| 1 | package finki.it.phoneluxbackend.security;
|
|---|
| 2 |
|
|---|
| 3 | import com.auth0.jwt.JWT;
|
|---|
| 4 | import com.auth0.jwt.JWTVerifier;
|
|---|
| 5 | import com.auth0.jwt.algorithms.Algorithm;
|
|---|
| 6 | import com.auth0.jwt.interfaces.DecodedJWT;
|
|---|
| 7 | import com.fasterxml.jackson.databind.ObjectMapper;
|
|---|
| 8 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
|---|
| 9 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|---|
| 10 | import org.springframework.security.core.context.SecurityContextHolder;
|
|---|
| 11 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
|---|
| 12 | import org.springframework.web.filter.OncePerRequestFilter;
|
|---|
| 13 |
|
|---|
| 14 | import javax.servlet.FilterChain;
|
|---|
| 15 | import javax.servlet.ServletException;
|
|---|
| 16 | import javax.servlet.http.HttpServletRequest;
|
|---|
| 17 | import javax.servlet.http.HttpServletResponse;
|
|---|
| 18 | import java.io.IOException;
|
|---|
| 19 | import java.util.*;
|
|---|
| 20 |
|
|---|
| 21 | import static org.springframework.http.HttpHeaders.AUTHORIZATION;
|
|---|
| 22 | import static org.springframework.http.HttpStatus.FORBIDDEN;
|
|---|
| 23 | import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
|
|---|
| 24 |
|
|---|
| 25 | public class CustomAuthorizationFilter extends OncePerRequestFilter {
|
|---|
| 26 | @Override
|
|---|
| 27 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
|---|
| 28 | if(request.getServletPath().equals("/login")){
|
|---|
| 29 | filterChain.doFilter(request,response); // not doing anything, just passing the request to the next filter in the filter chain
|
|---|
| 30 | }
|
|---|
| 31 | else{
|
|---|
| 32 | String authorizationHeader = request.getHeader(AUTHORIZATION);
|
|---|
| 33 | if(authorizationHeader != null && authorizationHeader.startsWith("Bearer "))
|
|---|
| 34 | {
|
|---|
| 35 | try {
|
|---|
| 36 | String token = authorizationHeader.substring("Bearer ".length());
|
|---|
| 37 | Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());
|
|---|
| 38 | JWTVerifier verifier = JWT.require(algorithm).build();
|
|---|
| 39 | DecodedJWT decodedJWT = verifier.verify(token);
|
|---|
| 40 | String email = decodedJWT.getSubject();
|
|---|
| 41 | String [] roles = decodedJWT.getClaim("role").asArray(String.class);
|
|---|
| 42 | Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
|
|---|
| 43 | Arrays.stream(roles).forEach(role -> {
|
|---|
| 44 | authorities.add(new SimpleGrantedAuthority(role));
|
|---|
| 45 | });
|
|---|
| 46 | UsernamePasswordAuthenticationToken authenticationToken =
|
|---|
| 47 | new UsernamePasswordAuthenticationToken(email,null,authorities);
|
|---|
| 48 |
|
|---|
| 49 | SecurityContextHolder.getContext().setAuthentication(authenticationToken);
|
|---|
| 50 | filterChain.doFilter(request,response);
|
|---|
| 51 |
|
|---|
| 52 | }catch(Exception exception){
|
|---|
| 53 | response.setHeader("error", exception.getMessage());
|
|---|
| 54 | response.setStatus(FORBIDDEN.value());
|
|---|
| 55 | Map<String,String> error = new HashMap<>();
|
|---|
| 56 | error.put("error_message", exception.getMessage());
|
|---|
| 57 | response.setContentType(APPLICATION_JSON_VALUE);
|
|---|
| 58 | new ObjectMapper().writeValue(response.getOutputStream(),error);
|
|---|
| 59 | }
|
|---|
| 60 | }
|
|---|
| 61 | else{
|
|---|
| 62 | filterChain.doFilter(request,response);
|
|---|
| 63 | }
|
|---|
| 64 |
|
|---|
| 65 | }
|
|---|
| 66 | }
|
|---|
| 67 | }
|
|---|
