diff --git a/para-server/src/main/java/com/erudika/para/server/rest/RestUtils.java b/para-server/src/main/java/com/erudika/para/server/rest/RestUtils.java index 202ef99f..f3149722 100644 --- a/para-server/src/main/java/com/erudika/para/server/rest/RestUtils.java +++ b/para-server/src/main/java/com/erudika/para/server/rest/RestUtils.java @@ -147,11 +147,11 @@ public static String extractDate(HttpServletRequest request) { * @return the resource path */ public static String extractResourcePath(HttpServletRequest request) { - if (request == null || request.getRequestURI().length() <= 3) { + if (request == null || request.getServletPath().length() <= 3) { return ""; } // get request path, strip first slash '/' - String uri = request.getRequestURI().substring(1); + String uri = request.getServletPath().substring(1); // skip to the end of API version prefix '/v1/' int start = uri.indexOf('/'); diff --git a/para-server/src/main/java/com/erudika/para/server/security/SecurityUtils.java b/para-server/src/main/java/com/erudika/para/server/security/SecurityUtils.java index b6dd62bd..10387b86 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/SecurityUtils.java +++ b/para-server/src/main/java/com/erudika/para/server/security/SecurityUtils.java @@ -415,7 +415,7 @@ public static boolean isValidSignature(HttpServletRequest incoming, String secre params.put(param.getKey(), param.getValue()[0]); } - String path = incoming.getRequestURI(); + String path = incoming.getRequestURI(); // DO NOT USE req.getServletPath() here! String endpoint = StringUtils.removeEndIgnoreCase(incoming.getRequestURL().toString(), path); String httpMethod = incoming.getMethod(); InputStream entity; @@ -483,9 +483,9 @@ public static String getAppidFromAuthRequest(HttpServletRequest request) { String appidFromState = request.getParameter("state"); String appidFromAppid = request.getParameter(Config._APPID); if (StringUtils.isBlank(appidFromState) && StringUtils.isBlank(appidFromAppid)) { - if (StringUtils.startsWith(request.getRequestURI(), SAMLAuthFilter.SAML_ACTION + "/")) { - return StringUtils.trimToNull(request.getRequestURI().substring(SAMLAuthFilter.SAML_ACTION.length() + 1)); - } else if (StringUtils.startsWith(request.getRequestURI(), "/" + PasswordlessAuthFilter.PASSWORDLESS_ACTION)) { + if (StringUtils.startsWith(request.getServletPath(), SAMLAuthFilter.SAML_ACTION + "/")) { + return StringUtils.trimToNull(request.getServletPath().substring(SAMLAuthFilter.SAML_ACTION.length() + 1)); + } else if (StringUtils.startsWith(request.getServletPath(), "/" + PasswordlessAuthFilter.PASSWORDLESS_ACTION)) { String token = request.getParameter("token"); // JWT JWTClaimsSet claims = null; try { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/AmazonAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/AmazonAuthFilter.java index f13a4395..907fa84b 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/AmazonAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/AmazonAuthFilter.java @@ -94,7 +94,7 @@ public AmazonAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(AMAZON_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/FacebookAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/FacebookAuthFilter.java index bd48fbac..a1a0e201 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/FacebookAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/FacebookAuthFilter.java @@ -90,7 +90,7 @@ public FacebookAuthFilter(String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(FACEBOOK_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/GenericOAuth2Filter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/GenericOAuth2Filter.java index 89be6fda..08f32995 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/GenericOAuth2Filter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/GenericOAuth2Filter.java @@ -105,7 +105,7 @@ public GenericOAuth2Filter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; boolean isSecond = requestURI.endsWith(OAUTH2_SECOND_ACTION); boolean isThird = requestURI.endsWith(OAUTH2_THIRD_ACTION); diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/GitHubAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/GitHubAuthFilter.java index 08a602b2..5b7cdaa5 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/GitHubAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/GitHubAuthFilter.java @@ -94,7 +94,7 @@ public GitHubAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(GITHUB_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/GoogleAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/GoogleAuthFilter.java index aad08ef8..0b736676 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/GoogleAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/GoogleAuthFilter.java @@ -92,7 +92,7 @@ public GoogleAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(GOOGLE_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/LdapAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/LdapAuthFilter.java index 4fb2a5f0..1fec9e84 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/LdapAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/LdapAuthFilter.java @@ -75,7 +75,7 @@ public LdapAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; String username = request.getParameter(Para.getConfig().ldapUsernameParameter()); String password = request.getParameter(Para.getConfig().ldapPasswordParameter()); diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/LinkedInAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/LinkedInAuthFilter.java index 090f8f10..5cf2e35b 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/LinkedInAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/LinkedInAuthFilter.java @@ -98,7 +98,7 @@ public LinkedInAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(LINKEDIN_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/MicrosoftAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/MicrosoftAuthFilter.java index a7881c32..48dcedf2 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/MicrosoftAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/MicrosoftAuthFilter.java @@ -95,7 +95,7 @@ public MicrosoftAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(MICROSOFT_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java index 0143edbc..5dbde23e 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordAuthFilter.java @@ -66,7 +66,7 @@ public PasswordAuthFilter(String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - String requestURI = request.getRequestURI(); + String requestURI = request.getServletPath(); UserAuthentication userAuth = null; User user = null; diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordlessAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordlessAuthFilter.java index c4f79f08..ff138db7 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordlessAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/PasswordlessAuthFilter.java @@ -72,7 +72,7 @@ public PasswordlessAuthFilter(String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - String requestURI = request.getRequestURI(); + String requestURI = request.getServletPath(); UserAuthentication userAuth = null; boolean redirect = !"false".equals(request.getParameter("redirect")); User user = null; diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLAuthFilter.java index 25bea77e..32a1e868 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLAuthFilter.java @@ -99,7 +99,7 @@ public SAMLAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; String appid; diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLMetadataFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLMetadataFilter.java index 9dfb25e4..daabf679 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLMetadataFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/SAMLMetadataFilter.java @@ -58,7 +58,7 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); String appid; if (requestURI.startsWith(SAML_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/SlackAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/SlackAuthFilter.java index d237aa70..c49a1b4d 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/SlackAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/SlackAuthFilter.java @@ -95,7 +95,7 @@ public SlackAuthFilter(final String defaultFilterProcessesUrl) { @SuppressWarnings("unchecked") public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(SLACK_ACTION)) { diff --git a/para-server/src/main/java/com/erudika/para/server/security/filters/TwitterAuthFilter.java b/para-server/src/main/java/com/erudika/para/server/security/filters/TwitterAuthFilter.java index 656ac634..1a5ccf17 100644 --- a/para-server/src/main/java/com/erudika/para/server/security/filters/TwitterAuthFilter.java +++ b/para-server/src/main/java/com/erudika/para/server/security/filters/TwitterAuthFilter.java @@ -97,7 +97,7 @@ public TwitterAuthFilter(final String defaultFilterProcessesUrl) { @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException { - final String requestURI = request.getRequestURI(); + final String requestURI = request.getServletPath(); UserAuthentication userAuth = null; if (requestURI.endsWith(TWITTER_ACTION)) { diff --git a/para-server/src/test/java/com/erudika/para/rest/RestUtilsTest.java b/para-server/src/test/java/com/erudika/para/rest/RestUtilsTest.java index 4f744dae..d7c4e0fe 100644 --- a/para-server/src/test/java/com/erudika/para/rest/RestUtilsTest.java +++ b/para-server/src/test/java/com/erudika/para/rest/RestUtilsTest.java @@ -188,27 +188,27 @@ public void testExtractAccessKey() { @Test public void testExtractResourcePath() { HttpServletRequest req = Mockito.mock(HttpServletRequest.class); - Mockito.when(req.getRequestURI()).thenReturn(""); + Mockito.when(req.getServletPath()).thenReturn(""); assertEquals(extractResourcePath(null), ""); assertEquals(extractResourcePath(req), ""); - Mockito.when(req.getRequestURI()).thenReturn("/v1"); + Mockito.when(req.getServletPath()).thenReturn("/v1"); assertEquals("", extractResourcePath(req)); - Mockito.when(req.getRequestURI()).thenReturn("/v1/"); + Mockito.when(req.getServletPath()).thenReturn("/v1/"); assertEquals("", extractResourcePath(req)); - Mockito.when(req.getRequestURI()).thenReturn("/v1/_"); + Mockito.when(req.getServletPath()).thenReturn("/v1/_"); assertEquals("_", extractResourcePath(req)); - Mockito.when(req.getRequestURI()).thenReturn("/v1/_test"); + Mockito.when(req.getServletPath()).thenReturn("/v1/_test"); assertEquals("_test", extractResourcePath(req)); - Mockito.when(req.getRequestURI()).thenReturn("/v1/_test/path/id"); + Mockito.when(req.getServletPath()).thenReturn("/v1/_test/path/id"); assertEquals("_test/path/id", extractResourcePath(req)); // new feature - specific resource paths - Mockito.when(req.getRequestURI()).thenReturn("/v2.0/posts/123"); + Mockito.when(req.getServletPath()).thenReturn("/v2.0/posts/123"); assertEquals("posts/123", extractResourcePath(req)); }