KrysseTokenInterceptor.java

package no.dusken.barweb.web.kryssing;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class KrysseTokenInterceptor extends HandlerInterceptorAdapter {
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Value("${kryssetoken}")
    private String krysseToken;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        boolean tokenHeaderMatches = StringUtils.equals(krysseToken, request.getHeader("KrysseToken"));

        if(!tokenHeaderMatches){
            log.warn("tokenheader did not match kryssetoken");
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        }

        return tokenHeaderMatches;
    }
}