From 9faf43a6c4b933b5f97be4348d461bf91f5bf2e2 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 24 Oct 2022 01:09:32 +0300 Subject: Spring Boot 3 --- .../HTTPSignatureAuthenticationFilter.java | 17 +++---- .../security/HashParamAuthenticationFilter.java | 54 +++++++++++----------- 2 files changed, 37 insertions(+), 34 deletions(-) (limited to 'src/main/java/com/juick/service/security') diff --git a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java index 4eeb41b4..723cf576 100644 --- a/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java +++ b/src/main/java/com/juick/service/security/HTTPSignatureAuthenticationFilter.java @@ -28,11 +28,10 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.filter.OncePerRequestFilter; -import javax.annotation.Nonnull; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.Collections; import java.util.Map; @@ -43,15 +42,16 @@ public class HTTPSignatureAuthenticationFilter extends OncePerRequestFilter { private final SignatureManager signatureManager; private final UserService userService; - public HTTPSignatureAuthenticationFilter( final SignatureManager signatureManager, final UserService userService) { this.signatureManager = signatureManager; this.userService = userService; } + @Override - protected void doFilterInternal(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response, @Nonnull FilterChain filterChain) throws IOException, ServletException { + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws IOException, ServletException { if (authenticationIsRequired()) { Map headers = Collections.list(request.getHeaderNames()) .stream() @@ -63,7 +63,8 @@ public class HTTPSignatureAuthenticationFilter extends OncePerRequestFilter { if (userUri.length() == 0) { User userWithPassword = userService.getUserByName(user.getName()); userWithPassword.setAuthHash(userService.getHashByUID(userWithPassword.getUid())); - Authentication authentication = new UsernamePasswordAuthenticationToken(userWithPassword.getName(), userWithPassword.getCredentials()); + Authentication authentication = new UsernamePasswordAuthenticationToken( + new JuickUser(user), userWithPassword.getCredentials(), JuickUser.USER_AUTHORITY); SecurityContextHolder.getContext().setAuthentication(authentication); } else { Authentication authentication = new AnonymousAuthenticationToken(userUri, diff --git a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java index 68ae91ee..0f4ac66f 100644 --- a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java +++ b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java @@ -21,41 +21,40 @@ import com.juick.model.User; import com.juick.service.UserService; import com.juick.service.security.entities.JuickUser; import org.apache.commons.lang3.StringUtils; +import org.springframework.lang.NonNull; +import org.springframework.lang.Nullable; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.authentication.NullRememberMeServices; import org.springframework.security.web.authentication.RememberMeServices; import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices; import org.springframework.util.Assert; import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.util.WebUtils; -import javax.annotation.Nonnull; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.Cookie; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by aalexeev on 4/5/17. */ public class HashParamAuthenticationFilter extends OncePerRequestFilter { + public static final String PARAM_NAME = "hash"; private final UserService userService; private final RememberMeServices rememberMeServices; - public HashParamAuthenticationFilter( - final UserService userService, - final RememberMeServices rememberMeServices) { + @NonNull final UserService userService, + @Nullable final RememberMeServices rememberMeServices) { Assert.notNull(userService, "userService should not be null"); - Assert.notNull(rememberMeServices, "rememberMeServices should not be null"); this.userService = userService; this.rememberMeServices = rememberMeServices; @@ -63,28 +62,31 @@ public class HashParamAuthenticationFilter extends OncePerRequestFilter { @Override protected void doFilterInternal( - @Nonnull HttpServletRequest request, - @Nonnull HttpServletResponse response, - @Nonnull FilterChain filterChain) throws ServletException, IOException { + HttpServletRequest request, + HttpServletResponse response, + FilterChain filterChain) throws ServletException, IOException { String hash = getHashFromRequest(request); - if (hash != null && authenticationIsRequired()) { User user = userService.getUserByHash(hash); - if (!user.isAnonymous()) { User userWithPassword = userService.getUserByName(user.getName()); userWithPassword.setAuthHash(userService.getHashByUID(userWithPassword.getUid())); - Authentication authentication = rememberMeServices instanceof NullRememberMeServices - ? new UsernamePasswordAuthenticationToken(userWithPassword.getName(), - userWithPassword.getCredentials()) - : new RememberMeAuthenticationToken( - ((AbstractRememberMeServices)rememberMeServices).getKey(), - new JuickUser(userWithPassword), JuickUser.USER_AUTHORITY); - - SecurityContextHolder.getContext().setAuthentication(authentication); - - rememberMeServices.loginSuccess(request, response, authentication); + if (rememberMeServices != null) { + // web login should create cookie + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(userWithPassword), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + } else { + Authentication authentication = new UsernamePasswordAuthenticationToken( + new JuickUser(userWithPassword), + userWithPassword.getCredentials(), + JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + + } } } -- cgit v1.2.3