1 | package finki.it.phoneluxbackend.security;
|
---|
2 |
|
---|
3 | import com.auth0.jwt.JWT;
|
---|
4 | import com.auth0.jwt.JWTVerifier;
|
---|
5 | import com.auth0.jwt.algorithms.Algorithm;
|
---|
6 | import com.auth0.jwt.interfaces.DecodedJWT;
|
---|
7 | import com.fasterxml.jackson.databind.ObjectMapper;
|
---|
8 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
---|
9 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
---|
10 | import org.springframework.security.core.context.SecurityContextHolder;
|
---|
11 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
---|
12 | import org.springframework.web.filter.OncePerRequestFilter;
|
---|
13 |
|
---|
14 | import javax.servlet.FilterChain;
|
---|
15 | import javax.servlet.ServletException;
|
---|
16 | import javax.servlet.http.HttpServletRequest;
|
---|
17 | import javax.servlet.http.HttpServletResponse;
|
---|
18 | import java.io.IOException;
|
---|
19 | import java.util.*;
|
---|
20 |
|
---|
21 | import static org.springframework.http.HttpHeaders.AUTHORIZATION;
|
---|
22 | import static org.springframework.http.HttpStatus.FORBIDDEN;
|
---|
23 | import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
---|
24 |
|
---|
25 | public class CustomAuthorizationFilter extends OncePerRequestFilter {
|
---|
26 | @Override
|
---|
27 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
---|
28 | if(request.getServletPath().equals("/login")){
|
---|
29 | filterChain.doFilter(request,response); // not doing anything, just passing the request to the next filter in the filter chain
|
---|
30 | }
|
---|
31 | else{
|
---|
32 | String authorizationHeader = request.getHeader(AUTHORIZATION);
|
---|
33 | if(authorizationHeader != null && authorizationHeader.startsWith("Bearer "))
|
---|
34 | {
|
---|
35 | try {
|
---|
36 | String token = authorizationHeader.substring("Bearer ".length());
|
---|
37 | Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());
|
---|
38 | JWTVerifier verifier = JWT.require(algorithm).build();
|
---|
39 | DecodedJWT decodedJWT = verifier.verify(token);
|
---|
40 | String email = decodedJWT.getSubject();
|
---|
41 | String [] roles = decodedJWT.getClaim("role").asArray(String.class);
|
---|
42 | Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
|
---|
43 | Arrays.stream(roles).forEach(role -> {
|
---|
44 | authorities.add(new SimpleGrantedAuthority(role));
|
---|
45 | });
|
---|
46 | UsernamePasswordAuthenticationToken authenticationToken =
|
---|
47 | new UsernamePasswordAuthenticationToken(email,null,authorities);
|
---|
48 |
|
---|
49 | SecurityContextHolder.getContext().setAuthentication(authenticationToken);
|
---|
50 | filterChain.doFilter(request,response);
|
---|
51 |
|
---|
52 | }catch(Exception exception){
|
---|
53 | response.setHeader("error", exception.getMessage());
|
---|
54 | response.setStatus(FORBIDDEN.value());
|
---|
55 | Map<String,String> error = new HashMap<>();
|
---|
56 | error.put("error_message", exception.getMessage());
|
---|
57 | response.setContentType(APPLICATION_JSON_VALUE);
|
---|
58 | new ObjectMapper().writeValue(response.getOutputStream(),error);
|
---|
59 | }
|
---|
60 | }
|
---|
61 | else{
|
---|
62 | filterChain.doFilter(request,response);
|
---|
63 | }
|
---|
64 |
|
---|
65 | }
|
---|
66 | }
|
---|
67 | }
|
---|