Clever Geek Handbook

Cloud endpoints: access options in servlet filters

I am trying to create an api with google cloud endpoints.

Since Cloud endpoints don't provide authentication alongside Google's own OGuth, I'm trying to create my own. So I want to access the parameters provided for the API (eg @Named token ("token") inside a servlet filter.

Unfortunately, I cannot find any information provided inside the httpRequest. This is normal? Is it possible to access parameters?

I would be grateful if anyone can help me!

UPDATE:

With information from jirungaray, I tried to create authentication using headers but ran into the same problem. Used REST-Client to send some headers as I couldn't figure out how to do it with the API. Inside my filter, I am trying to access the token from the headers:

@Override
public void doFilter(
        ServletRequest request,  ServletResponse response, FilterChain chain)
        throws IOException, ServletException {

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String authToken = httpRequest.getHeader(Constants.AUTH_TOKEN);
    ...
    chain.doFilter(request, response);
}

The reason I am trying to do something like this is because I am using Guice for Dependency Injection and want my token to be injected inside another object.

With Guice I have the following Provider using FacebookClient injection token (using token) for every request.

@Provides
public FacebookClient getFacebookClientProvider(@Named("fbToken") Provider<String> fbToken) {
    return new DefaultFacebookClient(fbToken.get(), Version.VERSION_2_2);
}

As described in the Guice wiki ( SevletModule ), the sevlet filter is used to get information from the request.

Is there any solution to achieve this type of DI with cloud endpoints?

+3


source to share


1 answer


Philip, Yes, it makes sense that you are getting an empty request. Your endpoint calls are first handled by Google (they receive API calls) and then processed and sent to a handler in your application. Since this is all done in the background, it is very easy to miss that your endpoints are not actually receiving the same request that you sent, they are receiving a completely different request sent from google infrastructure.

While your approach should work, including the token information in the url, they are easier to sniff, even if you are using SSL or encrypting your parameters, the token is in plain sight. For what you are trying to achieve, I recommend that you include the token as a header in your request and get that header by accessing the HTTPRequest directly to the endpoint, this will be injected automatically if you include the parameter HTTPServletRequest

in your endpoint method.

eg.



    public APIResponse doSomething(SomeComplexRquestModel request,
            HttpServletRequest rawRequest) {
}

If you still feel like you should go your own way, just comment and I'll help you debug the problem.

+3


source






More articles:


All Articles