Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/api/should not filter #306

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Feature/api/should not filter #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ab9738d
(synapse-api-rest-imperative) added should not filter to interceptor
tthailu May 6, 2024
a930a84
(synapse-client-rest) add should not filter to interceptor
tthailu May 6, 2024
6f15121
(synapse-api-rest-imperative) refactored should not filter to interce…
tthailu May 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 29 additions & 9 deletions .../java/io/americanexpress/synapse/api/rest/imperative/interceptor/BaseHttpInterceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
import jakarta.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import static io.americanexpress.synapse.service.imperative.model.ServiceHeaderKey.CORRELATION_IDENTIFIER_KEY;
import static io.americanexpress.synapse.service.imperative.model.ServiceHeaderKey.USE_CASE_NAME_KEY;
Expand All @@ -42,7 +41,14 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
/**
* Required HTTP header names.
*/
protected Collection<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));
protected List<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));

/**
* Should not filter URIs.
* Specifies list of paths that should not be filtered.
* This might include health and actuator endpoints.
*/
protected List<String> urisExcludedFromFilter = new ArrayList<>();

/**
* Validate the required HTTP headers.
Expand All @@ -57,12 +63,14 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
logger.entry(request, response, handler);

// If any of the required HTTP headers are missing, this request is invalid
String httpHeaderValue;
for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
httpHeaderValue = request.getHeader(requiredHttpHeaderName);
if (httpHeaderValue == null) {
throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
if(!shouldNotFilter(request)){
// If any of the required HTTP headers are missing, this request is invalid
String httpHeaderValue;
for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
httpHeaderValue = request.getHeader(requiredHttpHeaderName);
if (httpHeaderValue == null) {
throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
}
}
}

Expand All @@ -79,6 +87,18 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
protected List<String> getRequiredHttpHeaderNames() {
// Note: it is possible that a service needs no request HTTP header validation
// Should a service require request HTTP header validation, then override this method
return new ArrayList<>();
return requiredHttpHeaderNames;
}

/**
* Subclasses can override this method to control what requests should not be filtered.
* for example override the method with the following to prevent
* health endpoint : return request.getRequestURI().equals("/health")
*
* @param request the incoming request
* @return true if url should not be filtered
*/
protected boolean shouldNotFilter(HttpServletRequest request) {
return urisExcludedFromFilter.contains(request.getRequestURI());
}
}
41 changes: 30 additions & 11 deletions ...rc/main/java/io/americanexpress/synapse/service/rest/interceptor/BaseHttpInterceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,14 @@
import jakarta.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;

import static io.americanexpress.synapse.service.rest.model.ServiceHeaderKey.CORRELATION_IDENTIFIER_KEY;
import static io.americanexpress.synapse.service.rest.model.ServiceHeaderKey.USE_CASE_NAME_KEY;

/**
* {@code BaseHttpInterceptor} class specifies the prototypes for performing HTTP header validations for a service.
*
*
* @author Paolo Claudio
*/
public abstract class BaseHttpInterceptor implements HandlerInterceptor {
Expand All @@ -42,12 +41,18 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
*/
private final XLogger logger = XLoggerFactory.getXLogger(getClass());


/**
* Required HTTP header names.
*/
protected Collection<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));
protected List<String> requiredHttpHeaderNames = new ArrayList<>(Arrays.asList(HttpHeaders.CONTENT_TYPE, CORRELATION_IDENTIFIER_KEY.getValue(), USE_CASE_NAME_KEY.getValue()));

/**
* Should not filter URIs.
* Specifies list of paths that should not be filtered.
* This might include health and actuator endpoints.
*/
protected List<String> urisExcludedFromFilter = new ArrayList<>();

/**
* Validate the required HTTP headers.
Expand All @@ -62,12 +67,14 @@ public abstract class BaseHttpInterceptor implements HandlerInterceptor {
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
logger.entry(request, response, handler);

// If any of the required HTTP headers are missing, this request is invalid
String httpHeaderValue;
for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
httpHeaderValue = request.getHeader(requiredHttpHeaderName);
if (httpHeaderValue == null) {
throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
if(!shouldNotFilter(request)){
// If any of the required HTTP headers are missing, this request is invalid
String httpHeaderValue;
for (String requiredHttpHeaderName : getRequiredHttpHeaderNames()) {
httpHeaderValue = request.getHeader(requiredHttpHeaderName);
if (httpHeaderValue == null) {
throw new ApplicationClientException("Request HTTP Header " + requiredHttpHeaderName + " is missing.", ErrorCode.MISSING_HTTP_HEADER_ERROR, requiredHttpHeaderName);
}
}
}

Expand All @@ -84,6 +91,18 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
protected List<String> getRequiredHttpHeaderNames() {
// Note: it is possible that a service needs no request HTTP header validation
// Should a service require request HTTP header validation, then override this method
return new ArrayList<>();
return requiredHttpHeaderNames;
}

/**
* Subclasses can override this method to control what requests should not be filtered.
* for example override the method with the following to prevent
* health endpoint : return request.getRequestURI().equals("/health")
*
* @param request the incoming request
* @return true if url should not be filtered
*/
protected boolean shouldNotFilter(HttpServletRequest request) {
return urisExcludedFromFilter.contains(request.getRequestURI());
}
}