|
|
@ -1,6 +1,8 @@ |
|
|
|
package org.ros.chatto.security; |
|
|
|
|
|
|
|
import java.io.IOException; |
|
|
|
import java.time.Duration; |
|
|
|
import java.time.Instant; |
|
|
|
import java.util.ArrayList; |
|
|
|
import java.util.List; |
|
|
|
|
|
|
@ -9,12 +11,12 @@ import javax.servlet.ServletException; |
|
|
|
import javax.servlet.ServletRequest; |
|
|
|
import javax.servlet.ServletResponse; |
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
|
|
|
|
|
import org.ros.chatto.model.UserToken; |
|
|
|
import org.ros.chatto.repository.TokenRepository; |
|
|
|
import org.ros.chatto.repository.UserRoleRepository; |
|
|
|
import org.ros.chatto.service.UserTokenService; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.beans.factory.annotation.Value; |
|
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
|
|
|
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|
|
|
import org.springframework.security.core.context.SecurityContextHolder; |
|
|
@ -22,37 +24,98 @@ import org.springframework.security.core.token.Token; |
|
|
|
import org.springframework.security.core.token.TokenService; |
|
|
|
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|
|
|
import org.springframework.stereotype.Component; |
|
|
|
import org.springframework.web.filter.GenericFilterBean; |
|
|
|
|
|
|
|
import org.springframework.web.filter.OncePerRequestFilter; |
|
|
|
|
|
|
|
@Component |
|
|
|
public class TokenAuthenticationFilter extends GenericFilterBean { |
|
|
|
public class TokenAuthenticationFilter extends OncePerRequestFilter { |
|
|
|
|
|
|
|
@Autowired |
|
|
|
private UserTokenService userTokenService; |
|
|
|
|
|
|
|
@Autowired |
|
|
|
TokenService tokenService; |
|
|
|
private TokenService tokenService; |
|
|
|
|
|
|
|
private final int tokenTimeoutDuration; |
|
|
|
|
|
|
|
public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) { |
|
|
|
// super(); |
|
|
|
this.tokenTimeoutDuration = Integer.parseInt(tokenTimeoutDuration); |
|
|
|
} |
|
|
|
|
|
|
|
// @Override |
|
|
|
// public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) |
|
|
|
// throws IOException, ServletException { |
|
|
|
// final HttpServletRequest httpRequest = (HttpServletRequest) request; |
|
|
|
// |
|
|
|
// // extract token from header |
|
|
|
// final String accessToken = httpRequest.getHeader("X-AUTH-TOKEN"); |
|
|
|
// if (null != accessToken) { |
|
|
|
// // get and check whether token is valid ( from DB or file wherever you are |
|
|
|
// // storing the token) |
|
|
|
// Token token = tokenService.verifyToken(accessToken); |
|
|
|
// |
|
|
|
// if (token == null) { |
|
|
|
// throw new UsernameNotFoundException("Token not issued by us"); |
|
|
|
// } |
|
|
|
// UserToken userToken = userTokenService.getTokenByTokenString(accessToken); |
|
|
|
// |
|
|
|
// if (userToken == null) { |
|
|
|
// throw new UsernameNotFoundException("Token not associated with any user"); |
|
|
|
// } |
|
|
|
// |
|
|
|
// String userName = userToken.getUserName(); |
|
|
|
// if (userName == null) { |
|
|
|
// throw new UsernameNotFoundException("User not found"); |
|
|
|
// } |
|
|
|
// |
|
|
|
// |
|
|
|
// |
|
|
|
// System.out.println("Timeout duration = " + tokenTimeoutDuration); |
|
|
|
// boolean isTokenExpired = isTokenExpired(userToken); |
|
|
|
// System.out.println("expired? " + isTokenExpired); |
|
|
|
// if (!isTokenExpired) { |
|
|
|
// userTokenService.saveToken(userToken); |
|
|
|
// SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); |
|
|
|
// List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); |
|
|
|
// updatedAuthorities.add(simpleGrantedAuthority); |
|
|
|
// final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( |
|
|
|
// userName, token.getKey(), updatedAuthorities); |
|
|
|
// SecurityContextHolder.getContext().setAuthentication(authentication); |
|
|
|
// } else { |
|
|
|
// userTokenService.deleteToken(userToken.getUserName()); |
|
|
|
// } |
|
|
|
// |
|
|
|
// } |
|
|
|
// |
|
|
|
// chain.doFilter(request, response); |
|
|
|
// } |
|
|
|
|
|
|
|
private boolean isTokenExpired(UserToken userToken) { |
|
|
|
Duration duration = Duration.between(userToken.getCreationTime(), Instant.now()); |
|
|
|
long minutes = Math.abs(duration.toMinutes()); |
|
|
|
if (minutes > tokenTimeoutDuration) { |
|
|
|
return true; |
|
|
|
} |
|
|
|
return false; |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) |
|
|
|
throws IOException, ServletException { |
|
|
|
final HttpServletRequest httpRequest = (HttpServletRequest) request; |
|
|
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) |
|
|
|
throws ServletException, IOException { |
|
|
|
|
|
|
|
// extract token from header |
|
|
|
final String accessToken = httpRequest.getHeader("X-AUTH-TOKEN"); |
|
|
|
final String accessToken = request.getHeader("X-AUTH-TOKEN"); |
|
|
|
if (null != accessToken) { |
|
|
|
// get and check whether token is valid ( from DB or file wherever you are |
|
|
|
// storing the token) |
|
|
|
Token token = tokenService.verifyToken(accessToken); |
|
|
|
|
|
|
|
|
|
|
|
if (token == null) { |
|
|
|
throw new UsernameNotFoundException("Token not issued by us"); |
|
|
|
} |
|
|
|
UserToken userToken = userTokenService.getTokenByTokenString(accessToken); |
|
|
|
|
|
|
|
if (userToken == null) { |
|
|
|
throw new UsernameNotFoundException("Token not associated with any user"); |
|
|
|
throw new UsernameNotFoundException("User not found"); |
|
|
|
} |
|
|
|
|
|
|
|
String userName = userToken.getUserName(); |
|
|
@ -60,18 +123,25 @@ public class TokenAuthenticationFilter extends GenericFilterBean { |
|
|
|
throw new UsernameNotFoundException("User not found"); |
|
|
|
} |
|
|
|
|
|
|
|
SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); |
|
|
|
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); |
|
|
|
updatedAuthorities.add(simpleGrantedAuthority); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName, token.getKey(), updatedAuthorities); |
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication); |
|
|
|
System.out.println("Timeout duration = " + tokenTimeoutDuration); |
|
|
|
boolean isTokenExpired = isTokenExpired(userToken); |
|
|
|
System.out.println("expired? " + isTokenExpired); |
|
|
|
if (!isTokenExpired) { |
|
|
|
userToken.setCreationTime(Instant.now()); |
|
|
|
userTokenService.saveToken(userToken); |
|
|
|
SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); |
|
|
|
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); |
|
|
|
updatedAuthorities.add(simpleGrantedAuthority); |
|
|
|
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( |
|
|
|
userName, token.getKey(), updatedAuthorities); |
|
|
|
SecurityContextHolder.getContext().setAuthentication(authentication); |
|
|
|
} else { |
|
|
|
userTokenService.deleteToken(userToken.getUserName()); |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
chain.doFilter(request, response); |
|
|
|
filterChain.doFilter(request, response); |
|
|
|
} |
|
|
|
|
|
|
|
} |