2121import static java .util .Objects .isNull ;
2222import static org .apache .commons .lang3 .StringUtils .isEmpty ;
2323
24- import java .io .File ;
2524import java .io .IOException ;
2625import java .net .URLEncoder ;
27- import java .nio .charset .StandardCharsets ;
28- import java .nio .file .Files ;
29- import java .nio .file .Paths ;
30- import java .util .Base64 ;
31- import java .util .UUID ;
3226
3327import javax .servlet .Filter ;
3428import javax .servlet .FilterChain ;
5751import it .eng .spagobi .commons .services .LoginModule ;
5852import it .eng .spagobi .commons .utilities .ChannelUtilities ;
5953import it .eng .spagobi .commons .utilities .GeneralUtilities ;
60- import it .eng .spagobi .commons .utilities .SpagoBIUtilities ;
6154import it .eng .spagobi .services .common .SsoServiceFactory ;
6255import it .eng .spagobi .services .common .SsoServiceInterface ;
6356import it .eng .spagobi .services .security .bo .SpagoBIUserProfile ;
@@ -77,8 +70,6 @@ public class ProfileFilter implements Filter {
7770
7871 private static final Logger LOGGER = LogManager .getLogger (ProfileFilter .class );
7972
80- private static final String FILE_CSP = "csp.txt" ;
81-
8273 @ Override
8374 public void destroy () {
8475 // do nothing
@@ -93,8 +84,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
9384 HttpServletResponse httpResponse = (HttpServletResponse ) response ;
9485 HttpSession session = httpRequest .getSession ();
9586
96- this .setCspNonse (httpRequest , httpResponse );
97-
9887 // @formatter:off
9988 // TODO ML RequestContainer requestContainer = (RequestContainer) session
10089 // TODO ML .getAttribute(Constants.REQUEST_CONTAINER);
@@ -228,30 +217,6 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
228217 }
229218 }
230219
231- private void setCspNonse (HttpServletRequest httpRequest , HttpServletResponse httpResponse ) throws IOException {
232-
233- String cspFilePath = SpagoBIUtilities .getRootResourcePath () + File .separator + FILE_CSP ;
234-
235- File cspFile = new File (cspFilePath );
236- if (!cspFile .exists ()) {
237- return ;
238- }
239-
240- String cspPolicy = new String (Files .readAllBytes (Paths .get (cspFilePath )), StandardCharsets .UTF_8 );
241-
242- // Generate a secure random nonce
243- String nonce = Base64 .getEncoder ().encodeToString (UUID .randomUUID ().toString ().getBytes ());
244- // Store the nonce in the request so it can be used in JSP or templates
245- httpRequest .setAttribute ("cspNonce" , nonce );
246-
247- // Replace the placeholder with the actual nonce
248- cspPolicy = cspPolicy .replace ("rAnd0m" , nonce );
249-
250- // Set the updated CSP header in the response
251- httpResponse .setHeader ("Content-Security-Policy" , cspPolicy );
252-
253- }
254-
255220 private boolean requestIsForHomePage (HttpServletRequest request ) {
256221 // returns true in case request has PAGE=LoginPage parameter, false otherwise
257222 return request .getParameter (Constants .PAGE ) != null
0 commit comments