Fix sonar warnings

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationToken.java

@@ -13,17 +13,17 @@ import java.util.Objects;
 
 public class SMPAuthenticationToken extends UsernamePasswordAuthenticationToken {
     private static final SMPLogger LOG = SMPLoggerFactory.getLogger(SMPAuthenticationToken.class);
-    DBUser user;
+    private final DBUser user;
     // session encryption key to encrypt sensitive data
     // at the moment used for UI sessions
-    SecurityUtils.Secret secret=null;
+    private SecurityUtils.Secret secret = null;
 
     public SMPAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
-        super(principal,credentials, authorities );
+        this(principal, credentials, authorities, null);
     }
 
     public SMPAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, DBUser user) {
-        super(principal,credentials, authorities );
+        super(principal, credentials, authorities);
         this.user = user;
     }
 
@@ -31,8 +31,8 @@ public class SMPAuthenticationToken extends UsernamePasswordAuthenticationToken
         return user;
     }
 
-    public SecurityUtils.Secret getSecret(){
-        if (secret==null) {
+    public SecurityUtils.Secret getSecret() {
+        if (secret == null) {
             LOG.debug("Secret does not yet exist. Create user session secret!");
             secret = SecurityUtils.generatePrivateSymmetricKey();
             LOG.debug("User session secret created!");

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/ServiceGroupValidationRO.java

@@ -3,9 +3,9 @@ package eu.europa.ec.edelivery.smp.data.ui;
 public class ServiceGroupValidationRO extends BaseRO {
     private static final long serialVersionUID = -7555221767041516157L;
 
-    public static int ERROR_CODE_OK =0;
-    public static int ERROR_CODE_SERVICE_GROUP_EXISTS =1;
-    public static int ERROR_CODE_INVALID_EXTENSION =2;
+    public static final int ERROR_CODE_OK =0;
+    public static final int ERROR_CODE_SERVICE_GROUP_EXISTS =1;
+    public static final int ERROR_CODE_INVALID_EXTENSION =2;
 
     Long serviceGroupId;
     String extension;

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java

@@ -66,7 +66,7 @@ public class UIPropertyService {
                 .collect(Collectors.toMap(DBConfiguration::getProperty, Function.identity()));
 
         List<PropertyRO> properties = filteredProperties.stream()
-                .skip(page * pageSize)
+                .skip( page * (long)pageSize)
                 .limit(pageSize)
                 .map(prop -> createProperty(prop, changedProps))
                 .collect(Collectors.toList());

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java

@@ -51,6 +51,8 @@ import static java.util.Locale.US;
 @Component
 public class SMPAuthenticationProvider implements AuthenticationProvider {
 
+    public static final String LOGIN_FAILED_MESSAGE="Login failed; Invalid userID or password";
+
     private static final SMPLogger LOG = SMPLoggerFactory.getLogger(SMPAuthenticationProvider.class);
     /**
      * thread safe validator
@@ -136,7 +138,7 @@ public class SMPAuthenticationProvider implements AuthenticationProvider {
                 LOG.securityWarn(SMPMessageCode.SEC_USER_NOT_EXISTS, userToken);
                 //https://www.owasp.org/index.php/Authentication_Cheat_Sheet
                 // Do not reveal the status of an existing account. Not to use UsernameNotFoundException
-                throw new BadCredentialsException("Login failed; Invalid userID or password");
+                throw new BadCredentialsException(LOGIN_FAILED_MESSAGE);
             }
             user = oUsr.get();
         } catch (AuthenticationException ex) {
@@ -258,7 +260,7 @@ public class SMPAuthenticationProvider implements AuthenticationProvider {
 
                 //https://www.owasp.org/index.php/Authentication_Cheat_Sheet
                 // Do not reveal the status of an existing account. Not to use UsernameNotFoundException
-                throw new BadCredentialsException("Login failed; Invalid userID or password");
+                throw new BadCredentialsException(LOGIN_FAILED_MESSAGE);
             }
             user = oUsr.get();
         } catch (AuthenticationException ex) {
@@ -278,12 +280,12 @@ public class SMPAuthenticationProvider implements AuthenticationProvider {
                 user.setLastTokenFailedLoginAttempt(LocalDateTime.now());
                 mUserDao.update(user);
                 LOG.securityWarn(SMPMessageCode.SEC_INVALID_PASSWORD, authenticationTokenId);
-                throw new BadCredentialsException("Login failed; Invalid userID or password");
+                throw new BadCredentialsException(LOGIN_FAILED_MESSAGE);
             }
         } catch (java.lang.IllegalArgumentException ex) {
             // password is not hashed;
             LOG.securityWarn(SMPMessageCode.SEC_INVALID_PASSWORD, ex, authenticationTokenId);
-            throw new BadCredentialsException("Login failed; Invalid userID or password");
+            throw new BadCredentialsException(LOGIN_FAILED_MESSAGE);
         }
         String role = "WS_"+user.getRole();
         SMPAuthenticationToken smpAuthenticationToken = new SMPAuthenticationToken(authenticationTokenId, authenticationTokenValue, Collections.singletonList(new SMPAuthority(role)), user);

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java

@@ -21,6 +21,7 @@ import eu.europa.ec.edelivery.smp.error.SMPSecurityExceptionHandler;
 import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
 import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
 import eu.europa.ec.edelivery.smp.services.ConfigurationService;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -163,11 +164,11 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
                     .maxAgeInSeconds(maxAge)
                     .requestMatcher(AnyRequestMatcher.INSTANCE).and().and();
         }
-/*
+
         String contentSecurityPolicy = configurationService.getHttpHeaderContentSecurityPolicy();
         if (StringUtils.isNotBlank(contentSecurityPolicy)) {
-            httpSecurity = httpSecurity.headers().contentSecurityPolicy(contentSecurityPolicy).and().and();
-        }*/
+            httpSecurity.headers().contentSecurityPolicy(contentSecurityPolicy).and().and();
+        }
     }
 
     @Override
@@ -223,7 +224,7 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
         try {
             getClientCertAuthenticationFilter().setClientCertAuthenticationEnabled(clientCertEnabled);
         } catch (Exception e) {
-            new SMPRuntimeException(ErrorCode.INTERNAL_ERROR, "Error occurred while setting the ClientCert feature (enable [" + clientCertEnabled + "])", ExceptionUtils.getRootCauseMessage(e));
+            throw new SMPRuntimeException(ErrorCode.INTERNAL_ERROR, "Error occurred while setting the ClientCert feature (enable [" + clientCertEnabled + "])", ExceptionUtils.getRootCauseMessage(e));
         }
     }
 
@@ -231,7 +232,7 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
         try {
             getEDeliveryX509AuthenticationFilter().setHttpHeaderAuthenticationEnabled(sslClientCertEnabled);
         } catch (Exception e) {
-            new SMPRuntimeException(ErrorCode.INTERNAL_ERROR, "Error occurred while setting the ClientCert feature (enable [" + sslClientCertEnabled + "])", ExceptionUtils.getRootCauseMessage(e));
+            throw new SMPRuntimeException(ErrorCode.INTERNAL_ERROR, "Error occurred while setting the ClientCert feature (enable [" + sslClientCertEnabled + "])", ExceptionUtils.getRootCauseMessage(e));
         }
     }