Added headers check

871a3b96 · Yurii Ruban [EPAM / GCP] · 4a32ae57 · 871a3b96 · 871a3b96
Commit 871a3b96 authored 1 month ago by Yurii Ruban [EPAM / GCP]
--- a/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
+++ b/notification-core/src/main/java/org/opengroup/osdu/notification/auth/AuthorizationFilter.java
@@ -30,6 +30,8 @@ import org.opengroup.osdu.notification.provider.interfaces.IServiceAccountValida
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;

 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Arrays;
@@ -51,6 +53,7 @@ public class AuthorizationFilter {
    private ICache<String, Groups> cache;

    public boolean hasAnyPermission(String... requiredRoles) {
+        requestInfoExt.checkHeaders(getRequest());
        DpsHeaders dpsHeaders = requestInfoExt.getHeaders();
        if (StringUtils.isBlank(dpsHeaders.getAuthorization()))
            throw new AppException(302, "Redirect", "No credentials sent on request.");
@@ -59,8 +62,9 @@ public class AuthorizationFilter {
            requestInfoExt.assignPartitionIdIfNotInHeader();
        }

-        String path = request.getServletPath();
-        if ("GET".equals(request.getMethod()) &&
+        HttpServletRequest request = getRequest();
+        String path = request != null ? request.getServletPath() : "";
+        if (request != null && "GET".equals(request.getMethod()) &&
           (path.equals("/swagger-ui.html") || path.equals("/info"))) {
            return true;
        }
@@ -112,4 +116,9 @@ public class AuthorizationFilter {
        requestInfoExt.setHeaders(dpsHeaders);
        return authorizationResponse;
    }
+
+    private HttpServletRequest getRequest() {
+        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        return attributes != null ? attributes.getRequest() : null;
+    }
 }
--- a/notification-core/src/main/java/org/opengroup/osdu/notification/di/RequestInfoExt.java
+++ b/notification-core/src/main/java/org/opengroup/osdu/notification/di/RequestInfoExt.java
@@ -68,4 +68,14 @@ public class RequestInfoExt extends RequestInfo {
            headers.put(DpsHeaders.DATA_PARTITION_ID, tenant);
        }
    }
+
+    public void checkHeaders(HttpServletRequest request) {
+        if (request != null) {
+            Map<String, String> headersFromRequest = Collections
+                    .list(request.getHeaderNames())
+                    .stream()
+                    .collect(Collectors.toMap(h -> h, request::getHeader));
+            this.setHeaders(DpsHeaders.createFromMap(headersFromRequest));
+        }
+    }
 }