-
- //private Logger log = Logger.getLogger(DMaaPAuthFilter.class.toString());
-
- private static final EELFLogger log = EELFManager.getInstance().getLogger(DMaaPAuthFilter.class);
-
- public DMaaPAuthFilter() throws Exception {
- super();
- }
-
- /* public void init(FilterConfig filterConfig) throws ServletException {
-
- super.init(filterConfig);
- System.out.println("---------------------------- in init method");
- }*/
-
- /**
- * This method will disable Cadi Authentication
- * if cambria headers are present in the request
- * else continue with Cadi Authentication
- */
- @Override
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
- ServletException {
- log.info("inside servlet filter Cambria Auth Headers checking before doing other Authentication");
- HttpServletRequest request = (HttpServletRequest) req;
- boolean forceAAF = Boolean.valueOf(System.getProperty("forceAAF"));
-
- //if (forceAAF || null != request.getHeader("Authorization") ){
- if (Utils.isCadiEnabled()&&(forceAAF || null != request.getHeader("Authorization") ||
- (null != request.getHeader("AppName") && request.getHeader("AppName").equalsIgnoreCase("invenio") &&
- null != request.getHeader("cookie")))){
- super.doFilter(req, res, chain);
-
- } else {
- System.setProperty("CadiAuthN", "authentication-scheme-2");
- chain.doFilter(req, res);
-
-
- }
-
- }
-
- }
+
+ private static final String FORCE_AAF_FLAG = "forceAAF";
+ static final String X509_ATTR = "javax.servlet.request.X509Certificate";
+ static final String AUTH_HEADER = "Authorization";
+ static final String APP_HEADER = "AppName";
+ static final String COOKIE_HEADER = "cookie";
+ private static final EELFLogger log = EELFManager.getInstance().getLogger(DMaaPAuthFilter.class);
+
+ public DMaaPAuthFilter() {
+ super();
+ }
+
+ /**
+ * This method will disable Cadi Authentication if cambria headers are present in the request else continue with
+ * Cadi Authentication
+ */
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
+ log.info("inside servlet filter Cambria Auth Headers checking before doing other Authentication");
+ if (shouldFilterWithCADI((HttpServletRequest) req)) {
+ super.doFilter(req, res, chain);
+ } else {
+ System.setProperty("CadiAuthN", "authentication-scheme-2");
+ chain.doFilter(req, res);
+ }
+ }
+
+ boolean shouldFilterWithCADI(HttpServletRequest request) {
+ return isCadiEnabled() &&
+ (isAAFforced() || isAuthDataProvided(request) || isInvenioApp(request));
+ }
+
+ private boolean isAuthDataProvided(HttpServletRequest request) {
+ return (null != request.getHeader(AUTH_HEADER)) || hasClientCertificate(request);
+ }
+
+ private boolean isInvenioApp(HttpServletRequest request) {
+ return (null != request.getHeader(APP_HEADER)) && request.getHeader(APP_HEADER).equalsIgnoreCase("invenio") &&
+ (null != request.getHeader(COOKIE_HEADER));
+ }
+
+ private boolean hasClientCertificate(HttpServletRequest request) {
+ return request.getAttribute(X509_ATTR) != null;
+ }
+
+ boolean isCadiEnabled() {
+ return Utils.isCadiEnabled();
+ }
+
+ boolean isAAFforced() {
+ return Boolean.valueOf(AJSCPropertiesMap.getProperty(CambriaConstants.msgRtr_prop, FORCE_AAF_FLAG));
+ }
+
+}