SanitizeAuthenticationFilter.java example

Explorer
ORCID-Source-master
/**
 * =============================================================================
 *
 * ORCID (R) Open Source
 * http://orcid.org
 *
 * Copyright (c) 2012-2014 ORCID, Inc.
 * Licensed under an MIT-Style License (MIT)
 * http://orcid.org/open-source-license
 *
 * This copyright and license information (including a link to the full license)
 * shall be included in its entirety in all copies or substantial portion of
 * the software.
 *
 * =============================================================================
 */
package org.orcid.core.web.filters;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

import org.orcid.pojo.ajaxForm.PojoUtil;
import org.springframework.web.filter.OncePerRequestFilter;

/**
 * 
 * @author Angel Montenegro
 * 
 */

public class SanitizeAuthenticationFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        CustomHeadersHttpServletRequest customRequest = new CustomHeadersHttpServletRequest(request);        
        filterChain.doFilter(customRequest, response);        
    }
}

/**
 * Thanks! http://stackoverflow.com/questions/15585755/setting-http-header-in-delegatingfilterproxy
 * */
class CustomHeadersHttpServletRequest extends HttpServletRequestWrapper {

    public CustomHeadersHttpServletRequest(HttpServletRequest request) {
        super(request);        
    }
    
    @Override
    public String getHeader(String name) {
        HttpServletRequest req = (HttpServletRequest)this.getRequest();
        if(name.equalsIgnoreCase("authorization")) {
            String authorization = req.getHeader(name);
            if(PojoUtil.isEmpty(authorization) || authorization.trim().compareToIgnoreCase("bearer") == 0){
                return null;
            } 
            return authorization;
        }
        
        return req.getHeader(name);
    }
    
    public Enumeration<String> getHeaders(String name) {
        HttpServletRequest req = (HttpServletRequest)this.getRequest();
        if(name.equalsIgnoreCase("authorization")) {
            List<String> headers = new ArrayList<String>();
            Enumeration<String> existingHeaders = req.getHeaders(name);            
            if(existingHeaders != null){
                while(existingHeaders.hasMoreElements()) {
                    String existingHeader = existingHeaders.nextElement();
                    if(!PojoUtil.isEmpty(existingHeader) && !(existingHeader.trim().compareToIgnoreCase("bearer") == 0)){
                        headers.add(existingHeader);
                    }
                }
            }
            return Collections.enumeration(headers);
        }
        return req.getHeaders(name);
    }          
}