1, deviceId);
ResultSet rs = stmt.executeQuery(); rs = stmt.executeQuery();
while (rs.next()) { while (rs.next()) {
application = loadApplication(rs); application = loadApplication(rs);
@ -254,7 +255,7 @@ public class ApplicationDAOImpl implements ApplicationDAO {
throw new DeviceManagementDAOException("SQL Error occurred while retrieving the list of Applications " + throw new DeviceManagementDAOException("SQL Error occurred while retrieving the list of Applications " +
"installed in device id '" + deviceId, e); "installed in device id '" + deviceId, e);
} finally { } finally {
DeviceManagementDAOUtil.cleanupResources(stmt, null); DeviceManagementDAOUtil.cleanupResources(stmt, rs);
} }
return applications; return applications;
} }

@ -79,7 +79,7 @@ public class ExternalOAuthValidator implements OAuth2TokenValidator{
boolean isValid = tokenValidationResponse.getValid(); boolean isValid = tokenValidationResponse.getValid();
String userName = null; String userName = null;
String tenantDomain = null; String tenantDomain = null;
if(isValid){ if (isValid) {
userName = MultitenantUtils.getTenantAwareUsername( userName = MultitenantUtils.getTenantAwareUsername(
tokenValidationResponse.getAuthorizedUser()); tokenValidationResponse.getAuthorizedUser());
tenantDomain = MultitenantUtils. tenantDomain = MultitenantUtils.

@ -44,17 +44,17 @@ public class LocalOAuthValidator implements OAuth2TokenValidator {
accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE); accessToken.setTokenType(OauthAuthenticatorConstants.BEARER_TOKEN_TYPE);
accessToken.setIdentifier(token); accessToken.setIdentifier(token);
validationRequest.setAccessToken(accessToken); validationRequest.setAccessToken(accessToken);
OAuth2TokenValidationResponseDTO tokenValidationResponse = OAuthAuthenticatorDataHolder.getInstance(). OAuth2TokenValidationResponseDTO tokenValidationResponse = OAuthAuthenticatorDataHolder.getInstance().
getOAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse(); getOAuth2TokenValidationService().findOAuthConsumerIfTokenIsValid(validationRequest).getAccessTokenValidationResponse();
boolean isValid = tokenValidationResponse.isValid(); boolean isValid = tokenValidationResponse.isValid();
String userName = null; String userName = null;
String tenantDomain = null; String tenantDomain = null;
if(isValid){ if (isValid) {
userName = MultitenantUtils.getTenantAwareUsername( userName = MultitenantUtils.getTenantAwareUsername(
tokenValidationResponse.getAuthorizedUser()); tokenValidationResponse.getAuthorizedUser());
tenantDomain = tenantDomain =
MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser()); MultitenantUtils.getTenantDomain(tokenValidationResponse.getAuthorizedUser());
} }
return new OAuthValidationResponse(userName,tenantDomain,isValid); return new OAuthValidationResponse(userName, tenantDomain, isValid);
} }
} }

Loading…
Cancel
Save