diff --git a/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java b/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java
index f0374e8f3c8c706e973907f25d12d10b5602e398..bc0faee0b9d87fc42d0d9f4e28be4769c4ad7078 100644
--- a/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java
+++ b/sava-core/src/main/java/fr/agroclim/sava/core/MetricsBasicAuthServlet.java
@@ -11,6 +11,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.logging.log4j.Level;
+
import io.prometheus.client.exporter.MetricsServlet;
import lombok.extern.log4j.Log4j2;
@@ -92,30 +94,34 @@ public class MetricsBasicAuthServlet extends MetricsServlet {
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws IOException {
// basic_auth associate to the request a header "Authorization"
if (req.getHeader("Authorization") != null) {
- // credentials are encoded in Base64, prefixed with "Basic "
- // removing the prefix
- final String trimmed = req.getHeader("Authorization").replace("Basic ", "");
- // decoding the sentence
- final byte[] decodedBytes = Base64.getDecoder().decode(trimmed);
- final String decoded = new String(decodedBytes, StandardCharsets.UTF_8);
- // the credentials are given in the form username:password
- // splitting the sentence
- final String[] decodedSplitted = decoded.split(":");
- // making the checks
- if (!key.equals(decodedSplitted[0])
- || !pass.equals(decodedSplitted[1])) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN);
- } else {
- // update JVM values
- final Runtime runtime = Runtime.getRuntime();
- SavaUtils.setGaugeValue("jvm_max_memory", (double) runtime.maxMemory());
- SavaUtils.setGaugeValue("jvm_used_memory", (double) (runtime.totalMemory() - runtime.freeMemory()));
- SavaUtils.setGaugeValue("jvm_total_memory", (double) runtime.totalMemory());
- SavaUtils.setGaugeValue("jvm_free_memory", (double) runtime.freeMemory());
- // continue with the servlet
- super.doGet(req, resp);
+ try {
+ // credentials are encoded in Base64, prefixed with "Basic "
+ // removing the prefix
+ final String trimmed = req.getHeader("Authorization").replace("Basic ", "");
+ // decoding the sentence
+ final byte[] decodedBytes = Base64.getDecoder().decode(trimmed);
+ final String decoded = new String(decodedBytes, StandardCharsets.UTF_8);
+ // the credentials are given in the form username:password
+ // splitting the sentence
+ final String[] decodedSplitted = decoded.split(":");
+ // making the checks
+ if (decodedSplitted.length == 2 && key.equals(decodedSplitted[0])
+ && pass.equals(decodedSplitted[1])) {
+ // update JVM values
+ final Runtime runtime = Runtime.getRuntime();
+ SavaUtils.setGaugeValue("jvm_max_memory", (double) runtime.maxMemory());
+ SavaUtils.setGaugeValue("jvm_used_memory", (double) (runtime.totalMemory() - runtime.freeMemory()));
+ SavaUtils.setGaugeValue("jvm_total_memory", (double) runtime.totalMemory());
+ SavaUtils.setGaugeValue("jvm_free_memory", (double) runtime.freeMemory());
+ // continue with the servlet
+ super.doGet(req, resp);
+ }
+ } catch (final Exception e) {
+ LOGGER.warn("Received a bad request");
+ LOGGER.catching(Level.WARN, e);
}
}
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
}
/**
@@ -128,6 +134,6 @@ public class MetricsBasicAuthServlet extends MetricsServlet {
*/
@Override
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws IOException {
- // Do nothing
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN);
}
}