001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2015 ForgeRock AS. 015 */ 016package org.forgerock.http.filter; 017 018 019import org.forgerock.http.Filter; 020import org.forgerock.http.Handler; 021import org.forgerock.http.header.MalformedHeaderException; 022import org.forgerock.http.header.TransactionIdHeader; 023import org.forgerock.http.protocol.Headers; 024import org.forgerock.http.protocol.Request; 025import org.forgerock.http.protocol.Response; 026import org.forgerock.services.context.Context; 027import org.forgerock.services.TransactionId; 028import org.forgerock.services.context.TransactionIdContext; 029import org.forgerock.util.annotations.VisibleForTesting; 030import org.forgerock.util.promise.NeverThrowsException; 031import org.forgerock.util.promise.Promise; 032import org.slf4j.Logger; 033import org.slf4j.LoggerFactory; 034 035/** 036 * This filter is responsible to create the {@link TransactionIdContext} in the context's chain. If the incoming request 037 * contains the header "X-ForgeRock-TransactionId" then it uses that value as the transaction id otherwise a new one is 038 * generated. 039 */ 040public class TransactionIdInboundFilter implements Filter { 041 042 private static final Logger logger = LoggerFactory.getLogger(TransactionIdInboundFilter.class); 043 044 /** 045 * The system property to allow to trust the HTTP header X-ForgeRock-TransactionId. 046 */ 047 public static final String SYSPROP_TRUST_TRANSACTION_HEADER = "org.forgerock.http.TrustTransactionHeader"; 048 049 private final boolean trustTransactionIdHeader = Boolean.getBoolean(SYSPROP_TRUST_TRANSACTION_HEADER); 050 051 @Override 052 public Promise<Response, NeverThrowsException> filter(Context context, Request request, Handler next) { 053 if (context.containsContext(TransactionIdContext.class)) { 054 logger.trace("A TransactionIdContext already exists in the context's chain."); 055 } 056 final TransactionId transactionId = trustTransactionIdHeader 057 ? createTransactionId(request.getHeaders()) 058 : new TransactionId(); 059 final Context newContext = new TransactionIdContext(context, transactionId); 060 return next.handle(newContext, request); 061 } 062 063 @VisibleForTesting 064 static TransactionId createTransactionId(Headers headers) { 065 try { 066 TransactionIdHeader txHeader = headers.get(TransactionIdHeader.class); 067 return txHeader == null ? new TransactionId() : txHeader.getTransactionId(); 068 } catch (MalformedHeaderException ex) { 069 logger.trace("The TransactionId header is malformed.", ex); 070 return new TransactionId(); 071 } 072 } 073}