InterVDCHMACAuthFilter.java

/*
 * Copyright (c) 2012-2013 EMC Corporation
 * All Rights Reserved
 */
package com.emc.storageos.geo.service.authentication;

import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.emc.storageos.security.authentication.AbstractHMACAuthFilter;
import com.emc.storageos.security.authentication.AbstractRequestWrapperFilter;
import com.emc.storageos.security.authentication.InternalApiSignatureKeyGenerator.SignatureKeyType;
import com.emc.storageos.svcs.errorhandling.resources.APIException;

/**
 * HMAC authentication filter for inter-VDC APIs
 * 
 * This filter is terminal - it either accepts a request as
 * a valid signed inter-VDC request or rejects it. It will
 * never delegate to a following filter.
 */
public class InterVDCHMACAuthFilter extends AbstractHMACAuthFilter {
    @SuppressWarnings("unused")
    private static final Logger _log = LoggerFactory
            .getLogger(InterVDCHMACAuthFilter.class);
    public static final String INTERVDC_URI = "/intervdc/";

    @Override
    protected AbstractRequestWrapperFilter.AbstractRequestWrapper authenticate(
            final ServletRequest servletRequest) {
        HttpServletRequest req = (HttpServletRequest) servletRequest;

        if (isInterVDCRequest(req) && verifySignature(req, SignatureKeyType.INTERVDC_API)) {
            return new AbstractRequestWrapperFilter.AbstractRequestWrapper(req, null);
        } else {
            throw APIException.unauthorized.unauthenticatedRequestUnsignedInterVDCRequest();
        }
    }

    /**
     * Determine if a request is intended for the inter-vdc (/inter-vdc/*) APIs
     * 
     * @param req an HTTP servlet request object
     * @return true if the URI pattern in the request matches the inter-vdc APIs
     */
    public static boolean isInterVDCRequest(HttpServletRequest req) {
        return ((req != null) && req.getRequestURI().contains(INTERVDC_URI));
    }
}