Review-> Scehduler ->add java commons-codec for Base64 operations

flake.nix

@@ -23,7 +23,6 @@
             buildInputs = with pkgs; [
               act
               actionlint
-              apacheHttpd # temporarily needed to calc bcrypt-hash on command-line
               bosh-cli
               cloudfoundry-cli
               fly
@@ -53,7 +52,6 @@
               #
               # jdwpkgs.rubyPackages.cf-uaac
               shellcheck
-              sonar-scanner-cli # temporarily needed to use the sonar-scanner-cli
               temurin-bin
               yq-go
             ];

src/scheduler/pom.xml

@@ -90,6 +90,11 @@
             <artifactId>commons-dbcp2</artifactId>
             <version>2.9.0</version>
         </dependency>
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.15</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents.client5</groupId>
             <artifactId>httpclient5</artifactId>

src/scheduler/src/main/java/org/cloudfoundry/autoscaler/scheduler/rest/BasicAuthenticationFilter.java

@@ -17,17 +17,19 @@
 import org.apache.commons.codec.binary.Base64;
 import org.cloudfoundry.autoscaler.scheduler.conf.HealthServerConfiguration;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpHeaders;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 
 @Slf4j
 @Component
 @Order(2)
 public class BasicAuthenticationFilter implements Filter {
-  private static final Map<String, Boolean> protectedEndpointsMap;
+  private static final String WWW_AUTHENTICATE_VALUE = "Basic";
+  private static final Map<String, Boolean> validProtectedEndpointsMap;
 
   static {
-    protectedEndpointsMap =
+    validProtectedEndpointsMap =
         Map.of(
             "/health/prometheus", true,
             "/health/liveness", true);
@@ -61,7 +63,7 @@ public void doFilter(
         log.warn(
             "Health configuration: invalid unprotectedEndpoints provided: "
                 + validateMap.get("invalidEndpoints"));
-        httpResponse.setHeader("WWW-Authenticate", "Basic");
+        httpResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE);
         httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         return;
       }
@@ -75,7 +77,7 @@ public void doFilter(
                 + httpRequest.getRequestURI()
                 + " \nValid unprotected endpoints are: "
                 + allowedEndpointsWithoutBasicAuth);
-        httpResponse.setHeader("WWW-Authenticate", "Basic");
+        httpResponse.setHeader("WWW-Authenticate", WWW_AUTHENTICATE_VALUE);
         httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
         return;
       }
@@ -91,18 +93,19 @@ private void isUserAuthenticatedOrSendError(
     if (healthServerConfiguration.getUsername() == null
         || healthServerConfiguration.getPassword() == null) {
       log.error("Health configuration: username || password not set");
-      httpResponse.setHeader("WWW-Authenticate", "Basic");
+      httpResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE);
       httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
       return;
     }
     if (authorizationHeader == null) {
       log.error("Basic authentication not provided with the request");
-      httpResponse.setHeader("WWW-Authenticate", "Basic");
+      httpResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE);
       httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
       return;
     }
 
-    String base64Credentials = authorizationHeader.substring("Basic".length()).trim();
+    String base64Credentials =
+        authorizationHeader.substring(WWW_AUTHENTICATE_VALUE.length()).trim();
     byte[] credDecoded = Base64.decodeBase64(base64Credentials);
     String credentials = new String(credDecoded);
     String[] tokens = credentials.split(":");
@@ -115,16 +118,16 @@ private void isUserAuthenticatedOrSendError(
     String password = tokens[1];
 
     if (!areBasicAuthCredentialsCorrect(username, password)) {
-      httpResponse.setHeader("WWW-Authenticate", "Basic");
+      httpResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE);
       httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
       return;
     }
 
-    if (authorizationHeader != null && isUserAuthenticated(authorizationHeader)) {
+    if (isUserAuthenticated(authorizationHeader)) {
       // allow access to health endpoints
       filterChain.doFilter(httpRequest, httpResponse);
     } else {
-      httpResponse.setHeader("WWW-Authenticate", "Basic");
+      httpResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, WWW_AUTHENTICATE_VALUE);
       httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
     }
   }
@@ -133,7 +136,7 @@ private Map<String, Boolean> checkValidEndpoints(List<String> unprotectedEndpoin
 
     Map<String, Boolean> invalidEndpointsMap = new HashMap<>();
     for (String unprotectedEndpoint : unprotectedEndpointsConfig) {
-      if (!protectedEndpointsMap.containsKey(unprotectedEndpoint)) {
+      if (!validProtectedEndpointsMap.containsKey(unprotectedEndpoint)) {
         invalidEndpointsMap.put(unprotectedEndpoint, true);
       }
     }
@@ -145,9 +148,10 @@ private static Map<String, Boolean> getMapFromList(List<String> unprotectedEndpo
         .collect(Collectors.toMap(endpoint -> endpoint, endpoint -> true, (a, b) -> b));
   }
 
-  private List<String> areEndpointsAuthorized(Map unprotectedEndpointsConfig, String requestURI) {
+  private List<String> areEndpointsAuthorized(
+      Map<String, Boolean> unprotectedEndpointsConfig, String requestURI) {
     Map<String, Boolean> resultUnprotectedEndpoints = new HashMap<>();
-    for (Map.Entry<String, Boolean> protectedEndpoint : protectedEndpointsMap.entrySet()) {
+    for (Map.Entry<String, Boolean> protectedEndpoint : validProtectedEndpointsMap.entrySet()) {
       if (unprotectedEndpointsConfig.containsKey(protectedEndpoint.getKey())) {
         resultUnprotectedEndpoints.put(protectedEndpoint.getKey(), false);
       }