1 | package parkup.configs;
|
---|
2 |
|
---|
3 | import com.auth0.jwt.JWT;
|
---|
4 | import com.auth0.jwt.algorithms.Algorithm;
|
---|
5 |
|
---|
6 | import com.fasterxml.jackson.databind.ObjectMapper;
|
---|
7 |
|
---|
8 |
|
---|
9 | import org.springframework.boot.autoconfigure.kafka.KafkaProperties;
|
---|
10 | import org.springframework.security.authentication.AuthenticationManager;
|
---|
11 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
---|
12 | import org.springframework.security.core.Authentication;
|
---|
13 | import org.springframework.security.core.AuthenticationException;
|
---|
14 | import org.springframework.security.core.GrantedAuthority;
|
---|
15 | import org.springframework.security.core.userdetails.User;
|
---|
16 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
---|
17 | import org.springframework.web.bind.annotation.CrossOrigin;
|
---|
18 | import parkup.entities.Administrator;
|
---|
19 | import parkup.entities.RegisteredUser;
|
---|
20 | import parkup.entities.Worker;
|
---|
21 |
|
---|
22 | import javax.servlet.FilterChain;
|
---|
23 | import javax.servlet.ServletException;
|
---|
24 | import javax.servlet.http.HttpServletRequest;
|
---|
25 | import javax.servlet.http.HttpServletResponse;
|
---|
26 | import java.io.IOException;
|
---|
27 | import java.util.*;
|
---|
28 | import java.util.stream.Collectors;
|
---|
29 |
|
---|
30 | import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
---|
31 |
|
---|
32 | @CrossOrigin
|
---|
33 | public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
|
---|
34 | private final AuthenticationManager authenticationManager;
|
---|
35 |
|
---|
36 | public CustomAuthenticationFilter(AuthenticationManager authenticationManager) {
|
---|
37 | this.authenticationManager = authenticationManager;
|
---|
38 | }
|
---|
39 |
|
---|
40 | @Override
|
---|
41 | public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
|
---|
42 | String username = request.getParameter("username");
|
---|
43 | String password = request.getParameter("password");
|
---|
44 | UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
|
---|
45 | return authenticationManager.authenticate(authenticationToken);
|
---|
46 | }
|
---|
47 |
|
---|
48 | @Override
|
---|
49 | protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication) throws IOException, ServletException {
|
---|
50 | Object principal = authentication.getPrincipal();
|
---|
51 | String className = principal.getClass().getName().split("\\.")[2];
|
---|
52 | String email=null;
|
---|
53 | Collection<? extends GrantedAuthority> roles= new ArrayList<>();
|
---|
54 | switch (className) {
|
---|
55 | case "RegisteredUser": {
|
---|
56 | RegisteredUser user = (RegisteredUser) authentication.getPrincipal();
|
---|
57 | email = user.getEmail();
|
---|
58 | roles = user.getAuthorities();
|
---|
59 | break;
|
---|
60 | }
|
---|
61 | case "Worker": {
|
---|
62 | Worker user = (Worker) authentication.getPrincipal();
|
---|
63 | email = user.getEmail();
|
---|
64 | roles = user.getAuthorities();
|
---|
65 | break;
|
---|
66 | }
|
---|
67 | case "Administrator": {
|
---|
68 | Administrator user = (Administrator) authentication.getPrincipal();
|
---|
69 | email = user.getEmail();
|
---|
70 | roles = user.getAuthorities();
|
---|
71 | break;
|
---|
72 | }
|
---|
73 | }
|
---|
74 | //TODO see if guest needs to go through authentication
|
---|
75 | Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());
|
---|
76 | String access_token = JWT.create()
|
---|
77 | .withSubject(email)
|
---|
78 | .withExpiresAt(new Date(System.currentTimeMillis() + 60 * 60 * 1000))
|
---|
79 | .withIssuer(request.getRequestURL().toString())
|
---|
80 | .withClaim("roles", roles.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
|
---|
81 | .sign(algorithm);
|
---|
82 | // String refresh_token = JWT.create()
|
---|
83 | // .withSubject(user.getUsername())
|
---|
84 | // .withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
|
---|
85 | // .withIssuer(request.getRequestURL().toString())
|
---|
86 | // .sign(algorithm);
|
---|
87 | Map<String, String> tokens = new HashMap<>();
|
---|
88 | tokens.put("access_token", access_token);
|
---|
89 | // tokens.put("refresh_token", refresh_token);
|
---|
90 | response.setContentType(APPLICATION_JSON_VALUE);
|
---|
91 | new ObjectMapper().writeValue(response.getOutputStream(), tokens);
|
---|
92 | }
|
---|
93 | } |
---|