com.ammann.servicemanager.security.BearerTokenQueryParamFilter

All Implemented Interfaces:: jakarta.ws.rs.container.ContainerRequestFilter

@Provider @PreMatching @Priority(900) public class BearerTokenQueryParamFilter extends Object implements jakarta.ws.rs.container.ContainerRequestFilter

JAX-RS filter that extracts bearer tokens from query parameters for SSE endpoints.

The browser's native EventSource API cannot send custom HTTP headers, so frontends pass the access token via query parameter (?token=...). This filter extracts the token and sets the Authorization: Bearer header before OIDC authentication runs.

Security measures:

Only applies to SSE log streaming endpoints (/logs/stream)
Does not override existing Authorization headers
Validates token format (base64url charset)
Enforces maximum token length (8KB)
Never logs token values

Constructor Summary

Constructors

Constructor

Description

BearerTokenQueryParamFilter()
Method Summary

Modifier and Type

Method

Description

void

filter(jakarta.ws.rs.container.ContainerRequestContext requestContext)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- BearerTokenQueryParamFilter
  
  public BearerTokenQueryParamFilter()
Method Details
- filter
  
  public void filter(jakarta.ws.rs.container.ContainerRequestContext requestContext)
  
  Specified by:
  
  filter in interface jakarta.ws.rs.container.ContainerRequestFilter

Class BearerTokenQueryParamFilter

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

BearerTokenQueryParamFilter

Method Details

filter