added exception handling to tokenauthfilter

This commit is contained in:
Rohan Sircar 2019-11-20 14:49:05 +05:30
parent 8a339ddf83
commit b0e67cc416

View File

@ -8,24 +8,28 @@ import java.util.List;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.ros.chatto.model.UserToken; import org.ros.chatto.model.UserToken;
import org.ros.chatto.service.UserTokenService; import org.ros.chatto.service.UserTokenService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.token.Token; import org.springframework.security.core.token.Token;
import org.springframework.security.core.token.TokenService; import org.springframework.security.core.token.TokenService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
@Component @Component
public class TokenAuthenticationFilter extends OncePerRequestFilter { public class TokenAuthenticationFilter extends OncePerRequestFilter {
@ -35,6 +39,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
@Autowired @Autowired
private TokenService tokenService; private TokenService tokenService;
private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
private final int tokenTimeoutDuration; private final int tokenTimeoutDuration;
public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) { public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
@ -103,6 +109,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException { throws ServletException, IOException {
try {
final String accessToken = request.getHeader("X-AUTH-TOKEN"); final String accessToken = request.getHeader("X-AUTH-TOKEN");
if (null != accessToken) { if (null != accessToken) {
// get and check whether token is valid ( from DB or file wherever you are // get and check whether token is valid ( from DB or file wherever you are
@ -110,17 +117,17 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
Token token = tokenService.verifyToken(accessToken); Token token = tokenService.verifyToken(accessToken);
if (token == null) { if (token == null) {
throw new UsernameNotFoundException("Token not issued by us"); throw new BadCredentialsException("Token not issued by us");
} }
UserToken userToken = userTokenService.getTokenByTokenString(accessToken); UserToken userToken = userTokenService.getTokenByTokenString(accessToken);
if (userToken == null) { if (userToken == null) {
throw new UsernameNotFoundException("User not found"); throw new BadCredentialsException("Token not found");
} }
String userName = userToken.getUserName(); String userName = userToken.getUserName();
if (userName == null) { if (userName == null) {
throw new UsernameNotFoundException("User not found"); throw new BadCredentialsException("User not found");
} }
System.out.println("Timeout duration = " + tokenTimeoutDuration); System.out.println("Timeout duration = " + tokenTimeoutDuration);
@ -144,4 +151,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
filterChain.doFilter(request, response); filterChain.doFilter(request, response);
} }
catch (Exception e) {
response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
// response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
response.getWriter().write("Token authentication error");
logger.warn("Token authentication error: " + e.getMessage());
}
}
} }