KJB HMAC-SHA256 Filter 추가
This commit is contained in:
+11
-7
@@ -40,8 +40,12 @@ public class KjbHmacSha256VerifyFilter implements HttpAdapterFilter, HttpAdapter
|
||||
String xObpPartnercode = request.getHeader("x-obp-partnercode");
|
||||
String xObpSignatureUrl = request.getHeader("x-obp-signature-url");
|
||||
String xObpSignatureBody = request.getHeader("x-obp-signature-body");
|
||||
if (StringUtils.isBlank(xObpPartnercode) || StringUtils.isBlank(xObpSignatureUrl) || StringUtils.isBlank(xObpSignatureBody)) {
|
||||
throw new JwtAuthException(String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_UNKNOWN, "00"), "Can not find mandatory Http Header");
|
||||
if (StringUtils.isBlank(xObpPartnercode)
|
||||
|| StringUtils.isBlank(xObpSignatureUrl)
|
||||
|| StringUtils.isBlank(xObpSignatureBody)) {
|
||||
throw new JwtAuthException(
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Can not find mandatory Http Header");
|
||||
}
|
||||
|
||||
if (StringUtils.isNotBlank(prop.getProperty(INBOUND_QUERY_STRING))) {
|
||||
@@ -57,13 +61,13 @@ public class KjbHmacSha256VerifyFilter implements HttpAdapterFilter, HttpAdapter
|
||||
|
||||
if (!StringUtils.equals(xObpSignatureUrl, macUrl)) {
|
||||
throw new JwtAuthException(
|
||||
String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_UNKNOWN, "00"),
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Signature verifying failed : x-obp-signature-url");
|
||||
}
|
||||
|
||||
if (!StringUtils.equals(xObpSignatureBody, macBody)) {
|
||||
throw new JwtAuthException(
|
||||
String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_UNKNOWN, "00"),
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Signature verifying failed : x-obp-signature-body");
|
||||
}
|
||||
|
||||
@@ -73,7 +77,7 @@ public class KjbHmacSha256VerifyFilter implements HttpAdapterFilter, HttpAdapter
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
throw new JwtAuthException(
|
||||
String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_UNKNOWN, "00"),
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Signature verifying failed(unkown)");
|
||||
}
|
||||
|
||||
@@ -92,14 +96,14 @@ public class KjbHmacSha256VerifyFilter implements HttpAdapterFilter, HttpAdapter
|
||||
String clientId = assignClientId(prop, request);
|
||||
if (StringUtils.isBlank(clientId)) {
|
||||
throw new JwtAuthException(
|
||||
String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_UNKNOWN, "00"),
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Can not find clientId info");
|
||||
}
|
||||
|
||||
ClientVO client = (ClientVO) OAuth2Manager.getInstance().getClientDeatilsStore().get(clientId);
|
||||
if (client == null) {
|
||||
throw new JwtAuthException(
|
||||
String.format("%d%s%s", HttpStatus.UNAUTHORIZED.value(), SERVICE_CODE_UNKNOWN, "00"),
|
||||
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
|
||||
"Can not find client info");
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user