From c57a430c6dbd6951091978404a164000024fce20 Mon Sep 17 00:00:00 2001
From: "Sotiropoulos, Ioannis (is948x)" <Ioannis.Sotiropoulos@amdocs.com>
Date: Wed, 6 Jun 2018 10:56:36 +0100
Subject: Add validation for request header

Add validation for inclusion of X-FromAppId
and X-TransactionId in request header

Issue-ID: AAI-1190

Change-Id: Ie1d2b64a7243c013982992196048e1d6635d5e66
Signed-off-by: Sotiropoulos, Ioannis (is948x) <Ioannis.Sotiropoulos@amdocs.com>
---
 .../org/onap/crud/service/CrudRestService.java     | 29 ++++++++++++++++------
 1 file changed, 21 insertions(+), 8 deletions(-)

(limited to 'src/main/java/org')

diff --git a/src/main/java/org/onap/crud/service/CrudRestService.java b/src/main/java/org/onap/crud/service/CrudRestService.java
index 5539374..2cbb87c 100644
--- a/src/main/java/org/onap/crud/service/CrudRestService.java
+++ b/src/main/java/org/onap/crud/service/CrudRestService.java
@@ -790,16 +790,29 @@ public class CrudRestService {
       return false;
     }
 
-    String sourceOfTruth = null;
-    if (headers.getRequestHeaders().containsKey("X-FromAppId")) {
-      sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId");
-    }
+    validateRequestHeader(headers);
+    
+    return isValid;
+  }
+  
+  public void validateRequestHeader(HttpHeaders headers) throws CrudException {
+      String sourceOfTruth = null;
+      if (headers.getRequestHeaders().containsKey("X-FromAppId")) {
+        sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId");
+      }
 
-    if (sourceOfTruth == null || sourceOfTruth.trim() == "") {
-      throw new CrudException("Invalid request, Missing X-FromAppId header", Status.BAD_REQUEST);
-    }
+      if (sourceOfTruth == null || sourceOfTruth.trim() == "") {
+        throw new CrudException("Invalid request, Missing X-FromAppId header", Status.BAD_REQUEST);
+      }
+      
+      String transId = null;
+      if (headers.getRequestHeaders().containsKey("X-TransactionId")) {
+          transId = headers.getRequestHeaders().getFirst("X-TransactionId");
+      }
 
-    return isValid;
+      if (transId == null || transId.trim() == "") {
+        throw new CrudException("Invalid request, Missing X-TransactionId header", Status.BAD_REQUEST);
+      }
   }
 
   void logResult(Action op, String uri, Exception e) {
-- 
cgit 1.2.3-korg