public void doFilter()

in gateway-provider-security-authc-remote/src/main/java/org/apache/knox/gateway/filter/RemoteAuthFilter.java [217:275]

• 49 lines of code
• 8 McCabe index (conditional complexity)

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    HttpServletResponse httpResponse = (HttpServletResponse) response;

    String cacheKey = httpRequest.getHeader(cacheKeyHeader);
    Subject cachedSubject = authenticationCache.getIfPresent(hashCacheKey(cacheKey));

    if (cachedSubject != null) {
      continueWithEstablishedSecurityContext(cachedSubject, httpRequest, httpResponse, filterChain);
      return;
    }

    try {
      HttpURLConnection connection = getHttpURLConnection();
      for (String header : includeHeaders) {
        String headerValue = httpRequest.getHeader(header);
        if (headerValue != null) {
          connection.addRequestProperty(header, headerValue);
        }
      }

      // Add trace ID to the outgoing request if it exists to correlate logs
      String traceId = ThreadContext.get(TRACE_ID);
      if (traceId != null) {
        connection.addRequestProperty(REQUEST_ID_HEADER_NAME, ThreadContext.get(TRACE_ID));
      }

      int responseCode = connection.getResponseCode();
      if (responseCode == HttpURLConnection.HTTP_OK) {
        String principalName = connection.getHeaderField(userHeader);
        Subject subject = new Subject();
        subject.getPrincipals().add(new PrimaryPrincipal(principalName));

        addGroupPrincipals(subject, connection);

        authenticationCache.put(hashCacheKey(cacheKey), subject);

        AuditContext context = auditService.getContext();
        if (context != null) {
          context.setUsername( principalName );
          auditService.attachContext(context);
          String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
          auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI,
                  ActionOutcome.SUCCESS, "Groups: " + Arrays.toString(subject.getPrincipals(GroupPrincipal.class)
                          .stream()
                          .map(GroupPrincipal::getName)
                          .toArray(String[]::new)));
        }

        continueWithEstablishedSecurityContext(subject, httpRequest, httpResponse, filterChain);
      } else {
        LOGGER.failedToAuthenticateToRemoteAuthServer();
        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication failed");
      }
    } catch (Exception e) {
      LOGGER.errorReceivedWhileAuthenticatingRequest(e);
      httpResponse.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Error processing authentication request");
    }
  }