FilesExpand file tree

 master

/

RESTRequestFilter.java

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

60 lines (48 loc) · 2.22 KB

 master

/

RESTRequestFilter.java

Copy path

Top

File metadata and controls

• Code
• Blame

60 lines (48 loc) · 2.22 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

/*

* To change this license header, choose License Headers in Project Properties.

* To change this template file, choose Tools | Templates

* and open the template in the editor.

*/

package com.softone.compta;

/**

*

* @author BF0491

*/

import java.io.IOException;

import java.util.logging.Logger;

import javax.ws.rs.container.ContainerRequestContext;

import javax.ws.rs.container.ContainerRequestFilter;

import javax.ws.rs.container.PreMatching;

import javax.ws.rs.core.Response;

import javax.ws.rs.ext.Provider;

@Provider

@PreMatching

public class RESTRequestFilter implements ContainerRequestFilter {

private final static Logger log = Logger.getLogger( RESTRequestFilter.class.getName() );

@Override

public void filter( ContainerRequestContext requestCtx ) throws IOException {

String path = requestCtx.getUriInfo().getPath();

log.info( "Filtering request path: " + path );

// IMPORTANT!!! First, Acknowledge any pre-flight test from browsers for this case before validating the headers (CORS stuff)

if ( requestCtx.getRequest().getMethod().equals( "OPTIONS" ) ) {

requestCtx.abortWith( Response.status( Response.Status.OK ).build() );

return;

}

// Then check is the service key exists and is valid.

Authenticator demoAuthenticator = Authenticator.getInstance();

String serviceKey = requestCtx.getHeaderString( HTTPHeaderNames.SERVICE_KEY );

if ( !demoAuthenticator.isServiceKeyValid( serviceKey ) ) {

// Kick anyone without a valid service key

requestCtx.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build() );

return;

}

// For any pther methods besides login, the authToken must be verified

if ( !path.startsWith( "/demo-business-resource/login/" ) ) {

String authToken = requestCtx.getHeaderString( HTTPHeaderNames.AUTH_TOKEN );

// if it isn't valid, just kick them out.

if ( !demoAuthenticator.isAuthTokenValid( serviceKey, authToken ) ) {

requestCtx.abortWith( Response.status( Response.Status.UNAUTHORIZED ).build() );

}

}

}

}