diff --git a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java index c41ee8a..6b6db9e 100644 --- a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java +++ b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/ApiAuthFilter.java @@ -170,7 +170,14 @@ public class ApiAuthFilter implements HttpAdapterFilter { String apiKeyName = PropManager.getInstance().getProperty("ApiConfig", "api.key.name", "x-api-key"); String apiKey = request.getHeader(apiKeyName); if(apiKey == null){ - throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Invalid or missing API key \""+apiKeyName+"\" in Http Header"); + // QueryString으로 전달된 access_token 파라미터 확인 + String apiKeyParamName = PropManager.getInstance().getProperty("ApiConfig", "api.key.param.name", "x-api-key"); + String queryApiKey = request.getParameter(apiKeyParamName); + if (StringUtils.isNotBlank(queryApiKey)) { + apiKey = queryApiKey.trim(); + } else { + throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Invalid or missing API key \""+apiKeyName+"\" in Http Header"); + } } prop.setProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID, apiKey); isPassScope = true; @@ -300,6 +307,12 @@ public class ApiAuthFilter implements HttpAdapterFilter { public static String extractBearerToken(HttpServletRequest request) throws JwtAuthException { String authorization = request.getHeader("Authorization"); if (StringUtils.isBlank(authorization)) { + // QueryString으로 전달된 access_token 파라미터 확인 + String tokenParamName = PropManager.getInstance().getProperty("ApiConfig", "token.param.name", "access_token"); + String queryToken = request.getParameter(tokenParamName); + if (StringUtils.isNotBlank(queryToken)) { + return queryToken.trim(); + } throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "No have header info: Authorization"); }