├── apikey-authentication-spring-boot-autoconfigure ├── src │ └── main │ │ ├── resources │ │ └── META-INF │ │ │ └── spring.factories │ │ └── java │ │ └── net │ │ └── skobow │ │ └── auth │ │ └── apikey │ │ └── autoconfigure │ │ ├── EnableApiKeyAuthentication.java │ │ └── ApiKeyAuthenticationAutoconfiguration.java └── build.gradle ├── gradle └── wrapper │ └── gradle-wrapper.properties ├── .gitignore ├── LICENSE ├── settings.gradle ├── apikey-authentication ├── src │ └── main │ │ └── java │ │ └── net │ │ └── skobow │ │ └── auth │ │ └── apikey │ │ ├── ApiKeyVerificationHandler.java │ │ ├── RequestApiKeyExtractor.java │ │ ├── ApiKeyVerificationException.java │ │ ├── ApiKeyAuthenticationException.java │ │ ├── StaticApiKeyVerificationHandler.java │ │ ├── webmvc │ │ ├── ApiKeyAuthenticationInterceptorProperties.java │ │ └── ApiKeyAuthenticationInterceptor.java │ │ ├── RandomApiKeyVerificationHandler.java │ │ ├── ApiKeyAuthenticationService.java │ │ └── config │ │ └── ApiKeyAuthenticationInterceptorConfiguration.java └── build.gradle ├── gradlew.bat ├── README.md └── gradlew /apikey-authentication-spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories: -------------------------------------------------------------------------------- 1 | org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ 2 | net.skobow.auth.apikey.autoconfigure.ApiKeyAuthenticationAutoconfiguration -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | 3 | .idea 4 | *.iml 5 | 6 | ### Java template 7 | # Compiled class file 8 | *.class 9 | 10 | # Log file 11 | *.log 12 | 13 | # BlueJ files 14 | *.ctxt 15 | 16 | # Mobile Tools for Java (J2ME) 17 | .mtj.tmp/ 18 | 19 | # Package Files # 20 | *.jar 21 | *.war 22 | *.nar 23 | *.ear 24 | *.zip 25 | *.tar.gz 26 | *.rar 27 | 28 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 29 | hs_err_pid* 30 | 31 | /.gradletasknamecache 32 | build 33 | .java-version 34 | .gradle 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Sven Kobow 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | rootProject.name = 'apikey-authentication-spring-boot-starter' 26 | include 'apikey-authentication' 27 | include 'apikey-authentication-spring-boot-autoconfigure' 28 | 29 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/ApiKeyVerificationHandler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | public interface ApiKeyVerificationHandler { 29 | void verify(String apiKey) throws ApiKeyVerificationException; 30 | } 31 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/RequestApiKeyExtractor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | import javax.servlet.http.HttpServletRequest; 29 | import java.util.Optional; 30 | 31 | public interface RequestApiKeyExtractor { 32 | 33 | default Optional getApiKey(final HttpServletRequest request) { 34 | return Optional.ofNullable(request.getHeader("X-Api-Key")); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/ApiKeyVerificationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | public class ApiKeyVerificationException extends Exception { 29 | ApiKeyVerificationException() { 30 | super(); 31 | } 32 | 33 | ApiKeyVerificationException(final String message) { 34 | super(message); 35 | } 36 | 37 | ApiKeyVerificationException(final String message, final Throwable cause) { 38 | super(message, cause); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/ApiKeyAuthenticationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | public class ApiKeyAuthenticationException extends Exception { 29 | ApiKeyAuthenticationException(final String message) { 30 | super(message); 31 | } 32 | 33 | ApiKeyAuthenticationException(final String message, final Throwable cause) { 34 | super(message, cause); 35 | } 36 | 37 | ApiKeyAuthenticationException(final Throwable cause) { 38 | super(cause); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /apikey-authentication-spring-boot-autoconfigure/src/main/java/net/skobow/auth/apikey/autoconfigure/EnableApiKeyAuthentication.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey.autoconfigure; 27 | 28 | import net.skobow.auth.apikey.config.ApiKeyAuthenticationInterceptorConfiguration; 29 | import org.springframework.context.annotation.Import; 30 | 31 | import java.lang.annotation.ElementType; 32 | import java.lang.annotation.Retention; 33 | import java.lang.annotation.RetentionPolicy; 34 | import java.lang.annotation.Target; 35 | 36 | @Retention(RetentionPolicy.RUNTIME) 37 | @Target(ElementType.TYPE) 38 | @Import(ApiKeyAuthenticationInterceptorConfiguration.class) 39 | public @interface EnableApiKeyAuthentication { 40 | } 41 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/StaticApiKeyVerificationHandler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | import static org.springframework.util.Assert.hasLength; 29 | 30 | public class StaticApiKeyVerificationHandler implements ApiKeyVerificationHandler { 31 | 32 | private final String apiKey; 33 | 34 | public StaticApiKeyVerificationHandler(final String apiKey) { 35 | hasLength(apiKey, "Static api key may not be empty"); 36 | this.apiKey = apiKey; 37 | } 38 | 39 | @Override 40 | public void verify(final String apiKey) throws ApiKeyVerificationException { 41 | if (this.apiKey.equals(apiKey)) { 42 | return; 43 | } 44 | 45 | throw new ApiKeyVerificationException("Api key could not be verified"); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/webmvc/ApiKeyAuthenticationInterceptorProperties.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey.webmvc; 27 | 28 | import java.util.List; 29 | 30 | public class ApiKeyAuthenticationInterceptorProperties { 31 | 32 | private final List includePatterns; 33 | private final List excludePatterns; 34 | 35 | public ApiKeyAuthenticationInterceptorProperties( final List includePatterns, 36 | final List excludePatterns) { 37 | this.includePatterns = includePatterns; 38 | this.excludePatterns = excludePatterns; 39 | } 40 | 41 | public List getIncludePatterns() { 42 | return includePatterns; 43 | } 44 | 45 | public List getExcludePatterns() { 46 | return excludePatterns; 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /apikey-authentication/build.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | plugins { 27 | id 'java' 28 | } 29 | 30 | dependencies { 31 | 32 | implementation("org.springframework:spring-context:${springVersion}") 33 | implementation("org.springframework:spring-webmvc:${springVersion}") 34 | 35 | implementation('javax.servlet:servlet-api:2.5') 36 | } 37 | 38 | publishing { 39 | publications { 40 | library(MavenPublication) { 41 | customizePom(pom) 42 | groupId = "${groupId}" 43 | artifactId = 'apikey-authentication' 44 | version = "${version}" 45 | 46 | artifact(sourcesJar) { 47 | classifier = 'sources' 48 | } 49 | 50 | artifact(javadocJar) { 51 | classifier = 'javadoc' 52 | } 53 | 54 | from components.java 55 | } 56 | } 57 | } 58 | 59 | signing { 60 | sign publishing.publications.library 61 | } 62 | -------------------------------------------------------------------------------- /apikey-authentication-spring-boot-autoconfigure/build.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | plugins { 27 | id 'java' 28 | } 29 | 30 | dependencies { 31 | 32 | implementation(project(':apikey-authentication')) 33 | 34 | implementation("org.springframework.boot:spring-boot:${springBootVersion}") 35 | implementation("org.springframework.boot:spring-boot-autoconfigure:${springBootVersion}") 36 | } 37 | 38 | publishing { 39 | publications { 40 | autoconfiguration(MavenPublication) { 41 | customizePom(pom) 42 | groupId = "${groupId}" 43 | artifactId = 'apikey-authentication-spring-boot-autoconfigure' 44 | version = "${version}" 45 | 46 | artifact(sourcesJar) { 47 | classifier = 'sources' 48 | } 49 | 50 | artifact(javadocJar) { 51 | classifier = 'javadoc' 52 | } 53 | 54 | from components.java 55 | } 56 | } 57 | } 58 | 59 | signing { 60 | sign publishing.publications.autoconfiguration 61 | } 62 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/RandomApiKeyVerificationHandler.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | import org.slf4j.Logger; 29 | import org.slf4j.LoggerFactory; 30 | 31 | import java.util.UUID; 32 | 33 | public class RandomApiKeyVerificationHandler extends StaticApiKeyVerificationHandler { 34 | 35 | private static final Logger log = LoggerFactory.getLogger(RandomApiKeyVerificationHandler.class); 36 | 37 | private static final String apiKey = UUID.randomUUID().toString(); 38 | 39 | public RandomApiKeyVerificationHandler() { 40 | super(apiKey); 41 | 42 | log.warn("----------------------------------------------------------------------------------------------------------------------------------------------"); 43 | log.warn("WARNING: Initializing api key authentication with key " + apiKey + ". THIS KEY MAY APPEAR IN LOGS AND CAN VOID SECURITY!"); 44 | log.warn("----------------------------------------------------------------------------------------------------------------------------------------------"); 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/ApiKeyAuthenticationService.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey; 27 | 28 | import org.springframework.stereotype.Service; 29 | 30 | import javax.servlet.http.HttpServletRequest; 31 | 32 | @Service 33 | public class ApiKeyAuthenticationService { 34 | 35 | private final RequestApiKeyExtractor requestApiKeyExtractor; 36 | private final ApiKeyVerificationHandler apiKeyVerificationHandler; 37 | 38 | public ApiKeyAuthenticationService(final RequestApiKeyExtractor requestApiKeyExtractor, 39 | final ApiKeyVerificationHandler apiKeyVerificationHandler) { 40 | this.requestApiKeyExtractor = requestApiKeyExtractor; 41 | this.apiKeyVerificationHandler = apiKeyVerificationHandler; 42 | } 43 | 44 | public void authenticate(final HttpServletRequest request) throws ApiKeyAuthenticationException { 45 | final String apiKey = requestApiKeyExtractor.getApiKey(request) 46 | .orElseThrow(() -> new ApiKeyAuthenticationException("Api key not found")); 47 | 48 | try { 49 | apiKeyVerificationHandler.verify(apiKey); 50 | } catch (final ApiKeyVerificationException e) { 51 | throw new ApiKeyAuthenticationException(e.getMessage(), e); 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/config/ApiKeyAuthenticationInterceptorConfiguration.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey.config; 27 | 28 | import net.skobow.auth.apikey.ApiKeyAuthenticationService; 29 | import net.skobow.auth.apikey.webmvc.ApiKeyAuthenticationInterceptor; 30 | import net.skobow.auth.apikey.webmvc.ApiKeyAuthenticationInterceptorProperties; 31 | import org.springframework.context.annotation.Configuration; 32 | import org.springframework.web.servlet.config.annotation.EnableWebMvc; 33 | import org.springframework.web.servlet.config.annotation.InterceptorRegistry; 34 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; 35 | 36 | @Configuration 37 | public class ApiKeyAuthenticationInterceptorConfiguration implements WebMvcConfigurer { 38 | 39 | private final ApiKeyAuthenticationService authenticationService; 40 | private final ApiKeyAuthenticationInterceptorProperties interceptorProperties; 41 | 42 | public ApiKeyAuthenticationInterceptorConfiguration(final ApiKeyAuthenticationService authenticationService, 43 | final ApiKeyAuthenticationInterceptorProperties interceptorProperties) { 44 | this.authenticationService = authenticationService; 45 | this.interceptorProperties = interceptorProperties; 46 | } 47 | 48 | @Override 49 | public void addInterceptors(final InterceptorRegistry registry) { 50 | registry.addInterceptor(new ApiKeyAuthenticationInterceptor(authenticationService)) 51 | .addPathPatterns(interceptorProperties.getIncludePatterns()) 52 | .excludePathPatterns(interceptorProperties.getExcludePatterns()); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /apikey-authentication/src/main/java/net/skobow/auth/apikey/webmvc/ApiKeyAuthenticationInterceptor.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey.webmvc; 27 | 28 | import net.skobow.auth.apikey.ApiKeyAuthenticationException; 29 | import net.skobow.auth.apikey.ApiKeyAuthenticationService; 30 | import org.slf4j.Logger; 31 | import org.slf4j.LoggerFactory; 32 | import org.springframework.http.HttpStatus; 33 | import org.springframework.stereotype.Component; 34 | import org.springframework.web.servlet.HandlerInterceptor; 35 | 36 | import javax.servlet.http.HttpServletRequest; 37 | import javax.servlet.http.HttpServletResponse; 38 | 39 | @Component 40 | public class ApiKeyAuthenticationInterceptor implements HandlerInterceptor { 41 | 42 | private static final Logger log = LoggerFactory.getLogger(ApiKeyAuthenticationInterceptor.class); 43 | 44 | private final ApiKeyAuthenticationService authenticationService; 45 | 46 | public ApiKeyAuthenticationInterceptor(final ApiKeyAuthenticationService authenticationService) { 47 | this.authenticationService = authenticationService; 48 | } 49 | 50 | @Override 51 | public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws Exception { 52 | 53 | try { 54 | authenticationService.authenticate(request); 55 | } catch (final ApiKeyAuthenticationException e) { 56 | log.warn("Api key authentication failed: {} [host {}, URI {}]", 57 | e.getMessage(), request.getRemoteHost(), request.getRequestURI()); 58 | response.sendError(HttpStatus.UNAUTHORIZED.value(), e.getMessage()); 59 | return false; 60 | } 61 | return true; 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter. 33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi 34 | 35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 37 | 38 | @rem Find java.exe 39 | if defined JAVA_HOME goto findJavaFromJavaHome 40 | 41 | set JAVA_EXE=java.exe 42 | %JAVA_EXE% -version >NUL 2>&1 43 | if "%ERRORLEVEL%" == "0" goto execute 44 | 45 | echo. 46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 47 | echo. 48 | echo Please set the JAVA_HOME variable in your environment to match the 49 | echo location of your Java installation. 50 | 51 | goto fail 52 | 53 | :findJavaFromJavaHome 54 | set JAVA_HOME=%JAVA_HOME:"=% 55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 56 | 57 | if exist "%JAVA_EXE%" goto execute 58 | 59 | echo. 60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 61 | echo. 62 | echo Please set the JAVA_HOME variable in your environment to match the 63 | echo location of your Java installation. 64 | 65 | goto fail 66 | 67 | :execute 68 | @rem Setup the command line 69 | 70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 71 | 72 | 73 | @rem Execute Gradle 74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* 75 | 76 | :end 77 | @rem End local scope for the variables with windows NT shell 78 | if "%ERRORLEVEL%"=="0" goto mainEnd 79 | 80 | :fail 81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 82 | rem the _cmd.exe /c_ return code! 83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 84 | exit /b 1 85 | 86 | :mainEnd 87 | if "%OS%"=="Windows_NT" endlocal 88 | 89 | :omega 90 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # API Key Authentication Spring Boot Starter 2 | 3 | [![Maven Central](https://maven-badges.herokuapp.com/maven-central/net.skobow/apikey-authentication-spring-boot-starter/badge.svg?style=flat)](https://maven-badges.herokuapp.com/maven-central/net.skobow/apikey-authentication-spring-boot-starter) 4 | [![javadoc](https://javadoc.io/badge2/net.skobow/apikey-authentication-spring-boot-starter/javadoc.svg)](https://javadoc.io/doc/net.skobow/apikey-authentication-spring-boot-starter) 5 | 6 | **This repository is not maintained anymore!** 7 | 8 | ## Description 9 | 10 | This Spring Boot starter provides easy to use and though configurable API Key authentication for your Spring Boot project. 11 | 12 | ## Installation 13 | 14 | To install simple add the dependency to you project build system, e.g. Gradle or Maven. 15 | 16 | **Gradle** 17 | 18 | implementation 'net.skobow:apikey-authentication-spring-boot-starter:0.6.1' 19 | 20 | **Maven** 21 | 22 | 23 | net.skobow 24 | apikey-authentication-spring-boot-starter 25 | 0.6.1 26 | 27 | 28 | ## Usage 29 | 30 | Just add the `@EnableApiKeyAuthentication` annotation to you Spring Boot Application class and provide `web.authentication.apikey` property to enable static API key authentication. This will add an Spring `HandlerInterceptor` that will check the `X-Api-Key` request header for the configured static API key. 31 | If no or not the correct key is provided the request will fail and send 401 as return code. 32 | 33 | If no value for an API key is provided a random key is generated and logged to command line. This configuration is only suitable for testing scenarios as it does not provide security as the API key may appear in logs and is therefore considered as insecure! 34 | 35 | ## Customization 36 | 37 | ### Adding custom includes or excludes 38 | 39 | If you want to configure paths to be included or excluded you can provide lists with patterns in you Spring configuration. 40 | 41 | @Bean("apiKeyAuthenticationIncludePatterns") 42 | public List apiKeyAuthenticationIncludePatterns() { 43 | ... 44 | } 45 | 46 | or 47 | 48 | @Bean("apiKeyAuthenticationExcludePatterns") 49 | public List apiKeyAuthenticationExcludePatterns) { 50 | ... 51 | } 52 | 53 | Normally you may want to exclude at least your `/error` endpoint otherwise no errors will be returned to the user. 54 | 55 | ### Using custom HTTP header fields 56 | 57 | If you want to use a different HTTP header field you can simply provide your own implementation of the `RequestApiKeyExtractor` interface as a Spring bean. 58 | 59 | ### Customizing API key verification 60 | 61 | By default static API key verification for all requests is used. If your needs demand for a different verification schema you can provide your own implementation of the `ApiKeyVerificationHandler` interface as a Spring bean. This instance will be called during the request and lets you do your specific API key verification. 62 | 63 | -------------------------------------------------------------------------------- /apikey-authentication-spring-boot-autoconfigure/src/main/java/net/skobow/auth/apikey/autoconfigure/ApiKeyAuthenticationAutoconfiguration.java: -------------------------------------------------------------------------------- 1 | /* 2 | * MIT License 3 | * 4 | * Copyright (c) 2019 Sven Kobow 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in all 14 | * copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | * SOFTWARE. 23 | * 24 | */ 25 | 26 | package net.skobow.auth.apikey.autoconfigure; 27 | 28 | import net.skobow.auth.apikey.ApiKeyAuthenticationService; 29 | import net.skobow.auth.apikey.ApiKeyVerificationHandler; 30 | import net.skobow.auth.apikey.RandomApiKeyVerificationHandler; 31 | import net.skobow.auth.apikey.RequestApiKeyExtractor; 32 | import net.skobow.auth.apikey.StaticApiKeyVerificationHandler; 33 | import net.skobow.auth.apikey.webmvc.ApiKeyAuthenticationInterceptorProperties; 34 | import org.springframework.beans.factory.annotation.Qualifier; 35 | import org.springframework.beans.factory.annotation.Value; 36 | import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; 37 | import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; 38 | import org.springframework.context.annotation.Bean; 39 | import org.springframework.context.annotation.Configuration; 40 | 41 | import java.util.Collections; 42 | import java.util.List; 43 | 44 | @Configuration 45 | public class ApiKeyAuthenticationAutoconfiguration { 46 | 47 | @Bean 48 | @ConditionalOnMissingBean 49 | public ApiKeyAuthenticationService apiKeyAuthenticationService(final RequestApiKeyExtractor requestApiKeyExtractor, 50 | final ApiKeyVerificationHandler apiKeyVerificationHandler) { 51 | return new ApiKeyAuthenticationService(requestApiKeyExtractor, apiKeyVerificationHandler); 52 | } 53 | 54 | @Bean 55 | @ConditionalOnMissingBean 56 | public RequestApiKeyExtractor defaultApiKeyProvider() { 57 | return new RequestApiKeyExtractor() { 58 | }; 59 | } 60 | 61 | @Bean 62 | @ConditionalOnProperty(name = "web.authentication.apikey") 63 | public ApiKeyVerificationHandler apiKeyVerificationHandler(@Value("${web.authentication.apikey}") final String apiKey) { 64 | return new StaticApiKeyVerificationHandler(apiKey); 65 | } 66 | 67 | @Bean 68 | @ConditionalOnMissingBean 69 | public ApiKeyVerificationHandler randomApiKeyVerificationHandler() { 70 | return new RandomApiKeyVerificationHandler(); 71 | } 72 | 73 | @Bean 74 | @ConditionalOnMissingBean 75 | public ApiKeyAuthenticationInterceptorProperties apiKeyAuthenticationInterceptorProperties( 76 | @Qualifier("apiKeyAuthenticationIncludePatterns") final List includePatterns, 77 | @Qualifier("apiKeyAuthenticationExcludePatterns") final List excludePatterns) { 78 | return new ApiKeyAuthenticationInterceptorProperties(includePatterns, excludePatterns); 79 | } 80 | 81 | @Bean 82 | @ConditionalOnMissingBean(name = "apiKeyAuthenticationIncludePatterns") 83 | public List apiKeyAuthenticationIncludePatterns() { 84 | return Collections.singletonList("/**"); 85 | } 86 | 87 | @Bean 88 | @ConditionalOnMissingBean(name = "apiKeyAuthenticationExcludePatterns") 89 | public List apiKeyAuthenticationExcludePatterns() { 90 | return Collections.singletonList("/error"); 91 | } 92 | } 93 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Copyright © 2015-2021 the original authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | # 21 | # Gradle start up script for POSIX generated by Gradle. 22 | # 23 | # Important for running: 24 | # 25 | # (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is 26 | # noncompliant, but you have some other compliant shell such as ksh or 27 | # bash, then to run this script, type that shell name before the whole 28 | # command line, like: 29 | # 30 | # ksh Gradle 31 | # 32 | # Busybox and similar reduced shells will NOT work, because this script 33 | # requires all of these POSIX shell features: 34 | # * functions; 35 | # * expansions «$var», «${var}», «${var:-default}», «${var+SET}», 36 | # «${var#prefix}», «${var%suffix}», and «$( cmd )»; 37 | # * compound commands having a testable exit status, especially «case»; 38 | # * various built-in commands including «command», «set», and «ulimit». 39 | # 40 | # Important for patching: 41 | # 42 | # (2) This script targets any POSIX shell, so it avoids extensions provided 43 | # by Bash, Ksh, etc; in particular arrays are avoided. 44 | # 45 | # The "traditional" practice of packing multiple parameters into a 46 | # space-separated string is a well documented source of bugs and security 47 | # problems, so this is (mostly) avoided, by progressively accumulating 48 | # options in "$@", and eventually passing that to Java. 49 | # 50 | # Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, 51 | # and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; 52 | # see the in-line comments for details. 53 | # 54 | # There are tweaks for specific operating systems such as AIX, CygWin, 55 | # Darwin, MinGW, and NonStop. 56 | # 57 | # (3) This script is generated from the Groovy template 58 | # https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt 59 | # within the Gradle project. 60 | # 61 | # You can find Gradle at https://github.com/gradle/gradle/. 62 | # 63 | ############################################################################## 64 | 65 | # Attempt to set APP_HOME 66 | 67 | # Resolve links: $0 may be a link 68 | app_path=$0 69 | 70 | # Need this for daisy-chained symlinks. 71 | while 72 | APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path 73 | [ -h "$app_path" ] 74 | do 75 | ls=$( ls -ld "$app_path" ) 76 | link=${ls#*' -> '} 77 | case $link in #( 78 | /*) app_path=$link ;; #( 79 | *) app_path=$APP_HOME$link ;; 80 | esac 81 | done 82 | 83 | APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit 84 | 85 | APP_NAME="Gradle" 86 | APP_BASE_NAME=${0##*/} 87 | 88 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 89 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 90 | 91 | # Use the maximum available, or set MAX_FD != -1 to use that value. 92 | MAX_FD=maximum 93 | 94 | warn () { 95 | echo "$*" 96 | } >&2 97 | 98 | die () { 99 | echo 100 | echo "$*" 101 | echo 102 | exit 1 103 | } >&2 104 | 105 | # OS specific support (must be 'true' or 'false'). 106 | cygwin=false 107 | msys=false 108 | darwin=false 109 | nonstop=false 110 | case "$( uname )" in #( 111 | CYGWIN* ) cygwin=true ;; #( 112 | Darwin* ) darwin=true ;; #( 113 | MSYS* | MINGW* ) msys=true ;; #( 114 | NONSTOP* ) nonstop=true ;; 115 | esac 116 | 117 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 118 | 119 | 120 | # Determine the Java command to use to start the JVM. 121 | if [ -n "$JAVA_HOME" ] ; then 122 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 123 | # IBM's JDK on AIX uses strange locations for the executables 124 | JAVACMD=$JAVA_HOME/jre/sh/java 125 | else 126 | JAVACMD=$JAVA_HOME/bin/java 127 | fi 128 | if [ ! -x "$JAVACMD" ] ; then 129 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 130 | 131 | Please set the JAVA_HOME variable in your environment to match the 132 | location of your Java installation." 133 | fi 134 | else 135 | JAVACMD=java 136 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 137 | 138 | Please set the JAVA_HOME variable in your environment to match the 139 | location of your Java installation." 140 | fi 141 | 142 | # Increase the maximum file descriptors if we can. 143 | if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then 144 | case $MAX_FD in #( 145 | max*) 146 | MAX_FD=$( ulimit -H -n ) || 147 | warn "Could not query maximum file descriptor limit" 148 | esac 149 | case $MAX_FD in #( 150 | '' | soft) :;; #( 151 | *) 152 | ulimit -n "$MAX_FD" || 153 | warn "Could not set maximum file descriptor limit to $MAX_FD" 154 | esac 155 | fi 156 | 157 | # Collect all arguments for the java command, stacking in reverse order: 158 | # * args from the command line 159 | # * the main class name 160 | # * -classpath 161 | # * -D...appname settings 162 | # * --module-path (only if needed) 163 | # * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. 164 | 165 | # For Cygwin or MSYS, switch paths to Windows format before running java 166 | if "$cygwin" || "$msys" ; then 167 | APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) 168 | CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) 169 | 170 | JAVACMD=$( cygpath --unix "$JAVACMD" ) 171 | 172 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 173 | for arg do 174 | if 175 | case $arg in #( 176 | -*) false ;; # don't mess with options #( 177 | /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath 178 | [ -e "$t" ] ;; #( 179 | *) false ;; 180 | esac 181 | then 182 | arg=$( cygpath --path --ignore --mixed "$arg" ) 183 | fi 184 | # Roll the args list around exactly as many times as the number of 185 | # args, so each arg winds up back in the position where it started, but 186 | # possibly modified. 187 | # 188 | # NB: a `for` loop captures its iteration list before it begins, so 189 | # changing the positional parameters here affects neither the number of 190 | # iterations, nor the values presented in `arg`. 191 | shift # remove old arg 192 | set -- "$@" "$arg" # push replacement arg 193 | done 194 | fi 195 | 196 | # Collect all arguments for the java command; 197 | # * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of 198 | # shell script including quotes and variable substitutions, so put them in 199 | # double quotes to make sure that they get re-expanded; and 200 | # * put everything else in single quotes, so that it's not re-expanded. 201 | 202 | set -- \ 203 | "-Dorg.gradle.appname=$APP_BASE_NAME" \ 204 | -classpath "$CLASSPATH" \ 205 | org.gradle.wrapper.GradleWrapperMain \ 206 | "$@" 207 | 208 | # Use "xargs" to parse quoted args. 209 | # 210 | # With -n1 it outputs one arg per line, with the quotes and backslashes removed. 211 | # 212 | # In Bash we could simply go: 213 | # 214 | # readarray ARGS < <( xargs -n1 <<<"$var" ) && 215 | # set -- "${ARGS[@]}" "$@" 216 | # 217 | # but POSIX shell has neither arrays nor command substitution, so instead we 218 | # post-process each arg (as a line of input to sed) to backslash-escape any 219 | # character that might be a shell metacharacter, then use eval to reverse 220 | # that process (while maintaining the separation between arguments), and wrap 221 | # the whole thing up as a single "set" statement. 222 | # 223 | # This will of course break if any of these variables contains a newline or 224 | # an unmatched quote. 225 | # 226 | 227 | eval "set -- $( 228 | printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | 229 | xargs -n1 | 230 | sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | 231 | tr '\n' ' ' 232 | )" '"$@"' 233 | 234 | exec "$JAVACMD" "$@" 235 | --------------------------------------------------------------------------------