org.cloudfoundry.identity.uaa.security.web.UaaRequestMatcher Maven / Gradle / Ivy
/*******************************************************************************
* Cloud Foundry
* Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved.
*
* This product is licensed to you under the Apache License, Version 2.0 (the "License").
* You may not use this product except in compliance with the License.
*
* This product includes a number of subcomponents with
* separate copyright notices and license terms. Your use of these
* subcomponents is subject to the terms and conditions of the
* subcomponent's license, as noted in the LICENSE file.
*******************************************************************************/
package org.cloudfoundry.identity.uaa.security.web;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
* Custom request matcher which allows endpoints in the UAA to be matched as
* substrings and also differentiation based
* on the content type (e.g. JSON vs HTML) specified in the Accept request
* header, thus allowing different filter chains
* to be configured for browser and command-line clients.
*
* Currently just looks for a match of the configured MIME-type in the accept
* header when deciding whether to match the request. There is no parsing of
* priorities in the header.
*/
public final class UaaRequestMatcher implements RequestMatcher, BeanNameAware {
private static final Log logger = LogFactory.getLog(UaaRequestMatcher.class);
private final String path;
private List accepts;
private HttpMethod method;
private Map parameters = new HashMap();
private Map> expectedHeaders = new HashMap>();
private String name;
public UaaRequestMatcher(String path) {
Assert.hasText(path);
if (path.contains("*")) {
throw new IllegalArgumentException("UaaRequestMatcher is not intended for use with wildcards");
}
this.path = path;
}
/**
* The HttpMethod that the request should be made with. Optional (if null,
* then all values match)
*
* @param method
*/
public void setMethod(HttpMethod method) {
this.method = method;
}
/**
* A media type that should be present in the accept header for a request to
* match. Optional (if null then all
* values match).
*
* @param accepts the accept header value to set
*/
public void setAccept(List accepts) {
this.accepts = Collections.unmodifiableList(accepts);
setHeaders(Collections.singletonMap("accept", this.accepts));
}
/**
* A map of request parameter name and values to match against. If all the
* specified parameters are present and
* match the values given then the accept header will be ignored.
*
* @param parameters the parameter matches to set
*/
public void setParameters(Map parameters) {
this.parameters = parameters;
}
@Override
public boolean matches(HttpServletRequest request) {
String message = request.getRequestURI() + "'; '" + request.getContextPath() + path + "' with parameters="
+ parameters + " and headers " + expectedHeaders;
if (logger.isTraceEnabled()) {
logger.trace("["+name+"] Checking match of request : '" + message);
}
if (!request.getRequestURI().startsWith(request.getContextPath() + path)) {
return false;
}
if (method != null && !method.toString().equals(request.getMethod().toUpperCase())) {
return false;
}
for (Entry> expectedHeaderEntry : expectedHeaders.entrySet()) {
String requestValue = request.getHeader(expectedHeaderEntry.getKey());
if ("accept".equalsIgnoreCase(expectedHeaderEntry.getKey())) {
if (!matchesAcceptHeader(requestValue, expectedHeaderEntry.getValue())) {
return false;
}
}
else if (!matchesHeader(requestValue, expectedHeaderEntry.getValue())) {
return false;
}
}
for (String key : parameters.keySet()) {
String value = request.getParameter(key);
if (value == null || !value.startsWith(parameters.get(key))) {
return false;
}
}
if (logger.isDebugEnabled()) {
logger.debug("["+name+"]Matched request " + message);
}
return true;
}
private boolean matchesHeader(String requestValue, List expectedValues) {
for (String headerValue : expectedValues) {
if ("bearer ".equalsIgnoreCase(headerValue)) {
//case insensitive for Authorization: Bearer match
if (requestValue == null || !requestValue.toLowerCase().startsWith(headerValue)) {
return false;
}
} else if (requestValue == null || !requestValue.startsWith(headerValue)) {
return false;
}
}
return true;
}
private boolean matchesAcceptHeader(String requestValue, List expectedValues) {
// Accept header is not required to be checked!
if (requestValue == null) {
return true;
}
List requestValues = MediaType.parseMediaTypes(requestValue);
for (String expectedValue : expectedValues) {
if (MediaType.parseMediaType(expectedValue).includes(requestValues.get(0))) {
return true;
}
}
return false;
}
@Override
public boolean equals(Object obj) {
if (!(obj instanceof UaaRequestMatcher)) {
return false;
}
UaaRequestMatcher other = (UaaRequestMatcher) obj;
if (!this.path.equals(other.path)) {
return false;
}
if (!((this.method == null && other.method == null) || (this.method != null && other.method != null && this.method == other.method))) {
return false;
}
if (!((this.parameters == null && other.parameters == null) || (this.parameters != null && this.parameters
.equals(other.parameters)))) {
return false;
}
if (!((this.accepts == null && other.accepts == null) || (this.accepts != null && this.accepts
.equals(other.accepts)))) {
return false;
}
if (!((this.expectedHeaders == null && other.expectedHeaders == null) || (this.expectedHeaders != null && this.expectedHeaders
.equals(other.expectedHeaders)))) {
return false;
}
return true;
}
@Override
public int hashCode() {
int code = 31 ^ path.hashCode();
if (method != null) {
code ^= method.hashCode();
}
if (accepts != null) {
code ^= accepts.hashCode();
}
if (parameters != null) {
code ^= parameters.hashCode();
}
return code;
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("UAAPath("+name+") ['").append(path).append("'");
if (accepts != null) {
sb.append(", ").append(accepts);
}
sb.append("]");
return sb.toString();
}
public void setHeaders(Map> headers) {
for (String headerName : headers.keySet()) {
List expectedValues = new ArrayList();
expectedValues.addAll(headers.get(headerName));
expectedHeaders.put(headerName, expectedValues);
}
}
@Override
public void setBeanName(String name) {
this.name=name;
}
}