View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements. See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache license, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License. You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the license for the specific language governing permissions and
15   * limitations under the license.
16   */
17  package org.apache.logging.log4j.catalog.security;
18  
19  
20  import org.apache.http.HttpStatus;
21  import org.apache.logging.log4j.LogManager;
22  import org.apache.logging.log4j.Logger;
23  import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
24  
25  public class LocalAuthorizationInterceptor extends HandlerInterceptorAdapter {
26      private static final Logger LOGGER = LogManager.getLogger();
27      private final String token;
28  
29      public LocalAuthorizationInterceptor(String token) {
30          this.token = token;
31      }
32  
33      @Override
34      public boolean preHandle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object handler) throws Exception {
35          LOGGER.traceEntry();
36          try {
37              if (request.getServletPath().startsWith("/swagger")) {
38                  return true;
39              }
40  
41              String authHeader = request.getHeader("Authorization");
42              if (authHeader == null || !authHeader.equals(token)) {
43                  LOGGER.error("Authorization value of " + authHeader + " does not match expected value of " + token);
44                  response.sendError(HttpStatus.SC_UNAUTHORIZED);
45                  return false;
46              }
47  
48              return true;
49          } finally {
50              LOGGER.traceExit();
51          }
52  
53      }
54  }