Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.iecisa.cem.rtve.omnia.server.services.controller.csm.access;
- import org.slf4j.Logger;
- import org.slf4j.LoggerFactory;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.http.HttpStatus;
- import org.springframework.http.ResponseEntity;
- import org.springframework.web.bind.annotation.PathVariable;
- import org.springframework.web.bind.annotation.RequestHeader;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RequestMethod;
- import org.springframework.web.bind.annotation.RestController;
- import com.iecisa.cem.rtve.omnia.server.business.service.ApiClientService;
- import com.iecisa.cem.rtve.omnia.server.services.core.controller.BaseRestController;
- import com.iecisa.cem.rtve.omnia.server.utils.exception.DatePatternException;
- /**
- * Controlador para comprobar el acceso a API
- *
- * @author Pablo Invernón
- *
- */
- @RestController
- @RequestMapping(value = "/csm/access")
- public class CheckApiAccessController extends BaseRestController {
- private final Logger logger = LoggerFactory.getLogger(CheckApiAccessController.class);
- private ApiClientService apiClientService;
- /**
- * Creación de una instancia del controlador fijando el servicio de negocio
- *
- * @param apiClientService
- * servicio de negocio de API
- */
- @Autowired
- public CheckApiAccessController(ApiClientService apiClientService) {
- this.apiClientService = apiClientService;
- }
- /**
- * Comprueba el acceso de un cliente a un api verificado con la firma en el
- * momento correspondiente indicada
- *
- * @param apiToken
- * identificador del cliente
- * @param apiId
- * identificador del API al que acceder
- * @param signature
- * firma verificadora
- * @param timestamp
- * momento de verificación
- * @return Si el cliente tiene acceso (HTTP 200 OK) o no (HTTP 403
- * FORBIDDEN) al API
- * @throws DatePatternException
- */
- @RequestMapping(value = "/{apiToken}/{apiId}/{signature}", method = { RequestMethod.HEAD }, headers = {
- "SupportTime" })
- public ResponseEntity<Void> checkAccess(@PathVariable("apiToken") String apiToken,
- @PathVariable("apiId") String apiId, @PathVariable("signature") String signature,
- @RequestHeader("SupportTime") String timestamp) throws DatePatternException {
- logger.info("Start --> checkAccess");
- logger.info(String.format("apiToken:%s apiId:%s signature:%s SupportTime:%s", apiToken, apiId, signature, timestamp));
- ResponseEntity<Void> responseEntity;
- if (apiClientService.checkAccess(apiToken, apiId, timestamp, signature)) {
- responseEntity = new ResponseEntity(HttpStatus.OK);
- } else {
- responseEntity = new ResponseEntity(HttpStatus.FORBIDDEN);
- }
- logger.info("End --> checkAccess: Status code: " + responseEntity.getStatusCode());
- return responseEntity;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement