swaggerapi/src/main/java/com/roamsys/swagger/SwaggerAPIAuthorizationHandler.java at b2e5c9dd908db69bcdc6e16d490cbbea4a75faac · ROAMSYS/swaggerapi · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package com.roamsys.swagger;

import java.io.IOException;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

/**
 * Interface for authentication handler.
 *
 * @author mbartel
 */
public interface SwaggerAPIAuthorizationHandler {

    /**
     * Handles a Swagger API authentication request.
     *
     * @param request the request
     * @param response the response
     * @return true, if the request is authorized
     * @throws ServletException
     * @throws IOException
     */
    boolean isRequestAuthorized(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException;

    /**
     * Default implementation for resolving API key from request.
     * The following strategy is used:
     * <ol>
     * <li>Check for URL parameter <code>api_key</code></li>
     * <li>Check for header field <code>X-Api-Key</code></li>
     * </ol>
     *
     * @param request the request
     * @return the resolved API key or <code>null</code>
     */
    default String resolveApiKey(final HttpServletRequest request) {
        final String requestAPIKeyParameter = request.getParameter("api_key");
        if (requestAPIKeyParameter == null) {
            return request.getHeader("x-api-key");
         } else {
            return requestAPIKeyParameter;
        }
    }
}