001/* 002 * Copyright 2012-2017 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.boot.devtools.remote.server; 018 019import org.springframework.http.server.ServerHttpRequest; 020import org.springframework.util.Assert; 021 022/** 023 * {@link AccessManager} that checks for the presence of a HTTP header secret. 024 * 025 * @author Rob Winch 026 * @author Phillip Webb 027 * @since 1.3.0 028 */ 029public class HttpHeaderAccessManager implements AccessManager { 030 031 private final String headerName; 032 033 private final String expectedSecret; 034 035 public HttpHeaderAccessManager(String headerName, String expectedSecret) { 036 Assert.hasLength(headerName, "HeaderName must not be empty"); 037 Assert.hasLength(expectedSecret, "ExpectedSecret must not be empty"); 038 this.headerName = headerName; 039 this.expectedSecret = expectedSecret; 040 } 041 042 @Override 043 public boolean isAllowed(ServerHttpRequest request) { 044 String providedSecret = request.getHeaders().getFirst(this.headerName); 045 return this.expectedSecret.equals(providedSecret); 046 } 047 048}