aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick/server
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick/server')
-rw-r--r--juick-server/src/main/java/com/juick/server/security/HashParamAuthenticationFilter.java66
1 files changed, 66 insertions, 0 deletions
diff --git a/juick-server/src/main/java/com/juick/server/security/HashParamAuthenticationFilter.java b/juick-server/src/main/java/com/juick/server/security/HashParamAuthenticationFilter.java
new file mode 100644
index 00000000..df1ae38c
--- /dev/null
+++ b/juick-server/src/main/java/com/juick/server/security/HashParamAuthenticationFilter.java
@@ -0,0 +1,66 @@
+package com.juick.server.security;
+
+import com.juick.User;
+import com.juick.server.security.entities.JuickUser;
+import com.juick.service.UserService;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.authentication.RememberMeAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Created by aalexeev on 4/5/17.
+ */
+public class HashParamAuthenticationFilter extends OncePerRequestFilter {
+ public static final String PARAM_NAME = "hash";
+
+ private final UserService userService;
+
+
+ public HashParamAuthenticationFilter(UserService userService) {
+ this.userService = userService;
+ }
+
+ @Override
+ protected void doFilterInternal(
+ HttpServletRequest request,
+ HttpServletResponse response,
+ FilterChain filterChain) throws ServletException, IOException {
+
+ String hash = request.getHeader(PARAM_NAME);
+
+ if (hash == null)
+ hash = request.getParameter(PARAM_NAME);
+
+ if (hash != null && authenticationIsRequired()) {
+ User user = userService.getUserByHash(hash);
+
+ if (!user.isAnonymous())
+ SecurityContextHolder.getContext().setAuthentication(
+ new RememberMeAuthenticationToken(hash, new JuickUser(user), JuickUser.USER_AUTHORITY));
+ }
+
+ filterChain.doFilter(request, response);
+ }
+
+ private boolean authenticationIsRequired() {
+ Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication();
+
+ if (existingAuth == null || !existingAuth.isAuthenticated())
+ return true;
+
+ if (existingAuth instanceof AnonymousAuthenticationToken)
+ return true;
+
+ return false;
+ }
+}