From cb59cfe5822e2b4c7fd4cb7019067ebe9a430353 Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Mon, 19 May 2025 18:44:35 +0530 Subject: [PATCH 1/8] Skip the JwtToken validation if request coming from mobile --- .../wipro/fhir/utils/JwtUserIdValidationFilter.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index 537dc3b..945ce32 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -34,6 +34,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo String path = request.getRequestURI(); String contextPath = request.getContextPath(); logger.info("JwtUserIdValidationFilter invoked for path: " + path); + String requestSource = request.getHeader("User-Agent"); + if (null != requestSource && requestSource.contains("okhttp")) { + logger.info("Skipping JWT validation for X-Request-Source: okhttp"); + filterChain.doFilter(servletRequest, servletResponse); + return; + } // Log cookies for debugging Cookie[] cookies = request.getCookies(); @@ -71,8 +77,8 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo // Determine which token (cookie or header) to validate String jwtToken = jwtTokenFromCookie != null ? jwtTokenFromCookie : jwtTokenFromHeader; if (jwtToken == null) { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "JWT token not found in cookies or headers"); - return; + //response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "JWT token not found in cookies or headers"); + //return; } // Validate JWT token and userId From 54d149f1a136f3c9a9ba513319f7dfaf9738f9e4 Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Mon, 19 May 2025 18:52:47 +0530 Subject: [PATCH 2/8] Added condition for Android,ios --- .../fhir/utils/JwtUserIdValidationFilter.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index 945ce32..614d572 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -34,13 +34,12 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo String path = request.getRequestURI(); String contextPath = request.getContextPath(); logger.info("JwtUserIdValidationFilter invoked for path: " + path); - String requestSource = request.getHeader("User-Agent"); - if (null != requestSource && requestSource.contains("okhttp")) { - logger.info("Skipping JWT validation for X-Request-Source: okhttp"); + String userAgent = request.getHeader("User-Agent"); + if (isMobileClient(userAgent)) { + logger.info("Skipping JWT validation for X-Request-Source : "+userAgent); filterChain.doFilter(servletRequest, servletResponse); return; } - // Log cookies for debugging Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -116,4 +115,14 @@ private void clearUserIdCookie(HttpServletResponse response) { cookie.setMaxAge(0); // Invalidate the cookie response.addCookie(cookie); } + private boolean isMobileClient(String userAgent) { + if (userAgent == null) return false; + userAgent = userAgent.toLowerCase(); + // Common indicators for mobile apps + return userAgent.contains("okhttp") || // Android OkHttp client + userAgent.contains("android") || // Generic Android apps + userAgent.contains("dalvik") || // Android runtime + userAgent.contains("iphone") || // iOS device + userAgent.contains("ios"); // Custom iOS client + } } From d926226ae948797519afa0b9d832206d2fbcb2a4 Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Mon, 19 May 2025 18:55:58 +0530 Subject: [PATCH 3/8] CI properties change --- src/main/environment/common_ci.properties | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/environment/common_ci.properties b/src/main/environment/common_ci.properties index 2664759..79cd553 100644 --- a/src/main/environment/common_ci.properties +++ b/src/main/environment/common_ci.properties @@ -113,3 +113,6 @@ logging.level.org.springframework=INFO logging.path=logs/ logging.file.name=@env.FHIR_API_LOGGING_FILE_NAME@ jwt.secret=@env.JWT_SECRET_KEY@ + +springdoc.api-docs.enabled=@env.SWAGGER_DOC_ENABLED@ +springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@ From 48ed61df236a6219b6518b98596285113deefee6 Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Tue, 20 May 2025 12:02:03 +0530 Subject: [PATCH 4/8] Verified acceptance crietaria conditions --- .../fhir/utils/JwtUserIdValidationFilter.java | 92 ++++++++++--------- 1 file changed, 50 insertions(+), 42 deletions(-) diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index 614d572..9240dba 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -34,12 +34,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo String path = request.getRequestURI(); String contextPath = request.getContextPath(); logger.info("JwtUserIdValidationFilter invoked for path: " + path); - String userAgent = request.getHeader("User-Agent"); - if (isMobileClient(userAgent)) { - logger.info("Skipping JWT validation for X-Request-Source : "+userAgent); - filterChain.doFilter(servletRequest, servletResponse); - return; - } + // Log cookies for debugging Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -58,43 +53,66 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo logger.info("JWT token from header: "); // Skip login and public endpoints - if (path.equals(contextPath + "/user/userAuthenticate") - || path.equalsIgnoreCase(contextPath + "/user/logOutUserFromConcurrentSession") - || path.startsWith(contextPath + "/swagger-ui") - || path.startsWith(contextPath + "/v3/api-docs") - || path.startsWith(contextPath + "/public")) { - logger.info("Skipping filter for path: " + path); - filterChain.doFilter(servletRequest, servletResponse); - return; - } + if (shouldSkipPath(path, contextPath)) { + filterChain.doFilter(servletRequest, servletResponse); + return; + } + try { - // Retrieve JWT token from cookies - String jwtTokenFromCookie = getJwtTokenFromCookies(request); - logger.info("JWT token from cookie: "); - - // Determine which token (cookie or header) to validate - String jwtToken = jwtTokenFromCookie != null ? jwtTokenFromCookie : jwtTokenFromHeader; - if (jwtToken == null) { - //response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "JWT token not found in cookies or headers"); - //return; + String jwtFromCookie = getJwtTokenFromCookies(request); + String jwtFromHeader = request.getHeader("JwtToken"); + String authHeader = request.getHeader("Authorization"); + + if (jwtFromCookie != null) { + logger.info("Validating JWT token from cookie"); + if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) { + filterChain.doFilter(servletRequest, servletResponse); + return; + } + } + + if (jwtFromHeader != null) { + logger.info("Validating JWT token from header"); + if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) { + filterChain.doFilter(servletRequest, servletResponse); + return; + } + } + String userAgent = request.getHeader("User-Agent"); + logger.info("User-Agent: " + userAgent); + + if (userAgent != null && isMobileClient(userAgent) && authHeader != null) { + filterChain.doFilter(servletRequest, servletResponse); + return; } - // Validate JWT token and userId - boolean isValid = jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtToken); + logger.warn("No valid authentication token found"); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token"); - if (isValid) { - // If token is valid, allow the request to proceed - filterChain.doFilter(servletRequest, servletResponse); - } else { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid JWT token"); - } } catch (Exception e) { logger.error("Authorization error: ", e); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage()); } } + private boolean isMobileClient(String userAgent) { + if (userAgent == null) return false; + userAgent = userAgent.toLowerCase(); + + return userAgent.contains("okhttp") || // Android (OkHttp) + userAgent.contains("dalvik") || // Android runtime + userAgent.contains("android") || // Generic Android + userAgent.contains("iphone") || // iOS + userAgent.contains("ios"); // iOS (custom clients) + } + private boolean shouldSkipPath(String path, String contextPath) { + return path.equals(contextPath + "/user/userAuthenticate") || + path.equalsIgnoreCase(contextPath + "/user/logOutUserFromConcurrentSession") || + path.startsWith(contextPath + "/swagger-ui") || + path.startsWith(contextPath + "/v3/api-docs") || + path.startsWith(contextPath + "/public"); + } private String getJwtTokenFromCookies(HttpServletRequest request) { Cookie[] cookies = request.getCookies(); if (cookies != null) { @@ -115,14 +133,4 @@ private void clearUserIdCookie(HttpServletResponse response) { cookie.setMaxAge(0); // Invalidate the cookie response.addCookie(cookie); } - private boolean isMobileClient(String userAgent) { - if (userAgent == null) return false; - userAgent = userAgent.toLowerCase(); - // Common indicators for mobile apps - return userAgent.contains("okhttp") || // Android OkHttp client - userAgent.contains("android") || // Generic Android apps - userAgent.contains("dalvik") || // Android runtime - userAgent.contains("iphone") || // iOS device - userAgent.contains("ios"); // Custom iOS client - } } From 8b203a48ee0c552ab5bb9628c4ca24ee24462d81 Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Tue, 20 May 2025 12:46:25 +0530 Subject: [PATCH 5/8] Indent and okhttp validated --- .../fhir/utils/JwtUserIdValidationFilter.java | 75 +++++++++---------- 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index 9240dba..1cb72e0 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -54,65 +54,64 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo // Skip login and public endpoints if (shouldSkipPath(path, contextPath)) { - filterChain.doFilter(servletRequest, servletResponse); - return; - } - + filterChain.doFilter(servletRequest, servletResponse); + return; + } try { String jwtFromCookie = getJwtTokenFromCookies(request); - String jwtFromHeader = request.getHeader("JwtToken"); - String authHeader = request.getHeader("Authorization"); - - if (jwtFromCookie != null) { - logger.info("Validating JWT token from cookie"); - if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) { - filterChain.doFilter(servletRequest, servletResponse); - return; - } - } - - if (jwtFromHeader != null) { - logger.info("Validating JWT token from header"); - if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) { - filterChain.doFilter(servletRequest, servletResponse); - return; - } - } - String userAgent = request.getHeader("User-Agent"); - logger.info("User-Agent: " + userAgent); + String jwtFromHeader = request.getHeader("JwtToken"); + String authHeader = request.getHeader("Authorization"); + + if (jwtFromCookie != null) { + logger.info("Validating JWT token from cookie"); + if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) { + filterChain.doFilter(servletRequest, servletResponse); + return; + } + } + + if (jwtFromHeader != null) { + logger.info("Validating JWT token from header"); + if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) { + filterChain.doFilter(servletRequest, servletResponse); + return; + } + } + String userAgent = request.getHeader("User-Agent"); + logger.info("User-Agent: " + userAgent); if (userAgent != null && isMobileClient(userAgent) && authHeader != null) { filterChain.doFilter(servletRequest, servletResponse); return; } - logger.warn("No valid authentication token found"); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token"); + logger.warn("No valid authentication token found"); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token"); } catch (Exception e) { logger.error("Authorization error: ", e); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage()); } } + private boolean isMobileClient(String userAgent) { - if (userAgent == null) return false; + if (userAgent == null) + return false; - userAgent = userAgent.toLowerCase(); + userAgent = userAgent.toLowerCase(); - return userAgent.contains("okhttp") || // Android (OkHttp) - userAgent.contains("dalvik") || // Android runtime - userAgent.contains("android") || // Generic Android - userAgent.contains("iphone") || // iOS - userAgent.contains("ios"); // iOS (custom clients) + return userAgent.contains("okhttp"); // iOS (custom clients) } + private boolean shouldSkipPath(String path, String contextPath) { - return path.equals(contextPath + "/user/userAuthenticate") || - path.equalsIgnoreCase(contextPath + "/user/logOutUserFromConcurrentSession") || - path.startsWith(contextPath + "/swagger-ui") || - path.startsWith(contextPath + "/v3/api-docs") || - path.startsWith(contextPath + "/public"); + return path.equals(contextPath + "/user/userAuthenticate") + || path.equalsIgnoreCase(contextPath + "/user/logOutUserFromConcurrentSession") + || path.startsWith(contextPath + "/swagger-ui") + || path.startsWith(contextPath + "/v3/api-docs") + || path.startsWith(contextPath + "/public"); } + private String getJwtTokenFromCookies(HttpServletRequest request) { Cookie[] cookies = request.getCookies(); if (cookies != null) { From 06015aee7cb1f6fe7391cacfae191d98b9cfc85d Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Wed, 21 May 2025 00:21:33 +0530 Subject: [PATCH 6/8] Handled Authorization in Header --- .../fhir/utils/JwtUserIdValidationFilter.java | 15 +++---- .../AuthorizationHeaderRequestWrapper.java | 41 +++++++++++++++++++ .../utils/http/HTTPRequestInterceptor.java | 4 ++ 3 files changed, 53 insertions(+), 7 deletions(-) create mode 100644 src/main/java/com/wipro/fhir/utils/http/AuthorizationHeaderRequestWrapper.java diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index 1cb72e0..24ccd54 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -6,6 +6,8 @@ import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; +import com.wipro.fhir.utils.http.AuthorizationHeaderRequestWrapper; + import jakarta.servlet.Filter; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; @@ -29,6 +31,7 @@ public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil) { public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; + HttpServletResponse response = (HttpServletResponse) servletResponse; String path = request.getRequestURI(); @@ -47,11 +50,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo } else { logger.info("No cookies found in the request"); } - - // Log headers for debugging - String jwtTokenFromHeader = request.getHeader("Jwttoken"); - logger.info("JWT token from header: "); - + // Skip login and public endpoints if (shouldSkipPath(path, contextPath)) { filterChain.doFilter(servletRequest, servletResponse); @@ -66,7 +65,8 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo if (jwtFromCookie != null) { logger.info("Validating JWT token from cookie"); if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) { - filterChain.doFilter(servletRequest, servletResponse); + AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(request, ""); + filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse); return; } } @@ -74,7 +74,8 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo if (jwtFromHeader != null) { logger.info("Validating JWT token from header"); if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) { - filterChain.doFilter(servletRequest, servletResponse); + AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(request, ""); + filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse); return; } } diff --git a/src/main/java/com/wipro/fhir/utils/http/AuthorizationHeaderRequestWrapper.java b/src/main/java/com/wipro/fhir/utils/http/AuthorizationHeaderRequestWrapper.java new file mode 100644 index 0000000..00f6d69 --- /dev/null +++ b/src/main/java/com/wipro/fhir/utils/http/AuthorizationHeaderRequestWrapper.java @@ -0,0 +1,41 @@ +package com.wipro.fhir.utils.http; + + +import java.util.*; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequestWrapper; + +public class AuthorizationHeaderRequestWrapper extends HttpServletRequestWrapper{ + private final String Authorization; + + public AuthorizationHeaderRequestWrapper(HttpServletRequest request, String authHeaderValue) { + super(request); + this.Authorization = authHeaderValue; + } + + @Override + public String getHeader(String name) { + if ("Authorization".equalsIgnoreCase(name)) { + return Authorization; + } + return super.getHeader(name); + } + + @Override + public Enumeration getHeaders(String name) { + if ("Authorization".equalsIgnoreCase(name)) { + return Collections.enumeration(Collections.singletonList(Authorization)); + } + return super.getHeaders(name); + } + + @Override + public Enumeration getHeaderNames() { + List names = Collections.list(super.getHeaderNames()); + if (!names.contains("Authorization")) { + names.add("Authorization"); + } + return Collections.enumeration(names); + } +} diff --git a/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java b/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java index 7f32403..ff7d77b 100644 --- a/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java +++ b/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java @@ -59,6 +59,10 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons boolean status = true; logger.debug("In preHandle we are Intercepting the Request"); String authorization = request.getHeader("Authorization"); + if (authorization.equals("")) { + logger.info("Authorization header is null or empty. Skipping HTTPRequestInterceptor."); + return true; // Allow the request to proceed without validation + } logger.debug("RequestURI::" + request.getRequestURI() + " || Authorization ::" + authorization + " || method :: " + request.getMethod()); if (!request.getMethod().equalsIgnoreCase("OPTIONS")) { From b6dae7d36682e76d9d3a52854948a6a360b0677d Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Thu, 22 May 2025 18:42:28 +0530 Subject: [PATCH 7/8] Jwttoken and user-agent validation --- .../service/api_channel/APIChannelImpl.java | 21 +++------ .../java/com/wipro/fhir/utils/CookieUtil.java | 5 ++- .../fhir/utils/JwtUserIdValidationFilter.java | 30 +++++++------ .../wipro/fhir/utils/RestTemplateUtil.java | 43 +++++++++++++++++++ .../wipro/fhir/utils/UserAgentContext.java | 18 ++++++++ .../utils/http/HTTPRequestInterceptor.java | 2 +- 6 files changed, 90 insertions(+), 29 deletions(-) create mode 100644 src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java create mode 100644 src/main/java/com/wipro/fhir/utils/UserAgentContext.java diff --git a/src/main/java/com/wipro/fhir/service/api_channel/APIChannelImpl.java b/src/main/java/com/wipro/fhir/service/api_channel/APIChannelImpl.java index b69f360..b7b374f 100644 --- a/src/main/java/com/wipro/fhir/service/api_channel/APIChannelImpl.java +++ b/src/main/java/com/wipro/fhir/service/api_channel/APIChannelImpl.java @@ -39,6 +39,7 @@ import com.wipro.fhir.data.request_handler.ResourceRequestHandler; import com.wipro.fhir.data.request_handler.UserAuthAPIResponse; import com.wipro.fhir.utils.CookieUtil; +import com.wipro.fhir.utils.RestTemplateUtil; import com.wipro.fhir.utils.exception.FHIRException; import com.wipro.fhir.utils.mapper.InputMapper; @@ -72,15 +73,9 @@ public String benSearchByBenID(String Authorization, ResourceRequestHandler reso String responseBody = null; if (restTemplate == null) restTemplate = new RestTemplate(); - HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) - .getRequest(); - String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader); - - MultiValueMap header = getHttpHeader(Authorization, "application/json"); - HttpEntity urlRequestOBJ = new HttpEntity(resourceRequestHandler, header); - header.add("Cookie", "Jwttoken=" + jwtTokenFromCookie); - - ResponseEntity response = restTemplate.exchange(benSearchByBenIDURL, HttpMethod.POST, urlRequestOBJ, + + HttpEntity request = RestTemplateUtil.createRequestEntity(resourceRequestHandler, Authorization); + ResponseEntity response = restTemplate.exchange(benSearchByBenIDURL, HttpMethod.POST, request, String.class); if (response.getStatusCodeValue() == 200 && response.hasBody()) { @@ -111,12 +106,8 @@ public String userAuthentication() throws FHIRException { restTemplate = new RestTemplate(); HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()) .getRequest(); - String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader); - - MultiValueMap header = getHttpHeader(null, "application/json"); - HttpEntity urlRequestOBJ = new HttpEntity(userDetails, header); - header.add("Cookie", "Jwttoken=" + jwtTokenFromCookie); - + + HttpEntity urlRequestOBJ = RestTemplateUtil.createRequestEntity(userDetails, requestHeader.getHeader("Authorization")); ResponseEntity response = restTemplate.exchange(userAuthURL, HttpMethod.POST, urlRequestOBJ, String.class); diff --git a/src/main/java/com/wipro/fhir/utils/CookieUtil.java b/src/main/java/com/wipro/fhir/utils/CookieUtil.java index 3ccec9d..9695591 100644 --- a/src/main/java/com/wipro/fhir/utils/CookieUtil.java +++ b/src/main/java/com/wipro/fhir/utils/CookieUtil.java @@ -24,7 +24,10 @@ public Optional getCookieValue(HttpServletRequest request, String cookie return Optional.empty(); } - public String getJwtTokenFromCookie(HttpServletRequest request) { + public static String getJwtTokenFromCookie(HttpServletRequest request) { + if (request.getCookies() == null) { + return null; // If cookies are null, return null safely. + } return Arrays.stream(request.getCookies()).filter(cookie -> "Jwttoken".equals(cookie.getName())) .map(Cookie::getValue).findFirst().orElse(null); } diff --git a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java index 24ccd54..6657ed1 100644 --- a/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java +++ b/src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java @@ -65,26 +65,32 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo if (jwtFromCookie != null) { logger.info("Validating JWT token from cookie"); if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) { - AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(request, ""); + AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper( + request, ""); filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse); return; } - } - - if (jwtFromHeader != null) { + } else if (jwtFromHeader != null) { logger.info("Validating JWT token from header"); if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) { - AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(request, ""); + AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper( + request, ""); filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse); return; } - } - String userAgent = request.getHeader("User-Agent"); - logger.info("User-Agent: " + userAgent); - - if (userAgent != null && isMobileClient(userAgent) && authHeader != null) { - filterChain.doFilter(servletRequest, servletResponse); - return; + } else { + String userAgent = request.getHeader("User-Agent"); + logger.info("User-Agent: " + userAgent); + + if (userAgent != null && isMobileClient(userAgent) && authHeader != null) { + try { + UserAgentContext.setUserAgent(userAgent); + filterChain.doFilter(servletRequest, servletResponse); + } finally { + UserAgentContext.clear(); + } + return; + } } logger.warn("No valid authentication token found"); diff --git a/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java b/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java new file mode 100644 index 0000000..81372a9 --- /dev/null +++ b/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java @@ -0,0 +1,43 @@ +package com.wipro.fhir.utils; + +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import jakarta.servlet.http.HttpServletRequest; + +public class RestTemplateUtil { + public static HttpEntity createRequestEntity(Object body, String authorization) { + + ServletRequestAttributes servletRequestAttributes = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()); + if (servletRequestAttributes == null) { + MultiValueMap headers = new LinkedMultiValueMap<>(); + headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8"); + headers.add(HttpHeaders.AUTHORIZATION, authorization); + return new HttpEntity<>(body, headers); + } + HttpServletRequest requestHeader = servletRequestAttributes.getRequest(); + String jwtTokenFromCookie = null; + try { + jwtTokenFromCookie = CookieUtil.getJwtTokenFromCookie(requestHeader); + + } catch (Exception e) { + e.printStackTrace(); + } + + MultiValueMap headers = new LinkedMultiValueMap<>(); + headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8"); + headers.add(HttpHeaders.USER_AGENT, UserAgentContext.getUserAgent()); + headers.add(HttpHeaders.AUTHORIZATION, authorization); + headers.add("JwtToken",requestHeader.getHeader("JwtToken")); + headers.add(HttpHeaders.COOKIE, "Jwttoken=" + jwtTokenFromCookie); + + return new HttpEntity<>(body, headers); + } + +} + diff --git a/src/main/java/com/wipro/fhir/utils/UserAgentContext.java b/src/main/java/com/wipro/fhir/utils/UserAgentContext.java new file mode 100644 index 0000000..5f8eb06 --- /dev/null +++ b/src/main/java/com/wipro/fhir/utils/UserAgentContext.java @@ -0,0 +1,18 @@ +package com.wipro.fhir.utils; + +public class UserAgentContext { + private static final ThreadLocal userAgentHolder = new ThreadLocal<>(); + + public static void setUserAgent(String userAgent) { + userAgentHolder.set(userAgent); + } + + public static String getUserAgent() { + return userAgentHolder.get(); + } + + public static void clear() { + userAgentHolder.remove(); + } + +} diff --git a/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java b/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java index ff7d77b..9c83a73 100644 --- a/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java +++ b/src/main/java/com/wipro/fhir/utils/http/HTTPRequestInterceptor.java @@ -59,7 +59,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons boolean status = true; logger.debug("In preHandle we are Intercepting the Request"); String authorization = request.getHeader("Authorization"); - if (authorization.equals("")) { + if (authorization == null || authorization.isEmpty()) { logger.info("Authorization header is null or empty. Skipping HTTPRequestInterceptor."); return true; // Allow the request to proceed without validation } From db54cfbe3c1c85f1af7b47fa38c8c6d5cff7ec2e Mon Sep 17 00:00:00 2001 From: Ravi Shanigarapu Date: Thu, 22 May 2025 19:41:27 +0530 Subject: [PATCH 8/8] null check --- .../com/wipro/fhir/utils/RestTemplateUtil.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java b/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java index 81372a9..d16b52f 100644 --- a/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java +++ b/src/main/java/com/wipro/fhir/utils/RestTemplateUtil.java @@ -1,5 +1,7 @@ package com.wipro.fhir.utils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -11,6 +13,8 @@ import jakarta.servlet.http.HttpServletRequest; public class RestTemplateUtil { + private final static Logger logger = LoggerFactory.getLogger(RestTemplateUtil.class); + public static HttpEntity createRequestEntity(Object body, String authorization) { ServletRequestAttributes servletRequestAttributes = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()); @@ -26,18 +30,21 @@ public static HttpEntity createRequestEntity(Object body, String authori jwtTokenFromCookie = CookieUtil.getJwtTokenFromCookie(requestHeader); } catch (Exception e) { - e.printStackTrace(); + logger.error("Error while getting jwtToken from Cookie" + e.getMessage() ); } MultiValueMap headers = new LinkedMultiValueMap<>(); headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8"); - headers.add(HttpHeaders.USER_AGENT, UserAgentContext.getUserAgent()); + if(null != UserAgentContext.getUserAgent()) { + headers.add(HttpHeaders.USER_AGENT, UserAgentContext.getUserAgent()); + } headers.add(HttpHeaders.AUTHORIZATION, authorization); headers.add("JwtToken",requestHeader.getHeader("JwtToken")); - headers.add(HttpHeaders.COOKIE, "Jwttoken=" + jwtTokenFromCookie); + if(null != jwtTokenFromCookie) { + headers.add(HttpHeaders.COOKIE, "Jwttoken=" + jwtTokenFromCookie); + } return new HttpEntity<>(body, headers); } -} - +} \ No newline at end of file