• Home
• com.formkiq
• formkiq-server
• 0.5.6
• source code
• OAuthRequestedMatcher.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.formkiq.server.config.OAuthRequestedMatcher Maven / Gradle / Ivy

/*
 * Copyright (C) 2016 FormKiQ Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.formkiq.server.config;

import static com.formkiq.server.api.SystemController.API_SYSTEM_PING;
import static com.formkiq.server.api.SystemController.API_SYSTEM_SETUP;
import static com.formkiq.server.api.UsersController.API_USER_CAN_CREATE;
import static com.formkiq.server.api.UsersController.API_USER_SAVE;

import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;

import com.formkiq.server.api.AbstractRestController;

/**
 * Matches custom OAuth Requests matcher to support both
 * OAuth authentication and basic authentication on the /api path.
 *
 */
public class OAuthRequestedMatcher implements RequestMatcher {

    /** Urls that are NOT oauth. */
    private List skipUrls = Arrays.asList(API_SYSTEM_PING,
            API_SYSTEM_SETUP, API_USER_SAVE, API_USER_CAN_CREATE);

    @Override
    public boolean matches(final HttpServletRequest request) {

        boolean matches = false;

        String accessToken = request.getParameter("access_token");
        String uri = request.getRequestURI();

        if (!StringUtils.isEmpty(accessToken)) {

            matches = true;

        } else if (!this.skipUrls.contains(uri)) {

            Enumeration e = request.getHeaders("accept");

            if (e != null) {

                while (e.hasMoreElements()) {
                    String accept = e.nextElement();
                    if (AbstractRestController.ACCEPT_HEADER_V1.toString()
                            .equalsIgnoreCase(accept)) {
                        matches = true;
                    }

                    if (AbstractRestController.ACCEPT_HEADER_ADMIN.toString()
                            .equalsIgnoreCase(accept)) {
                        matches = false;
                        break;
                    }
                }
            }
        }

        return matches;
    }
}