TokenHeaderUtility.java

/**

   Copyright 2018 Carlos Macasaet

   Licensed under the Apache License, Version 2.0 (the "License");

   you may not use this file except in compliance with the License.

   You may obtain a copy of the License at

       https://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software

   distributed under the License is distributed on an "AS IS" BASIS,

   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

   See the License for the specific language governing permissions and

   limitations under the License.

 */

package com.macasaet.fernet.jersey;

import javax.ws.rs.NotAuthorizedException;

import org.glassfish.jersey.server.ContainerRequest;

import com.macasaet.fernet.Token;

/**

 * This is a utility class for extracting Fernet tokens from HTTP headers.

 *

 * <p>Copyright &copy; 2018 Carlos Macasaet.</p>

 * @author Carlos Macasaet

 */

class TokenHeaderUtility {

    private static final String authenticationType = "Bearer";

    /**

     * Extract a Fernet token from an RFC6750 Authorization header.

     *

     * @param request a REST request which may or may not include an RFC6750 Authorization header.

     * @return a Fernet token or null if no RFC6750 Authorization header is provided.

     */

    @SuppressWarnings("PMD.AvoidLiteralsInIfCondition")

    public Token getAuthorizationToken(final ContainerRequest request) {

        String authorizationString = request.getHeaderString("Authorization");

        if (authorizationString != null && !"".equals(authorizationString)) {

            authorizationString = authorizationString.trim();

            final String[] components = authorizationString.split("\\s");

            if (components.length != 2) {

                throw new NotAuthorizedException(authenticationType);

            }

            final String scheme = components[0];

            if (!authenticationType.equalsIgnoreCase(scheme)) {

                throw new NotAuthorizedException(authenticationType);

            }

            final String tokenString = components[1];

            return Token.fromString(tokenString);

        }

        return null;

    }

    /**

     * Extract a Fernet token from an X-Authorization header.

     *

     * @param request a REST request which may or may not include an X-Authorization header.

     * @return a Fernet token or null if no X-Authorization header is provided.

     */

    public Token getXAuthorizationToken(final ContainerRequest request) {

        final String xAuthorizationString = request.getHeaderString("X-Authorization");

        if (xAuthorizationString != null && !"".equals(xAuthorizationString)) {

            return Token.fromString(xAuthorizationString.trim());

        }

        return null;

    }

}

Active mutators

• CONDITIONALS_BOUNDARY_MUTATOR
• INCREMENTS_MUTATOR
• INVERT_NEGS_MUTATOR
• MATH_MUTATOR
• NEGATE_CONDITIONALS_MUTATOR
• RETURN_VALS_MUTATOR
• VOID_METHOD_CALL_MUTATOR

Tests examined

• com.macasaet.fernet.jersey.TokenHeaderUtilityTest.verifyGetAuthorizationTokenRejectsInvalidScheme(com.macasaet.fernet.jersey.TokenHeaderUtilityTest) (6 ms)
• com.macasaet.fernet.jersey.TokenHeaderUtilityTest.verifyGetAuthorizationTokenDeserialisesBearerToken(com.macasaet.fernet.jersey.TokenHeaderUtilityTest) (112 ms)
• com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT.verifyFailedForgery(com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT) (278 ms)
• com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT.verifyInvalidTokenReturnsNotAuthorized(com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT) (192 ms)
• com.macasaet.fernet.jersey.example.tokeninjection.TokenInjectionIT.verifySuccessfulBusinessRuleCheck(com.macasaet.fernet.jersey.example.tokeninjection.TokenInjectionIT) (155 ms)
• com.macasaet.fernet.jersey.TokenHeaderUtilityTest.verifyGetAuthorizationTokenRejectsMalformedHeader(com.macasaet.fernet.jersey.TokenHeaderUtilityTest) (9 ms)
• com.macasaet.fernet.jersey.TokenHeaderUtilityTest.verifyGetAuthorizationTokenIgnoresX(com.macasaet.fernet.jersey.TokenHeaderUtilityTest) (3 ms)
• com.macasaet.fernet.jersey.example.tokeninjection.TokenInjectionIT.verifyFailedForgery(com.macasaet.fernet.jersey.example.tokeninjection.TokenInjectionIT) (146 ms)
• com.macasaet.fernet.jersey.TokenHeaderUtilityTest.verifyGetXAuthorizationTokenIgnoresBearer(com.macasaet.fernet.jersey.TokenHeaderUtilityTest) (11 ms)
• com.macasaet.fernet.jersey.FernetTokenValueParamProviderTest.verifyApplyThrowsNotAuthorized(com.macasaet.fernet.jersey.FernetTokenValueParamProviderTest) (7 ms)
• com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT.verifyFailedBusinessRuleCheck(com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT) (1931 ms)
• com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT.verifyMissingTokenReturnsNotAuthorized(com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT) (125 ms)
• com.macasaet.fernet.jersey.TokenHeaderUtilityTest.verifyGetXAuthorizationTokenDeserialisesToken(com.macasaet.fernet.jersey.TokenHeaderUtilityTest) (9 ms)
• com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT.verifySuccessfulBusinessRuleCheck(com.macasaet.fernet.jersey.example.secretinjection.SecretInjectionIT) (222 ms)
• com.macasaet.fernet.jersey.FernetSecretValueParamProviderTest.verifyApplyThrowsNotAuthorized(com.macasaet.fernet.jersey.FernetSecretValueParamProviderTest) (8 ms)
• com.macasaet.fernet.jersey.example.tokeninjection.TokenInjectionIT.verifyFailedBusinessRuleCheck(com.macasaet.fernet.jersey.example.tokeninjection.TokenInjectionIT) (133 ms)