Java tutorial
/** * Copyright 2016 dryTools doo * Email: contact@drytools.co * * This file is part of todo. * * todo is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * todo is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with todo. If not, see <http://www.gnu.org/licenses/>.* **/ package com.todo.backend.security; import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.JwtException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.StringUtils; import org.springframework.web.filter.GenericFilterBean; import javax.annotation.Nonnull; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Optional; public class JWTFilter extends GenericFilterBean { private final Logger log = LoggerFactory.getLogger(JWTFilter.class); private static final String AUTHORIZATION = "Authorization"; private static final String BEARER = "Bearer "; private final String secretKey; public JWTFilter(@Nonnull String secretKey) { this.secretKey = secretKey; } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { try { final HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest; final Optional<String> jwtToken = extractToken(httpServletRequest); if (jwtToken.isPresent()) { final Authentication authentication = JWTUtils.getAuthentication(jwtToken.get(), secretKey); SecurityContextHolder.getContext().setAuthentication(authentication); } filterChain.doFilter(servletRequest, servletResponse); } catch (ExpiredJwtException e) { log.debug("Security exception for user {} - {}. Expired token.", e.getClaims().getSubject(), e.getMessage()); ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication token expired!"); } catch (JwtException e) { log.debug("Authentication token is invalid. {}", e.getMessage()); ((HttpServletResponse) servletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authentication token is invalid!"); } } private Optional<String> extractToken(HttpServletRequest request) { final String bearerToken = request.getHeader(AUTHORIZATION); if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(BEARER)) { final String jwtToken = bearerToken.substring(BEARER.length(), bearerToken.length()); return Optional.of(jwtToken); } return Optional.empty(); } }