AbstractAuthenticatedController.java

/*
 * Copyright (c) 2015. Bearchoke
 */

package com.bearchoke.platform.server.common.web.controller;

import com.bearchoke.platform.base.SpringSecurityHelper;
import com.bearchoke.platform.server.common.ServerConstants;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.messaging.simp.stomp.StompHeaderAccessor;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/**
 * Created by Bjorn Harvold
 * Date: 10/15/14
 * Time: 7:33 PM
 * Responsibility:
 */
public abstract class AbstractAuthenticatedController {
    private final static Logger log = LoggerFactory.getLogger(AbstractAuthenticatedController.class);

    @Autowired
    @Qualifier("preAuthAuthenticationManager")
    public AuthenticationManager preAuthAuthenticationManager;

    protected void authenticate(StompHeaderAccessor accessor) {
        String authToken = accessor.getFirstNativeHeader(ServerConstants.X_AUTH_TOKEN);

        if (log.isDebugEnabled() && StringUtils.isNotEmpty(authToken)) {
            log.debug("Header auth token: " + authToken);
        }

        if (StringUtils.isNotBlank(authToken)) {

            // set cached authenticated user back in the spring security context
            Authentication authentication = preAuthAuthenticationManager.authenticate(new PreAuthenticatedAuthenticationToken(authToken, "N/A"));

            if (log.isDebugEnabled()) {
                log.debug("Adding Authentication to SecurityContext for WebSocket call: " + authentication);
            }

            SpringSecurityHelper.setAuthentication(authentication);

        }
    }
}