package fr.ippon.tatami.security.xauth; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.util.StringUtils; import org.springframework.web.filter.GenericFilterBean; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import java.io.IOException; /** * Filters incoming requests and installs a Spring Security principal * if a header corresponding to a valid user is found. */ public class XAuthTokenFilter extends GenericFilterBean { public final static String XAUTH_TOKEN_HEADER_NAME = "x-auth-token"; private UserDetailsService detailsService; private TokenProvider tokenProvider; public XAuthTokenFilter(UserDetailsService detailsService, TokenProvider tokenProvider) { this.detailsService = detailsService; this.tokenProvider = tokenProvider; } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { try { HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; String authToken = httpServletRequest.getHeader(XAUTH_TOKEN_HEADER_NAME); if (StringUtils.hasText(authToken) && authToken.split(":").length > 1) { String username = this.tokenProvider.getUserNameFromToken(authToken); UserDetails details = this.detailsService.loadUserByUsername(username); if (this.tokenProvider.validateToken(authToken, details)) { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(details, details.getPassword(), details.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(token); } } filterChain.doFilter(servletRequest, servletResponse); } catch (Exception ex) { throw new RuntimeException(ex); } } }