jwttoken and user-agent validation (#73)

* jwttoken and user-agent validation

* added file

* null check

Author: ravishanigarapu

src/main/java/com/iemr/ecd/service/associate/BeneficiaryRegistrationServiceImpl.java

@@ -51,6 +51,7 @@
 import com.iemr.ecd.repo.call_conf_allocation.OutboundCallsRepo;
 import com.iemr.ecd.utils.advice.exception_handler.ECDException;
 import com.iemr.ecd.utils.mapper.CookieUtil;
+import com.iemr.ecd.utils.mapper.RestTemplateUtil;
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.transaction.Transactional;
@@ -106,17 +107,9 @@ public String beneficiaryRegistration(RequestBeneficiaryRegistrationDTO request,
 //				request.setEdd(getTimestampFromString(request.getEddStr()));
 
 			RestTemplate restTemplate = new RestTemplate();
-			HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-					.getRequest();
-			String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
-			MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
-			headers.add("Content-Type", MediaType.APPLICATION_JSON + ";charset=utf-8");
-			headers.add("AUTHORIZATION", Authorization);
-			headers.add("Cookie", "Jwttoken=" + jwtTokenFromCookie);
 			String json = objectMapper.writeValueAsString(request);
-
-			HttpEntity<Object> requestObj = new HttpEntity<Object>(json, headers);
-
+			HttpEntity<Object> requestObj = RestTemplateUtil.createRequestEntity(json, Authorization);
+			
 			ResponseEntity<String> response = restTemplate.exchange(registerBeneficiaryUrl, HttpMethod.POST, requestObj,
 					String.class);
 
@@ -184,14 +177,7 @@ public String updateBeneficiaryDetails(RequestBeneficiaryRegistrationDTO request
 			}
 
 			RestTemplate restTemplate = new RestTemplate();
-			HttpServletRequest requestHeader = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
-					.getRequest();
-			String jwtTokenFromCookie = cookieUtil.getJwtTokenFromCookie(requestHeader);
-			MultiValueMap<String, String> headers = new LinkedMultiValueMap<String, String>();
-			headers.add("Content-Type", MediaType.APPLICATION_JSON + ";charset=utf-8");
-			headers.add("AUTHORIZATION", Authorization);
-			headers.add("Cookie", "Jwttoken=" + jwtTokenFromCookie);
-			HttpEntity<Object> requestObj = new HttpEntity<Object>(request, headers);
+			HttpEntity<Object> requestObj = RestTemplateUtil.createRequestEntity(request, Authorization);
 			ResponseEntity<String> response = restTemplate.exchange(beneficiaryEditUrl, HttpMethod.POST, requestObj,
 					String.class);
 

src/main/java/com/iemr/ecd/utils/http_request_interceptor/AuthorizationHeaderRequestWrapper.java

@@ -0,0 +1,42 @@
+package com.iemr.ecd.utils.http_request_interceptor;
+
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
+public class AuthorizationHeaderRequestWrapper extends HttpServletRequestWrapper{
+	private final String Authorization;
+
+    public AuthorizationHeaderRequestWrapper(HttpServletRequest request, String authHeaderValue) {
+        super(request);
+        this.Authorization = authHeaderValue;
+    }
+
+    @Override
+    public String getHeader(String name) {
+        if ("Authorization".equalsIgnoreCase(name)) {
+            return Authorization;
+        }
+        return super.getHeader(name);
+    }
+
+    @Override
+    public Enumeration<String> getHeaders(String name) {
+        if ("Authorization".equalsIgnoreCase(name)) {
+            return Collections.enumeration(Collections.singletonList(Authorization));
+        }
+        return super.getHeaders(name);
+    }
+
+    @Override
+    public Enumeration<String> getHeaderNames() {
+        List<String> names = Collections.list(super.getHeaderNames());
+        if (!names.contains("Authorization")) {
+            names.add("Authorization");
+        }
+        return Collections.enumeration(names);
+    }
+}

src/main/java/com/iemr/ecd/utils/http_request_interceptor/HttpInterceptor.java

@@ -57,6 +57,10 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
 			authorization=preAuth.replace("Bearer ", "");
 		else
 			authorization = preAuth;
+		if (authorization == null || authorization.isEmpty()) {
+	        logger.info("Authorization header is null or empty. Skipping HTTPRequestInterceptor.");
+	        return true; // Allow the request to proceed without validation
+	    }
 		if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
 			try {
 				String[] requestURIParts = request.getRequestURI().split("/");

src/main/java/com/iemr/ecd/utils/mapper/CookieUtil.java

@@ -24,8 +24,15 @@ public Optional<String> getCookieValue(HttpServletRequest request, String cookie
 		return Optional.empty();
 	}
 
-	public String getJwtTokenFromCookie(HttpServletRequest request) {
-		return Arrays.stream(request.getCookies()).filter(cookie -> "Jwttoken".equals(cookie.getName()))
-				.map(Cookie::getValue).findFirst().orElse(null);
+	public static String getJwtTokenFromCookie(HttpServletRequest request) {
+		Cookie[] cookies = request.getCookies();
+	    if (cookies == null) {
+	        return null; // No cookies present, return null safely
+	    }
+	    return Arrays.stream(cookies)
+	                 .filter(cookie -> "Jwttoken".equals(cookie.getName()))
+	                 .map(Cookie::getValue)
+	                 .findFirst()
+	                 .orElse(null);
 	}
 }

src/main/java/com/iemr/ecd/utils/mapper/JwtUserIdValidationFilter.java

@@ -6,6 +6,8 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 
+import com.iemr.ecd.utils.http_request_interceptor.AuthorizationHeaderRequestWrapper;
+
 import jakarta.servlet.Filter;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@@ -72,29 +74,36 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 			if (jwtFromCookie != null) {
 				logger.info("Validating JWT token from cookie");
 				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromCookie)) {
-					filterChain.doFilter(servletRequest, servletResponse);
+					AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(
+							request, "");
+					filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse);
 					return;
 				}
-			}
-
-			if (jwtFromHeader != null) {
+			} else if (jwtFromHeader != null) {
 				logger.info("Validating JWT token from header");
 				if (jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtFromHeader)) {
-					filterChain.doFilter(servletRequest, servletResponse);
+					AuthorizationHeaderRequestWrapper authorizationHeaderRequestWrapper = new AuthorizationHeaderRequestWrapper(
+							request, "");
+					filterChain.doFilter(authorizationHeaderRequestWrapper, servletResponse);
+					return;
+				}
+			} else {
+				String userAgent = request.getHeader("User-Agent");
+				logger.info("User-Agent: " + userAgent);
+				if (userAgent != null && isMobileClient(userAgent) && authHeader != null) {
+					try {
+						UserAgentContext.setUserAgent(userAgent);
+						filterChain.doFilter(servletRequest, servletResponse);
+					} finally {
+						UserAgentContext.clear();
+					}
 					return;
 				}
-			}
-			String userAgent = request.getHeader("User-Agent");
-			logger.info("User-Agent: " + userAgent);
-
-			if (userAgent != null && isMobileClient(userAgent) && authHeader != null) {
-				filterChain.doFilter(servletRequest, servletResponse);
-				return;
 			}
 
 			logger.warn("No valid authentication token found");
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized: Invalid or missing token");
-
+		
 		} catch (Exception e) {
 			logger.error("Authorization error: ", e);
 			response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());

src/main/java/com/iemr/ecd/utils/mapper/RestTemplateUtil.java

@@ -0,0 +1,50 @@
+package com.iemr.ecd.utils.mapper;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+public class RestTemplateUtil {
+	private final static Logger logger = LoggerFactory.getLogger(RestTemplateUtil.class);
+	
+	public static HttpEntity<Object> createRequestEntity(Object body, String authorization) {
+        
+		ServletRequestAttributes servletRequestAttributes = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes());
+		if (servletRequestAttributes == null) {
+			MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
+			headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8");
+			headers.add(HttpHeaders.AUTHORIZATION, authorization);
+			return new HttpEntity<>(body, headers);
+		}
+		HttpServletRequest requestHeader = servletRequestAttributes.getRequest();
+        String jwtTokenFromCookie = null;
+		try {
+			jwtTokenFromCookie = CookieUtil.getJwtTokenFromCookie(requestHeader);
+			
+		} catch (Exception e) {
+			logger.error("Error while getting jwtToken from Cookie" + e.getMessage() );
+		}
+
+        MultiValueMap<String, String> headers = new LinkedMultiValueMap<>();
+        headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8");
+        if(null != UserAgentContext.getUserAgent()) {
+        	headers.add(HttpHeaders.USER_AGENT, UserAgentContext.getUserAgent());
+        }
+        headers.add(HttpHeaders.AUTHORIZATION, authorization);
+        headers.add("JwtToken",requestHeader.getHeader("JwtToken"));
+        if(null != jwtTokenFromCookie) {
+        	headers.add(HttpHeaders.COOKIE, "Jwttoken=" + jwtTokenFromCookie);
+        }
+
+        return new HttpEntity<>(body, headers);
+    }
+
+}

src/main/java/com/iemr/ecd/utils/mapper/UserAgentContext.java

@@ -0,0 +1,19 @@
+package com.iemr.ecd.utils.mapper;
+
+public class UserAgentContext {
+	private static final ThreadLocal<String> userAgentHolder = new ThreadLocal<>();
+
+    public static void setUserAgent(String userAgent) {
+        userAgentHolder.set(userAgent);
+    }
+
+    public static String getUserAgent() {
+        return userAgentHolder.get();
+    }
+
+    public static void clear() {
+        userAgentHolder.remove();
+    }
+
+}
+