diff options
Diffstat (limited to 'vid-app-common/src/main/java/org/onap/vid/controller/filter')
2 files changed, 18 insertions, 9 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/filter/ClientCredentialsFilter.java b/vid-app-common/src/main/java/org/onap/vid/controller/filter/ClientCredentialsFilter.java index d4c7e3c5f..cba36a795 100644 --- a/vid-app-common/src/main/java/org/onap/vid/controller/filter/ClientCredentialsFilter.java +++ b/vid-app-common/src/main/java/org/onap/vid/controller/filter/ClientCredentialsFilter.java @@ -20,7 +20,7 @@ import java.io.IOException; @WebFilter(urlPatterns = "/change-management/workflow/*") public class ClientCredentialsFilter extends GenericFilterBean { - private final static EELFLoggerDelegate LOGGER = EELFLoggerDelegate.getLogger(ClientCredentialsFilter.class); + private static final EELFLoggerDelegate filterLogger = EELFLoggerDelegate.getLogger(ClientCredentialsFilter.class); @Override @@ -33,12 +33,12 @@ public class ClientCredentialsFilter extends GenericFilterBean { String actualAuthorization = ((HttpServletRequest)request).getHeader("Authorization"); if (verifyClientCredentials(actualAuthorization, expectedAuthorization)) { - LOGGER.warn(EELFLoggerDelegate.debugLogger,"Client credentials authenticated."); + filterLogger.warn(EELFLoggerDelegate.debugLogger,"Client credentials authenticated."); chain.doFilter(request, response); return; } - LOGGER.warn(EELFLoggerDelegate.debugLogger,"Client did not provide the expected credentials."); + filterLogger.warn(EELFLoggerDelegate.debugLogger,"Client did not provide the expected credentials."); ((HttpServletResponse) response).sendError(401); } @@ -46,13 +46,13 @@ public class ClientCredentialsFilter extends GenericFilterBean { { if (StringUtils.isEmpty(expectedAuthorization)) { - LOGGER.warn(EELFLoggerDelegate.debugLogger,String.format("Expected Authorization is not configured (key: %s)", SchedulerProperties.SCHEDULER_BASIC_AUTH)); + filterLogger.warn(EELFLoggerDelegate.debugLogger,String.format("Expected Authorization is not configured (key: %s)", SchedulerProperties.SCHEDULER_BASIC_AUTH)); return true; } if (StringUtils.isEmpty(actualAuthorization)) { - LOGGER.warn(EELFLoggerDelegate.debugLogger,"Authorization header is missing."); + filterLogger.warn(EELFLoggerDelegate.debugLogger,"Authorization header is missing."); return false; } diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/filter/PromiseEcompRequestIdFilter.java b/vid-app-common/src/main/java/org/onap/vid/controller/filter/PromiseEcompRequestIdFilter.java index 7501b1032..9c1cb4633 100644 --- a/vid-app-common/src/main/java/org/onap/vid/controller/filter/PromiseEcompRequestIdFilter.java +++ b/vid-app-common/src/main/java/org/onap/vid/controller/filter/PromiseEcompRequestIdFilter.java @@ -3,7 +3,6 @@ package org.onap.vid.controller.filter; import com.google.common.collect.ImmutableList; import org.apache.commons.lang3.StringUtils; -import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.springframework.web.filter.GenericFilterBean; import javax.servlet.FilterChain; @@ -24,8 +23,7 @@ import static org.onap.portalsdk.core.util.SystemProperties.ECOMP_REQUEST_ID; @WebFilter(urlPatterns = "/*") public class PromiseEcompRequestIdFilter extends GenericFilterBean { - private final static EELFLoggerDelegate LOGGER = EELFLoggerDelegate.getLogger(PromiseEcompRequestIdFilter.class); - private final static String REQUEST_ID_RESPONSE_HEADER = ECOMP_REQUEST_ID + "-echo"; + private static final String REQUEST_ID_RESPONSE_HEADER = ECOMP_REQUEST_ID + "-echo"; @Override @@ -48,13 +46,19 @@ public class PromiseEcompRequestIdFilter extends GenericFilterBean { final HttpServletRequest httpRequest = (HttpServletRequest) request; final String originalRequestId = httpRequest.getHeader(ECOMP_REQUEST_ID); - if (StringUtils.isEmpty(originalRequestId)) { + if (StringUtils.isEmpty(originalRequestId) || !verifyAndValidateUuid(originalRequestId)) { request = new PromiseEcompRequestIdRequestWrapper(httpRequest); } return request; } + public static boolean verifyAndValidateUuid(String value) + { + String uuidRegex = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"; + return value.matches(uuidRegex); + } + private static class PromiseEcompRequestIdRequestWrapper extends HttpServletRequestWrapper { private final UUID requestId; @@ -81,12 +85,17 @@ public class PromiseEcompRequestIdFilter extends GenericFilterBean { @Override public Enumeration<String> getHeaderNames() { + + if (null == super.getHeader(ECOMP_REQUEST_ID)) { return Collections.enumeration(ImmutableList.<String>builder() .add(ECOMP_REQUEST_ID) .addAll(Collections.list(super.getHeaderNames())) .build()); } + return super.getHeaderNames(); + } + private boolean isRequestIdHeaderName(String name) { return ECOMP_REQUEST_ID.equalsIgnoreCase(name); } |