From ab9738d7c29c809773782926caf12e52c640a043 Mon Sep 17 00:00:00 2001
From: tthailu <tesfalemhailu2022@gmail.com>
Date: Mon, 6 May 2024 15:52:21 -0500
Subject: [PATCH 1/3] (synapse-api-rest-imperative) added should not filter to
 interceptor

---
 .../interceptor/BaseHttpInterceptor.java      | 26 ++++++++++++++-----
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java b/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
index 79dbcf4e9..eeb785bce 100644
--- a/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
+++ b/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
@@ -57,12 +57,14 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         logger.entry(request, response, handler);
 
-        // If any of the required HTTP headers are missing, this request is invalid
-        String httpHeaderValue;
-        for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
-            httpHeaderValue = request.getHeader(requiredHttpHeaderName);
-            if (httpHeaderValue == null) {
-                throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
+        if(!shouldNotFilter(request)){
+            // If any of the required HTTP headers are missing, this request is invalid
+            String httpHeaderValue;
+            for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
+                httpHeaderValue = request.getHeader(requiredHttpHeaderName);
+                if (httpHeaderValue == null) {
+                    throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
+                }
             }
         }
 
@@ -81,4 +83,16 @@ protected List<String> getRequiredHttpHeaderNames() {
         // Should a service require request HTTP header validation, then override this method
         return new ArrayList<>();
     }
+
+    /**
+     * Subclasses can override this method to control what requests should not be filtered.
+     * for example override the method with the following to prevent
+     * health endpoint : return request.getRequestURI().equals("/health")
+     *
+     * @param request the incoming request
+     * @return true if url should not be filtered
+     */
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        return false;
+    }
 }

From a930a84a7c2d33432fbcae6ce123c3cda8342d55 Mon Sep 17 00:00:00 2001
From: tthailu <tesfalemhailu2022@gmail.com>
Date: Mon, 6 May 2024 15:55:30 -0500
Subject: [PATCH 2/3] (synapse-client-rest) add should not filter to
 interceptor

---
 .../rest/interceptor/BaseHttpInterceptor.java | 28 ++++++++++++++-----
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java b/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
index 85659cb34..c9b248db9 100644
--- a/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
+++ b/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
@@ -61,13 +61,15 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         logger.entry(request, response, handler);
-
-        // If any of the required HTTP headers are missing, this request is invalid
-        String httpHeaderValue;
-        for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
-            httpHeaderValue = request.getHeader(requiredHttpHeaderName);
-            if (httpHeaderValue == null) {
-                throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
+        
+        if(!shouldNotFilter(request)){
+            // If any of the required HTTP headers are missing, this request is invalid
+            String httpHeaderValue;
+            for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
+                httpHeaderValue = request.getHeader(requiredHttpHeaderName);
+                if (httpHeaderValue == null) {
+                    throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
+                }
             }
         }
 
@@ -86,4 +88,16 @@ protected List<String> getRequiredHttpHeaderNames() {
         // Should a service require request HTTP header validation, then override this method
         return new ArrayList<>();
     }
+    
+    /**
+     * Subclasses can override this method to control what requests should not be filtered.
+     * for example override the method with the following to prevent
+     * health endpoint : return request.getRequestURI().equals("/health")
+     *
+     * @param request the incoming request
+     * @return true if url should not be filtered
+     */
+    protected boolean shouldNotFilter(HttpServletRequest request) {
+        return false;
+    }
 }

From 6f15121725938b4eb0c05084c4e994c47efe6463 Mon Sep 17 00:00:00 2001
From: tthailu <tesfalemhailu2022@gmail.com>
Date: Wed, 8 May 2024 14:31:37 -0500
Subject: [PATCH 3/3] (synapse-api-rest-imperative) refactored should not
 filter to interceptor

---
 .../interceptor/BaseHttpInterceptor.java      | 14 +++++++++----
 .../rest/interceptor/BaseHttpInterceptor.java | 21 ++++++++++++-------
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java b/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
index eeb785bce..b990da3cc 100644
--- a/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
+++ b/api/synapse-api-rest-imperative/src/main/java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
@@ -23,7 +23,6 @@
 import jakarta.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.List;
 import static io.americanexpress.synapse.service.imperative.model.ServiceHeaderKey.CORRELATION_IDENTIFIER_KEY;
 import static io.americanexpress.synapse.service.imperative.model.ServiceHeaderKey.USE_CASE_NAME_KEY;
@@ -42,7 +41,14 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
     /**
      * Required HTTP header names.
      */
-    protected Collection<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));
+    protected List<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));
+
+    /**
+     * Should not filter URIs.
+     * Specifies list of paths that should not be filtered.
+     * This might include health and actuator endpoints.
+     */
+    protected List<String> urisExcludedFromFilter = new ArrayList<>();
 
     /**
      * Validate the required HTTP headers.
@@ -81,7 +87,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
     protected List<String> getRequiredHttpHeaderNames() {
         // Note: it is possible that a service needs no request HTTP header validation
         // Should a service require request HTTP header validation, then override this method
-        return new ArrayList<>();
+        return requiredHttpHeaderNames;
     }
 
     /**
@@ -93,6 +99,6 @@ protected List<String> getRequiredHttpHeaderNames() {
      * @return true if url should not be filtered
      */
     protected boolean shouldNotFilter(HttpServletRequest request) {
-        return false;
+        return urisExcludedFromFilter.contains(request.getRequestURI());
     }
 }
diff --git a/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java b/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
index c9b248db9..dbb9a3302 100644
--- a/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
+++ b/service/synapse-service-rest/src/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
@@ -24,7 +24,6 @@
 import jakarta.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.List;
 
 import static io.americanexpress.synapse.service.rest.model.ServiceHeaderKey.CORRELATION_IDENTIFIER_KEY;
@@ -32,7 +31,7 @@
 
 /**
  * {@code BaseHttpInterceptor} class specifies the prototypes for performing HTTP header validations for a service.
- *
+ * 
  * @author Paolo Claudio
  */
 public abstract class BaseHttpInterceptor implements HandlerInterceptor {
@@ -42,12 +41,18 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
      */
     private final XLogger logger = XLoggerFactory.getXLogger(getClass());
 
-
+    
     /**
      * Required HTTP header names.
      */
-    protected Collection<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));
+    protected List<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));
 
+    /**
+     * Should not filter URIs.
+     * Specifies list of paths that should not be filtered.
+     * This might include health and actuator endpoints.
+     */
+    protected List<String> urisExcludedFromFilter = new ArrayList<>();
 
     /**
      * Validate the required HTTP headers.
@@ -61,7 +66,7 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         logger.entry(request, response, handler);
-        
+
         if(!shouldNotFilter(request)){
             // If any of the required HTTP headers are missing, this request is invalid
             String httpHeaderValue;
@@ -86,9 +91,9 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
     protected List<String> getRequiredHttpHeaderNames() {
         // Note: it is possible that a service needs no request HTTP header validation
         // Should a service require request HTTP header validation, then override this method
-        return new ArrayList<>();
+        return requiredHttpHeaderNames;
     }
-    
+
     /**
      * Subclasses can override this method to control what requests should not be filtered.
      * for example override the method with the following to prevent
@@ -98,6 +103,6 @@ protected List<String> getRequiredHttpHeaderNames() {
      * @return true if url should not be filtered
      */
     protected boolean shouldNotFilter(HttpServletRequest request) {
-        return false;
+        return urisExcludedFromFilter.contains(request.getRequestURI());
     }
 }