Package de.adorsys.opba.api.security.internal.filter

Class RequestSignatureValidationFilter

java.lang.Object

de.adorsys.opba.api.security.internal.filter.RequestSignatureValidationFilter

All Implemented Interfaces:

javax.servlet.Filter

public class RequestSignatureValidationFilter
extends Object
implements javax.servlet.Filter

This class validates 'X-Request-Signature' header of the incoming request from fintech. The signature verification happens: all required fields(headers/query params) must be present and request timestamp should be within the range of security.verification.request-validity-window property. The filter can be disabled by using 'no-signature-filter' spring active profile.

Constructor Summary

Constructors

Constructor	Description
RequestSignatureValidationFilter(RequestVerifyingService requestVerifyingService, Duration requestTimeLimit, ConcurrentMap<String,String> consumerKeysMap)

Method Summary

Modifier and Type	Method	Description
void	doFilter(javax.servlet.ServletRequest servletRequest, javax.servlet.ServletResponse servletResponse, javax.servlet.FilterChain filterChain)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.Filter

destroy, init

Constructor Detail

RequestSignatureValidationFilter

public RequestSignatureValidationFilter(RequestVerifyingService requestVerifyingService,
                                        Duration requestTimeLimit,
                                        ConcurrentMap<String,String> consumerKeysMap)

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest servletRequest,
                     javax.servlet.ServletResponse servletResponse,
                     javax.servlet.FilterChain filterChain)
              throws IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException