66 lines
2.6 KiB
Java
66 lines
2.6 KiB
Java
package eu.eudat.security;
|
|
|
|
import java.io.IOException;
|
|
|
|
import javax.servlet.FilterChain;
|
|
import javax.servlet.ServletException;
|
|
import javax.servlet.ServletRequest;
|
|
import javax.servlet.ServletResponse;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|
import org.springframework.security.core.context.SecurityContextHolder;
|
|
import org.springframework.web.filter.GenericFilterBean;
|
|
|
|
|
|
public class TokenAuthenticationFilter extends GenericFilterBean {
|
|
|
|
// public static final String HEADER_TOKEN_FIELD = "Authorization";
|
|
|
|
public static final String HEADER_NATIVE_TOKEN_FIELD = "native-token";
|
|
public static final String HEADER_GOOGLE_TOKEN_FIELD = "google-token";
|
|
public static final char HEADERNAME_USERNAME_DELIMITER = 0x1e; //specially crafted delimiter
|
|
|
|
@Override
|
|
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
|
|
|
|
final HttpServletRequest httpRequest = (HttpServletRequest) request;
|
|
|
|
String nativeToken = httpRequest.getHeader(HEADER_NATIVE_TOKEN_FIELD);
|
|
String googleToken = httpRequest.getHeader(HEADER_GOOGLE_TOKEN_FIELD);
|
|
//just pass the header, the username and the token into the credentials object of the UsernamePasswordAuthenticationToken class
|
|
UsernamePasswordAuthenticationToken authentication = null;
|
|
if(nativeToken != null)
|
|
authentication = new UsernamePasswordAuthenticationToken(HEADER_NATIVE_TOKEN_FIELD, nativeToken);
|
|
if(googleToken != null)
|
|
authentication = new UsernamePasswordAuthenticationToken(HEADER_GOOGLE_TOKEN_FIELD, googleToken);
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
|
|
|
|
|
|
final HttpServletResponse httpResponse = (HttpServletResponse) response;
|
|
|
|
httpResponse.setHeader("Access-Control-Allow-Origin", "*");
|
|
httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
|
|
httpResponse.setHeader("Access-Control-Max-Age", "7200");
|
|
httpResponse.setHeader("Access-Control-Allow-Headers", "content-type, X-CSRF-Token, "+HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
|
|
// httpResponse.addHeader("Access-Control-Expose-Headers", "xsrf-token , " +HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
|
|
|
|
|
|
if ("OPTIONS".equals(httpRequest.getMethod())) {
|
|
httpResponse.setStatus(HttpServletResponse.SC_OK);
|
|
}
|
|
else {
|
|
chain.doFilter(httpRequest, httpResponse);
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|