Summary Table
Categories |
Total Count |
PII |
0 |
URL |
0 |
DNS |
0 |
EKL |
0 |
IP |
0 |
PORT |
0 |
VsID |
0 |
CF |
0 |
AI |
0 |
VPD |
0 |
PL |
0 |
Other |
0 |
File Content
package gov.va.oneconsult.seoc.api.filter;
import java.io.IOException;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import gov.va.oneconsult.seoc.api.exceptions.BusinessException;
import gov.va.oneconsult.seoc.api.serializer.StringSerializer;
import gov.va.oneconsult.seoc.api.util.Constants;
public class ApiAuthenticationFilter implements Filter {
private static final Logger logger = LoggerFactory.getLogger(ApiAuthenticationFilter.class);
private String seocClientKey;
private static ObjectMapper mapper = new ObjectMapper();
private static SimpleModule module = new SimpleModule("Serializer",
new Version(1, 0, 0, null, null, null));
static
{
module.addSerializer((Class<String>) String.class, new StringSerializer());
mapper.registerModule(module);
}
public ApiAuthenticationFilter(String seocClientKey) {
this.seocClientKey = seocClientKey;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws BusinessException, IOException, ServletException
{
logger.info(
"ApiAuthentication filter check to determine allowed urls based on the value of the Client-Key in the header.");
HttpServletRequest httpreq = (HttpServletRequest) request;
String url = httpreq.getRequestURI();
String method = httpreq.getMethod();
String reqClientKey = httpreq.getHeader(Constants.CLIENT_KEY);
if (!isExternalURL(url, method)) {
if (reqClientKey == null) {
String result = "Client-Key header is missing in the request";
logger.info(result);
((HttpServletResponse) response).sendError(400, result);
return;
}
if (!reqClientKey.equals(seocClientKey)) {
String result = "Access denied. Invalid Client-Key";
logger.info(result);
((HttpServletResponse) response).sendError(403, result);
return;
}
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException
{
logger.info("Initializing Authentication Filter :{}", this);
}
@Override
public void destroy()
{
logger.warn("Destructing Authentication Filter :{}", this);
}
/**
* Description: Determines if the URL for the current request is an external URL, which would not require validation
*
* @param url
* @param method
* @return Returns true if the URL is an external URL, false otherwise
*/
public boolean isExternalURL(String url, String method) {
boolean isSwaggerUrl = false;
Iterator<String> iterator = Constants.swaggerUrls.iterator();
while (iterator.hasNext()) {
String swaggerUrl = iterator.next();
isSwaggerUrl = isSwaggerUrl || url.startsWith(swaggerUrl);
}
return isSwaggerUrl || method.equalsIgnoreCase("OPTIONS") || (Constants.externalUrls.contains(url) && method.equalsIgnoreCase("GET"));
}
}