diff options
| author |  Vitaly Takmazov | 2019-01-30 10:57:06 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2019-01-30 10:57:06 +0300 |
| commit | 362d1362797d1736505084f96d34dd287fb22945 (patch) | |
| tree | d041f3002ee3d660074b79adc3d7a3bdda263e8c /src/main/java/com/juick/service/security | |
| parent | ba5d3815a7f40c2d824bd329dad571f8b883b25e (diff) | |
ActivityPub: log unverified contexts
Diffstat (limited to 'src/main/java/com/juick/service/security')
| -rw-r--r-- | src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java index 8332fc8c..346a2f32 100644 --- a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java +++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java @@ -3,7 +3,7 @@ package com.juick.service.security; import com.juick.User; import com.juick.server.SignatureManager; import com.juick.service.UserService; -import com.juick.service.security.entities.JuickUser; +import org.apache.commons.io.IOUtils; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -17,7 +17,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.net.URI; +import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Map; import java.util.stream.Collectors; @@ -40,18 +40,23 @@ public class HTTPSignatureAuthenticationFilter extends OncePerRequestFilter { Map<String, String> headers = Collections.list(request.getHeaderNames()) .stream() .collect(Collectors.toMap(String::toLowerCase, request::getHeader)); - User user = signatureManager.verifySignature(request.getMethod(), request.getRequestURI(), headers); - if (!user.isAnonymous()) { - String userUri = user.getUri().toString(); - if (userUri.length() == 0) { - User userWithPassword = userService.getUserByName(user.getName()); - userWithPassword.setAuthHash(userService.getHashByUID(userWithPassword.getUid())); - Authentication authentication = new UsernamePasswordAuthenticationToken(userWithPassword.getName(), userWithPassword.getCredentials()); - SecurityContextHolder.getContext().setAuthentication(authentication); - } else { - Authentication authentication = new AnonymousAuthenticationToken(userUri, user, Collections.singletonList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))); - SecurityContextHolder.getContext().setAuthentication(authentication); + try { + User user = signatureManager.verifySignature(request.getMethod(), request.getRequestURI(), headers); + if (!user.isAnonymous()) { + String userUri = user.getUri().toString(); + if (userUri.length() == 0) { + User userWithPassword = userService.getUserByName(user.getName()); + userWithPassword.setAuthHash(userService.getHashByUID(userWithPassword.getUid())); + Authentication authentication = new UsernamePasswordAuthenticationToken(userWithPassword.getName(), userWithPassword.getCredentials()); + SecurityContextHolder.getContext().setAuthentication(authentication); + } else { + Authentication authentication = new AnonymousAuthenticationToken(userUri, user, Collections.singletonList(new SimpleGrantedAuthority("ROLE_ANONYMOUS"))); + SecurityContextHolder.getContext().setAuthentication(authentication); + } } + } catch (IOException e) { + logger.warn(String.format("Signature %s is not verified, context: %s", headers.get("Signature"), + IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8))); } } |