public static CacheRequestContext build(
ContainerRequest request, Set<String> vary, boolean includeBody) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-1");
for (String header : vary) {
List<String> headerValues = request.getRequestHeader(header);
if (headerValues != null && headerValues.size() > 0) {
digest.update(header.getBytes(Charsets.UTF_8));
digest.update((byte) 0xFD);
for (String value : headerValues) {
digest.update(value.getBytes(Charsets.UTF_8));
digest.update((byte) 0xFE);
}
digest.update((byte) 0xFF);
}
}
if (includeBody) {
byte[] requestBody = request.getEntity(byte[].class);
if (requestBody == null) {
requestBody = new byte[0];
}
if (requestBody.length > 0) {
digest.update("Body".getBytes(Charsets.UTF_8));
digest.update((byte) 0xFD);
digest.update(requestBody);
digest.update((byte) 0xFF);
}
request.setEntityInputStream(new ByteArrayInputStream(requestBody));
}
String hash = new String(Base64.encode(digest.digest()), Charsets.US_ASCII);
return new CacheRequestContext(
request.getMethod(), request.getRequestUri(), request.getRequestHeaders(), hash);
} catch (NoSuchAlgorithmException ex) {
// This error should not occur since SHA-1 must be included with every java distribution
throw Throwables.propagate(ex);
}
}
@Override
public ContainerRequest filter(ContainerRequest request) {
String path = request.getPath();
log.info("Filtering request path: " + path);
// IMPORTANT!!! First, Acknowledge any pre-flight test from browsers for
// this case before validating the headers (CORS stuff)
if (request.getMethod().equals("OPTIONS")) {
log.info("en Options?");
ResponseBuilder builder = null;
String response = "OK";
builder = Response.status(Response.Status.OK).entity(response);
throw new WebApplicationException(builder.build());
}
// Then check is the service key exists and is valid.
Authenticator demoAuthenticator = Authenticator.getInstance();
String serviceKey = request.getHeaderValue(HttpHeaderNames.SERVICE_KEY);
if (!demoAuthenticator.isServiceKeyValid(serviceKey)) {
ResponseBuilder builder = null;
String response = "Invalid Service Key";
builder = Response.status(Response.Status.UNAUTHORIZED).entity(response);
throw new WebApplicationException(builder.build());
}
// For any pther methods besides login, the authToken must be verified
if (!path.startsWith("auth/login")) {
String authToken = request.getHeaderValue(HttpHeaderNames.AUTH_TOKEN);
// if it isn't valid, just kick them out.
if (!demoAuthenticator.isAuthTokenValid(serviceKey, authToken)) {
ResponseBuilder builder = null;
String response = "Authentication is need";
builder = Response.status(Response.Status.UNAUTHORIZED).entity(response);
throw new WebApplicationException(builder.build());
}
}
// read(request);
return request;
}
@Override
public ContainerResponse filter(ContainerRequest req, ContainerResponse contResp) {
LOGGER.info("Enter CORS filter");
LOGGER.info("Request= { path:" + req.getPath() + ", method:" + req.getMethod() + " }");
ResponseBuilder resp = Response.fromResponse(contResp.getResponse());
resp.header("Access-Control-Allow-Origin", "*");
resp.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
String reqHead = req.getHeaderValue("Access-Control-Request-Headers");
if (null != reqHead && !reqHead.equals(null)) {
resp.header("Access-Control-Allow-Headers", reqHead);
}
contResp.setResponse(resp.build());
LOGGER.info("Exit CORS filter");
return contResp;
}
