AuthTokenFilter.java example

Explorer
coprhd-controller-master
/*
 * Copyright (c) 2015 EMC Corporation
 * All Rights Reserved
 */
package com.emc.vipr.client.impl.jersey;

import com.emc.vipr.client.impl.Constants;
import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientRequest;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.filter.ClientFilter;
import javax.ws.rs.core.HttpHeaders;
import java.net.URI;

/**
 * Jersey filter for accessing and sending Storage OS Auth Token. This also implements redirection manually 302.
 * 
 * If login is required, you are redirected to the login page. Basic Auth is taken there and a token is provided back.
 * This is sent back as a 302 to redirect you to your original page. The issue is that the 302 contains the response
 * header with the token. Standard redirect processing will lose this token when you redirect to the real page.
 */
public class AuthTokenFilter extends ClientFilter {

    private TokenAccess sessionAccess;

    public AuthTokenFilter(TokenAccess sessionAccess) {
        this.sessionAccess = sessionAccess;
    }

    @Override
    public ClientResponse handle(ClientRequest request) throws ClientHandlerException {
        addTokenToRequest(request);

        ClientResponse response = getNext().handle(request);

        // Handle a redirect
        if (response.getClientResponseStatus() == ClientResponse.Status.FOUND) {
            if (response.getHeaders().containsKey(HttpHeaders.LOCATION)) {
                String location = response.getHeaders().getFirst(HttpHeaders.LOCATION);

                final ClientRequest newRequest = ClientRequest.create().build(URI.create(location), request.getMethod());

                // Handle the token from the existing response, add to this new request
                checkResponseForToken(response);
                addTokenToRequest(newRequest);

                // Call handler to perform redirect to new page
                response = handle(newRequest);
            }
        }

        checkResponseForToken(response);
        return response;
    }

    private void addTokenToRequest(ClientRequest request) {
        if (sessionAccess.getToken() != null) {
            request.getHeaders().putSingle(Constants.AUTH_TOKEN_KEY, sessionAccess.getToken());
        }
    }

    private void checkResponseForToken(ClientResponse response) {
        Object token = response.getHeaders().getFirst(Constants.AUTH_TOKEN_KEY);
        if (token != null && token instanceof String) {
            sessionAccess.setToken((String) token);
        }
    }
}