@Nonnull @Override public Request.Method getMethod() { return delegate.getMethod(); }
@Nonnull @Override public Method getMethod() { return delegate.getMethod(); }
@Nonnull @Override public Request.Method getMethod() { return delegate.getMethod(); }
@Nonnull private ValidationReport checkApiKeyAuthorizationByQueryParameter(final Request request, final SecurityScheme securityScheme) { final Optional<String> authQueryParam = request.getQueryParameterValues(securityScheme.getName()).stream().findFirst(); if (!authQueryParam.isPresent()) { return ValidationReport.singleton(messages.get(MISSING_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath())); } // API key query parameter found, additional checks can be placed here return empty(); }
@Nonnull private ValidationReport checkBasicAuthorization(final Request request, final SecurityScheme securityScheme) { if (!request.getHeaderValue(AUTHORIZATION).isPresent()) { return ValidationReport.singleton(messages.get(MISSING_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath())); } else if (!request.getHeaderValue(AUTHORIZATION).get().startsWith("Basic ")) { // Authorization HTTP header found but not a Basic authentication token return ValidationReport.singleton(messages.get(INVALID_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath())); } // HTTP basic authentication header found, additional checks can be placed here return empty(); }
/** * Validate the given request against the API. * <p> * See class docs for more information on the validation performed. * * @param request The request to validate (required) * * @return The outcome of the request validation */ @Nonnull public ValidationReport validateRequest(@Nonnull final Request request) { requireNonNull(request, "A request is required"); //CHECKSTYLE:OFF Indentation return validateOnApiOperation( request.getPath(), request.getMethod(), apiOperation -> requestValidator.validateRequest(request, apiOperation), (apiOperation, report) -> withWhitelistApplied(report, apiOperation, request, null)); //CHECKSTYLE:ON Indentation }
@Nonnull private ValidationReport checkApiKeyAuthorizationByHeader(final Request request, final SecurityScheme securityScheme) { if (!request.getHeaderValue(securityScheme.getName()).isPresent()) { return ValidationReport.singleton(messages.get(MISSING_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath())); } // API key header found, additional checks can be placed here return empty(); }
/** * Validate the given request/response against the API. * <p> * See class docs for more information on the validation performed. * * @param request The request to validate (required) * @param response The response to validate (required) * * @return The outcome of the validation */ @Nonnull public ValidationReport validate(@Nonnull final Request request, @Nonnull final Response response) { requireNonNull(request, "A request is required"); requireNonNull(response, "A response is required"); //CHECKSTYLE:OFF Indentation return validateOnApiOperation( request.getPath(), request.getMethod(), apiOperation -> requestValidator.validateRequest(request, apiOperation) .merge(responseValidator.validateResponse(response, apiOperation)), (apiOperation, report) -> withWhitelistApplied(report, apiOperation, request, response)); //CHECKSTYLE:ON Indentation }
return ValidationReport.singleton(messages.get(MISSING_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath()));
/** * Validate the request against the given API operation * * @param request The request to validate * @param apiOperation The operation to validate the request against * * @return A validation report containing validation errors */ @Nonnull public ValidationReport validateRequest(final Request request, final ApiOperation apiOperation) { requireNonNull(request, "A request is required"); requireNonNull(apiOperation, "An API operation is required"); final MessageContext context = MessageContext.create() .in(REQUEST) .withApiOperation(apiOperation) .withRequestPath(apiOperation.getRequestPath().original()) .withRequestMethod(request.getMethod()) .build(); return securityValidator.validateSecurity(request, apiOperation) .merge(validateContentType(request, apiOperation)) .merge(validateAccepts(request, apiOperation)) .merge(validateHeaders(request, apiOperation)) .merge(validatePathParameters(apiOperation)) .merge(requestBodyValidator.validateRequestBody(request, apiOperation.getOperation().getRequestBody())) .merge(validateQueryParameters(request, apiOperation)) .withAdditionalContext(context); }