include the header X-API-KEY in the session lookup chain

Author: car031

logicaldoc-core/src/main/java/com/logicaldoc/core/security/SessionManager.java

@@ -451,6 +451,7 @@ public Session getSession(HttpServletRequest request) {
 	 * <li>Request attribute <code>PARAM_SID</code></li>
 	 * <li>Session attribute <code>PARAM_SID</code></li>
 	 * <li>Cookie <code>COOKIE_SID</code></li>
+	 * <li>Header <code>X-API-KEY</code></li>
 	 * <li>Spring SecurityContextHolder</li>
 	 * <li>Client ID</li>
 	 * </ol>
@@ -522,9 +523,26 @@ else if (request.getSession(true).getAttribute(PARAM_SID) != null
 		else
 			sid = getSessionIdFromCookie(request);
 
+		if (StringUtils.isEmpty(sid))
+			sid = getSessionFromApiKey(request);
+
 		return sid;
 	}
 
+	private String getSessionFromApiKey(HttpServletRequest request) {
+		try {
+			if (StringUtils.isNotEmpty(request.getHeader(HEADER_APIKEY))) {
+				String apiKey = CryptUtil.encryptSHA256(request.getHeader(HEADER_APIKEY));
+				return getSessions().stream().filter(s -> apiKey.equals(s.getKey())).map(s -> s.getSid()).findFirst()
+						.orElse(null);
+			}
+		} catch (NoSuchAlgorithmException e) {
+			log.warn(e.getMessage(), e);
+		}
+
+		return null;
+	}
+
 	private String getSessionIdFromCookie(HttpServletRequest request) {
 		Cookie[] cookies = request.getCookies();
 		if (cookies != null)