View Javadoc
1   package net.sumaris.server.http.security;
2   
3   /*-
4    * #%L
5    * SUMARiS:: Server
6    * %%
7    * Copyright (C) 2018 - 2019 SUMARiS Consortium
8    * %%
9    * This program is free software: you can redistribute it and/or modify
10   * it under the terms of the GNU General Public License as
11   * published by the Free Software Foundation, either version 3 of the
12   * License, or (at your option) any later version.
13   * 
14   * This program is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17   * GNU General Public License for more details.
18   * 
19   * You should have received a copy of the GNU General Public
20   * License along with this program.  If not, see
21   * <http://www.gnu.org/licenses/gpl-3.0.html>.
22   * #L%
23   */
24  
25  import org.apache.commons.lang3.StringUtils;
26  import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
27  import org.springframework.security.core.Authentication;
28  import org.springframework.security.core.AuthenticationException;
29  import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
30  import org.springframework.security.web.util.matcher.RequestMatcher;
31  
32  import javax.servlet.FilterChain;
33  import javax.servlet.ServletException;
34  import javax.servlet.http.HttpServletRequest;
35  import javax.servlet.http.HttpServletResponse;
36  import java.io.IOException;
37  
38  import static java.util.Optional.ofNullable;
39  import static org.apache.commons.lang3.StringUtils.removeStart;
40  import static org.springframework.http.HttpHeaders.AUTHORIZATION;
41  
42  /**
43   * @author peck7 on 03/12/2018.
44   */
45  public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
46  
47      private static final String TOKEN = "token";
48  
49      protected TokenAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) {
50          super(requiresAuthenticationRequestMatcher);
51      }
52  
53      @Override
54      public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
55  
56          final String param = ofNullable(request.getHeader(AUTHORIZATION))
57                  .orElse(request.getParameter("t"));
58  
59          final String token = ofNullable(param)
60                  .map(value -> removeStart(value, TOKEN))
61                  .map(StringUtils::trimToNull)
62                  .orElse(AnonymousUser.TOKEN);
63  
64          final Authentication auth = new UsernamePasswordAuthenticationToken(token, token);
65          return getAuthenticationManager().authenticate(auth);
66      }
67  
68      @Override
69      protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
70          super.successfulAuthentication(request, response, chain, authResult);
71          chain.doFilter(request, response);
72      }
73  }