shardingsphere-elasticjob-lite-ui/shardingsphere-elasticjob-lite-ui-backend/src/main/java/org/apache/shardingsphere/elasticjob/lite/ui/security/AuthenticationFilter.java - shardingsphere-elasticjob-ui - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.shardingsphere.elasticjob.lite.ui.security;

 import com.google.common.base.Strings;
 import com.google.gson.Gson;
 import lombok.Setter;
 import org.apache.shardingsphere.elasticjob.lite.ui.web.response.ResponseResultUtil;

 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;

 /**
  * Authentication filter.
  */
 public final class AuthenticationFilter implements Filter {

     private static final String LOGIN_URI = "/api/login";

     private final Gson gson = new Gson();

     @Setter
     private UserAuthenticationService userAuthenticationService;

     @Override
     public void init(final FilterConfig filterConfig) {
     }

     @Override
     public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
         HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
         HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
         if (LOGIN_URI.equals(httpRequest.getRequestURI())) {
             handleLogin(httpRequest, httpResponse);
         } else {
             String accessToken = httpRequest.getHeader("Access-Token");
             if (!Strings.isNullOrEmpty(accessToken) && accessToken.equals(userAuthenticationService.getToken())) {
                 filterChain.doFilter(httpRequest, httpResponse);
             } else {
                 respondWithUnauthorized(httpResponse);
             }
         }
     }

     @Override
     public void destroy() {
     }

     private void handleLogin(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) {
         try {
             UserAccount user = gson.fromJson(httpRequest.getReader(), UserAccount.class);
             AuthenticationResult authenticationResult = userAuthenticationService.checkUser(user);
             if (null != authenticationResult && authenticationResult.isSuccess()) {
                 httpResponse.setContentType("application/json");
                 httpResponse.setCharacterEncoding("UTF-8");
                 Map<String, Object> result = new HashMap<>();
                 result.put("username", authenticationResult.getUsername());
                 result.put("accessToken", userAuthenticationService.getToken());
                 result.put("isGuest", authenticationResult.isGuest());
                 httpResponse.getWriter().write(gson.toJson(ResponseResultUtil.build(result)));
             } else {
                 respondWithUnauthorized(httpResponse);
             }
         } catch (IOException e) {
             e.printStackTrace();
         }

     }

     private void respondWithUnauthorized(final HttpServletResponse httpResponse) throws IOException {
         httpResponse.setContentType("application/json");
         httpResponse.setCharacterEncoding("UTF-8");
         httpResponse.getWriter().write(gson.toJson(ResponseResultUtil.handleUnauthorizedException("Unauthorized.")));
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.shardingsphere.elasticjob.lite.ui.security;

	import com.google.common.base.Strings;
	import com.google.gson.Gson;
	import lombok.Setter;
	import org.apache.shardingsphere.elasticjob.lite.ui.web.response.ResponseResultUtil;

	import javax.servlet.Filter;
	import javax.servlet.FilterChain;
	import javax.servlet.FilterConfig;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import java.io.IOException;
	import java.util.HashMap;
	import java.util.Map;

	/**
	* Authentication filter.
	*/
	public final class AuthenticationFilter implements Filter {

	private static final String LOGIN_URI = "/api/login";

	private final Gson gson = new Gson();

	@Setter
	private UserAuthenticationService userAuthenticationService;

	@Override
	public void init(final FilterConfig filterConfig) {
	}

	@Override
	public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
	HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
	HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
	if (LOGIN_URI.equals(httpRequest.getRequestURI())) {
	handleLogin(httpRequest, httpResponse);
	} else {
	String accessToken = httpRequest.getHeader("Access-Token");
	if (!Strings.isNullOrEmpty(accessToken) && accessToken.equals(userAuthenticationService.getToken())) {
	filterChain.doFilter(httpRequest, httpResponse);
	} else {
	respondWithUnauthorized(httpResponse);
	}
	}
	}

	@Override
	public void destroy() {
	}

	private void handleLogin(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) {
	try {
	UserAccount user = gson.fromJson(httpRequest.getReader(), UserAccount.class);
	AuthenticationResult authenticationResult = userAuthenticationService.checkUser(user);
	if (null != authenticationResult && authenticationResult.isSuccess()) {
	httpResponse.setContentType("application/json");
	httpResponse.setCharacterEncoding("UTF-8");
	Map<String, Object> result = new HashMap<>();
	result.put("username", authenticationResult.getUsername());
	result.put("accessToken", userAuthenticationService.getToken());
	result.put("isGuest", authenticationResult.isGuest());
	httpResponse.getWriter().write(gson.toJson(ResponseResultUtil.build(result)));
	} else {
	respondWithUnauthorized(httpResponse);
	}
	} catch (IOException e) {
	e.printStackTrace();
	}

	}

	private void respondWithUnauthorized(final HttpServletResponse httpResponse) throws IOException {
	httpResponse.setContentType("application/json");
	httpResponse.setCharacterEncoding("UTF-8");
	httpResponse.getWriter().write(gson.toJson(ResponseResultUtil.handleUnauthorizedException("Unauthorized.")));
	}
	}