/server/src/io/seldon/api/interceptor/GenericScopedInterceptor.java
Java | 183 lines | 131 code | 27 blank | 25 comment | 19 complexity | 985518b95b8cae21ad23bd3542eca39e MD5 | raw file
- /*
- * Seldon -- open source prediction engine
- * =======================================
- *
- * Copyright 2011-2015 Seldon Technologies Ltd and Rummble Ltd (http://www.seldon.io/)
- *
- * ********************************************************************************************
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ********************************************************************************************
- */
- package io.seldon.api.interceptor;
- import io.seldon.api.APIException;
- import io.seldon.api.logging.ApiLogger;
- import io.seldon.api.logging.MDCKeys;
- import io.seldon.api.resource.ConsumerBean;
- import io.seldon.api.resource.ErrorBean;
- import io.seldon.api.resource.ScopedConsumerBean;
- import io.seldon.api.service.AuthorizationServer;
- import io.seldon.api.service.TokenScope;
- import java.io.IOException;
- import java.net.URI;
- import java.net.URISyntaxException;
- import java.util.Date;
- import java.util.regex.Matcher;
- import java.util.regex.Pattern;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import javax.servlet.http.HttpSession;
- import org.apache.commons.lang.StringUtils;
- import org.apache.log4j.Logger;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.web.servlet.ModelAndView;
- import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
- import com.fasterxml.jackson.databind.ObjectMapper;
- /**
- * Created by: marc on 13/08/2012 at 15:24
- */
- abstract public class GenericScopedInterceptor extends HandlerInterceptorAdapter implements ScopedInterceptor {
- private static final Logger logger = Logger.getLogger(GenericScopedInterceptor.class);
- private static final String START_TIME = "startTime";
- @Autowired
- private AuthorizationServer authorizationServer;
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
- final String requestURI = request.getRequestURI();
- if (logger.isDebugEnabled())
- logger.debug("Scoped interceptor for: " + requestURI);
- Date start = new Date();
- request.setAttribute("startTime", start);
- try {
- final ConsumerBean consumerBean = authorise(request);
- final HttpSession session = request.getSession();
- session.setAttribute("consumer", consumerBean);
- return super.preHandle(request, response, handler);
- } catch (APIException e) {
- exceptionResponse(request, response, e);
- String apiKey = request.getServletPath().replaceAll("/", "\\."); //Asumes no user/item ids in path!!!!
- ApiLogger.log(apiKey,start, request, null);
- } catch (Throwable t) {
- logger.error("GenericScopedInterceptor#preHandle: " + t.getMessage(), t);
- }
- return false;
- }
- @Override
- public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
- Date start = (Date)request.getAttribute(START_TIME);
- final HttpSession session = request.getSession();
- final ConsumerBean consumerBean = (ConsumerBean) session.getAttribute("consumer");
- String apiKey = request.getServletPath().replaceAll("/", "\\."); //Asumes no user/item ids in path!!!!
- ApiLogger.log(apiKey,start, request, consumerBean);
- super.postHandle(request, response, handler, modelAndView);
- }
- protected void exceptionResponse(HttpServletRequest request, HttpServletResponse response, APIException e) throws IOException {
- ErrorBean bean = new ErrorBean(e);
- logger.error("GenericScopedInterceptor#exceptionResponse: " + e.getMessage(), e);
- final ObjectMapper objectMapper = new ObjectMapper();
- response.setContentType("application/json");
- objectMapper.writeValue(response.getOutputStream(), bean);
- }
- private ScopedConsumerBean authorise(HttpServletRequest request) {
- final ScopedConsumerBean scopedConsumerBean = authorizationServer.getConsumer(request);
- if (scopedConsumerBean != null)
- MDCKeys.addKeysConsumer(scopedConsumerBean);
- final TokenScope.Scope tokenScope = TokenScope.fromString(scopedConsumerBean.getScope());
- final String requestURI = request.getRequestURI();
- final String queryString = request.getQueryString();
- final String requestInfo = requestURI + ", " + queryString;
- if (tokenScope == getScope() && validReferrer(request, scopedConsumerBean)) {
- if (logger.isDebugEnabled())
- logger.debug("Scope and referrer valid for request: " + requestInfo);
- return scopedConsumerBean;
- } else {
- logger.warn("Incorrect scope of invalid referrer in request for: " + requestInfo);
- throw new APIException(APIException.METHOD_NOT_AUTHORIZED); // create additional error code?
- }
- }
- private boolean validReferrer(HttpServletRequest request, ScopedConsumerBean scopedConsumerBean) {
- final String referrer = request.getHeader("Referer"); // sic.; incorrect spelling due to spec
- String referringDomain = referrerDomain(referrer);
- if (logger.isDebugEnabled())
- logger.debug("Checking " + referringDomain + " (from " + referrer + ") against authorised domains.");
- final String commaSeparatedUrls = scopedConsumerBean.getUrl();
- if (commaSeparatedUrls == null) {
- if (logger.isDebugEnabled())
- logger.debug("No URLs specified for consumer: " + scopedConsumerBean.getShort_name() + "; valid referrer.");
- return true;
- }
- final String[] validDomains = StringUtils.split(commaSeparatedUrls, ",");
- for (String validDomain : validDomains) {
- if (logger.isDebugEnabled())
- logger.debug("-> Comparing against domain: " + validDomain);
- if (referringDomain.equals(validDomain)) {
- return true;
- }
- }
- logger.warn(referringDomain + " is invalid. Matched against "+commaSeparatedUrls);
- return false;
- }
- private String referrerDomain(String referrer) {
- Pattern topLevelDomain = Pattern.compile(".*?([^.]+\\.[^.]+)");
- Pattern ipAddress = Pattern.compile("^\\d+\\.\\d+\\.\\d+\\.\\d+");
- if ( StringUtils.isBlank(referrer) ) {
- return "";
- }
- try {
- final URI referrerUri = new URI(referrer);
- final String host = referrerUri.getHost();
-
- if (StringUtils.isBlank(host)){
- return "";
- }
- final Matcher ipMatcher = ipAddress.matcher(host);
- if (ipMatcher.matches()) {
- return host;
- }
- final Matcher tldMatcher = topLevelDomain.matcher(host);
- if (tldMatcher.matches()) {
- return tldMatcher.group(1);
- }
- return host;
- } catch (URISyntaxException e) {
- return referrer;
- }
- }
- }