[DEV] select Bearer to be more standard

src/org/kar/archidata/catcher/JacksonCatcher.java

@@ -11,7 +11,7 @@ import jakarta.ws.rs.ext.ExceptionMapper;
 
 public class JacksonCatcher implements ExceptionMapper<JsonProcessingException> {
 	private static final Logger LOGGER = LoggerFactory.getLogger(JacksonCatcher.class);
-
+	
 	@Override
 	public Response toResponse(final JsonProcessingException exception) {
 		LOGGER.warn("Catch exception Input data parsing:");
@@ -20,9 +20,9 @@ public class JacksonCatcher implements ExceptionMapper<JsonProcessingException>
 		exception.printStackTrace();
 		return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(ret).type(MediaType.APPLICATION_JSON).build();
 	}
-
+	
 	private RestErrorResponse build(final Exception exception) {
-		return new RestErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Catch Unknown Exception", exception.getMessage());
+		return new RestErrorResponse(Response.Status.INTERNAL_SERVER_ERROR, "Catch JSON Exception", exception.getMessage());
 	}
-
+	
 }

src/org/kar/archidata/filter/AuthenticationFilter.java

@@ -43,8 +43,8 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 	private ResourceInfo resourceInfo;
 	protected final String applicationName;
 
-	private static final String AUTHENTICATION_SCHEME = "Yota";
+	private static final String AUTHENTICATION_SCHEME = "Bearer";
-	private static final String AUTHENTICATION_TOKEN_SCHEME = "Zota";
+	private static final String APIKEY = "ApiKey";
 
 	public AuthenticationFilter(final String applicationName) {
 		this.applicationName = applicationName;
@@ -58,10 +58,10 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		// Access denied for all
 		if (method.isAnnotationPresent(DenyAll.class)) {
 			LOGGER.debug("   ==> deny all {}", requestContext.getUriInfo().getPath());
-			requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Access blocked !!!").build());
+			abortWithForbidden(requestContext, "Access blocked !!!");
 			return;
 		}
-
+		
 		// Access allowed for all
 		if (method.isAnnotationPresent(PermitAll.class)) {
 			// logger.debug(" ==> permit all " + requestContext.getUriInfo().getPath());
@@ -71,28 +71,28 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		// this is a security guard, all the API must define their access level:
 		if (!method.isAnnotationPresent(RolesAllowed.class)) {
 			LOGGER.error("   ==> missing @RolesAllowed {}", requestContext.getUriInfo().getPath());
-			requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Access ILLEGAL !!!").build());
+			abortWithForbidden(requestContext, "Access ILLEGAL !!!");
 			return;
 		}
-
+		
 		// Get the Authorization header from the request
 		String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
+		String apikeyHeader = requestContext.getHeaderString(APIKEY);
 		// logger.debug("authorizationHeader: {}", authorizationHeader);
-		if (authorizationHeader == null && method.isAnnotationPresent(PermitTokenInURI.class)) {
+		if (authorizationHeader == null && apikeyHeader == null && method.isAnnotationPresent(PermitTokenInURI.class)) {
 			final MultivaluedMap<String, String> quaryparam = requestContext.getUriInfo().getQueryParameters();
 			for (final Entry<String, List<String>> item : quaryparam.entrySet()) {
-				if (item.getKey().equals(HttpHeaders.AUTHORIZATION)) {
+				if ((authorizationHeader == null && HttpHeaders.AUTHORIZATION.equals(item.getKey())) && !item.getValue().isEmpty()) {
-					if (!item.getValue().isEmpty()) {
+					authorizationHeader = item.getValue().get(0);
-						authorizationHeader = item.getValue().get(0);
+				}
-					}
+				if ((apikeyHeader == null && APIKEY.equals(item.getKey())) && !item.getValue().isEmpty()) {
-					break;
+					apikeyHeader = item.getValue().get(0);
 				}
 			}
 		}
 		// logger.debug("authorizationHeader: {}", authorizationHeader);
-		final boolean isApplicationToken = isApplicationTokenBasedAuthentication(authorizationHeader);
+		final boolean isApplicationToken = apikeyHeader != null;
 		final boolean isJwtToken = isTokenBasedAuthentication(authorizationHeader);
-		// Validate the Authorization header data Model "Yota jwt.to.ken" "Zota tokenId:hash(token)"
 		if (!isApplicationToken && !isJwtToken) {
 			LOGGER.warn("REJECTED unauthorized: {}", requestContext.getUriInfo().getPath());
 			abortWithUnauthorized(requestContext, "REJECTED unauthorized: " + requestContext.getUriInfo().getPath());
@@ -100,7 +100,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		}
 		UserByToken userByToken = null;
 		if (isJwtToken) {
-			// Extract the token from the Authorization header (Remove "Yota ")
+			// Extract the token from the Authorization header (Remove "Bearer ")
 			final String token = authorizationHeader.substring(AUTHENTICATION_SCHEME.length()).trim();
 			// logger.debug("token: {}", token);
 			try {
@@ -116,9 +116,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 				return;
 			}
 		} else {
-			// Extract the token from the Authorization header (Remove "Zota ")
+			final String token = apikeyHeader.trim();
-			final String token = authorizationHeader.substring(AUTHENTICATION_TOKEN_SCHEME.length()).trim();
-			// logger.debug("token: {}", token);
 			try {
 				userByToken = validateToken(token);
 			} catch (final Exception e) {
@@ -131,7 +129,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 				abortWithUnauthorized(requestContext, "get a NULL application ...");
 				return;
 			}
-
+			
 		}
 		// create the security context model:
 		final String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
@@ -163,14 +161,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 		// The authentication scheme comparison must be case-insensitive
 		return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " ");
 	}
-
+	
-	private boolean isApplicationTokenBasedAuthentication(final String authorizationHeader) {
-		// Check if the Authorization header is valid
-		// It must not be null and must be prefixed with "Bearer" plus a whitespace
-		// The authentication scheme comparison must be case-insensitive
-		return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_TOKEN_SCHEME.toLowerCase() + " ");
-	}
-
 	private void abortWithUnauthorized(final ContainerRequestContext requestContext, final String message) {
 
 		// Abort the filter chain with a 401 status code response
@@ -182,6 +173,12 @@ public class AuthenticationFilter implements ContainerRequestFilter {
 				.type(MediaType.APPLICATION_JSON).build());
 	}
 
+	private void abortWithForbidden(final ContainerRequestContext requestContext, final String message) {
+		final RestErrorResponse ret = new RestErrorResponse(Response.Status.FORBIDDEN, "FORBIDDEN", message);
+		LOGGER.error("Error UUID={}", ret.uuid);
+		requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, message).entity(ret).type(MediaType.APPLICATION_JSON).build());
+	}
+
 	protected UserByToken validateToken(final String authorization) throws Exception {
 		LOGGER.info("Must be Override by the application implmentation, otherwise it dose not work");
 		return null;

src/org/kar/archidata/filter/MySecurityContext.java

@@ -8,20 +8,20 @@ import jakarta.ws.rs.core.SecurityContext;
 
 // https://simplapi.wordpress.com/2015/09/19/jersey-jax-rs-securitycontext-in-action/
 class MySecurityContext implements SecurityContext {
-
+	
 	private final GenericContext contextPrincipale;
 	private final String sheme;
-
+	
 	public MySecurityContext(final UserByToken userByToken, final String sheme) {
 		this.contextPrincipale = new GenericContext(userByToken);
 		this.sheme = sheme;
 	}
-
+	
 	@Override
 	public Principal getUserPrincipal() {
 		return this.contextPrincipale;
 	}
-
+	
 	@Override
 	public boolean isUserInRole(final String role) {
 		if (this.contextPrincipale.userByToken != null) {
@@ -32,18 +32,18 @@ class MySecurityContext implements SecurityContext {
 		}
 		return false;
 	}
-
+	
 	@Override
 	public boolean isSecure() {
-		return this.sheme.equalsIgnoreCase("https");
+		return "https".equalsIgnoreCase(this.sheme);
 	}
-
+	
 	@Override
 	public String getAuthenticationScheme() {
 		if (this.contextPrincipale.userByToken != null) {
-			return "Zota";
+			return "Bearer";
 		}
 		return null;
 	}
-
+	
 }

src/org/kar/archidata/tools/RESTApi.java

@@ -40,7 +40,7 @@ public class RESTApi {
 		final HttpClient client = HttpClient.newHttpClient();
 		Builder requestBuilding = HttpRequest.newBuilder().version(Version.HTTP_1_1).uri(URI.create(this.baseUrl + urlOffset));
 		if (this.token != null) {
-			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Yota " + this.token);
+			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Bearer " + this.token);
 		}
 		final HttpRequest request = requestBuilding.GET().build();
 		final HttpResponse<String> httpResponse = client.send(request, HttpResponse.BodyHandlers.ofString());
@@ -111,7 +111,7 @@ public class RESTApi {
 		LOGGER.trace("call {}: {}", model, URI.create(this.baseUrl + urlOffset));
 		LOGGER.trace("DATA: {}", body);
 		if (this.token != null) {
-			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Yota " + this.token);
+			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Bearer " + this.token);
 		}
 		if (body == null) {
 			body = "";
@@ -143,7 +143,7 @@ public class RESTApi {
 		String body = null;
 		Builder requestBuilding = HttpRequest.newBuilder().version(Version.HTTP_1_1).uri(URI.create(this.baseUrl + urlOffset));
 		if (this.token != null) {
-			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Yota " + this.token);
+			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Bearer " + this.token);
 		}
 		if (data == null) {
 			body = "";
@@ -171,7 +171,7 @@ public class RESTApi {
 		final HttpClient client = HttpClient.newHttpClient();
 		Builder requestBuilding = HttpRequest.newBuilder().version(Version.HTTP_1_1).uri(URI.create(this.baseUrl + urlOffset));
 		if (this.token != null) {
-			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Yota " + this.token);
+			requestBuilding = requestBuilding.header(HttpHeaders.AUTHORIZATION, "Bearer " + this.token);
 		}
 		final HttpRequest request = requestBuilding.DELETE().build();
 		final HttpResponse<String> httpResponse = client.send(request, HttpResponse.BodyHandlers.ofString());