@Override public boolean isSafelyAllowed(HttpServletRequest request, String safeExamBrowserKeys) { boolean safe = false; boolean debug = log.isDebug(); if (StringHelper.containsNonWhitespace(safeExamBrowserKeys)) { String safeExamHash = request.getHeader("x-safeexambrowser-requesthash"); String url = request.getRequestURL().toString(); for (StringTokenizer tokenizer = new StringTokenizer(safeExamBrowserKeys); tokenizer.hasMoreTokens() && !safe; ) { String safeExamBrowserKey = tokenizer.nextToken(); String hash = Encoder.sha256Exam(url + safeExamBrowserKey); if (safeExamHash != null && safeExamHash.equals(hash)) { safe = true; } if (debug) { log.debug( (safeExamHash.equals(hash) ? "Success" : "Failed") + " : " + safeExamHash + " (Header) " + hash + " (Calculated)"); } } } else { safe = true; } return safe; }