added exception handling to tokenauthfilter
This commit is contained in:
parent
8a339ddf83
commit
b0e67cc416
@ -8,24 +8,28 @@ import java.util.List;
|
|||||||
|
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.ServletRequest;
|
|
||||||
import javax.servlet.ServletResponse;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.ros.chatto.model.UserToken;
|
import org.ros.chatto.model.UserToken;
|
||||||
import org.ros.chatto.service.UserTokenService;
|
import org.ros.chatto.service.UserTokenService;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.http.HttpHeaders;
|
||||||
|
import org.springframework.http.HttpStatus;
|
||||||
|
import org.springframework.http.MediaType;
|
||||||
|
import org.springframework.security.authentication.BadCredentialsException;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.token.Token;
|
import org.springframework.security.core.token.Token;
|
||||||
import org.springframework.security.core.token.TokenService;
|
import org.springframework.security.core.token.TokenService;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
|
||||||
@Component
|
@Component
|
||||||
public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
@ -35,6 +39,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private TokenService tokenService;
|
private TokenService tokenService;
|
||||||
|
|
||||||
|
private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
|
||||||
|
|
||||||
private final int tokenTimeoutDuration;
|
private final int tokenTimeoutDuration;
|
||||||
|
|
||||||
public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
|
public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
|
||||||
@ -103,6 +109,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
|
|
||||||
|
try {
|
||||||
final String accessToken = request.getHeader("X-AUTH-TOKEN");
|
final String accessToken = request.getHeader("X-AUTH-TOKEN");
|
||||||
if (null != accessToken) {
|
if (null != accessToken) {
|
||||||
// get and check whether token is valid ( from DB or file wherever you are
|
// get and check whether token is valid ( from DB or file wherever you are
|
||||||
@ -110,17 +117,17 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
Token token = tokenService.verifyToken(accessToken);
|
Token token = tokenService.verifyToken(accessToken);
|
||||||
|
|
||||||
if (token == null) {
|
if (token == null) {
|
||||||
throw new UsernameNotFoundException("Token not issued by us");
|
throw new BadCredentialsException("Token not issued by us");
|
||||||
}
|
}
|
||||||
UserToken userToken = userTokenService.getTokenByTokenString(accessToken);
|
UserToken userToken = userTokenService.getTokenByTokenString(accessToken);
|
||||||
|
|
||||||
if (userToken == null) {
|
if (userToken == null) {
|
||||||
throw new UsernameNotFoundException("User not found");
|
throw new BadCredentialsException("Token not found");
|
||||||
}
|
}
|
||||||
|
|
||||||
String userName = userToken.getUserName();
|
String userName = userToken.getUserName();
|
||||||
if (userName == null) {
|
if (userName == null) {
|
||||||
throw new UsernameNotFoundException("User not found");
|
throw new BadCredentialsException("User not found");
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.println("Timeout duration = " + tokenTimeoutDuration);
|
System.out.println("Timeout duration = " + tokenTimeoutDuration);
|
||||||
@ -144,4 +151,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
filterChain.doFilter(request, response);
|
filterChain.doFilter(request, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
catch (Exception e) {
|
||||||
|
response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
|
||||||
|
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
|
||||||
|
// response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
|
||||||
|
response.getWriter().write("Token authentication error");
|
||||||
|
logger.warn("Token authentication error: " + e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user