HTTPSignatureAuthenticationFilter

1 files changed, 68 insertions, 0 deletions

diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
new file mode 100644
index 00000000..8332fc8c
--- /dev/null
+++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java
@@ -0,0 +1,68 @@
+package com.juick.service.security;
+
+import com.juick.User;
+import com.juick.server.SignatureManager;
+import com.juick.service.UserService;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.annotation.Nonnull;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.URI;
+import java.util.Collections;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+public class HTTPSignatureAuthenticationFilter extends OncePerRequestFilter {
+
+    private final SignatureManager signatureManager;
+    private final UserService userService;
+
+
+    public HTTPSignatureAuthenticationFilter(
+            final SignatureManager signatureManager,
+            final UserService userService) {
+        this.signatureManager = signatureManager;
+        this.userService = userService;
+    }
+    @Override
+    protected void doFilterInternal(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response, @Nonnull FilterChain filterChain) throws IOException, ServletException {
+        if (authenticationIsRequired()) {
+            Map<String, String> headers = Collections.list(request.getHeaderNames())
+                    .stream()
+                    .collect(Collectors.toMap(String::toLowerCase, request::getHeader));
+            User user = signatureManager.verifySignature(request.getMethod(), request.getRequestURI(), headers);
+            if (!user.isAnonymous()) {
+                String userUri = user.getUri().toString();
+                if (userUri.length() == 0) {
+                    User userWithPassword = userService.getUserByName(user.getName());
+                    userWithPassword.setAuthHash(userService.getHashByUID(userWithPassword.getUid()));
+                    Authentication authentication = new UsernamePasswordAuthenticationToken(userWithPassword.getName(), userWithPassword.getCredentials());
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                } else {
+                    Authentication authentication = new AnonymousAuthenticationToken(userUri, user, Collections.singletonList(new SimpleGrantedAuthority("ROLE_ANONYMOUS")));
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                }
+            }
+        }
+
+        filterChain.doFilter(request, response);
+    }
+
+    private boolean authenticationIsRequired() {
+        Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+
+        return existingAuth == null ||
+                !existingAuth.isAuthenticated() ||
+                existingAuth instanceof AnonymousAuthenticationToken;
+    }
+}