package org.activityinfo.server.authentication;
/*
* #%L
* ActivityInfo Server
* %%
* Copyright (C) 2009 - 2013 UNICEF
* %%
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program. If not, see
* <http://www.gnu.org/licenses/gpl-3.0.html>.
* #L%
*/
import com.google.common.base.Strings;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import net.lightoze.gwt.i18n.server.LocaleProxy;
import net.lightoze.gwt.i18n.server.ThreadLocalLocaleProvider;
import org.activityinfo.model.auth.AuthenticatedUser;
import org.activityinfo.server.database.hibernate.entity.Authentication;
import javax.persistence.EntityManager;
import javax.servlet.*;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
/**
* This filter tries to establish the identify of the connected user at the
* start of each request.
* <p/>
* <p/>
* If the request is successfully authenticated, it is stored in the
* {@link ServerSideAuthProvider}.
*/
@Singleton
public class AuthenticationFilter implements Filter {
private static final Logger LOGGER = Logger.getLogger(AuthenticationFilter.class.getName());
private final Provider<HttpServletRequest> request;
private final Provider<EntityManager> entityManager;
private final ServerSideAuthProvider authProvider;
private final BasicAuthentication basicAuthenticator;
private final LoadingCache<String, AuthenticatedUser> authTokenCache;
@Inject
public AuthenticationFilter(Provider<HttpServletRequest> request,
Provider<EntityManager> entityManager,
ServerSideAuthProvider authProvider,
BasicAuthentication basicAuthenticator) {
this.entityManager = entityManager;
this.request = request;
this.authProvider = authProvider;
this.basicAuthenticator = basicAuthenticator;
authTokenCache = CacheBuilder.newBuilder()
.maximumSize(10000)
.expireAfterAccess(6, TimeUnit.HOURS)
.build(new CacheLoader<String, AuthenticatedUser>() {
@Override
public AuthenticatedUser load(String authToken) throws Exception {
return queryAuthToken(authToken);
}
});
}
@Override
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
allowCrossOriginRequests((HttpServletResponse) response);
authProvider.clear();
String authToken = ((HttpServletRequest) request).getHeader("Authorization");
if (Strings.isNullOrEmpty(authToken)) {
authToken = authTokenFromCookie();
}
if (authToken != null) {
try {
AuthenticatedUser currentUser = authTokenCache.get(authToken);
authProvider.set(currentUser);
LOGGER.info("Setting locale to " + currentUser.getUserLocale());
} catch (Exception e) {
authProvider.clear();
}
}
ThreadLocalLocaleProvider.pushLocale(Locale.forLanguageTag(authProvider.get().getUserLocale()));
filterChain.doFilter(request, response);
}
private void allowCrossOriginRequests(HttpServletResponse response) {
// Allow all sites to make unauthenticated, cross-origin requests
response.addHeader("Access-Control-Allow-Origin", "*");
// cache cor permission for a full day
response.addHeader("Access-Control-Max-Age", Integer.toString(24 * 60 * 60));
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
private AuthenticatedUser queryAuthToken(String authToken) {
Authentication entity = entityManager.get().find(Authentication.class, authToken);
if (entity == null) {
// try as basic authentication
entity = basicAuthenticator.tryAuthenticate(authToken);
}
if (entity == null) {
throw new IllegalArgumentException();
}
AuthenticatedUser authenticatedUser = new AuthenticatedUser(authToken,
entity.getUser().getId(),
entity.getUser().getEmail());
authenticatedUser.setUserLocale(entity.getUser().getLocale());
return authenticatedUser;
}
private String authTokenFromCookie() {
Cookie[] cookies = request.get().getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(AuthenticatedUser.AUTH_TOKEN_COOKIE)) {
return cookie.getValue();
}
}
}
return null;
}
}