How to authorize any request coming from VRT in custom service?

I have a custom service created in for eg Java. My question is since all the authentication is handled by VRT, how my service going to verify

1. whether the request is authnticated or not
2. check resource requested is authorized
3. check that Request is not bypassing the authentication via VRT or someone is not accessing it directly.

@Vikas_Dhillon @naks @Mayank @naveen.gupta @shivang.garg

Currently for any intranet communication, no authentication is required. i.e. two microservice on VRT server can communicate without authentication or authorization.

For any internet Communication , we must create a service with required session scope(USER,DEVICE,WITOUT). i.e. any client (Mobile/Web/Others) will communicate through service only, here both authentication and authorization performed as per Vahana Standards.

But this may cause vulnerability in the internal API’s.

What if internal API require some kind of authentication?

We can easily implement token based authentication in our spring boot application.

1. create a access key for client.
2. when a client call then they pass below in header parameters:

 x-access-key:<your-key>

3. Add below code in spring boot application

@Component
public class RequestInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
        String accessKey = request.getHeader("x-access-key");
        // Check if accessKey is Valid then return true otherwise return false
        if ("your-access-key".equals(accessKey)) {
            PrintWriter out = response.getWriter();
            response.setContentType("application/json");
            response.setCharacterEncoding("UTF-8");
            response.setStatus(401);
            out.print("{\"message\":\"x-access-key not valid\"}");
            out.flush();
            return false;
        }
        return true;
    }
}