Retrieve session auth data from the header value X-Platform

Fixes entgra/product-iots#110
Related to entgra/product-iots#103

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/InvokerHandler.java

@@ -63,22 +63,11 @@ import static io.entgra.ui.request.interceptor.util.HandlerUtil.execute;
 public class InvokerHandler extends HttpServlet {
     private static final Log log = LogFactory.getLog(LoginHandler.class);
     private static final long serialVersionUID = -6508020875358160165L;
-//    private static final HeaderGroup nonForwardingHeaders = new HeaderGroup();
     private static AuthData authData;
     private static String apiEndpoint;
     private static String serverUrl;
     private static String platform;
 
-//    static {
-//        // Initializing hop-by-hop headers to omit them from forwarding to the backend
-//        String[] headers = {HttpHeaders.CONNECTION, HttpHeaders.TRANSFER_ENCODING, HttpHeaders.PROXY_AUTHENTICATE,
-//                HttpHeaders.PROXY_AUTHORIZATION, HttpHeaders.UPGRADE, HttpHeaders.TE, HttpHeaders.TRAILER,
-//                HandlerConstants.KEEP_ALIVE, HandlerConstants.PUBLIC};
-//        for (String header : headers) {
-//            nonForwardingHeaders.addHeader(new BasicHeader(header, null));
-//        }
-//    }
-
     @Override
     protected void doPost(HttpServletRequest req, HttpServletResponse resp) {
         try {
@@ -221,6 +210,7 @@ public class InvokerHandler extends HttpServlet {
             }
         }
     }
+
     /***
      *
      * @param req {@link HttpServletRequest}
@@ -232,35 +222,32 @@ public class InvokerHandler extends HttpServlet {
             throws IOException {
         serverUrl = req.getScheme() + "://" + req.getServerName() + ":" + req.getServerPort();
         apiEndpoint = req.getPathInfo();
+        String sessionAuthDataKey = req.getHeader(HandlerConstants.X_PLATFORM_HEADER);
         HttpSession session = req.getSession(false);
         if (session == null) {
             log.error("Unauthorized, You are not logged in. Please log in to the portal");
-            ProxyResponse proxyResponse = new ProxyResponse();
+            handleError(req, resp, HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
+            return false;
-            proxyResponse.setExecutorResponse(
+        }
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
+
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
+        if (StringUtils.isEmpty(sessionAuthDataKey)) {
+            log.error("\"X-Platform\" header is empty in the request. Header is required to obtain the auth data from" +
+                      " session.");
+            handleError(req, resp, HttpStatus.SC_BAD_REQUEST);
             return false;
         }
-        authData = (AuthData) session.getAttribute(HandlerConstants.SESSION_AUTH_DATA_KEY);
+
+        authData = (AuthData) session.getAttribute(sessionAuthDataKey);
         platform = (String) session.getAttribute(HandlerConstants.PLATFORM);
         if (authData == null) {
             log.error("Unauthorized, Access token not found in the current session");
-            ProxyResponse proxyResponse = new ProxyResponse();
+            handleError(req, resp, HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
             return false;
         }
 
         if (apiEndpoint == null || req.getMethod() == null) {
             log.error("Bad Request, Either destination api-endpoint or method is empty");
-            ProxyResponse proxyResponse = new ProxyResponse();
+            handleError(req, resp, HttpStatus.SC_BAD_REQUEST);
-            proxyResponse.setCode(HttpStatus.SC_BAD_REQUEST);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_BAD_REQUEST));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
             return false;
         }
         return true;
@@ -307,11 +294,7 @@ public class InvokerHandler extends HttpServlet {
         HttpSession session = req.getSession(false);
         if (session == null) {
             log.error("Couldn't find a session, hence it is required to login and proceed.");
-            ProxyResponse proxyResponse = new ProxyResponse();
+            handleError(req, resp, HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setCode(HttpStatus.SC_UNAUTHORIZED);
-            proxyResponse.setExecutorResponse(
-                    HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_UNAUTHORIZED));
-            HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
             return false;
         }
 
@@ -352,11 +335,24 @@ public class InvokerHandler extends HttpServlet {
         }
 
         log.error("Error Occurred in token renewal process.");
+        handleError(req, resp, HttpStatus.SC_INTERNAL_SERVER_ERROR);
+        return false;
+    }
+
+    /**
+     * Handle error requests
+     *
+     * @param req {@link HttpServletRequest}
+     * @param resp {@link HttpServletResponse}
+     * @param errorCode HTTP error status code
+     * @throws IOException If error occurred when trying to send the error response.
+     */
+    private static void handleError(HttpServletRequest req, HttpServletResponse resp, int errorCode)
+            throws IOException {
         ProxyResponse proxyResponse = new ProxyResponse();
-        proxyResponse.setCode(HttpStatus.SC_INTERNAL_SERVER_ERROR);
+        proxyResponse.setCode(errorCode);
         proxyResponse.setExecutorResponse(
-                HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(HttpStatus.SC_INTERNAL_SERVER_ERROR));
+                HandlerConstants.EXECUTOR_EXCEPTION_PREFIX + HandlerUtil.getStatusKey(errorCode));
         HandlerUtil.handleError(req, resp, serverUrl, platform, proxyResponse);
-        return false;
     }
 }

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java

@@ -23,8 +23,7 @@ public class HandlerConstants {
     public static final String APP_REG_ENDPOINT = "/api-application-registration/register";
     public static final String UI_CONFIG_ENDPOINT = "/api/application-mgt/v1.0/config/ui-config";
     public static final String TOKEN_ENDPOINT = "/oauth2/token";
-    public static final String PUBLIC = "Public";
+    public static final String X_PLATFORM_HEADER = "X-Platform";
-    public static final String KEEP_ALIVE = "Keep-Alive";
     public static final String BASIC = "Basic ";
     public static final String BEARER = "Bearer ";
     public static final String COLON = ":";
@@ -33,7 +32,6 @@ public class HandlerConstants {
     public static final String SESSION_AUTH_DATA_KEY = "application-mgt";
     public static final String UI_CONFIG_KEY = "ui-config";
     public static final String PLATFORM = "platform";
-    public static final String SERVER_HOST = "server-host";
     public static final String DEFAULT_ERROR_CALLBACK = "/pages/error/default";
     public static final String LOGIN_RESPONSE_KEY = "loginResponse";
     public static final String FAILURE_CALLBACK_KEY = "failureCallback";