Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @Secured
- @Provider
- @Priority(Priorities.AUTHENTICATION)
- public class AuthenticationFilter implements ContainerRequestFilter {
- private static Logger LOGGER = LoggerFactory.getLogger(AuthenticationFilter.class);
- @Override
- public void filter(ContainerRequestContext requestContext) throws IOException {
- LOGGER.info("[AuthenticationFilter] started");
- // Get the HTTP Authorization header from the request
- String authorizationHeader =
- requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
- // Check if the HTTP Authorization header is present and formatted correctly
- if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
- throw new NotAuthorizedException("Authorization header must be provided");
- }
- // Extract the token from the HTTP Authorization header
- String token = authorizationHeader.substring("Bearer".length()).trim();
- try {
- // Validate the token
- validateToken(token);
- } catch (Exception e) {
- requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
- }
- LOGGER.info("[AuthenticationFilter] ended");
- }
- //TODO: add the key in properties
- //TODO: check the username in DB
- private void validateToken(String token) throws Exception {
- // Check if it was issued by the server and if it's not expired
- // Throw an Exception if the token is invalid
- String username = Jwts.parser()
- .setSigningKey("jeSuisLaSecretPhrase,1234,ilFaudraMePlacerEnConf,Merci")
- .parseClaimsJws(token)
- .getBody()
- .getIssuer();
- if(!"admin".equals(username)){
- throw new NotAuthorizedException("bad token");
- }
- }
- }
- ...
- <jaxrs:providers>
- <ref bean="authorizationFilter" />
- </jaxrs:providers>
- ...
- <bean id="authorizationFilter" class="com....AuthenticationFilter">
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement