Retrieve session auth data from the header value X-Platform

Fixes entgra/product-iots#110 Related to entgra/product-iots#103
5 years ago · 0e4234db97
parent caa3ae76fc
commit 0e4234db97
2 changed files with 32 additions and 38 deletions
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java
@ -63,22 +63,11 @@ import static io.entgra.ui.request.interceptor.util.HandlerUtil.execute;
 public class InvokerHandler extends HttpServlet {
    private static final Log log = LogFactory.getLog(LoginHandler.class);
    private static final long serialVersionUID = -6508020875358160165L;
-//    private static final HeaderGroup nonForwardingHeaders = new HeaderGroup();
    private static AuthData authData;
    private static String apiEndpoint;
    private static String serverUrl;
    private static String platform;

-//    static {
-//        // Initializing hop-by-hop headers to omit them from forwarding to the backend
-//        String[] headers = {HttpHeaders.CONNECTION, HttpHeaders.TRANSFER_ENCODING, HttpHeaders.PROXY_AUTHENTICATE,
-//                HttpHeaders.PROXY_AUTHORIZATION, HttpHeaders.UPGRADE, HttpHeaders.TE, HttpHeaders.TRAILER,
-//                HandlerConstants.KEEP_ALIVE, HandlerConstants.PUBLIC};
-//        for (String header : headers) {
-//            nonForwardingHeaders.addHeader(new BasicHeader(header, null));
-//        }
-//    }
-
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) {
        try {
@ -221,6 +210,7 @@ public class InvokerHandler extends HttpServlet {
            }
        }
    }
+
    /***
     *
     * @param req {@link HttpServletRequest}
@ -232,35 +222,32 @@ public class InvokerHandler extends HttpServlet {
            throws IOException {
        serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort();
        apiEndpoint = req.getPathInfo();
+        String sessionAuthDataKey = req.getHeader(HandlerConstants.X_PLATFORM_HEADER);
        HttpSession session = req.getSession(false);
        if (session == null) {
            log.error("Unauthorized, You are not logged in. Please log in to the portal");
-            ProxyResponse proxyResponse = new ProxyResponse();
-            proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
+            handleError(req, resp, HttpStatus.SC_UNAUTHORIZED);
+            return false;
+        }
+
+        if (StringUtils.isEmpty(sessionAuthDataKey)) {
+            log.error("\"X-Platform\" header is empty in the request. Header is required to obtain the auth data from" +
+                      " session.");
+            handleError(req, resp, HttpStatus.SC_BAD_REQUEST);
            return false;
        }
-        authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
+
+        authData = (AuthData) session.getAttribute(sessionAuthDataKey);
        platform = (String) session.getAttribute(HandlerConstants.PLATFORM);
        if (authData == null) {
            log.error("Unauthorized, Access token not found in the current session");
-            ProxyResponse proxyResponse = new ProxyResponse();
-            proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
+            handleError(req, resp, HttpStatus.SC_UNAUTHORIZED);
            return false;
        }

        if (apiEndpoint == null || req.getMethod() == null) {
            log.error("Bad Request, Either destination api-endpoint or method is empty");
-            ProxyResponse proxyResponse = new ProxyResponse();
-            proxyResponse.setCode(HttpStatus.SC_BAD_REQUEST);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_BAD_REQUEST));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
+            handleError(req, resp, HttpStatus.SC_BAD_REQUEST);
            return false;
        }
        return true;
@ -307,11 +294,7 @@ public class InvokerHandler extends HttpServlet {
        HttpSession session = req.getSession(false);
        if (session == null) {
            log.error("Couldn't find a session, hence it is required to login and proceed.");
-            ProxyResponse proxyResponse = new ProxyResponse();
-            proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
+            handleError(req, resp, HttpStatus.SC_UNAUTHORIZED);
            return false;
        }

@ -352,11 +335,24 @@ public class InvokerHandler extends HttpServlet {
        }

        log.error("Error Occurred in token renewal process.");
+        handleError(req, resp, HttpStatus.SC_INTERNAL_SERVER_ERROR);
+        return false;
+    }
+
+    /**
+     * Handle error requests
+     *
+     * @param req {@link HttpServletRequest}
+     * @param resp {@link HttpServletResponse}
+     * @param errorCode HTTP error status code
+     * @throws IOException If error occurred when trying to send the error response.
+     */
+    private static void handleError(HttpServletRequest req, HttpServletResponse resp, int errorCode)
+            throws IOException {
        ProxyResponse proxyResponse = new ProxyResponse();
-        proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR);
+        proxyResponse.setCode(errorCode);
        proxyResponse.setExecutorResponse(
-                HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_INTERNAL_SERVER_ERROR));
+                HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(errorCode));
        HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
-        return false;
    }
 }
--- a/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
+++ b/components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java
@ -23,8 +23,7 @@ public class HandlerConstants {
    public static final String APP_REG_ENDPOINT = "/api-application-registration/register";
    public static final String UI_CONFIG_ENDPOINT = "/api/application-mgt/v1.0/config/ui-config";
    public static final String TOKEN_ENDPOINT = "/oauth2/token";
-    public static final String PUBLIC = "Public";
-    public static final String KEEP_ALIVE = "Keep-Alive";
+    public static final String X_PLATFORM_HEADER = "X-Platform";
    public static final String BASIC = "Basic ";
    public static final String BEARER = "Bearer ";
    public static final String COLON = ":";
@ -33,7 +32,6 @@ public class HandlerConstants {
    public static final String SESSION_AUTH_DATA_KEY = "application-mgt";
    public static final String UI_CONFIG_KEY = "ui-config";
    public static final String PLATFORM = "platform";
-    public static final String SERVER_HOST = "server-host";
    public static final String DEFAULT_ERROR_CALLBACK = "/pages/error/default";
    public static final String LOGIN_RESPONSE_KEY = "loginResponse";
    public static final String FAILURE_CALLBACK_KEY = "failureCallback";