added a check on token

This commit is contained in:
Nikolaos Laskaris 2017-09-28 13:41:08 +03:00
parent d802128641
commit b17a1e272b
3 changed files with 6 additions and 15 deletions

View File

@ -2,7 +2,6 @@ package security;
import java.util.ArrayList; import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
@ -10,12 +9,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.token.Token;
import org.springframework.security.core.token.TokenService;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import dao.entities.security.UserInfoDao; import dao.entities.security.UserInfoDao;
import entities.security.UserInfo; import entities.security.UserInfo;
@ -47,12 +41,13 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail()); UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail());
if(existingUserInfo == null) if(existingUserInfo == null)
userInfoDao.create(userInfo); userInfoDao.create(userInfo);
// if reached this point, authentication is ok
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
} }
else else
throw new AuthenticationServiceException("Authentication failed"); throw new AuthenticationServiceException("Authentication failed");
//authentication is ok
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
} }

View File

@ -5,9 +5,6 @@ import java.security.GeneralSecurityException;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;

View File

@ -12,8 +12,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean; import org.springframework.web.filter.GenericFilterBean;
import entities.security.UserInfo;
import exceptions.NonValidTokenException;
public class TokenAuthenticationFilter extends GenericFilterBean { public class TokenAuthenticationFilter extends GenericFilterBean {
@ -25,7 +23,8 @@ public class TokenAuthenticationFilter extends GenericFilterBean {
final HttpServletRequest httpRequest = (HttpServletRequest) request; final HttpServletRequest httpRequest = (HttpServletRequest) request;
final String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD); String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD);
if(accessToken==null) accessToken = "";
//just pass the token into the credentials object of the UsernamePasswordAuthenticationToken class //just pass the token into the credentials object of the UsernamePasswordAuthenticationToken class
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("google-user", accessToken); final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("google-user", accessToken);
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);