diff --git a/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java b/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java index d3c1b8a..434b005 100644 --- a/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java +++ b/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java @@ -8,24 +8,28 @@ import java.util.List; import javax.servlet.FilterChain; import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.ros.chatto.model.UserToken; import org.ros.chatto.service.UserTokenService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.token.Token; import org.springframework.security.core.token.TokenService; -import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; + @Component public class TokenAuthenticationFilter extends OncePerRequestFilter { @@ -35,6 +39,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { @Autowired private TokenService tokenService; + private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class); + private final int tokenTimeoutDuration; public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) { @@ -103,45 +109,55 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - final String accessToken = request.getHeader("X-AUTH-TOKEN"); - if (null != accessToken) { - // get and check whether token is valid ( from DB or file wherever you are - // storing the token) - Token token = tokenService.verifyToken(accessToken); + try { + final String accessToken = request.getHeader("X-AUTH-TOKEN"); + if (null != accessToken) { + // get and check whether token is valid ( from DB or file wherever you are + // storing the token) + Token token = tokenService.verifyToken(accessToken); - if (token == null) { - throw new UsernameNotFoundException("Token not issued by us"); - } - UserToken userToken = userTokenService.getTokenByTokenString(accessToken); + if (token == null) { + throw new BadCredentialsException("Token not issued by us"); + } + UserToken userToken = userTokenService.getTokenByTokenString(accessToken); + + if (userToken == null) { + throw new BadCredentialsException("Token not found"); + } + + String userName = userToken.getUserName(); + if (userName == null) { + throw new BadCredentialsException("User not found"); + } + + System.out.println("Timeout duration = " + tokenTimeoutDuration); + boolean isTokenExpired = isTokenExpired(userToken); + System.out.println("expired? " + isTokenExpired); + if (!isTokenExpired) { + userToken.setCreationTime(Instant.now()); + userTokenService.saveToken(userToken); + SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); + List updatedAuthorities = new ArrayList(); + updatedAuthorities.add(simpleGrantedAuthority); + final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( + userName, token.getKey(), updatedAuthorities); + SecurityContextHolder.getContext().setAuthentication(authentication); + } else { + userTokenService.deleteToken(userToken.getUserName()); + } - if (userToken == null) { - throw new UsernameNotFoundException("User not found"); - } - - String userName = userToken.getUserName(); - if (userName == null) { - throw new UsernameNotFoundException("User not found"); - } - - System.out.println("Timeout duration = " + tokenTimeoutDuration); - boolean isTokenExpired = isTokenExpired(userToken); - System.out.println("expired? " + isTokenExpired); - if (!isTokenExpired) { - userToken.setCreationTime(Instant.now()); - userTokenService.saveToken(userToken); - SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); - List updatedAuthorities = new ArrayList(); - updatedAuthorities.add(simpleGrantedAuthority); - final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( - userName, token.getKey(), updatedAuthorities); - SecurityContextHolder.getContext().setAuthentication(authentication); - } else { - userTokenService.deleteToken(userToken.getUserName()); } + filterChain.doFilter(request, response); } - filterChain.doFilter(request, response); + catch (Exception e) { + response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE); + response.setStatus(HttpServletResponse.SC_BAD_REQUEST); +// response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + response.getWriter().write("Token authentication error"); + logger.warn("Token authentication error: " + e.getMessage()); + } } } \ No newline at end of file