From f07876c2e45669847d72bb95dd7a46e428b9080e Mon Sep 17 00:00:00 2001 From: AmaliMatharaarachchi Date: Fri, 19 Jan 2024 10:26:14 +0530 Subject: [PATCH] fix auth header issue --- .../security/jwt/JWTAuthenticator.java | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java index da145804e..6e3c52c35 100644 --- a/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java +++ b/gateway/enforcer/org.wso2.apk.enforcer/src/main/java/org/wso2/apk/enforcer/security/jwt/JWTAuthenticator.java @@ -35,7 +35,6 @@ import org.wso2.apk.enforcer.commons.exception.EnforcerException; import org.wso2.apk.enforcer.commons.model.APIConfig; import org.wso2.apk.enforcer.commons.model.AuthenticationContext; -import org.wso2.apk.enforcer.commons.model.JWTAuthenticationConfig; import org.wso2.apk.enforcer.commons.model.RequestContext; import org.wso2.apk.enforcer.commons.model.ResourceConfig; import org.wso2.apk.enforcer.config.ConfigHolder; @@ -86,18 +85,10 @@ public JWTAuthenticator(final JWTConfigurationDto jwtConfigurationDto, final boo @Override public boolean canAuthenticate(RequestContext requestContext) { - JWTAuthenticationConfig jwtAuthenticationConfig = null; - // only getting first operation is enough as all matched resource configs have the same security header - for (ResourceConfig resourceConfig : requestContext.getMatchedResourcePaths()) { - if (resourceConfig.getAuthenticationConfig() != null && - resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig() != null) { - jwtAuthenticationConfig = resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig(); - break; - } - } + String authHeader = getTokenHeader(requestContext.getMatchedResourcePaths()); - if (jwtAuthenticationConfig != null) { - String authHeaderValue = retrieveAuthHeaderValue(requestContext, jwtAuthenticationConfig); + if (!StringUtils.equals(authHeader, "")) { + String authHeaderValue = retrieveAuthHeaderValue(requestContext, authHeader); // Check keyword bearer in header to prevent conflicts with custom authentication // (that maybe added with custom filters / interceptors / opa) @@ -128,8 +119,8 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws Utils.setTag(jwtAuthenticatorInfoSpan, APIConstants.LOG_TRACE_ID, ThreadContext.get(APIConstants.LOG_TRACE_ID)); } - String jwtToken = retrieveAuthHeaderValue(requestContext, - requestContext.getMatchedResourcePaths().get(0).getAuthenticationConfig().getJwtAuthenticationConfig()); + String authHeader = getTokenHeader(requestContext.getMatchedResourcePaths()); + String jwtToken = retrieveAuthHeaderValue(requestContext, authHeader); String[] splitToken = jwtToken.split("\\s"); // Extract the token when it is sent as bearer token. i.e Authorization: Bearer if (splitToken.length > 1) { @@ -273,6 +264,16 @@ public AuthenticationContext authenticate(RequestContext requestContext) throws } + private String getTokenHeader(ArrayList matchedResourceConfigs) { + for (ResourceConfig resourceConfig : matchedResourceConfigs) { + if (resourceConfig.getAuthenticationConfig() != null && + resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig() != null) { + return resourceConfig.getAuthenticationConfig().getJwtAuthenticationConfig().getHeader(); + } + } + return ""; + } + @Override public String getChallengeString() { @@ -291,11 +292,9 @@ public int getPriority() { return 10; } - private String retrieveAuthHeaderValue(RequestContext requestContext, - JWTAuthenticationConfig jwtAuthenticationConfig) { - + private String retrieveAuthHeaderValue(RequestContext requestContext, String header) { Map headers = requestContext.getHeaders(); - return headers.get(jwtAuthenticationConfig.getHeader()); + return headers.get(header); } /**