private void handleScopedRequest(String addonKey, HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException { final long startTime = clock.now().getTime(); // we consume the input to allow inspection of the body via getInputStream InputConsumingHttpServletRequest inputConsumingRequest = new InputConsumingHttpServletRequest(req); UserKey user = userManager.getRemoteUserKey(req); ContentTypeAwareResponse wrappedResponse = new ContentTypeAwareResponse(res); if (!addonScopeManager.isRequestInApiScope(inputConsumingRequest, addonKey)) { respondOutOfAuthorizedScope(addonKey, req, res, user); return; } log.debug("Authorized add-on '{}' to access API at URL '{} {}' for user '{}'", addonKey, req.getMethod(), req.getRequestURI(), user); try { chain.doFilter(inputConsumingRequest, wrappedResponse); //Scope also checks response to see if it is allowed to return. if(!addonScopeManager.isResponseInApiScope(req, wrappedResponse, addonKey)) { respondOutOfAuthorizedScope(addonKey, req, wrappedResponse, user); return; } } catch (Exception e) { long duration = clock.now().getTime() - startTime; eventPublisher.publish(new ScopedRequestAllowedEvent(req, addonKey, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, duration)); throw ServletException.class.cast(new ServletException("Unhandled error in ApiScopingFilter").initCause(e)); } long duration = clock.now().getTime() - startTime; eventPublisher.publish(new ScopedRequestAllowedEvent(req, addonKey, wrappedResponse.getStatusCode(), duration)); }
private void handleScopedRequest(String addonKey, HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws IOException, ServletException { final long startTime = clock.now().getTime(); // we consume the input to allow inspection of the body via getInputStream InputConsumingHttpServletRequest inputConsumingRequest = new InputConsumingHttpServletRequest(req); UserKey user = userManager.getRemoteUserKey(req); ContentTypeAwareResponse wrappedResponse = new ContentTypeAwareResponse(res); if (!addonScopeManager.isRequestInApiScope(inputConsumingRequest, addonKey)) { respondOutOfAuthorizedScope(addonKey, req, res, user); return; } log.debug("Authorized add-on '{}' to access API at URL '{} {}' for user '{}'", addonKey, req.getMethod(), req.getRequestURI(), user); try { chain.doFilter(inputConsumingRequest, wrappedResponse); //Scope also checks response to see if it is allowed to return. if(!addonScopeManager.isResponseInApiScope(req, wrappedResponse, addonKey)) { respondOutOfAuthorizedScope(addonKey, req, wrappedResponse, user); return; } } catch (Exception e) { long duration = clock.now().getTime() - startTime; eventPublisher.publish(new ScopedRequestAllowedEvent(req, addonKey, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, duration)); throw ServletException.class.cast(new ServletException("Unhandled error in ApiScopingFilter").initCause(e)); } long duration = clock.now().getTime() - startTime; eventPublisher.publish(new ScopedRequestAllowedEvent(req, addonKey, wrappedResponse.getStatusCode(), duration)); }
Date now = clock.now(); Calendar calendar = Calendar.getInstance(); calendar.setTime(now);