added exception handling to tokenauthfilter

2019-11-20 14:49:05 +05:30 · 2019-11-20 14:49:05 +05:30 · b0e67cc416
commit b0e67cc416
parent 8a339ddf83
1 changed files with 52 additions and 36 deletions
--- a/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java
+++ b/chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java
@ -8,24 +8,28 @@ import java.util.List;

 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.ros.chatto.model.UserToken;
 import org.ros.chatto.service.UserTokenService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Token;
 import org.springframework.security.core.token.TokenService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;

+
@Component
 public class TokenAuthenticationFilter extends OncePerRequestFilter {

@ -35,6 +39,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	@Autowired
 	private TokenService tokenService;

+	private final Logger logger = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
+
 	private final int tokenTimeoutDuration;

 	public TokenAuthenticationFilter(@Value("${chatto.token.timeout-duration}") String tokenTimeoutDuration) {
@ -103,6 +109,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
 			throws ServletException, IOException {

+		try {
 			final String accessToken = request.getHeader("X-AUTH-TOKEN");
 			if (null != accessToken) {
 				// get and check whether token is valid ( from DB or file wherever you are
@ -110,17 +117,17 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 				Token token = tokenService.verifyToken(accessToken);

 				if (token == null) {
-				throw new UsernameNotFoundException("Token not issued by us");
+					throw new BadCredentialsException("Token not issued by us");
 				}
 				UserToken userToken = userTokenService.getTokenByTokenString(accessToken);

 				if (userToken == null) {
-				throw new UsernameNotFoundException("User not found");
+					throw new BadCredentialsException("Token not found");
 				}

 				String userName = userToken.getUserName();
 				if (userName == null) {
-				throw new UsernameNotFoundException("User not found");
+					throw new BadCredentialsException("User not found");
 				}

 				System.out.println("Timeout duration = " + tokenTimeoutDuration);
@ -144,4 +151,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 			filterChain.doFilter(request, response);
 		}

+		catch (Exception e) {
+			response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN_VALUE);
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+//			response.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+			response.getWriter().write("Token authentication error");
+			logger.warn("Token authentication error: " + e.getMessage());
+		}
+	}
+
 }