From 31052a00caea7f9a851f0b12d21dbc2d1d5ce0db Mon Sep 17 00:00:00 2001
From: TROMEL LOUIS <58844429+Ash84@users.noreply.github.com>
Date: Thu, 4 Jul 2024 12:20:48 +0200
Subject: [PATCH] =?UTF-8?q?Meilleure=20gestion=20d'erreur=20sur=20mauvaise?=
=?UTF-8?q?=20requ=C3=AAte?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../sava/core/MetricsBasicAuthServlet.java | 52 +++++++++++--------
1 file changed, 29 insertions(+), 23 deletions(-)
diff --git a/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java b/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java
index f0374e8..bc0faee 100644
--- a/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java
+++ b/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java
@@ -11,6 +11,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.logging.log4j.Level;
+
import io.prometheus.client.exporter.MetricsServlet;
import lombok.extern.log4j.Log4j2;
@@ -92,30 +94,34 @@ public class MetricsBasicAuthServlet extends MetricsServlet {
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws IOException {
// basic_auth associate to the request a header "Authorization"
if (req.getHeader("Authorization") != null) {
- // credentials are encoded in Base64, prefixed with "Basic "
- // removing the prefix
- final String trimmed = req.getHeader("Authorization").replace("Basic ", "");
- // decoding the sentence
- final byte[] decodedBytes = Base64.getDecoder().decode(trimmed);
- final String decoded = new String(decodedBytes, StandardCharsets.UTF_8);
- // the credentials are given in the form username:password
- // splitting the sentence
- final String[] decodedSplitted = decoded.split(":");
- // making the checks
- if (!key.equals(decodedSplitted[0])
- || !pass.equals(decodedSplitted[1])) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- } else {
- // update JVM values
- final Runtime runtime = Runtime.getRuntime();
- SavaUtils.setGaugeValue("jvm_max_memory", (double) runtime.maxMemory());
- SavaUtils.setGaugeValue("jvm_used_memory", (double) (runtime.totalMemory() - runtime.freeMemory()));
- SavaUtils.setGaugeValue("jvm_total_memory", (double) runtime.totalMemory());
- SavaUtils.setGaugeValue("jvm_free_memory", (double) runtime.freeMemory());
- // continue with the servlet
- super.doGet(req, resp);
+ try {
+ // credentials are encoded in Base64, prefixed with "Basic "
+ // removing the prefix
+ final String trimmed = req.getHeader("Authorization").replace("Basic ", "");
+ // decoding the sentence
+ final byte[] decodedBytes = Base64.getDecoder().decode(trimmed);
+ final String decoded = new String(decodedBytes, StandardCharsets.UTF_8);
+ // the credentials are given in the form username:password
+ // splitting the sentence
+ final String[] decodedSplitted = decoded.split(":");
+ // making the checks
+ if (decodedSplitted.length == 2 && key.equals(decodedSplitted[0])
+ && pass.equals(decodedSplitted[1])) {
+ // update JVM values
+ final Runtime runtime = Runtime.getRuntime();
+ SavaUtils.setGaugeValue("jvm_max_memory", (double) runtime.maxMemory());
+ SavaUtils.setGaugeValue("jvm_used_memory", (double) (runtime.totalMemory() - runtime.freeMemory()));
+ SavaUtils.setGaugeValue("jvm_total_memory", (double) runtime.totalMemory());
+ SavaUtils.setGaugeValue("jvm_free_memory", (double) runtime.freeMemory());
+ // continue with the servlet
+ super.doGet(req, resp);
+ }
+ } catch (final Exception e) {
+ LOGGER.warn("Received a bad request");
+ LOGGER.catching(Level.WARN, e);
}
}
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
}
/**
@@ -128,6 +134,6 @@ public class MetricsBasicAuthServlet extends MetricsServlet {
*/
@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws IOException {
- // Do nothing
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
}
}
--
GitLab