@@ -66,6 +66,8 @@ public class ApiBlockingFilter implements ContainerRequestFilter {
6666
6767 private List <Pattern > blockedApiEndpointPatterns = new ArrayList <>();
6868
69+ private String key ;
70+
6971 @ PostConstruct
7072 public void init () {
7173 // Check JvmSettings first for BlockedApiPolicy
@@ -80,7 +82,7 @@ public void init() {
8082 "Not blocking admin and builtin-user endpoints is a security issue unless you are blocking them in an external proxy." );
8183 }
8284 if (UNBLOCK_KEY .equals (policy )) {
83- String key = JvmSettings .API_BLOCKED_KEY .lookupOptional ()
85+ key = JvmSettings .API_BLOCKED_KEY .lookupOptional ()
8486 .orElse (settingsService .getValueForKey (SettingsServiceBean .Key .BlockedApiKey ));
8587 if (StringUtil .isBlank (key )) {
8688 logger .severe (
@@ -112,17 +114,28 @@ public void filter(ContainerRequestContext requestContext) throws IOException {
112114 }
113115
114116 String fullPath = (classPath + "/" + methodPath ).replaceAll ("//" , "/" );
115- logger .info ("Full path is " + fullPath );
116-
117- if (isBlocked (policy , fullPath , requestContext )) {
118- logger .info ("Blocked " + fullPath );
117+ logger .fine ("Full path is " + fullPath );
118+
119+ boolean isBlockableEndpoint = false ;
120+ for (Pattern blockedEndpointPattern : blockedApiEndpointPatterns ) {
121+ if (blockedEndpointPattern .matcher (fullPath ).matches ()) {
122+ isBlockableEndpoint = true ;
123+ break ;
124+ }
125+ }
126+ if (!isBlockableEndpoint ) {
127+ return ;
128+ }
129+ //Blocakble endpoint - now check policy
130+ if (isBlocked (policy , requestContext )) {
131+ logger .fine ("Blocked " + fullPath );
119132 requestContext .abortWith (Response .status (Response .Status .SERVICE_UNAVAILABLE ).entity (errorJson )
120133 .type (jakarta .ws .rs .core .MediaType .APPLICATION_JSON ).build ());
121134 return ;
122135 }
123136 }
124137
125- private boolean isBlocked (String policy , String endpoint , ContainerRequestContext requestContext ) {
138+ private boolean isBlocked (String policy , ContainerRequestContext requestContext ) {
126139 switch (policy ) {
127140 case DROP :
128141 return true ;
@@ -138,22 +151,17 @@ private boolean isBlocked(String policy, String endpoint, ContainerRequestContex
138151 }
139152 break ;
140153 case UNBLOCK_KEY :
141- for (Pattern blockedEndpointPattern : blockedApiEndpointPatterns ) {
142- if (blockedEndpointPattern .matcher (endpoint ).matches ()) {
143- String key = settingsService .getValueForKey (SettingsServiceBean .Key .BlockedApiKey );
144- String providedKey = requestContext .getHeaderString (UNBLOCK_KEY_HEADER );
145- if (StringUtil .isBlank (providedKey )) {
146- providedKey = requestContext .getUriInfo ().getQueryParameters ().getFirst (UNBLOCK_KEY_QUERYPARAM );
147- }
148- // Must have a non-blank key defined and the query param must match it
149- if (StringUtil .isNotBlank (key ) && key .equals (providedKey )) {
150- return false ;
151- }
152- // Otherwise we have a blocked endpoint and the key doesn't work (not set or
153- // doesn't match what's sent)
154- return true ;
155- }
154+ String providedKey = requestContext .getHeaderString (UNBLOCK_KEY_HEADER );
155+ if (StringUtil .isBlank (providedKey )) {
156+ providedKey = requestContext .getUriInfo ().getQueryParameters ().getFirst (UNBLOCK_KEY_QUERYPARAM );
156157 }
158+ // Must have a non-blank key defined and the query param must match it
159+ if (StringUtil .isNotBlank (key ) && key .equals (providedKey )) {
160+ return false ;
161+ }
162+ // Otherwise we have a blocked endpoint and the key doesn't work (not set or
163+ // doesn't match what's sent)
164+ return true ;
157165 }
158166 return false ;
159167 }
0 commit comments