1 | package parkup.configs;
|
---|
2 |
|
---|
3 | import com.auth0.jwt.JWT;
|
---|
4 | import com.auth0.jwt.algorithms.Algorithm;
|
---|
5 |
|
---|
6 | import com.fasterxml.jackson.databind.ObjectMapper;
|
---|
7 |
|
---|
8 | import org.springframework.boot.autoconfigure.kafka.KafkaProperties;
|
---|
9 | import org.springframework.security.authentication.AuthenticationManager;
|
---|
10 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
---|
11 | import org.springframework.security.core.Authentication;
|
---|
12 | import org.springframework.security.core.AuthenticationException;
|
---|
13 | import org.springframework.security.core.GrantedAuthority;
|
---|
14 | import org.springframework.security.core.userdetails.User;
|
---|
15 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
---|
16 | import org.springframework.web.bind.annotation.CrossOrigin;
|
---|
17 | import parkup.entities.Administrator;
|
---|
18 | import parkup.entities.Guest;
|
---|
19 | import parkup.entities.RegisteredUser;
|
---|
20 | import parkup.entities.Worker;
|
---|
21 |
|
---|
22 | import javax.servlet.FilterChain;
|
---|
23 | import javax.servlet.ServletException;
|
---|
24 | import javax.servlet.http.HttpServletRequest;
|
---|
25 | import javax.servlet.http.HttpServletResponse;
|
---|
26 | import java.io.IOException;
|
---|
27 | import java.util.*;
|
---|
28 | import java.util.stream.Collectors;
|
---|
29 |
|
---|
30 | import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
---|
31 |
|
---|
32 | @CrossOrigin
|
---|
33 | public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
|
---|
34 | private final AuthenticationManager authenticationManager;
|
---|
35 |
|
---|
36 | public CustomAuthenticationFilter(AuthenticationManager authenticationManager) {
|
---|
37 | this.authenticationManager = authenticationManager;
|
---|
38 | }
|
---|
39 |
|
---|
40 | @Override
|
---|
41 | public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
|
---|
42 | String username = request.getParameter("username");
|
---|
43 | String password = request.getParameter("password");
|
---|
44 | UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
|
---|
45 | return authenticationManager.authenticate(authenticationToken);
|
---|
46 | }
|
---|
47 |
|
---|
48 | @Override
|
---|
49 | protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication) throws IOException, ServletException {
|
---|
50 | Object principal = authentication.getPrincipal();
|
---|
51 | String className = principal.getClass().getName().split("\\.")[2];
|
---|
52 | String email=null;
|
---|
53 | String fullName=null;
|
---|
54 | Integer id =null;
|
---|
55 | Collection<? extends GrantedAuthority> roles= new ArrayList<>();
|
---|
56 | switch (className) {
|
---|
57 | case "RegisteredUser": {
|
---|
58 | RegisteredUser user = (RegisteredUser) authentication.getPrincipal();
|
---|
59 | fullName=user.getFirstName()+" "+user.getLastName();
|
---|
60 | email = user.getEmail();
|
---|
61 | roles = user.getAuthorities();
|
---|
62 | id=user.getRegParkId();
|
---|
63 | break;
|
---|
64 | }
|
---|
65 | case "Worker": {
|
---|
66 | Worker user = (Worker) authentication.getPrincipal();
|
---|
67 | email = user.getEmail();
|
---|
68 | fullName=user.getFirstName()+" "+user.getLastName();
|
---|
69 | roles = user.getAuthorities();
|
---|
70 | id=user.getWorkerId();
|
---|
71 | break;
|
---|
72 | }
|
---|
73 | case "Administrator": {
|
---|
74 | Administrator user = (Administrator) authentication.getPrincipal();
|
---|
75 | email = user.getEmail();
|
---|
76 | fullName=user.getFirstName()+" "+user.getLastName();
|
---|
77 | id=user.getAdministratorId();
|
---|
78 | roles = user.getAuthorities();
|
---|
79 | break;
|
---|
80 | }
|
---|
81 | case "Guest":{
|
---|
82 | Guest user = (Guest) authentication.getPrincipal();
|
---|
83 | email = user.getEmail();
|
---|
84 | fullName="GuestUser";
|
---|
85 | id=user.getGuestId();
|
---|
86 | roles = user.getAuthorities();
|
---|
87 | break;
|
---|
88 | }
|
---|
89 | }
|
---|
90 | //TODO see if guest needs to go through authentication
|
---|
91 | Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());
|
---|
92 | String access_token = JWT.create()
|
---|
93 | .withSubject(email)
|
---|
94 | .withClaim("fullName",fullName)
|
---|
95 | .withClaim("id",id)
|
---|
96 | .withExpiresAt(new Date(System.currentTimeMillis() + 60 * 60 * 1000))
|
---|
97 | .withIssuer(request.getRequestURL().toString())
|
---|
98 | .withClaim("roles", roles.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
|
---|
99 | .sign(algorithm);
|
---|
100 | // String refresh_token = JWT.create()
|
---|
101 | // .withSubject(user.getUsername())
|
---|
102 | // .withExpiresAt(new Date(System.currentTimeMillis() + 30 * 60 * 1000))
|
---|
103 | // .withIssuer(request.getRequestURL().toString())
|
---|
104 | // .sign(algorithm);
|
---|
105 | Map<String, String> tokens = new HashMap<>();
|
---|
106 | tokens.put("access_token", access_token);
|
---|
107 | // tokens.put("refresh_token", refresh_token);
|
---|
108 | response.setContentType(APPLICATION_JSON_VALUE);
|
---|
109 | new ObjectMapper().writeValue(response.getOutputStream(), tokens);
|
---|
110 | }
|
---|
111 | } |
---|