- if(uebkey !=null && !uebkey.isEmpty())
- {
- EPApp application = appCacheService.getAppFromUeb(uebkey,1);
- if (application == null) {
- throw new Exception("Invalid uebkey!");
- }
- else {
- final String appUsername = application.getUsername();
- final String dbDecryptedPwd = CipherUtil.decryptPKC(application.getAppPassword());
- if (appUsername.equals(accountNamePassword[0]) && dbDecryptedPwd.equals(accountNamePassword[1])) {
+ if (accountNamePassword == null || accountNamePassword.length != 2) {
+ final String msg = "failed to get username and password from Atuhorization header";
+ logger.debug(EELFLoggerDelegate.debugLogger, "checkBasicAuth Username and password failed to get: {}", msg);
+ sendErrorResponse(response, HttpServletResponse.SC_UNAUTHORIZED, msg);
+ return false;
+ }
+ if (appUsername.equals(accountNamePassword[0])) {
+ return true;
+ }else{
+ final String msg = "failed to match the UserName from the application ";
+ logger.debug(EELFLoggerDelegate.debugLogger, "failed to match the UserName from the application checkBasicAuth Username and password failed to get: {}", msg);
+ sendErrorResponse(response, HttpServletResponse.SC_UNAUTHORIZED, msg);
+ return false;
+ }
+ }
+ }
+
+ return true;
+ }
+ if(!accessallowed){
+ final String msg = "no authorization found";
+ logger.debug(EELFLoggerDelegate.debugLogger, "checkBasicAuth when no accessallowed: {}", msg);
+ sendErrorResponse(response, HttpServletResponse.SC_UNAUTHORIZED, msg);
+ return false;
+ }
+ return false;
+
+ }catch(ClassCastException e){
+ logger.debug(EELFLoggerDelegate.debugLogger, "Entering in the classcastexception block if the UN is not the mechid : {}");
+
+ String secretKey = null;
+ // Unauthorized access due to missing HTTP Authorization request header
+ if (authHeader == null) {
+ if (remoteWebServiceCallService.verifyRESTCredential(secretKey, request.getHeader(EPCommonSystemProperties.UEB_KEY),
+ request.getHeader("username"), request.getHeader("password"))) {