46 lines
1.7 KiB
Java
46 lines
1.7 KiB
Java
package security;
|
|
|
|
import java.io.IOException;
|
|
|
|
import javax.servlet.FilterChain;
|
|
import javax.servlet.ServletException;
|
|
import javax.servlet.ServletRequest;
|
|
import javax.servlet.ServletResponse;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
import org.springframework.web.filter.GenericFilterBean;
|
|
|
|
|
|
public class TokenAuthenticationFilter extends GenericFilterBean {
|
|
|
|
public static final String HEADER_NATIVE_TOKEN_FIELD = "native-token";
|
|
public static final String HEADER_GOOGLE_TOKEN_FIELD = "google-token";
|
|
|
|
public static final char HEADERNAME_USERNAME_DELIMITER = 0x1e; //specially crafted delimiter
|
|
|
|
@Override
|
|
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
|
|
|
|
final HttpServletRequest httpRequest = (HttpServletRequest) request;
|
|
|
|
String nativeToken = httpRequest.getHeader(HEADER_NATIVE_TOKEN_FIELD);
|
|
String googleToken = httpRequest.getHeader(HEADER_GOOGLE_TOKEN_FIELD);
|
|
|
|
//just pass the header, the username and the token into the credentials object of the UsernamePasswordAuthenticationToken class
|
|
UsernamePasswordAuthenticationToken authentication = null;
|
|
if(nativeToken != null)
|
|
authentication = new UsernamePasswordAuthenticationToken(HEADER_NATIVE_TOKEN_FIELD, nativeToken);
|
|
if(googleToken != null)
|
|
authentication = new UsernamePasswordAuthenticationToken(HEADER_GOOGLE_TOKEN_FIELD, googleToken);
|
|
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
chain.doFilter(request, response);
|
|
|
|
|
|
}
|
|
|
|
}
|