api key, token 추출 parameter 방식 추가

This commit is contained in:
curry772
2026-03-26 13:57:27 +09:00
parent 2b061bfab6
commit e0b3611a0a
@@ -170,7 +170,14 @@ public class ApiAuthFilter implements HttpAdapterFilter {
String apiKeyName = PropManager.getInstance().getProperty("ApiConfig", "api.key.name", "x-api-key");
String apiKey = request.getHeader(apiKeyName);
if(apiKey == null){
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Invalid or missing API key \""+apiKeyName+"\" in Http Header");
// QueryString으로 전달된 access_token 파라미터 확인
String apiKeyParamName = PropManager.getInstance().getProperty("ApiConfig", "api.key.param.name", "x-api-key");
String queryApiKey = request.getParameter(apiKeyParamName);
if (StringUtils.isNotBlank(queryApiKey)) {
apiKey = queryApiKey.trim();
} else {
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Invalid or missing API key \""+apiKeyName+"\" in Http Header");
}
}
prop.setProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID, apiKey);
isPassScope = true;
@@ -300,6 +307,12 @@ public class ApiAuthFilter implements HttpAdapterFilter {
public static String extractBearerToken(HttpServletRequest request) throws JwtAuthException {
String authorization = request.getHeader("Authorization");
if (StringUtils.isBlank(authorization)) {
// QueryString으로 전달된 access_token 파라미터 확인
String tokenParamName = PropManager.getInstance().getProperty("ApiConfig", "token.param.name", "access_token");
String queryToken = request.getParameter(tokenParamName);
if (StringUtils.isNotBlank(queryToken)) {
return queryToken.trim();
}
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "No have header info: Authorization");
}