Java tutorial
/* * Copyright 2014 nateriver. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package be.bittich.quote.security; import static be.bittich.quote.core.DynaUtil.extractAuthTokenFromRequest; import be.bittich.quote.service.TokenService; import be.bittich.quote.service.UserService; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.GenericFilterBean; /** * * @author nateriver */ @Component public class AuthenticationTokenProcessingFilter extends GenericFilterBean { @Autowired private UserService userService; @Autowired private TokenService tokenService; private static final Logger LOG = LoggerFactory.getLogger(AuthenticationTokenProcessingFilter.class); @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = this.getAsHttpRequest(request); String authToken = extractAuthTokenFromRequest(httpRequest); String username = tokenService.getUsernameFromToken(authToken); if (username != null) { UserDetails userDetails = this.userService.loadUserByUsername(username); if (tokenService.validateToken(authToken, request.getRemoteAddr(), userDetails)) { UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities()); authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpRequest)); SecurityContextHolder.getContext().setAuthentication(authentication); } } chain.doFilter(request, response); } private HttpServletRequest getAsHttpRequest(ServletRequest request) { if (!(request instanceof HttpServletRequest)) { throw new RuntimeException("Expecting an HTTP request"); } return (HttpServletRequest) request; } }