Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * 
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   * 
   *   http://www.apache.org/licenses/LICENSE-2.0
   * 
   * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  * 
  */
 
 package org.apache.wookie.server.security;
 
 
 
Authorization Filter for API Requests
 
 public class AuthorizationFilter implements Filter {
 
   static Logger _logger = Logger.getLogger(AuthorizationFilter.class.getName());
 
   /*
    * (non-Javadoc)
    * 
    * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
    */
   public void init(FilterConfig filterConfigthrows ServletException {
   }
 
   /*
    * (non-Javadoc)
    * 
    * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
    * javax.servlet.ServletResponse, javax.servlet.FilterChain)
    */
   public void doFilter(ServletRequest requestServletResponse response,
       FilterChain chainthrows IOExceptionServletException {
 
     //
     // Check for exceptions
     //
     if (isException((HttpServletRequestrequest)) {
       chain.doFilter(requestresponse);
       return;
     }
 
     //
     // Choose the authorization method required
     //
     boolean isAuthorized = this.isAuthorizedUsingPlainMessaging((HttpServletRequestrequest);
     
     //
     // return 403 if not authorised, otherwise continue
     //
     if (!isAuthorized) {
       ((HttpServletResponseresponse)
     } else {
       chain.doFilter(requestresponse);
     }
   }
 
   /*
    * (non-Javadoc)
    * 
    * @see javax.servlet.Filter#destroy()
    */
   public void destroy() {
   }

  
Returns true if the request is an exception - i.e. an open request type against one of the mapped servlets

Parameters:
request
Returns:
true if the request should be allowed as an exception, false if it should be processed normally
 
   private boolean isException(HttpServletRequest request) {
     if (request.getServletPath().equalsIgnoreCase("flatpack")
         && request.getMethod().equals("GET"))
      return true;
    return false;
  }

  
Checks if the given request is accompanied by a valid API key

Parameters:
request
Returns:
true if valid, otherwise false
  private boolean isAuthorizedUsingPlainMessaging(HttpServletRequest request) {
    
    //
    // Verify the API key exists
    //
    String key = request.getParameter("api_key");
   
    //
    // No key
    //
    if (key == null || key.trim().equals("")) {
      .info("No API key supplied");
      return false;
    }
    
    //
    // Look up the key
    //
    return isRegistered(key);
  }
  
  
Looks up an API key

Parameters:
apiKey
Returns:
true if the API key is registered, false otherwise
  private boolean isRegistered(String apiKey){
      if (ApiKeys.getInstance().validate(apiKey)){
        return true;
      } else {
        .info("Invalid API key supplied: " + apiKey);
        return false;      
      }
  }
New to GrepCode? Check out our FAQ X