Changes to gateway for unauthorized requests

82fb066b · Darshan M N · 26c6dba9 · 82fb066b · 82fb066b · 82fb066b
Commit 82fb066b authored 3 years ago by Darshan M N
Hide whitespace changes
Inline Side-by-side

Showing

with 193 additions and 22 deletions
+193 -22
--- a/src/main/java/org/tarento/retail/exceptions/zuulExceptions/CustomException.java
+++ b/src/main/java/org/tarento/retail/exceptions/zuulExceptions/CustomException.java
+package org.tarento.retail.exceptions.zuulExceptions;
+
+import com.netflix.zuul.exception.ZuulException;
+
+public class CustomException extends ZuulException {
+    public CustomException(Throwable throwable, String sMessage, int nStatusCode, String errorCause) {
+        super(throwable, sMessage, nStatusCode, errorCause);
+    }
+
+    public CustomException(String sMessage, int nStatusCode, String errorCause) {
+        super(sMessage, nStatusCode, errorCause);
+    }
+
+    public CustomException(Throwable throwable, int nStatusCode, String errorCause) {
+        super(throwable, nStatusCode, errorCause);
+    }
+}
--- a/src/main/java/org/tarento/retail/filters/pre/RbacFilter.java
+++ b/src/main/java/org/tarento/retail/filters/pre/RbacFilter.java
 package org.tarento.retail.filters.pre;

-import com.netflix.zuul.ZuulFilter;
-import com.netflix.zuul.context.RequestContext;
+import static org.tarento.retail.constants.RequestContextConstants.ERROR_CODE_KEY;
+import static org.tarento.retail.constants.RequestContextConstants.ERROR_MESSAGE_KEY;
+import static org.tarento.retail.constants.RequestContextConstants.RBAC_BOOLEAN_FLAG_NAME;
+import static org.tarento.retail.constants.RequestContextConstants.USER_INFO_KEY;

-import static org.tarento.retail.constants.RequestContextConstants.*;
+import java.util.List;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -11,6 +13,10 @@ import org.springframework.http.HttpStatus;
 import org.tarento.retail.contract.Action;
 import org.tarento.retail.contract.User;
 import org.tarento.retail.exceptions.zuulExceptions.RbacException;
+import org.tarento.retail.util.ExceptionUtils;
+
+import com.netflix.zuul.ZuulFilter;
+import com.netflix.zuul.context.RequestContext;

 /**
 *  5th pre filter to get executed.
@@ -37,29 +43,29 @@ public class RbacFilter extends ZuulFilter{
    }

    @Override
-    public Object run() {
-        RequestContext ctx = RequestContext.getCurrentContext();
-        try { 
-        	final boolean isIncomingURIInAuthorizedActionList = isIncomingURIInAuthorizedActionList(ctx);
-        	if(isIncomingURIInAuthorizedActionList) {
-        		ctx.set("RbacAvailable",Boolean.TRUE);
-        		return null;
-        	}
-        	else { 
-        		ctx.set("RbacAvailable",Boolean.FALSE);
-        	}
-        } catch (Exception e) { 
-        	logger.error("Failed : " +e) ;
-        	abortWithStatus(ctx,HttpStatus.FORBIDDEN, FORBIDDEN_MESSAGE);
-            throw e;
-        }
-        return null;
-    }
+	public Object run() {
+		RequestContext ctx = RequestContext.getCurrentContext();
+
+		final boolean isIncomingURIInAuthorizedActionList = isIncomingURIInAuthorizedActionList(ctx);
+		if (isIncomingURIInAuthorizedActionList) {
+			ctx.set("RbacAvailable", Boolean.TRUE);
+			return null;
+		} else {
+			ctx.set("RbacAvailable", Boolean.FALSE);
+			ExceptionUtils.raiseCustomException(HttpStatus.FORBIDDEN, FORBIDDEN_MESSAGE);
+		}
+
+		return null;
+	}

    private boolean isIncomingURIInAuthorizedActionList(RequestContext ctx) {
        String requestUri = ctx.getRequest().getRequestURI();
        User user = (User) ctx.get(USER_INFO_KEY);
-        return user.getActions().stream()
+        if (user == null) {
+            ExceptionUtils.raiseCustomException(HttpStatus.UNAUTHORIZED, "User information not found. Can't execute RBAC filter");
+        }
+        List<Action> actions = user.getActions();
+        return actions.stream()
                .anyMatch(action -> isActionMatchingIncomingURI(requestUri, action));
    }

@@ -77,4 +83,13 @@ public class RbacFilter extends ZuulFilter{
        ctx.set("error.exception", new RbacException("Role does not have access to this URL"));
        ctx.setSendZuulResponse(false);
    }
+    
+    private void abortWithStatus(int status, String message, Exception ex) {
+        RequestContext ctx = RequestContext.getCurrentContext();
+        ctx.set(ERROR_CODE_KEY, status);
+        ctx.set(ERROR_MESSAGE_KEY, message);
+        ctx.set("error.exception", ex);
+        ctx.set(RBAC_BOOLEAN_FLAG_NAME, Boolean.FALSE); 
+        ctx.setSendZuulResponse(false);
+    }
 }
--- a/src/main/java/org/tarento/retail/util/ExceptionUtils.java
+++ b/src/main/java/org/tarento/retail/util/ExceptionUtils.java
+package org.tarento.retail.util;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+
+import org.apache.commons.io.IOUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.client.HttpClientErrorException;
+import org.tarento.retail.exceptions.zuulExceptions.CustomException;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.netflix.zuul.context.RequestContext;
+import com.netflix.zuul.exception.ZuulException;
+
+public class ExceptionUtils {
+    private static final Logger logger = LoggerFactory.getLogger(ExceptionUtils.class);
+
+    private static String getObjectJSONString(Object obj) throws JsonProcessingException {
+        return new ObjectMapper().writeValueAsString(obj);
+    }
+
+    private static HashMap<String, Object> getErrorInfoObject(String code, String message, String description) {
+        String errorTemplate = "{\n" +
+            "    \"ResponseInfo\": null,\n" +
+            "    \"Errors\": [\n" +
+            "        {\n" +
+            "            \"code\": \"Exception\",\n" +
+            "            \"message\": null,\n" +
+            "            \"description\": null,\n" +
+            "            \"params\": null\n" +
+            "        }\n" +
+            "    ]\n" +
+            "}";
+        ObjectMapper objectMapper = new ObjectMapper();
+        try {
+            HashMap<String, Object> errorInfo = objectMapper.readValue(errorTemplate, new TypeReference<HashMap<String, Object>>() {
+            });
+            HashMap<String, Object> error = (HashMap<String, Object>) ((List<Object>) errorInfo.get("Errors")).get(0);
+            error.put("code", code);
+            error.put("message", message);
+            error.put("description", description);
+            return errorInfo;
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+        return null;
+    }
+
+    public static void setCustomException(HttpStatus status, String message)  {
+        try {
+            _setExceptionBody(status, getErrorInfoObject("CustomException", message, message));
+        } catch (JsonProcessingException e) {
+            e.printStackTrace();
+        }
+    }
+
+    private static void _setExceptionBody(HttpStatus status, Object body) throws JsonProcessingException {
+        _setExceptionBody(status, getObjectJSONString(body));
+    }
+
+    private static void _setExceptionBody(HttpStatus status, String body) {
+        RequestContext ctx = RequestContext.getCurrentContext();
+
+        ctx.setSendZuulResponse(false);
+        ctx.setResponseStatusCode(status.value());
+        ctx.getResponse().setContentType("application/json");
+        if (body == null)
+            body = "{}";
+        ctx.setResponseBody(body);
+        ctx.remove("error.status_code");
+    }
+
+    public static void RaiseException(Throwable ex) {
+        throw new RuntimeException(ex);
+    }
+
+    public static void raiseCustomException(HttpStatus status, String message) {
+        throw new RuntimeException(new CustomException(message, status.value(), "CustomException"));
+    }
+
+    public static void raiseErrorFilterException( RequestContext ctx) {
+//        RequestContext ctx = RequestContext.getCurrentContext();
+        Throwable e = ctx.getThrowable() == null ? (Throwable)ctx.get("error.exception") : ctx.getThrowable();
+
+        try {
+            if (e == null) {
+                if (ctx.getResponseStatusCode() == HttpStatus.NOT_FOUND.value()) {
+                    _setExceptionBody(HttpStatus.NOT_FOUND, getErrorInfoObject("ResourceNotFoundException",
+                        "The resource - " + ctx.getRequest().getRequestURI() + " not found", null));
+                } else if (ctx.getResponseStatusCode() == HttpStatus.BAD_REQUEST.value()) {
+                    String existingResponse = ctx.getResponseBody();
+                    if (existingResponse == null)
+                    {
+                        existingResponse = IOUtils.toString(ctx.getResponseDataStream());
+                        ctx.setResponseBody(existingResponse);
+                    }
+                    if (existingResponse != null && existingResponse.contains("InvalidAccessTokenException"))
+                        _setExceptionBody(HttpStatus.UNAUTHORIZED, existingResponse);
+                }
+                return;
+            }
+
+            while ((e instanceof ZuulException || e.getClass().equals(RuntimeException.class)) && e.getCause() != null)
+                e = e.getCause();
+
+            String exceptionName = e.getClass().getSimpleName();
+            String exceptionMessage = ((Throwable) e).getMessage();
+
+            if (exceptionName.equalsIgnoreCase("HttpHostConnectException") ||
+                exceptionName.equalsIgnoreCase("ResourceAccessException")) {
+                _setExceptionBody(HttpStatus.BAD_GATEWAY, getErrorInfoObject(exceptionName, "The backend service is unreachable", null));
+            } else if (exceptionName.equalsIgnoreCase("NullPointerException")) {
+                e.printStackTrace();
+                _setExceptionBody(HttpStatus.INTERNAL_SERVER_ERROR, getErrorInfoObject(exceptionName, exceptionMessage, exceptionMessage));
+            } else if (exceptionName.equalsIgnoreCase("HttpClientErrorException")) {
+                String existingResponse = ((HttpClientErrorException) e).getResponseBodyAsString();
+                if (existingResponse.contains("InvalidAccessTokenException"))
+                    _setExceptionBody(HttpStatus.UNAUTHORIZED, existingResponse);
+                else
+                    _setExceptionBody(((HttpClientErrorException) e).getStatusCode(), existingResponse);
+            } else if (exceptionName.equalsIgnoreCase("InvalidAccessTokenException")) {
+                _setExceptionBody(HttpStatus.UNAUTHORIZED, getErrorInfoObject(exceptionName, exceptionMessage, exceptionMessage));
+            } else if (exceptionName.equalsIgnoreCase("CustomException")) {
+                CustomException ce = (CustomException)e;
+                _setExceptionBody(HttpStatus.valueOf(ce.nStatusCode), getErrorInfoObject(exceptionName, exceptionMessage, exceptionMessage));
+            } else {
+                _setExceptionBody(HttpStatus.INTERNAL_SERVER_ERROR, getErrorInfoObject(exceptionName, exceptionMessage, exceptionMessage));
+            }
+        } catch (Exception e1) {
+            e1.printStackTrace();
+        }
+    }
+}