use of uk.gov.hscic.common.filters.model.WebToken in project gpconnect-demonstrator by nhsconnect.
the class FhirRequestAuthInterceptor method buildRuleList.
@Override
public List<IAuthRule> buildRuleList(RequestDetails requestDetails) {
WebToken webToken = webTokenFactory.getWebToken(requestDetails, futureRequestLeeway);
validateClaim(webToken, requestDetails);
validateIdentifier(webToken, requestDetails);
return new RuleBuilder().allowAll().build();
}
use of uk.gov.hscic.common.filters.model.WebToken in project gpconnect-demonstrator by nhsconnect.
the class WebTokenFactory method getWebToken.
WebToken getWebToken(RequestDetails requestDetails, int futureRequestLeeway) {
WebToken webToken = null;
String authorizationHeader = requestDetails.getHeader(HttpHeaders.AUTHORIZATION);
if (null == authorizationHeader) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException(HttpHeaders.AUTHORIZATION + " header missing"), SystemCode.BAD_REQUEST, IssueType.INVALID);
}
String[] authorizationHeaderComponents = authorizationHeader.split(" ");
if (authorizationHeaderComponents.length != 2 || !"Bearer".equalsIgnoreCase(authorizationHeaderComponents[0])) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException(HttpHeaders.AUTHORIZATION + " header invalid"), SystemCode.BAD_REQUEST, IssueType.INVALID);
}
String contentType = requestDetails.getHeader(HttpHeaders.CONTENT_TYPE);
if (contentType == null) {
if (Arrays.asList(RequestTypeEnum.POST, RequestTypeEnum.PUT).contains(requestDetails.getRequestType())) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "No content media type set"), SystemCode.BAD_REQUEST, IssueType.INCOMPLETE);
}
} else if (!CONTENT_TYPES.contains(contentType.split(";")[0])) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "Unsupported content media type"), SystemCode.BAD_REQUEST, IssueType.INVALID);
}
String[] formatParam = requestDetails.getParameters().get("_format");
String acceptHeader = null == formatParam ? requestDetails.getHeader(HttpHeaders.ACCEPT) : formatParam[0];
// If it's still null, use the Content-Type header value
if (null == acceptHeader) {
acceptHeader = contentType;
}
if (acceptHeader == null || !CONTENT_TYPES.contains(acceptHeader.split(";")[0])) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new UnclassifiedServerFailureException(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, "Unsupported accept media type"), SystemCode.BAD_REQUEST, IssueType.INVALID);
}
try {
if (authorizationHeaderComponents[1].contains("==") || authorizationHeaderComponents[1].contains("/") || authorizationHeaderComponents[1].contains("+")) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException("JWT must be encoded using Base64URL. Padding is not allowed"), SystemCode.BAD_REQUEST, IssueType.INVALID);
}
String claimsJsonString = new String(Base64.getDecoder().decode(authorizationHeaderComponents[1].split("\\.")[1]));
webToken = new ObjectMapper().readValue(claimsJsonString, WebToken.class);
jwtParseResourcesValidation(claimsJsonString);
} catch (IllegalArgumentException iae) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException("Not Base 64"), SystemCode.BAD_REQUEST, IssueType.INVALID);
} catch (IOException ex) {
throw OperationOutcomeFactory.buildOperationOutcomeException(new InvalidRequestException("Invalid WebToken"), SystemCode.BAD_REQUEST, IssueType.INVALID);
}
WebTokenValidator.validateWebToken(webToken, futureRequestLeeway);
return webToken;
}
Aggregations