Java tutorial
/* * @(#)PreAuthenticatedUserFilter.java 1.0 04/12/2015 * * Copyright (c) 2015, Embraer. All rights reserved. Embraer S/A * proprietary/confidential. Use is subject to license terms. */ package authentication; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter; /** * A classe <code>PreAuthenticatedUserFilter</code> o filtro responsvel por * recuperar o token do usurio no header de uma requisio e retorn-lo, para * que posteriormente as implementaes de <code>AuthenticationManager</code> de * cada aplicao possam recuperar os dados do usurio no Embraer Account, a * partir do token, e colocar o usurio no contexto de segurana do Spring. * * Caso o filtro verifique a ausncia do token no header da requisio, ser * retornado no response o HttpStatus com o cdigo 403. * * @author Roberto Perillo * @version 1.0 04/12/2015 */ public class PreAuthenticatedUserFilter extends AbstractPreAuthenticatedProcessingFilter { private static final String AUTHORIZATION = "Authorization"; /** {@inheritDoc} */ @Override protected String getPreAuthenticatedPrincipal(final HttpServletRequest request) { return request.getHeader(AUTHORIZATION) != null ? (String) request.getHeader(AUTHORIZATION) : request.getParameter(AUTHORIZATION); } /** {@inheritDoc} */ @Override protected Object getPreAuthenticatedCredentials(final HttpServletRequest request) { return null; } /** {@inheritDoc} */ @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { final HttpServletRequest req = (HttpServletRequest) request; try { super.doFilter(request, response, chain); } finally { SecurityContextHolder.clearContext(); final HttpSession session = req.getSession(false); if (session != null) { session.removeAttribute("SPRING_SECURITY_CONTEXT"); } } } }