CustomTokenBasedAthenticationFilter.java example

Explorer
coprhd-controller-master
/*
 * Copyright (c) 2013 EMC Corporation
 * All Rights Reserved
 */
package com.emc.storageos.auth.impl;

import java.io.IOException;

import com.emc.storageos.security.authentication.StorageOSUser;
import com.emc.storageos.security.authentication.TokenBasedAuthenticationFilter;
import com.emc.storageos.svcs.errorhandling.resources.APIException;
import com.emc.storageos.svcs.errorhandling.resources.InternalException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Custom token based filter for authsvc. Special case for /user/; unauthenticated request to that URI
 * get forwarded with 302. Others go through authsvc to get processed there (new tokens etc.)
 */
public class CustomTokenBasedAthenticationFilter extends TokenBasedAuthenticationFilter {

    private final Logger _log = LoggerFactory.getLogger(CustomTokenBasedAthenticationFilter.class);

    @Override
    protected AbstractRequestWrapper authenticate(final ServletRequest servletRequest) {
        final StorageOSUser user = getStorageOSUserFromRequest(servletRequest, true);
        return new AbstractRequestWrapper((HttpServletRequest) servletRequest, user);
    }

    // This filter will forward to authsvc only if the resource is /user and there is no
    // authenticated context. Else, just let it through to authsvc (it will know what to
    // to do)
    @Override
    public void doFilter(final ServletRequest servletRequest,
            final ServletResponse servletResponse,
            final FilterChain filterChain) throws IOException, ServletException {
        final HttpServletResponse response = (HttpServletResponse) servletResponse;
        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        AbstractRequestWrapper reqWrapper = null;
        try {
            reqWrapper = authenticate(servletRequest);
        } catch (APIException e) {
            _log.debug("unauthorized request: serviceUrl = " + request.getRequestURI(), e);
            response.sendError(toHTTPStatus(e), toServiceErrorXml(e));
            return;
        } catch (final InternalException e) {
            response.sendError(toHTTPStatus(e), toServiceErrorXml(e));
            return;
        }
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        String uri = req.getRequestURI();
        if (reqWrapper.getUserPrincipal() == null && uri.toLowerCase().startsWith("/user/")) {
            forwardToAuthService(request, response);
        } else {
            forwardToService(servletRequest, servletResponse, reqWrapper);
        }
    }
}