vid-app-common/src/main/java/org/onap/vid/controller/filter/ClientCredentialsFilter.java

   1 package org.onap.vid.controller.filter;
   2
   3 import org.apache.commons.lang3.StringUtils;
   4 import org.onap.vid.scheduler.SchedulerProperties;
   5 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
   6 import org.onap.portalsdk.core.util.SystemProperties;
   7 import org.springframework.web.filter.GenericFilterBean;
   8 import javax.servlet.FilterChain;
   9 import javax.servlet.ServletException;
  10 import javax.servlet.ServletRequest;
  11 import javax.servlet.ServletResponse;
  12 import javax.servlet.annotation.WebFilter;
  13 import javax.servlet.http.HttpServletRequest;
  14 import javax.servlet.http.HttpServletResponse;
  15 import java.io.IOException;
  16
  17 /**
  18  * Created by amichai on 13/05/2018.
  19  */
  20 @WebFilter(urlPatterns = "/change-management/workflow/*")
  21 public class ClientCredentialsFilter  extends GenericFilterBean {
  22
  23     private final static EELFLoggerDelegate LOGGER = EELFLoggerDelegate.getLogger(ClientCredentialsFilter.class);
  24
  25
  26     @Override
  27     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  28
  29         if (!(request instanceof HttpServletRequest) || !(response instanceof HttpServletResponse))
  30             return;
  31
  32         String expectedAuthorization = SystemProperties.getProperty(SchedulerProperties.SCHEDULER_BASIC_AUTH);
  33         String actualAuthorization = ((HttpServletRequest)request).getHeader("Authorization");
  34
  35         if (verifyClientCredentials(actualAuthorization, expectedAuthorization)) {
  36             LOGGER.warn(EELFLoggerDelegate.debugLogger,"Client credentials authenticated.");
  37             chain.doFilter(request, response);
  38             return;
  39         }
  40
  41         LOGGER.warn(EELFLoggerDelegate.debugLogger,"Client did not provide the expected credentials.");
  42         ((HttpServletResponse) response).sendError(401);
  43     }
  44
  45     public boolean verifyClientCredentials(String actualAuthorization, String expectedAuthorization)
  46     {
  47         if (StringUtils.isEmpty(expectedAuthorization))
  48         {
  49             LOGGER.warn(EELFLoggerDelegate.debugLogger,String.format("Expected Authorization is not configured (key: %s)", SchedulerProperties.SCHEDULER_BASIC_AUTH));
  50             return true;
  51         }
  52
  53         if (StringUtils.isEmpty(actualAuthorization))
  54         {
  55             LOGGER.warn(EELFLoggerDelegate.debugLogger,"Authorization header is missing.");
  56             return false;
  57         }
  58
  59         return actualAuthorization.equals(expectedAuthorization);
  60     }
  61
  62 }