added a check on token
This commit is contained in:
parent
d802128641
commit
b17a1e272b
|
@ -2,7 +2,6 @@ package security;
|
|||
|
||||
import java.util.ArrayList;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
|
@ -10,12 +9,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
|
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.token.Token;
|
||||
import org.springframework.security.core.token.TokenService;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import dao.entities.security.UserInfoDao;
|
||||
import entities.security.UserInfo;
|
||||
|
@ -47,12 +41,13 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
|
|||
UserInfo existingUserInfo = userInfoDao.getByKey(userInfo.getId(), userInfo.getEmail());
|
||||
if(existingUserInfo == null)
|
||||
userInfoDao.create(userInfo);
|
||||
|
||||
// if reached this point, authentication is ok
|
||||
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
|
||||
}
|
||||
else
|
||||
throw new AuthenticationServiceException("Authentication failed");
|
||||
|
||||
//authentication is ok
|
||||
return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -5,9 +5,6 @@ import java.security.GeneralSecurityException;
|
|||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
|
||||
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload;
|
||||
|
|
|
@ -12,8 +12,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
|||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
|
||||
import entities.security.UserInfo;
|
||||
import exceptions.NonValidTokenException;
|
||||
|
||||
public class TokenAuthenticationFilter extends GenericFilterBean {
|
||||
|
||||
|
@ -25,7 +23,8 @@ public class TokenAuthenticationFilter extends GenericFilterBean {
|
|||
|
||||
final HttpServletRequest httpRequest = (HttpServletRequest) request;
|
||||
|
||||
final String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD);
|
||||
String accessToken = httpRequest.getHeader(HEADER_TOKEN_FIELD);
|
||||
if(accessToken==null) accessToken = "";
|
||||
//just pass the token into the credentials object of the UsernamePasswordAuthenticationToken class
|
||||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("google-user", accessToken);
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
|
|
Loading…
Reference in New Issue