JwtToken,User-Agent validation changes

Author: ravishanigarapu

src/main/java/com/iemr/admin/service/employeemaster/EmployeeMasterServiceImpl.java

@@ -97,6 +97,7 @@
 import com.iemr.admin.repository.rolemaster.M_UserservicerolemappingForRoleProviderAdminRepo;
 import com.iemr.admin.service.user.EncryptUserPassword;
 import com.iemr.admin.utils.CookieUtil;
+import com.iemr.admin.utils.RestTemplateUtil;
 import com.iemr.admin.utils.config.ConfigProperties;
 import com.iemr.admin.utils.exception.IEMRException;
 import com.iemr.admin.utils.http.HttpUtils;
@@ -462,17 +463,11 @@ private void updateSupervisorRoleInCTI(List<M_UserServiceRoleMapping2> resList1,
 	private Set<String> getCTICampaignRoles(String campaignName, String authToken) throws JsonMappingException, JsonProcessingException {
 		RestTemplate restTemplate = new RestTemplate();
 		ObjectMapper objectMapper = new ObjectMapper();
-		HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-				.getRequest();
-		String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
 		Set<String> resultSet = new HashSet<String>();
-		MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
-		headers.add("Content-Type", "application/json");
-		headers.add("AUTHORIZATION", authToken);
-		headers.add("Jwttoken", jwtTokenFromCookie);
+		HttpEntity<Object> request = RestTemplateUtil.createRequestEntity(campaignName, authToken);
 		String url = configProperties.getPropertyByName("common-url")  + configProperties.getPropertyByName("create-feedback");
-		HttpEntity<Object> request1 = new HttpEntity<Object>(campaignName, headers);
-		ResponseEntity<String> responseStr = restTemplate.exchange(url, HttpMethod.POST, request1, String.class);
+		
+		ResponseEntity<String> responseStr = restTemplate.exchange(url, HttpMethod.POST, request, String.class);
 		OutputResponse response = objectMapper.readValue(responseStr.getBody(), OutputResponse.class);
 		if (response.isSuccess()) {
 			JSONObject obj = new JSONObject(response.getData());
@@ -481,9 +476,6 @@ private Set<String> getCTICampaignRoles(String campaignName, String authToken) t
 				resultSet.add(roles.getString(roleIndex));
 			}
 		}
-//		JSONObject request = new JSONObject();
-//		request.put("campaign", campaignName);
-
 		return resultSet;
 	}
 

src/main/java/com/iemr/admin/utils/CookieUtil.java

@@ -23,8 +23,15 @@ public Optional<String> getCookieValue(HttpServletRequest request, String cookie
 		return Optional.empty();
 	}
 
-	public String getJwtTokenFromCookie(HttpServletRequest request) {
-		return Arrays.stream(request.getCookies()).filter(cookie -> "Jwttoken".equals(cookie.getName()))
-				.map(Cookie::getValue).findFirst().orElse(null);
+	public static String getJwtTokenFromCookie(HttpServletRequest request) {
+		Cookie[] cookies = request.getCookies();
+	    if (cookies == null) {
+	        return null; // No cookies present, return null safely
+	    }
+	    return Arrays.stream(cookies)
+	                 .filter(cookie -> "Jwttoken".equals(cookie.getName()))
+	                 .map(Cookie::getValue)
+	                 .findFirst()
+	                 .orElse(null);
 	}
 }

src/main/java/com/iemr/admin/utils/JwtUserIdValidationFilter.java

@@ -6,6 +6,8 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 
+import com.iemr.admin.utils.http.AuthorizationHeaderRequestWrapper;
+
 import jakarta.servlet.Filter;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -72,25 +74,35 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 			if (jwtFromCookie != null) {
 				logger.info("Validating JWT token from cookie");
 				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
-					filterChain.doFilter(servletRequest, servletResponse);
+					AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(
+							request, "");
+					filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse);
 					return;
 				}
-			}
-
-			if (jwtFromHeader != null) {
+			} else if (jwtFromHeader != null) {
 				logger.info("Validating JWT token from header");
 				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
-					filterChain.doFilter(servletRequest, servletResponse);
+					AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(
+							request, "");
+					filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse);
+					return;
+				}
+			} else {
+				String userAgent = request.getHeader("User-Agent");
+				logger.info("User-Agent: " + userAgent);
+				if (userAgent != null && isMobileClient(userAgent) && authHeader != null) {
+					try {
+						UserAgentContext.setUserAgent(userAgent);
+						filterChain.doFilter(servletRequest, servletResponse);
+					} finally {
+						UserAgentContext.clear();
+					}
 					return;
 				}
 			}
-			String userAgent = request.getHeader("User-Agent");
-			logger.info("User-Agent: " + userAgent);
 
-			if (userAgent != null && isMobileClient(userAgent) && authHeader != null) {
-				filterChain.doFilter(servletRequest, servletResponse);
-				return;
-			}
+			logger.warn("No valid authentication token found");
+			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");
 
 			logger.warn("No valid authentication token found");
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");

src/main/java/com/iemr/admin/utils/RestTemplateUtil.java

@@ -0,0 +1,42 @@
+package com.iemr.admin.utils;
+
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+public class RestTemplateUtil {
+	public static HttpEntity<Object> createRequestEntity(Object body, String authorization) {
+        
+		ServletRequestAttributes servletRequestAttributes = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes());
+		if (servletRequestAttributes == null) {
+			MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
+			headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8");
+			headers.add(HttpHeaders.AUTHORIZATION, authorization);
+			return new HttpEntity<>(body, headers);
+		}
+		HttpServletRequest requestHeader = servletRequestAttributes.getRequest();
+        String jwtTokenFromCookie = null;
+		try {
+			jwtTokenFromCookie = CookieUtil.getJwtTokenFromCookie(requestHeader);
+			
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+
+        MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
+        headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8");
+        headers.add(HttpHeaders.USER_AGENT, UserAgentContext.getUserAgent());
+        headers.add(HttpHeaders.AUTHORIZATION, authorization);
+        headers.add("JwtToken",requestHeader.getHeader("JwtToken"));
+        headers.add(HttpHeaders.COOKIE, "Jwttoken=" + jwtTokenFromCookie);
+
+        return new HttpEntity<>(body, headers);
+    }
+
+}

src/main/java/com/iemr/admin/utils/UserAgentContext.java

@@ -0,0 +1,18 @@
+package com.iemr.admin.utils;
+
+public class UserAgentContext {
+	private static final ThreadLocal<String> userAgentHolder = new ThreadLocal<>();
+
+    public static void setUserAgent(String userAgent) {
+        userAgentHolder.set(userAgent);
+    }
+
+    public static String getUserAgent() {
+        return userAgentHolder.get();
+    }
+
+    public static void clear() {
+        userAgentHolder.remove();
+    }
+
+}

src/main/java/com/iemr/admin/utils/http/AuthorizationHeaderRequestWrapper.java

@@ -0,0 +1,43 @@
+package com.iemr.admin.utils.http;
+
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
+public class AuthorizationHeaderRequestWrapper extends HttpServletRequestWrapper{
+	private final String Authorization;
+
+    public AuthorizationHeaderRequestWrapper(HttpServletRequest request, String authHeaderValue) {
+        super(request);
+        this.Authorization = authHeaderValue;
+    }
+
+    @Override
+    public String getHeader(String name) {
+        if ("Authorization".equalsIgnoreCase(name)) {
+            return Authorization;
+        }
+        return super.getHeader(name);
+    }
+
+    @Override
+    public Enumeration<String> getHeaders(String name) {
+        if ("Authorization".equalsIgnoreCase(name)) {
+            return Collections.enumeration(Collections.singletonList(Authorization));
+        }
+        return super.getHeaders(name);
+    }
+
+    @Override
+    public Enumeration<String> getHeaderNames() {
+        List<String> names = Collections.list(super.getHeaderNames());
+        if (!names.contains("Authorization")) {
+            names.add("Authorization");
+        }
+        return Collections.enumeration(names);
+    }
+}
+