From b17a1e272b69199ef085b2154eeba8b16c4cdb54 Mon Sep 17 00:00:00 2001 From: Nikolaos Laskaris Date: Thu, 28 Sep 2017 13:41:08 +0300 Subject: [PATCH] added a check on token --- .../java/security/CustomAuthenticationProvider.java | 13 ++++--------- .../main/java/security/GoogleTokenValidator.java | 3 --- .../java/security/TokenAuthenticationFilter.java | 5 ++--- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java index f787b4787..dd797a0bc 100644 --- a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java +++ b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java @@ -2,7 +2,6 @@ package security; import java.util.ArrayList; -import javax.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationProvider; @@ -10,12 +9,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.token.Token; -import org.springframework.security.core.token.TokenService; import org.springframework.stereotype.Component; -import org.springframework.web.context.request.RequestAttributes; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; import dao.entities.security.UserInfoDao; import entities.security.UserInfo; @@ -47,14 +41,15 @@ public class CustomAuthenticationProvider implements AuthenticationProvider { UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail()); if(existingUserInfo == null) userInfoDao.create(userInfo); + + // if reached this point, authentication is ok + return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>()); } else throw new AuthenticationServiceException("Authentication failed"); - //authentication is ok - return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>()); - + } @Override diff --git a/dmp-backend/src/main/java/security/GoogleTokenValidator.java b/dmp-backend/src/main/java/security/GoogleTokenValidator.java index d9651989a..8e133d93c 100644 --- a/dmp-backend/src/main/java/security/GoogleTokenValidator.java +++ b/dmp-backend/src/main/java/security/GoogleTokenValidator.java @@ -5,9 +5,6 @@ import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.List; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; - import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; diff --git a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java index d4a4cf5f0..f9e968e33 100644 --- a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java +++ b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java @@ -12,8 +12,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.filter.GenericFilterBean; -import entities.security.UserInfo; -import exceptions.NonValidTokenException; public class TokenAuthenticationFilter extends GenericFilterBean { @@ -25,7 +23,8 @@ public class TokenAuthenticationFilter extends GenericFilterBean { final HttpServletRequest httpRequest = (HttpServletRequest) request; - final String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD); + String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD); + if(accessToken==null) accessToken = ""; //just pass the token into the credentials object of the UsernamePasswordAuthenticationToken class final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("google-user", accessToken); SecurityContextHolder.getContext().setAuthentication(authentication);