API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 25th, 2017
143
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.26 KB | None | 0 0
raw download clone embed print report
  1. package com.astarte.commons.security.apikey;
  2.  
  3.  
  4. import com.astarte.commons.security.TokenAuthenticationSuccessHandler;
  5. import org.slf4j.Logger;
  6. import org.slf4j.LoggerFactory;
  7. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  8. import org.springframework.security.core.Authentication;
  9. import org.springframework.security.core.AuthenticationException;
  10. import org.springframework.security.core.context.SecurityContextHolder;
  11. import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
  12. import org.springframework.security.web.util.matcher.RequestMatcher;
  13.  
  14. import javax.servlet.FilterChain;
  15. import javax.servlet.ServletException;
  16. import javax.servlet.http.HttpServletRequest;
  17. import javax.servlet.http.HttpServletResponse;
  18. import java.io.IOException;
  19.  
  20.  
  21. public class DeviceApiKeyAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
  22.  
  23. final static Logger logger = LoggerFactory.getLogger(DeviceApiKeyAuthenticationFilter.class);
  24.  
  25. private static final String apiKeyHeader = "X-API-Key";
  26. private static final String hwIdHeader = "X-Hardware-ID";
  27.  
  28. public DeviceApiKeyAuthenticationFilter(RequestMatcher matcher) {
  29. super(matcher);
  30.  
  31. // By default, use our custom success handler.
  32. setAuthenticationSuccessHandler(new TokenAuthenticationSuccessHandler());
  33. }
  34.  
  35. @Override
  36. public Authentication attemptAuthentication(HttpServletRequest httpServletRequest,
  37. HttpServletResponse httpServletResponse)
  38. throws AuthenticationException, IOException, ServletException {
  39. // Don't overdo authentication - if we're already in, let's pass by.
  40. if (SecurityContextHolder.getContext().getAuthentication() != null) {
  41. return new UsernamePasswordAuthenticationToken(null, null);
  42. }
  43.  
  44. String username = httpServletRequest.getHeader(hwIdHeader);
  45. String password = httpServletRequest.getHeader(apiKeyHeader);
  46.  
  47. if (username == null || password == null) {
  48. // In this case, we want to skip the filter. To do that, let's return an unauthenticated object,
  49. // and let our success handler continue the chain.
  50. return new UsernamePasswordAuthenticationToken(null, null);
  51. }
  52.  
  53. UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
  54. username, password);
  55.  
  56. return this.getAuthenticationManager().authenticate(authRequest);
  57. }
  58.  
  59. @Override
  60. protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
  61. Authentication authResult) throws IOException, ServletException {
  62. if (!authResult.isAuthenticated()) {
  63. logger.debug("Filter returned an unauthenticated request but threw no exceptions: moving on in the chain.");
  64. chain.doFilter(request, response);
  65. return;
  66. }
  67.  
  68. super.successfulAuthentication(request, response, chain, authResult);
  69. // Move on in the chain - this is an implicit authorization which should carry on the request.
  70. chain.doFilter(request, response);
  71. }
  72. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!