| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more contributor license |
| * agreements. See the NOTICE file distributed with this work for additional information regarding |
| * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance with the License. You may obtain a |
| * copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software distributed under the License |
| * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
| * or implied. See the License for the specific language governing permissions and limitations under |
| * the License. |
| */ |
| |
| package org.apache.geode.management.internal.rest.security; |
| |
| import java.io.IOException; |
| |
| import javax.servlet.FilterChain; |
| import javax.servlet.ServletException; |
| import javax.servlet.http.HttpServletRequest; |
| import javax.servlet.http.HttpServletResponse; |
| |
| import org.springframework.security.authentication.BadCredentialsException; |
| import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
| import org.springframework.security.core.Authentication; |
| import org.springframework.security.core.AuthenticationException; |
| import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; |
| |
| /** |
| * Json Web Token authentication filter. This would filter the requests with "Bearer" token in the |
| * authentication header, and put the token in the form of UsernamePasswordAuthenticationToken |
| * format for the downstream to consume. |
| */ |
| public class JwtAuthenticationFilter extends AbstractAuthenticationProcessingFilter { |
| |
| public JwtAuthenticationFilter() { |
| super("/**"); |
| } |
| |
| @Override |
| protected boolean requiresAuthentication(HttpServletRequest request, |
| HttpServletResponse response) { |
| return true; |
| } |
| |
| @Override |
| public Authentication attemptAuthentication(HttpServletRequest request, |
| HttpServletResponse response) throws AuthenticationException { |
| |
| String header = request.getHeader("Authorization"); |
| |
| if (header == null || !header.startsWith("Bearer ")) { |
| throw new BadCredentialsException("No JWT token found in request headers, header: " + header); |
| } |
| |
| String[] tokens = header.split(" "); |
| |
| if (tokens.length != 2) { |
| throw new BadCredentialsException("Wrong authentication header format: " + header); |
| } |
| |
| return new UsernamePasswordAuthenticationToken(tokens[0], tokens[1]); |
| } |
| |
| @Override |
| protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, |
| FilterChain chain, Authentication authResult) |
| throws IOException, ServletException { |
| super.successfulAuthentication(request, response, chain, authResult); |
| |
| // As this authentication is in HTTP header, after success we need to continue the request |
| // normally and return the response as if the resource was not secured at all |
| chain.doFilter(request, response); |
| } |
| } |