added exception handling to tokenauthfilter

chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java

@@ -8,24 +8,28 @@ import java.util.List;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.ros.chatto.model.UserToken;
 import org.ros.chatto.service.UserTokenService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Token;
 import org.springframework.security.core.token.TokenService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
+
 @Component
 public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
@@ -35,6 +39,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	@Autowired
 	private TokenService tokenService;
 
+	private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
+
 	private final int tokenTimeoutDuration;
 
 	public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
@@ -103,45 +109,55 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {
 
-		final String accessToken = request.getHeader("X-AUTH-TOKEN");
-		if (null != accessToken) {
-			// get and check whether token is valid ( from DB or file wherever you are
-			// storing the token)
-			Token token = tokenService.verifyToken(accessToken);
+		try {
+			final String accessToken = request.getHeader("X-AUTH-TOKEN");
+			if (null != accessToken) {
+				// get and check whether token is valid ( from DB or file wherever you are
+				// storing the token)
+				Token token = tokenService.verifyToken(accessToken);
+
+				if (token == null) {
+					throw new BadCredentialsException("Token not issued by us");
+				}
+				UserToken userToken = userTokenService.getTokenByTokenString(accessToken);
+
+				if (userToken == null) {
+					throw new BadCredentialsException("Token not found");
+				}
+
+				String userName = userToken.getUserName();
+				if (userName == null) {
+					throw new BadCredentialsException("User not found");
+				}
+
+				System.out.println("Timeout duration = " + tokenTimeoutDuration);
+				boolean isTokenExpired = isTokenExpired(userToken);
+				System.out.println("expired? " + isTokenExpired);
+				if (!isTokenExpired) {
+					userToken.setCreationTime(Instant.now());
+					userTokenService.saveToken(userToken);
+					SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole());
+					List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
+					updatedAuthorities.add(simpleGrantedAuthority);
+					final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+							userName, token.getKey(), updatedAuthorities);
+					SecurityContextHolder.getContext().setAuthentication(authentication);
+				} else {
+					userTokenService.deleteToken(userToken.getUserName());
+				}
 
-			if (token == null) {
-				throw new UsernameNotFoundException("Token not issued by us");
-			}
-			UserToken userToken = userTokenService.getTokenByTokenString(accessToken);
-
-			if (userToken == null) {
-				throw new UsernameNotFoundException("User not found");
-			}
-
-			String userName = userToken.getUserName();
-			if (userName == null) {
-				throw new UsernameNotFoundException("User not found");
-			}
-
-			System.out.println("Timeout duration = " + tokenTimeoutDuration);
-			boolean isTokenExpired = isTokenExpired(userToken);
-			System.out.println("expired? " + isTokenExpired);
-			if (!isTokenExpired) {
-				userToken.setCreationTime(Instant.now());
-				userTokenService.saveToken(userToken);
-				SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole());
-				List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
-				updatedAuthorities.add(simpleGrantedAuthority);
-				final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
-						userName, token.getKey(), updatedAuthorities);
-				SecurityContextHolder.getContext().setAuthentication(authentication);
-			} else {
-				userTokenService.deleteToken(userToken.getUserName());
 			}
 
+			filterChain.doFilter(request, response);
 		}
 
-		filterChain.doFilter(request, response);
+		catch (Exception e) {
+			response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+//			response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+			response.getWriter().write("Token authentication error");
+			logger.warn("Token authentication error: " + e.getMessage());
+		}
 	}
 
 }