|
|
@ -38,11 +38,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { |
|
|
|
@Autowired |
|
|
|
private final TokenService tokenService; |
|
|
|
|
|
|
|
private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class); |
|
|
|
private final Logger logger = LoggerFactory |
|
|
|
.getLogger(TokenAuthenticationFilter.class); |
|
|
|
|
|
|
|
private final int tokenTimeoutDuration; |
|
|
|
|
|
|
|
public TokenAuthenticationFilter(UserTokenService userTokenService, TokenService tokenService, |
|
|
|
public TokenAuthenticationFilter(UserTokenService userTokenService, |
|
|
|
TokenService tokenService, |
|
|
|
@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) { |
|
|
|
this.tokenTimeoutDuration = Integer.parseInt(tokenTimeoutDuration); |
|
|
|
this.userTokenService = userTokenService; |
|
|
@ -50,7 +52,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { |
|
|
|
} |
|
|
|
|
|
|
|
private boolean isTokenExpired(UserToken userToken) { |
|
|
|
Duration duration = Duration.between(userToken.getCreationTime(), Instant.now()); |
|
|
|
Duration duration = Duration.between(userToken.getCreationTime(), |
|
|
|
Instant.now()); |
|
|
|
long minutes = Math.abs(duration.toMinutes()); |
|
|
|
if (minutes > tokenTimeoutDuration) { |
|
|
|
return true; |
|
|
@ -59,20 +62,23 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) |
|
|
|
protected void doFilterInternal(HttpServletRequest request, |
|
|
|
HttpServletResponse response, FilterChain filterChain) |
|
|
|
throws ServletException, IOException { |
|
|
|
|
|
|
|
try { |
|
|
|
final String accessToken = request.getHeader("X-AUTH-TOKEN"); |
|
|
|
if (null != accessToken) { |
|
|
|
// get and check whether token is valid ( from DB or file wherever you are |
|
|
|
// get and check whether token is valid ( from DB or file |
|
|
|
// wherever you are |
|
|
|
// storing the token) |
|
|
|
Token token = tokenService.verifyToken(accessToken); |
|
|
|
|
|
|
|
if (token == null) { |
|
|
|
throw new BadCredentialsException("Token not issued by us"); |
|
|
|
} |
|
|
|
UserToken userToken = userTokenService.getTokenByTokenString(accessToken); |
|
|
|
UserToken userToken = userTokenService |
|
|
|
.getTokenByTokenString(accessToken); |
|
|
|
|
|
|
|
if (userToken == null) { |
|
|
|
throw new BadCredentialsException("Token not found"); |
|
|
@ -84,24 +90,33 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { |
|
|
|
} |
|
|
|
|
|
|
|
boolean isTokenExpired = isTokenExpired(userToken); |
|
|
|
logger.trace(String.format("Token for %s is expired? %s", userName, isTokenExpired)); |
|
|
|
logger.trace(String.format("Token for %s is expired? %s", |
|
|
|
userName, isTokenExpired)); |
|
|
|
|
|
|
|
if (!isTokenExpired) { |
|
|
|
userToken.setCreationTime(Instant.now()); |
|
|
|
userTokenService.saveToken(userToken); |
|
|
|
SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); |
|
|
|
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); |
|
|
|
SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority( |
|
|
|
userToken.getRole()); |
|
|
|
var updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); |
|
|
|
updatedAuthorities.add(simpleGrantedAuthority); |
|
|
|
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( |
|
|
|
userName, token.getKey(), updatedAuthorities); |
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication); |
|
|
|
SecurityContextHolder.getContext() |
|
|
|
.setAuthentication(authentication); |
|
|
|
} else { |
|
|
|
userTokenService.deleteToken(userToken); |
|
|
|
TokenCacheUtil.evictSingleTokenValue(userToken.getTokenContent()); |
|
|
|
response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); |
|
|
|
response.setStatus(440); |
|
|
|
// response.sendError(440, "Token authentication error: Token has expired"); |
|
|
|
response.getWriter().write("Token authentication error: Token has expired"); |
|
|
|
logger.warn("Token authentication error: Token has expired"); |
|
|
|
TokenCacheUtil |
|
|
|
.evictSingleTokenValue(userToken.getTokenContent()); |
|
|
|
// response.setHeader(HttpHeaders.CONTENT_TYPE, |
|
|
|
// MediaType.TEXT_PLAIN_VALUE); |
|
|
|
// response.setStatus(440); |
|
|
|
// // response.sendError(440, "Token authentication error: |
|
|
|
// Token has expired"); |
|
|
|
// response.getWriter().write("Token authentication error: |
|
|
|
// Token has expired"); |
|
|
|
// logger.warn("Token authentication error: Token has |
|
|
|
// expired"); |
|
|
|
// return; |
|
|
|
} |
|
|
|
|
|
|
@ -111,9 +126,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { |
|
|
|
} |
|
|
|
|
|
|
|
catch (BadCredentialsException e) { |
|
|
|
response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); |
|
|
|
response.setHeader(HttpHeaders.CONTENT_TYPE, |
|
|
|
MediaType.TEXT_PLAIN_VALUE); |
|
|
|
response.setStatus(HttpServletResponse.SC_BAD_REQUEST); |
|
|
|
// response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); |
|
|
|
// response.sendError(HttpServletResponse.SC_BAD_REQUEST, |
|
|
|
// e.getMessage()); |
|
|
|
response.getWriter().write("Token authentication error"); |
|
|
|
logger.warn("Token authentication error: " + e.getMessage()); |
|
|
|
} |
|
|
|