1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.logging.log4j.catalog.security;
18
19
20 import org.apache.http.HttpStatus;
21 import org.apache.logging.log4j.LogManager;
22 import org.apache.logging.log4j.Logger;
23 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
24
25 public class LocalAuthorizationInterceptor extends HandlerInterceptorAdapter {
26 private static final Logger LOGGER = LogManager.getLogger();
27 private final String token;
28
29 public LocalAuthorizationInterceptor(String token) {
30 this.token = token;
31 }
32
33 @Override
34 public boolean preHandle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object handler) throws Exception {
35 LOGGER.traceEntry();
36 try {
37 if (request.getServletPath().startsWith("/swagger")) {
38 return true;
39 }
40
41 String authHeader = request.getHeader("Authorization");
42 if (authHeader == null || !authHeader.equals(token)) {
43 LOGGER.error("Authorization value of " + authHeader + " does not match expected value of " + token);
44 response.sendError(HttpStatus.SC_UNAUTHORIZED);
45 return false;
46 }
47
48 return true;
49 } finally {
50 LOGGER.traceExit();
51 }
52
53 }
54 }