Merge pull request #3599 from mevan-karu/pat_impl_choreo

renuka-fernando · web-flow · commit 2208e9e2edd2 · 2024-10-04T14:31:32.000+05:30
Improve x-forwarded-authorization header setting logic
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/JWTAuthenticator.java
@@ -818,6 +818,7 @@ private String exchangeJWTForPAT(RequestContext requestContext, String pat) thro
             if (log.isDebugEnabled()) {
                 log.debug("Token retrieved from the cache. Token: " + FilterUtils.getMaskedToken(pat));
             }
+            setXForwardedAuthorizationHeader(requestContext, (String) cachedJWT);
             return (String) cachedJWT;
         }
         Optional<String> jwt = APIKeyUtils.exchangePATToJWT(keyHash);
@@ -828,10 +829,14 @@ private String exchangeJWTForPAT(RequestContext requestContext, String pat) thro
         }
         CacheProvider.getGatewayAPIKeyJWTCache().put(keyHash, jwt.get());
         // Add jwt to x-forwarded-authorization header.
-        requestContext.addOrModifyHeaders("x-forwarded-authorization", jwt.get());
+        setXForwardedAuthorizationHeader(requestContext, jwt.get());
         return jwt.get();
     }
 
+    private void setXForwardedAuthorizationHeader(RequestContext requestContext, String jwt) {
+        requestContext.addOrModifyHeaders("x-forwarded-authorization", String.format("Bearer %s", jwt));
+    }
+
     public String extractJWTInWSProtocolHeader(RequestContext requestContext) {
         String protocolHeader = requestContext.getHeaders().get(
                 HttpConstants.WEBSOCKET_PROTOCOL_HEADER);

Original file line number	Diff line number	Diff line change
`@@ -818,6 +818,7 @@ private String exchangeJWTForPAT(RequestContext requestContext, String pat) thro`
`818`	`818`	`if (log.isDebugEnabled()) {`
`819`	`819`	`log.debug("Token retrieved from the cache. Token: " + FilterUtils.getMaskedToken(pat));`
`820`	`820`	`}`
	`821`	`+ setXForwardedAuthorizationHeader(requestContext, (String) cachedJWT);`
`821`	`822`	`return (String) cachedJWT;`
`822`	`823`	`}`
`823`	`824`	`Optional<String> jwt = APIKeyUtils.exchangePATToJWT(keyHash);`
`@@ -828,10 +829,14 @@ private String exchangeJWTForPAT(RequestContext requestContext, String pat) thro`
`828`	`829`	`}`
`829`	`830`	`CacheProvider.getGatewayAPIKeyJWTCache().put(keyHash, jwt.get());`
`830`	`831`	`// Add jwt to x-forwarded-authorization header.`
`831`		`- requestContext.addOrModifyHeaders("x-forwarded-authorization", jwt.get());`
	`832`	`+ setXForwardedAuthorizationHeader(requestContext, jwt.get());`
`832`	`833`	`return jwt.get();`
`833`	`834`	`}`
`834`	`835`
	`836`	`+ private void setXForwardedAuthorizationHeader(RequestContext requestContext, String jwt) {`
	`837`	`+ requestContext.addOrModifyHeaders("x-forwarded-authorization", String.format("Bearer %s", jwt));`
	`838`	`+ }`
	`839`	`+`
`835`	`840`	`public String extractJWTInWSProtocolHeader(RequestContext requestContext) {`
`836`	`841`	`String protocolHeader = requestContext.getHeaders().get(`
`837`	`842`	`HttpConstants.WEBSOCKET_PROTOCOL_HEADER);`