diff --git a/dmp-backend/src/main/java/rest/entities/DMPs.java b/dmp-backend/src/main/java/rest/entities/DMPs.java index bad97c52c..c7bb4a4ce 100644 --- a/dmp-backend/src/main/java/rest/entities/DMPs.java +++ b/dmp-backend/src/main/java/rest/entities/DMPs.java @@ -8,7 +8,6 @@ import java.util.stream.Collectors; import javax.transaction.Transactional; import org.apache.commons.lang3.SerializationUtils; -import org.junit.internal.builders.AllDefaultPossibilitiesBuilder; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; diff --git a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java index dd3c92938..d244df8d7 100644 --- a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java +++ b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java @@ -32,11 +32,9 @@ public class CustomAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { - if (authentication != null) { String token = (String)authentication.getCredentials(); - TokenValidator tokenValidator = null; if(TokenAuthenticationFilter.HEADER_GOOGLE_TOKEN_FIELD.equals(authentication.getPrincipal())) @@ -61,6 +59,7 @@ public class CustomAuthenticationProvider implements AuthenticationProvider { // if reached this point, authentication is ok, so return just an instance with whatever. return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>()); + } else throw new AuthenticationServiceException("Authentication failed"); diff --git a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java index a38204eba..fbb2eda06 100644 --- a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java +++ b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java @@ -7,6 +7,7 @@ import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; @@ -15,19 +16,19 @@ import org.springframework.web.filter.GenericFilterBean; public class TokenAuthenticationFilter extends GenericFilterBean { +// public static final String HEADER_TOKEN_FIELD = "Authorization"; + public static final String HEADER_NATIVE_TOKEN_FIELD = "native-token"; public static final String HEADER_GOOGLE_TOKEN_FIELD = "google-token"; - public static final char HEADERNAME_USERNAME_DELIMITER = 0x1e; //specially crafted delimiter @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { - final HttpServletRequest httpRequest = (HttpServletRequest) request; - + final HttpServletRequest httpRequest = (HttpServletRequest) request; + String nativeToken = httpRequest.getHeader(HEADER_NATIVE_TOKEN_FIELD); String googleToken = httpRequest.getHeader(HEADER_GOOGLE_TOKEN_FIELD); - //just pass the header, the username and the token into the credentials object of the UsernamePasswordAuthenticationToken class UsernamePasswordAuthenticationToken authentication = null; if(nativeToken != null) @@ -35,11 +36,30 @@ public class TokenAuthenticationFilter extends GenericFilterBean { if(googleToken != null) authentication = new UsernamePasswordAuthenticationToken(HEADER_GOOGLE_TOKEN_FIELD, googleToken); - SecurityContextHolder.getContext().setAuthentication(authentication); - chain.doFilter(request, response); + + + + final HttpServletResponse httpResponse = (HttpServletResponse) response; + + httpResponse.setHeader("Access-Control-Allow-Origin", "*"); + httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); + httpResponse.setHeader("Access-Control-Max-Age", "7200"); + httpResponse.setHeader("Access-Control-Allow-Headers", "content-type, "+HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD); +// httpResponse.addHeader("Access-Control-Expose-Headers", "xsrf-token , " +HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD); + + + if ("OPTIONS".equals(httpRequest.getMethod())) { + httpResponse.setStatus(HttpServletResponse.SC_OK); + } + else { + chain.doFilter(httpRequest, httpResponse); + } } + + + } diff --git a/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml b/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml index 4b7e18fac..2abfd9bc6 100644 --- a/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml +++ b/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml @@ -17,6 +17,10 @@ + + + + diff --git a/dmp-backend/src/main/webapp/WEB-INF/web.xml b/dmp-backend/src/main/webapp/WEB-INF/web.xml index 36f94ae55..00096c71c 100644 --- a/dmp-backend/src/main/webapp/WEB-INF/web.xml +++ b/dmp-backend/src/main/webapp/WEB-INF/web.xml @@ -54,8 +54,7 @@ contextConfigLocation - /WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml - + /WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml 30