Package edu.uiuc.ncsa.security.servlet

Class HeaderUtils

  • public class HeaderUtils
extends Object

    Created by Jeff Gaynor
    on 8/16/22 at 5:12 PM

    • Constructor Detail

      • HeaderUtils

        public HeaderUtils()

    • Method Detail

      • getAuthHeader

        public static List<String> getAuthHeader​(javax.servlet.http.HttpServletRequest request,
                                         String type)
        This gets the tokens from the authorization header. There are several types and it is possible to have several values passed in, so this returns an array of string rather than a single value. A downside with passing along several values this way is there is no way to disambiguate them, e.g. a client id from a client secret. If there is no authorization header or there are no tokens of the stated type, the returned value is an empty list.
        Parameters:
        request -
        type - The type of token, e.g. "Bearer" or "Basic"
        Returns:

      • hasBasicHeader

        public static boolean hasBasicHeader​(javax.servlet.http.HttpServletRequest request)

      • hasBearerHeader

        public static boolean hasBearerHeader​(javax.servlet.http.HttpServletRequest request)

      • getBasicHeader

        public static String getBasicHeader​(javax.servlet.http.HttpServletRequest request)
        This is the header itself that is base 64 encoded. To get the parsed header, use getCredentialsFromHeaders(HttpServletRequest)
        Parameters:
        request -
        Returns:

      • getBearerAuthHeader

        public static String getBearerAuthHeader​(javax.servlet.http.HttpServletRequest request)

      • throwException

        protected static void throwException​(String message)

      • headerToJSON

        public static net.sf.json.JSONObject headerToJSON​(javax.servlet.http.HttpServletRequest httpServletRequest)

      • headerToJSON

        public static net.sf.json.JSONObject headerToJSON​(javax.servlet.http.HttpServletRequest httpServletRequest,
                                                  List<String> filter)
        Takes the request and converts it to JSON, normalizing the header names to lower case. Any name on the filter list is omitted. Note that the filter names are assumed to be lower case. This puts single values as strings and aggregates as arrays of strings. Used in OA4MP!
        Parameters:
        httpServletRequest -
        filter -
        Returns:

      • getFirstParameterValue

        public static String getFirstParameterValue​(javax.servlet.http.HttpServletRequest request,
                                            String key)
        Gets the first parameter value for the given key
        Parameters:
        request -
        key -
        Returns:

      • getFirstParameters

        public static Map<String,​String> getFirstParameters​(javax.servlet.http.HttpServletRequest req)
        Utility to extract all of the parameters from a request. Since the parameters are all string arrays, this takes a little finagling. Generally we do not support multiple values for parameters, so taking the first is reasonable.
        Parameters:
        req -
        Returns:

      • getParameters

        public static List<String> getParameters​(javax.servlet.http.HttpServletRequest req,
                                         String key,
                                         String delimiter)
        This will get all the parameters for a given key. It is possible that there are delimiters for these, and it the supplied delimiter is not null, these will be further split. E.g. 
             scope=openid&scope=profile&scope=org.oa4mp%3Auserinfo%20read%3A%2Fpublic%2Fbob&...
        Then invoking this with a delimiter of " " (a blank) yields the scope list of 
             [openid,profile,org.oa4mp:userinfo,read:/public/bob]
        Note that this returns faithfully what was passed, so if a value is repeated, that is returned too.
        Parameters:
        req -
        key -
        delimiter -
        Returns:

      • echoRequest

        public static void echoRequest​(org.apache.http.client.methods.HttpRequestBase httpRequestBase)
                        throws IOException
        Debug: Echo the request to standard out. This is a very low level debugging utility.
        Parameters:
        httpRequestBase -
        Throws:
        IOException

      • echoErrorResponse

        public static void echoErrorResponse​(Throwable t)
        Debug: If the response was an error, echo it
        Parameters:
        t -

      • echoResponse

        public static String echoResponse​(org.apache.http.HttpEntity entity,
                                  org.apache.http.StatusLine statusLine)
                           throws IOException
        Debug: echo the response. This means reading the stream, so return the content if any. If there is HttpStatus.SC_NO_CONTENT,return the empty string.
        Parameters:
        entity - - may be null
        statusLine - - must not be null
        Returns:
        Throws:
        IOException