added a check on token
This commit is contained in:
parent
d802128641
commit
b17a1e272b
|
@ -2,7 +2,6 @@ package security;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
|
@ -10,12 +9,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.token.Token;
|
|
||||||
import org.springframework.security.core.token.TokenService;
|
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
import org.springframework.web.context.request.RequestAttributes;
|
|
||||||
import org.springframework.web.context.request.RequestContextHolder;
|
|
||||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
|
||||||
|
|
||||||
import dao.entities.security.UserInfoDao;
|
import dao.entities.security.UserInfoDao;
|
||||||
import entities.security.UserInfo;
|
import entities.security.UserInfo;
|
||||||
|
@ -47,12 +41,13 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
|
||||||
UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail());
|
UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail());
|
||||||
if(existingUserInfo == null)
|
if(existingUserInfo == null)
|
||||||
userInfoDao.create(userInfo);
|
userInfoDao.create(userInfo);
|
||||||
|
|
||||||
|
// if reached this point, authentication is ok
|
||||||
|
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
throw new AuthenticationServiceException("Authentication failed");
|
throw new AuthenticationServiceException("Authentication failed");
|
||||||
|
|
||||||
//authentication is ok
|
|
||||||
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,9 +5,6 @@ import java.security.GeneralSecurityException;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.springframework.http.HttpStatus;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
|
||||||
|
|
||||||
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
|
||||||
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
|
||||||
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
|
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
|
||||||
|
|
|
@ -12,8 +12,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.web.filter.GenericFilterBean;
|
import org.springframework.web.filter.GenericFilterBean;
|
||||||
|
|
||||||
import entities.security.UserInfo;
|
|
||||||
import exceptions.NonValidTokenException;
|
|
||||||
|
|
||||||
public class TokenAuthenticationFilter extends GenericFilterBean {
|
public class TokenAuthenticationFilter extends GenericFilterBean {
|
||||||
|
|
||||||
|
@ -25,7 +23,8 @@ public class TokenAuthenticationFilter extends GenericFilterBean {
|
||||||
|
|
||||||
final HttpServletRequest httpRequest = (HttpServletRequest) request;
|
final HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||||
|
|
||||||
final String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD);
|
String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD);
|
||||||
|
if(accessToken==null) accessToken = "";
|
||||||
//just pass the token into the credentials object of the UsernamePasswordAuthenticationToken class
|
//just pass the token into the credentials object of the UsernamePasswordAuthenticationToken class
|
||||||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("google-user", accessToken);
|
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("google-user", accessToken);
|
||||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||||
|
|
Loading…
Reference in New Issue