package com.juick.server.security; import com.juick.User; import com.juick.server.security.entities.JuickUser; import com.juick.service.UserService; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Created by aalexeev on 4/5/17. */ public class HashParamAuthenticationFilter extends OncePerRequestFilter { public static final String PARAM_NAME = "hash"; private final UserService userService; public HashParamAuthenticationFilter(UserService userService) { this.userService = userService; } @Override protected void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { String hash = request.getHeader(PARAM_NAME); if (hash == null) hash = request.getParameter(PARAM_NAME); if (hash != null && authenticationIsRequired()) { User user = userService.getUserByHash(hash); if (!user.isAnonymous()) SecurityContextHolder.getContext().setAuthentication( new RememberMeAuthenticationToken(hash, new JuickUser(user), JuickUser.USER_AUTHORITY)); } filterChain.doFilter(request, response); } private boolean authenticationIsRequired() { Authentication existingAuth = SecurityContextHolder.getContext().getAuthentication(); if (existingAuth == null || !existingAuth.isAuthenticated()) return true; if (existingAuth instanceof AnonymousAuthenticationToken) return true; return false; } }