Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. // this is embedded in blog post https://phip1611.de/?p=9898
  2. /*
  3.    Copyright 2018 Philipp Schuster
  4.  
  5.    Web:      phip1611.de
  6.    E-Mail:   [email protected]
  7.    Twitter:  @phip1611
  8.  */
  9. package de.phips_photoblog.service.impl.auth.token;
  10.  
  11. import de.phips_photoblog.controller.dto.UserDto;
  12. import org.springframework.security.authentication.AbstractAuthenticationToken;
  13. import org.springframework.security.core.authority.SimpleGrantedAuthority;
  14.  
  15. import java.util.UUID;
  16. import java.util.logging.Logger;
  17.  
  18. import static java.util.Collections.emptyList;
  19. import static java.util.stream.Collectors.toList;
  20.  
  21. /**
  22.  * Authentication Token used for my UUID-like token thing. Each request to /admin has a
  23.  * "X-Token"-Header. This token-mechanism is represented with this class. It holds
  24.  * the token and the principal.
  25.  *
  26.  * This class is instantiated by the TokenFilter and will be introduced to spring
  27.  * security as active Authentication.
  28.  *
  29.  * Implementations which use this class should be immutable. (Spring Doc)
  30.  */
  31. public class TokenAuthentication extends AbstractAuthenticationToken {
  32.  
  33.     private static final Logger LOGGER = Logger.getLogger("Auth");
  34.  
  35.     private final UUID secretToken;
  36.  
  37.     private final UserDto userDto;
  38.  
  39.     public TokenAuthentication(UUID secretToken) {
  40.         super(emptyList());
  41.         this.secretToken = secretToken;
  42.         this.userDto = null;
  43.         // this.setAuthenticated(false); default value from super class
  44.         // because this is set to false an AuthProvider known to spring security
  45.         // will verify this authentication object!
  46.     }
  47.  
  48.     public TokenAuthentication(UUID secretToken, UserDto userDto) {
  49.         super(userDto.getRoles().stream().map(SimpleGrantedAuthority::new).collect(toList()));
  50.         this.secretToken = secretToken;
  51.         this.userDto = userDto;
  52.         // this.setAuthenticated(false); // this.setAuthenticated(false); default value from super class
  53.         // because this is set to false an AuthProvider known to spring security
  54.         // will verify this authentication object!
  55.     }
  56.  
  57.     /**
  58.      * Enriches a TokenAuthentication with the principle. This should be used after the
  59.      * authentication provider verified that the TokenAuthentication is valid. Then it
  60.      * creates a new instance enriched with the principle/UserDto. It's done like that
  61.      * to fulfill the Immutable contract by the super class.
  62.      * @param principal UserDto
  63.      * @return enriched object as new instance
  64.      */
  65.     public TokenAuthentication enrichWithPrincipal(UserDto principal) {
  66.         TokenAuthentication token = new TokenAuthentication(this.secretToken, principal);
  67.         token.setAuthenticated(true); // we do this here because enrichWithPrincipal() will only
  68.         // be called in the AuthenticationProvider which will invoke this method if
  69.         // the token was validated
  70.         return token;
  71.     }
  72.  
  73.     @Override
  74.     public Object getCredentials() {
  75.         return this.secretToken;
  76.     }
  77.  
  78.     @Override
  79.     public Object getPrincipal() {
  80.         return this.userDto;
  81.     }
  82.  
  83.     @Override
  84.     public String getName() {
  85.         return this.userDto.getUsername();
  86.     }
  87.  
  88. }