Issue on the DTO(Data Transfer object)

roy_sanu
roy_sanu used Ask the Experts™
on
why getAllLookupData method of the below two has to map . i got this code from  internet as i have to look at it as there is some issue in it and can be used in my college project.
any help sir ?

@GetMapping
	public ResponseEntity<?> fetch(@RequestHeader("userinfo") String userinfo,PageAttributes pageAttributes) throws AdminServiceException {

		HashMap<String, String> map=HeaderInfoUtility.getCredentials(userinfo);
		LOGGER.info("-----username--------{}--",map.get(USERNAME));
		LOGGER.info("------password-----{}---",map.get(PASSWORD));
		LOGGER.info("------passwordEncrypted-----{}---",map.get(ENCRYPTEDPASSWORD));
		
		UserContext userContext=new UserContext();
		userContext.setPassword(map.get(ENCRYPTEDPASSWORD));
		userContext.setUsername(map.get(USERNAME));
		
		AdminDTO adminDto = lookupActionsService.getAllLookupData(pageAttributes.getPageNumber(),
				pageAttributes.getPageSize(), pageAttributes.getSortType(), pageAttributes.getSortFields(),
				pageAttributes.getLocale(), userContext);

		return new ResponseEntity<>(adminDto, HttpStatus.OK);
	}

Open in new window


@Override
	public AdminDTO getAllLookupData(int pageNumber, int pageSize, String sortType, List<String> sortFields,
			String locale, UserContext userContext) {
		
		AdminDTO adminDto = null;
		String repositoryType = getRepositoryType();

		try {
			adminDto = adminFactory.getAdminFactory(repositoryType).
					getAllActionsLookupData(pageNumber, pageSize, sortType, sortFields, locale, userContext);
		} catch (CmsRevampFactoryException ce) {
			LOGGER.error(
					"Error occurred while retrieving actions lookup :getAllLookupData() {}",
					ce.fillInStackTrace());
			throw new AdminServiceException(
					"Exception occured while retrieving actions lookup ");

		}
		return adminDto;
	}
	

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
roy_sanudeveloper

Author

Commented:
Hello expert needs help quickly
Thanks R.
Senior Developer
Commented:
Never, and I mean really NEVER, log plaintext credentials. This is a severe security issue.

When looking at the code structure, then the user context class should encapsulate the parsing of the user info string. There should be no separate class, your map variable, which does this.

Furthermore, the syntax also looks like you're not using a salt per user. See Plain Text Offenders Developers FAQ for working with passwords. This also includes using a GuardedString for holding the password in memory.

why getAllLookupData method of the below two has to map
The getAllLookupData has no map variable or parameter of the type HashMap. Please rephrase your question.
roy_sanudeveloper

Author

Commented:
No probs Ste5an it was a good info for me. next time i will set it as private as i am not aware of the sensitivity of the world.
Ouch ha!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial