InternalTokenInterceptor.java

package com.sintia.ffl.admin.optique.api.interceptors;

import com.sintia.ffl.admin.optique.api.exceptions.BadInternalTokenException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Slf4j
@Component
public class InternalTokenInterceptor implements HandlerInterceptor {

	@Value("${app.internal-auth-token}")
	private String internalAuthToken;

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

		final String servletPath = request.getServletPath();

		if(servletPath.startsWith("/api")) {
			final String internalToken = request.getHeader("X-Internal-Token");
			if (internalToken == null || internalToken.isBlank() || !internalToken.equals(internalAuthToken)) {
				throw new BadInternalTokenException("Le token d'authentification interne est absent ou invalide");
			}
		}

		return HandlerInterceptor.super.preHandle(request, response, handler);
	}
}
Created with JaCoCo 0.8.6.202009150832