UserArgumentResolver.java

// Copyright © 2015 HSL <https://www.hsl.fi>
// This program is dual-licensed under the EUPL v1.2 and AGPLv3 licenses.

package fi.hsl.parkandride.front;

import static com.google.common.net.HttpHeaders.AUTHORIZATION;

import java.util.Base64;

import javax.annotation.Resource;

import org.slf4j.MDC;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

import com.google.common.base.Strings;

import fi.hsl.parkandride.MDCFilter;
import fi.hsl.parkandride.core.domain.User;
import fi.hsl.parkandride.core.service.AuthenticationRequiredException;
import fi.hsl.parkandride.core.service.AuthenticationService;

public class UserArgumentResolver implements HandlerMethodArgumentResolver {

    private static final String BEARER_PREFIX = "Bearer ";

    @Resource
    AuthenticationService authenticationService;

    @Override
    public boolean supportsParameter(MethodParameter parameter) {
        return User.class.equals(parameter.getParameterType());
    }

    @Override
    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
        String authorization = webRequest.getHeader(AUTHORIZATION);
        if (Strings.isNullOrEmpty(authorization)) {
            throw new AuthenticationRequiredException();
        }
        if (!authorization.startsWith(BEARER_PREFIX)) {
            throw new AuthenticationRequiredException();
        }
        String token = authorization.substring(BEARER_PREFIX.length()).trim();
        User user = authenticationService.authenticate(token);
        MDC.put(MDCFilter.Key.USERNAME, user.username);
        return user;
    }

}