Removed error response on token expiry

2020-05-22 10:18:05 +05:30 · 2020-05-22 10:18:05 +05:30 · 430c0c131a
commit 430c0c131a
parent 6f34f41974
1 changed files with 35 additions and 18 deletions
--- a/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java
+++ b/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java
@ -38,11 +38,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	@Autowired
 	private final TokenService tokenService;

-	private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
+	private final Logger logger = LoggerFactory
+			.getLogger(TokenAuthenticationFilter.class);

 	private final int tokenTimeoutDuration;

-	public TokenAuthenticationFilter(UserTokenService userTokenService, TokenService tokenService,
+	public TokenAuthenticationFilter(UserTokenService userTokenService,
+			TokenService tokenService,
 			@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
 		this.tokenTimeoutDuration = Integer.parseInt(tokenTimeoutDuration);
 		this.userTokenService = userTokenService;
@ -50,7 +52,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	}

 	private boolean isTokenExpired(UserToken userToken) {
-		Duration duration = Duration.between(userToken.getCreationTime(), Instant.now());
+		Duration duration = Duration.between(userToken.getCreationTime(),
+				Instant.now());
 		long minutes = Math.abs(duration.toMinutes());
 		if (minutes > tokenTimeoutDuration) {
 			return true;
@ -59,20 +62,23 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	}

 	@Override
-	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+	protected void doFilterInternal(HttpServletRequest request,
+			HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {

 		try {
 			final String accessToken = request.getHeader("X-AUTH-TOKEN");
 			if (null != accessToken) {
-				// get and check whether token is valid ( from DB or file wherever you are
+				// get and check whether token is valid ( from DB or file
+				// wherever you are
 				// storing the token)
 				Token token = tokenService.verifyToken(accessToken);

 				if (token == null) {
 					throw new BadCredentialsException("Token not issued by us");
 				}
-				UserToken userToken = userTokenService.getTokenByTokenString(accessToken);
+				UserToken userToken = userTokenService
+						.getTokenByTokenString(accessToken);

 				if (userToken == null) {
 					throw new BadCredentialsException("Token not found");
@ -84,24 +90,33 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 				}

 				boolean isTokenExpired = isTokenExpired(userToken);
-				logger.trace(String.format("Token for %s is expired? %s", userName, isTokenExpired));
+				logger.trace(String.format("Token for %s is expired? %s",
+						userName, isTokenExpired));
+
 				if (!isTokenExpired) {
 					userToken.setCreationTime(Instant.now());
 					userTokenService.saveToken(userToken);
-					SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole());
-					List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
+					SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(
+							userToken.getRole());
+					var updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
 					updatedAuthorities.add(simpleGrantedAuthority);
 					final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
 							userName, token.getKey(), updatedAuthorities);
-					SecurityContextHolder.getContext().setAuthentication(authentication);
+					SecurityContextHolder.getContext()
+							.setAuthentication(authentication);
 				} else {
 					userTokenService.deleteToken(userToken);
-					TokenCacheUtil.evictSingleTokenValue(userToken.getTokenContent());
-					response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
-					response.setStatus(440);
-					// response.sendError(440, "Token authentication error: Token has expired");
-					response.getWriter().write("Token authentication error: Token has expired");
-					logger.warn("Token authentication error: Token has expired");
+					TokenCacheUtil
+							.evictSingleTokenValue(userToken.getTokenContent());
+					// response.setHeader(HttpHeaders.CONTENT_TYPE,
+					// MediaType.TEXT_PLAIN_VALUE);
+					// response.setStatus(440);
+					// // response.sendError(440, "Token authentication error:
+					// Token has expired");
+					// response.getWriter().write("Token authentication error:
+					// Token has expired");
+					// logger.warn("Token authentication error: Token has
+					// expired");
 					// return;
 				}

@ -111,9 +126,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 		}

 		catch (BadCredentialsException e) {
-			response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
+			response.setHeader(HttpHeaders.CONTENT_TYPE,
+					MediaType.TEXT_PLAIN_VALUE);
 			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
-			// response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+			// response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+			// e.getMessage());
 			response.getWriter().write("Token authentication error");
 			logger.warn("Token authentication error: " + e.getMessage());
 		}