api key, token 추출 parameter 방식 추가
This commit is contained in:
@@ -170,7 +170,14 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
String apiKeyName = PropManager.getInstance().getProperty("ApiConfig", "api.key.name", "x-api-key");
|
||||
String apiKey = request.getHeader(apiKeyName);
|
||||
if(apiKey == null){
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Invalid or missing API key \""+apiKeyName+"\" in Http Header");
|
||||
// QueryString으로 전달된 access_token 파라미터 확인
|
||||
String apiKeyParamName = PropManager.getInstance().getProperty("ApiConfig", "api.key.param.name", "x-api-key");
|
||||
String queryApiKey = request.getParameter(apiKeyParamName);
|
||||
if (StringUtils.isNotBlank(queryApiKey)) {
|
||||
apiKey = queryApiKey.trim();
|
||||
} else {
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Invalid or missing API key \""+apiKeyName+"\" in Http Header");
|
||||
}
|
||||
}
|
||||
prop.setProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID, apiKey);
|
||||
isPassScope = true;
|
||||
@@ -300,6 +307,12 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
public static String extractBearerToken(HttpServletRequest request) throws JwtAuthException {
|
||||
String authorization = request.getHeader("Authorization");
|
||||
if (StringUtils.isBlank(authorization)) {
|
||||
// QueryString으로 전달된 access_token 파라미터 확인
|
||||
String tokenParamName = PropManager.getInstance().getProperty("ApiConfig", "token.param.name", "access_token");
|
||||
String queryToken = request.getParameter(tokenParamName);
|
||||
if (StringUtils.isNotBlank(queryToken)) {
|
||||
return queryToken.trim();
|
||||
}
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "No have header info: Authorization");
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user