public static CacheRequestContext build(
      ContainerRequest request, Set<String> vary, boolean includeBody) {
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA-1");

      for (String header : vary) {
        List<String> headerValues = request.getRequestHeader(header);

        if (headerValues != null && headerValues.size() > 0) {
          digest.update(header.getBytes(Charsets.UTF_8));
          digest.update((byte) 0xFD);

          for (String value : headerValues) {
            digest.update(value.getBytes(Charsets.UTF_8));
            digest.update((byte) 0xFE);
          }

          digest.update((byte) 0xFF);
        }
      }

      if (includeBody) {
        byte[] requestBody = request.getEntity(byte[].class);

        if (requestBody == null) {
          requestBody = new byte[0];
        }

        if (requestBody.length > 0) {
          digest.update("Body".getBytes(Charsets.UTF_8));
          digest.update((byte) 0xFD);

          digest.update(requestBody);
          digest.update((byte) 0xFF);
        }

        request.setEntityInputStream(new ByteArrayInputStream(requestBody));
      }

      String hash = new String(Base64.encode(digest.digest()), Charsets.US_ASCII);
      return new CacheRequestContext(
          request.getMethod(), request.getRequestUri(), request.getRequestHeaders(), hash);
    } catch (NoSuchAlgorithmException ex) {
      // This error should not occur since SHA-1 must be included with every java distribution
      throw Throwables.propagate(ex);
    }
  }
Ejemplo n.º 2
0
  @Override
  public ContainerRequest filter(ContainerRequest request) {
    String path = request.getPath();
    log.info("Filtering request path: " + path);

    // IMPORTANT!!! First, Acknowledge any pre-flight test from browsers for
    // this case before validating the headers (CORS stuff)
    if (request.getMethod().equals("OPTIONS")) {
      log.info("en Options?");
      ResponseBuilder builder = null;
      String response = "OK";
      builder = Response.status(Response.Status.OK).entity(response);
      throw new WebApplicationException(builder.build());
    }

    // Then check is the service key exists and is valid.
    Authenticator demoAuthenticator = Authenticator.getInstance();
    String serviceKey = request.getHeaderValue(HttpHeaderNames.SERVICE_KEY);

    if (!demoAuthenticator.isServiceKeyValid(serviceKey)) {
      ResponseBuilder builder = null;
      String response = "Invalid Service Key";
      builder = Response.status(Response.Status.UNAUTHORIZED).entity(response);
      throw new WebApplicationException(builder.build());
    }

    // For any pther methods besides login, the authToken must be verified
    if (!path.startsWith("auth/login")) {
      String authToken = request.getHeaderValue(HttpHeaderNames.AUTH_TOKEN);

      // if it isn't valid, just kick them out.
      if (!demoAuthenticator.isAuthTokenValid(serviceKey, authToken)) {
        ResponseBuilder builder = null;
        String response = "Authentication is need";
        builder = Response.status(Response.Status.UNAUTHORIZED).entity(response);
        throw new WebApplicationException(builder.build());
      }
    }
    // read(request);

    return request;
  }
Ejemplo n.º 3
0
  @Override
  public ContainerResponse filter(ContainerRequest req, ContainerResponse contResp) {

    LOGGER.info("Enter CORS filter");
    LOGGER.info("Request= { path:" + req.getPath() + ", method:" + req.getMethod() + " }");

    ResponseBuilder resp = Response.fromResponse(contResp.getResponse());
    resp.header("Access-Control-Allow-Origin", "*");
    resp.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");

    String reqHead = req.getHeaderValue("Access-Control-Request-Headers");

    if (null != reqHead && !reqHead.equals(null)) {
      resp.header("Access-Control-Allow-Headers", reqHead);
    }

    contResp.setResponse(resp.build());

    LOGGER.info("Exit CORS filter");

    return contResp;
  }