Search in sources :

Example 1 with WebAuthenticationDetailsSource

use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project nikita-noark5-core by HiOA-ABI.

the class JwtAuthenticationTokenFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    String authToken = request.getHeader(this.tokenHeader);
    String username = jwtTokenUtil.getUsernameFromToken(authToken);
    logger.info("checking authentication für user " + username);
    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
        // It is not compelling necessary to load the use details from the database. You could also store the information
        // in the token and read it from it. It's up to you ;)
        UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
        // the database compellingly. Again it's up to you ;)
        if (jwtTokenUtil.validateToken(authToken, userDetails)) {
            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            logger.info("authenticated user " + username + ", setting security context");
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
    }
    chain.doFilter(request, response);
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)

Example 2 with WebAuthenticationDetailsSource

use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project ArachneCentralAPI by OHDSI.

the class AuthenticationTokenFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException, AuthenticationException {
    try {
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        String authToken = httpRequest.getHeader(tokenHeader);
        if (authToken == null && httpRequest.getCookies() != null) {
            for (Cookie cookie : httpRequest.getCookies()) {
                if (cookie.getName().equalsIgnoreCase(tokenHeader)) {
                    authToken = cookie.getValue();
                }
            }
        }
        if (authToken != null) {
            String username = this.tokenUtils.getUsernameFromToken(authToken);
            if (tokenUtils.isExpired(authToken)) {
                if (((HttpServletRequest) request).getRequestURI().startsWith("/api")) {
                    if (username != null) {
                        throw new BadCredentialsException("token expired");
                    }
                }
            }
            if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
                UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
                if (this.tokenUtils.validateToken(authToken, userDetails)) {
                    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                    authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
                    SecurityContextHolder.getContext().setAuthentication(authentication);
                    TenantContext.setCurrentTenant(((ArachneUser) userDetails).getActiveTenantId());
                }
            }
        }
        chain.doFilter(request, response);
    } catch (AuthenticationException ex) {
        logger.debug(ex.getMessage(), ex);
        ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        JsonResult<Boolean> result = new JsonResult<>(JsonResult.ErrorCode.UNAUTHORIZED);
        result.setResult(Boolean.FALSE);
        response.getOutputStream().write(objectMapper.writeValueAsString(result).getBytes());
        response.setContentType("application/json");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) UserDetails(org.springframework.security.core.userdetails.UserDetails) AuthenticationException(org.springframework.security.core.AuthenticationException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource) JsonResult(com.odysseusinc.arachne.commons.api.v1.dto.util.JsonResult)

Example 3 with WebAuthenticationDetailsSource

use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project neweagle-api by apgzs.

the class AuthenticationTokenFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpRequest = (HttpServletRequest) request;
    String authHeader = httpRequest.getHeader(TOKEN_HEADER);
    if (authHeader == null || !authHeader.startsWith(AbstractTokenUtil.TOKEN_TYPE_BEARER)) {
        chain.doFilter(request, response);
        return;
    }
    final String authToken = StringHelper.substring(authHeader, 7);
    String username = StringHelper.isNotBlank(authToken) ? jwtTokenUtil.getUsernameFromToken(authToken) : null;
    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null && jwtTokenUtil.validateToken(authToken)) {
        UserDetails userDetails = jwtTokenUtil.getUserDetails(authToken);
        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest));
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }
    chain.doFilter(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserDetails(org.springframework.security.core.userdetails.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)

Example 4 with WebAuthenticationDetailsSource

use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project code-chill by CodeChillAlluna.

the class JwtAuthenticationTokenFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    final String requestHeader = request.getHeader(this.tokenHeader);
    String username = null;
    String authToken = null;
    if (requestHeader != null && requestHeader.startsWith("Bearer ")) {
        authToken = requestHeader.substring(7);
        try {
            username = jwtTokenUtil.getUsernameFromToken(authToken);
        } catch (IllegalArgumentException e) {
            logger.error("an error occured during getting username from token", e);
        } catch (ExpiredJwtException e) {
            logger.warn("the token is expired and not valid anymore", e);
        }
    } else {
        logger.warn("couldn't find bearer string, will ignore the header");
    }
    logger.info("checking authentication for user " + username);
    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
        // It is not compelling necessary to load the use details from the database. You could also store the information
        // in the token and read it from it. It's up to you ;)
        UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
        // the database compellingly. Again it's up to you ;)
        if (jwtTokenUtil.validateToken(authToken, userDetails)) {
            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            logger.info("authenticated user " + username + ", setting security context");
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
    }
    chain.doFilter(request, response);
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) ExpiredJwtException(io.jsonwebtoken.ExpiredJwtException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)

Example 5 with WebAuthenticationDetailsSource

use of org.springframework.security.web.authentication.WebAuthenticationDetailsSource in project motan by weibocom.

the class AuthenticationTokenProcessingFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpServletRequest = getAsHttpRequest(request);
    String authToken = extractAuthTokenFromRequest(httpServletRequest);
    String username = TokenUtils.getUserNameFromToken(authToken);
    if (username != null) {
        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
        if (TokenUtils.validateToken(authToken, userDetails)) {
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        }
    }
    chain.doFilter(request, response);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserDetails(org.springframework.security.core.userdetails.UserDetails) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) WebAuthenticationDetailsSource(org.springframework.security.web.authentication.WebAuthenticationDetailsSource)

Aggregations

WebAuthenticationDetailsSource (org.springframework.security.web.authentication.WebAuthenticationDetailsSource)6 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 UserDetails (org.springframework.security.core.userdetails.UserDetails)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 JsonResult (com.odysseusinc.arachne.commons.api.v1.dto.util.JsonResult)1 ExpiredJwtException (io.jsonwebtoken.ExpiredJwtException)1 Cookie (javax.servlet.http.Cookie)1 BaseConfig (org.nzbhydra.config.BaseConfig)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)1 JdbcTokenRepositoryImpl (org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl)1