/* ==================================================================== * * Copyright (C) 2015 GeoSolutions S.A.S. * http://www.geo-solutions.it * * GPLv3 + Classpath exception * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. * * ==================================================================== * * This software consists of voluntary contributions made by developers * of GeoSolutions. For more information on GeoSolutions, please see * <http://www.geo-solutions.it/>. * */ package it.geosolutions.geostore.services.rest.security; import it.geosolutions.geostore.core.model.User; import it.geosolutions.geostore.core.model.UserAttribute; import java.util.Collection; import org.apache.log4j.Logger; import org.springframework.security.core.Authentication; /** * Token based authentication filter that looks for the token in a user attribute. * * The attribute name is configurable (defaults to UUID). * * @author Mauro Bartolomeoli * */ public class UserAttributeTokenAuthenticationFilter extends TokenAuthenticationFilter { private final static Logger LOGGER = Logger.getLogger(UserAttributeTokenAuthenticationFilter.class); private String attributeName = "UUID"; public void setAttributeName(String attributeName) { this.attributeName = attributeName; } @Override protected Authentication checkToken(String token) { UserAttribute attribute = new UserAttribute(); attribute.setName(attributeName); attribute.setValue(token); // looks for user(s) having the specified attribute with the given // token value Collection<User> users = userService.getByAttribute(attribute); // the token is considered valid if only 1 user matches if(users.size() == 1) { User user = users.iterator().next(); return createAuthenticationForUser(user); } else if(users.size() > 1) { LOGGER.error("Too many users matching the given token. Only one is allowed for a token to be valid!"); } else { LOGGER.error("No users matching the given token."); } return null; } }