initial commit
This commit is contained in:
Max W.
@@ -0,0 +1,72 @@
|
||||
package de.w665.biblenotes.rest.security;
|
||||
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
@Component
|
||||
@Slf4j
|
||||
@RequiredArgsConstructor
|
||||
public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
private final AuthenticationService authenticationService;
|
||||
private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/api/v1/secure/**");
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException {
|
||||
|
||||
logger.debug("Filtering request: " + request.getRequestURI());
|
||||
|
||||
if(!requestMatcher.matches(request)) {
|
||||
logger.debug("Request does not match the secure path. Skipping JWT authentication.");
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
String jwt = getJwtFromRequest(request);
|
||||
if (jwt != null && authenticationService.validateToken(jwt)) {
|
||||
String username = authenticationService.extractSubject(jwt);
|
||||
// Extract the role from the JWT and set it to Spring AuthenticationContext for access control
|
||||
String role = authenticationService.getClaimValue(jwt, "role", String.class);
|
||||
List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role));
|
||||
|
||||
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, null, authorities);
|
||||
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
// SUCCESSFUL AUTHENTICATION
|
||||
filterChain.doFilter(request, response);
|
||||
} else {
|
||||
logger.warn("Unauthorized: Authentication token is missing or invalid.");
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
logger.warn("Could not set user authentication in security context. An error occurred during JWT processing.", ex);
|
||||
}
|
||||
|
||||
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
private String getJwtFromRequest(HttpServletRequest request) {
|
||||
String bearerToken = request.getHeader("Authorization");
|
||||
if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
|
||||
return bearerToken.substring(7);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user