aboutsummaryrefslogtreecommitdiff
path: root/juick-api/src/main
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-11-27 19:57:28 +0300
committerGravatar Vitaly Takmazov2016-11-27 19:57:28 +0300
commit9241901c9367259eebf1128c0693f9bc3f3597a5 (patch)
tree6a695b709db8fb834153be3f490c8b67540884c9 /juick-api/src/main
parenta1dfdabfa7a43b28d827458a0b4c5f6a2a1a9013 (diff)
juick-api: add hash-based authentication filter
Diffstat (limited to 'juick-api/src/main')
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java8
-rw-r--r--juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java44
2 files changed, 51 insertions, 1 deletions
diff --git a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
index d7904199..cd5e3bbc 100644
--- a/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
+++ b/juick-api/src/main/java/com/juick/api/configuration/ApiSecurityConfig.java
@@ -12,6 +12,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.inject.Inject;
@@ -33,7 +34,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
+ http.addFilterBefore(getJuickHashFilter(), UsernamePasswordAuthenticationFilter.class)
+ .authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest().hasRole("USER")
.and().httpBasic().authenticationEntryPoint(getJuickAuthenticationEntryPoint())
@@ -49,4 +51,8 @@ public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
public JuickAuthenticationEntryPoint getJuickAuthenticationEntryPoint() {
return new JuickAuthenticationEntryPoint();
}
+ @Bean
+ public JuickHashFilter getJuickHashFilter() {
+ return new JuickHashFilter();
+ }
}
diff --git a/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java b/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java
new file mode 100644
index 00000000..62e6f3d2
--- /dev/null
+++ b/juick-api/src/main/java/com/juick/api/configuration/JuickHashFilter.java
@@ -0,0 +1,44 @@
+package com.juick.api.configuration;
+
+import com.juick.User;
+import com.juick.service.UserService;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+import org.springframework.web.filter.GenericFilterBean;
+
+import javax.inject.Inject;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Created by vitalyster on 27.11.2016.
+ */
+public class JuickHashFilter extends GenericFilterBean {
+ @Inject
+ UserService userService;
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ String hash = request.getParameter("hash");
+ if (hash != null) {
+ User user = userService.getUserByHash(hash);
+ if (user.getUid() > 0) {
+ List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
+ UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getName(), null);
+ token.setDetails(new WebAuthenticationDetails((HttpServletRequest) request));
+ SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user.getName(), null, authorities));
+ }
+ }
+ chain.doFilter(request, response);
+ }
+ }