Merge branch 'jenkins_with_weblogic' of ssh://git@192.168.240.178:18081/eapim/elink-online-common.git into jenkins_with_weblogic

This commit is contained in:
jaewohong
2026-01-09 15:47:22 +09:00
@@ -15,6 +15,7 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.apache.commons.lang3.StringUtils;
import com.eactive.eai.adapter.http.HttpMethodType;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport;
import com.eactive.eai.authserver.service.OAuth2Manager;
@@ -43,8 +44,7 @@ public class HmacSha256VerifyFilterKjb implements HttpAdapterFilter {
String xObpSignatureUrl = request.getHeader("x-obp-signature-url");
String xObpSignatureBody = request.getHeader("x-obp-signature-body");
if (StringUtils.isBlank(xObpPartnercode)
|| StringUtils.isBlank(xObpSignatureUrl)
|| StringUtils.isBlank(xObpSignatureBody)) {
|| StringUtils.isBlank(xObpSignatureUrl)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Can not find mandatory Http Header");
@@ -67,10 +67,19 @@ public class HmacSha256VerifyFilterKjb implements HttpAdapterFilter {
"Signature verifying failed : x-obp-signature-url");
}
if (!StringUtils.equals(xObpSignatureBody, macBody)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Signature verifying failed : x-obp-signature-body");
switch (HttpMethodType.getValue(request.getMethod())) {
case GET:
case DELETE:
break;
default:
if (StringUtils.isNotBlank(inboundBody) && !StringUtils.equals("{}", inboundBody)) {
if (!StringUtils.equals(xObpSignatureBody, macBody)) {
throw new JwtAuthException(
String.valueOf(HttpStatus.UNAUTHORIZED.value()),
"Signature verifying failed : x-obp-signature-body");
}
break;
}
}
} catch (JwtAuthException e) {