TokenAuthenticationService.java

package org.dicadeveloper.weplantaforest.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;

import org.dicadeveloper.weplantaforest.common.errorHandling.IpatException;
import org.dicadeveloper.weplantaforest.user.User;
import org.dicadeveloper.weplantaforest.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Service;

import lombok.NonNull;

@Service
public class TokenAuthenticationService {

    private static final String AUTH_HEADER_NAME = "X-AUTH-TOKEN";
    
    private final static String ANONYMOUS_TOKEN = "anonym-user";

    private final TokenHandler tokenHandler;
    
    private @NonNull UserService _userHelper;

    @Autowired
    public TokenAuthenticationService(@Value("${token.secret}") String secret, UserService userHelper) {
        tokenHandler = new TokenHandler(DatatypeConverter.parseBase64Binary(secret));
        this._userHelper = userHelper;
    }

    public void addAuthentication(HttpServletResponse response, UserAuthentication authentication) {
        final User user = authentication.getDetails();
        // user.setExpires(System.currentTimeMillis() + TEN_DAYS);
        response.addHeader(AUTH_HEADER_NAME, tokenHandler.createTokenForUser(user));
    }

    public Authentication getAuthentication(HttpServletRequest request) {
        final String token = request.getHeader(AUTH_HEADER_NAME);
        if (token != null) {
            final User user = tokenHandler.parseUserFromToken(token);
            if (user != null) {
                return new UserAuthentication(user);
            }
        }
        return null;
    }

    public User getUserFromToken(String userToken) {
        if (userToken != null) {
            final User user = tokenHandler.parseUserFromToken(userToken);
            return user;
        }
        return null;
    }
    
    public User getBuyer(String userToken) throws IpatException {
             User buyer = getUserFromToken(userToken);
            if (buyer != null) {
            } else if (userToken.equals(ANONYMOUS_TOKEN)) {
                buyer = _userHelper.createAnonymous();
            }
            return buyer;
        
    }

    public String getTokenFromUser(User user) {
        if (user != null) {
            final String token = tokenHandler.createTokenForUser(user);
            return token;
        }
        return null;
    }

    public boolean isAuthenticatedUser(String userToken, String userName) {
        if (userToken != "") {
            final User user = tokenHandler.parseUserFromToken(userToken);
            if (user != null && user.getName()
                                    .equals(userName)) {
                return true;
            }
        }
        return false;
    }
    

    public boolean isAdmin(String userToken) {
        if (userToken != "") {
            final User user = tokenHandler.parseUserFromToken(userToken);
            return user.isAdmin();
        }
        return false;
    }
}