-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: fix sonar issues #3789
base: v3.x.x
Are you sure you want to change the base?
chore: fix sonar issues #3789
Conversation
…kPeriod=true&issueStatuses=OPEN%2CCONFIRMED&branch=v3.x.x&id=zowe_api-layer&open=AZG8RKZMaDaTTh7MLIqJ&tab=code Signed-off-by: Richard Salac <richard.salac@broadcom.com>
…kPeriod=true&issueStatuses=OPEN%2CCONFIRMED&branch=v3.x.x&id=zowe_api-layer&open=AZG8RK7RaDaTTh7MLItk Signed-off-by: Richard Salac <richard.salac@broadcom.com>
…kPeriod=true&issueStatuses=OPEN%2CCONFIRMED&branch=v3.x.x&id=zowe_api-layer&open=AZG8RKvGaDaTTh7MLIsc Signed-off-by: Richard Salac <richard.salac@broadcom.com>
…kPeriod=true&issueStatuses=OPEN%2CCONFIRMED&branch=v3.x.x&id=zowe_api-layer&open=AZG8RKyvaDaTTh7MLIsj Signed-off-by: Richard Salac <richard.salac@broadcom.com>
Quality Gate passedIssues Measures |
ArrayList<String> result = new ArrayList<>(); | ||
|
||
String ssoCookie = getAuthenticationCookie(passedAuthenticationToken); | ||
|
||
HttpHeaders headersSSO = new HttpHeaders(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We cannot remove JWT from the calls. It is necessary to obtain it from the Authentication object (security context). And in the case, JWT is not accessible there (ie. access with x509), obtain a new token.
@@ -186,8 +145,8 @@ private List<String> fromResponseReturnFoundProblems(ResponseEntity<String> resp | |||
result.add("Documented endpoint at " + currentEndpoint.getUrl() + " could not be located, attempting to call it through gateway gives the ZWEAM104E error"); | |||
} | |||
|
|||
if (attemptWithSSO && responseBody != null && (response.getStatusCode() == HttpStatus.FORBIDDEN || response.getStatusCode() == HttpStatus.UNAUTHORIZED)) { | |||
result.add(method + " request to documented endpoint at " + currentEndpoint.getUrl() + " responded with status code " + response.getStatusCode().value() + ", despite being called with the SSO authorization"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once user is authenticated the SSO message is still valid I guess
* @return List of problems | ||
*/ | ||
public List<String> testEndpointsByCalling(Set<Endpoint> endpoints, String passedAuthenticationToken) { | ||
ArrayList<String> result = new ArrayList<>(checkEndpointsNoSSO(endpoints)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It maybe make sense to call each endpoint twice (with and without JWT)
@@ -106,7 +105,7 @@ void checkValidJson() { | |||
void whenServiceIdTooLong_thenNonconformant() { | |||
when(messageService.createMessage(NON_CONFORMANT_KEY, "ThisWillBeRemoved")).thenReturn(NON_CONFORMANT_MESSAGE); | |||
String testString = "qwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiopqwertyuiop"; | |||
result = validateAPIController.checkConformance(testString, "dummy"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no test with credentials?
Description
Resolve sonar issues
Type of change
Please delete options that are not relevant.
Checklist:
For more details about how should the code look like read the Contributing guideline