3 * * ============LICENSE_START=======================================================
5 * * ================================================================================
6 * * Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
7 * * ================================================================================
8 * * Licensed under the Apache License, Version 2.0 (the "License");
9 * * you may not use this file except in compliance with the License.
10 * * You may obtain a copy of the License at
12 * * http://www.apache.org/licenses/LICENSE-2.0
14 * * Unless required by applicable law or agreed to in writing, software
15 * * distributed under the License is distributed on an "AS IS" BASIS,
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * * See the License for the specific language governing permissions and
18 * * limitations under the License.
19 * * ============LICENSE_END=========================================================
23 package org.onap.dcaegen2.platform.mod.security.jwt;
25 import org.onap.dcaegen2.platform.mod.security.services.UserDetailsServiceImpl;
26 import lombok.extern.slf4j.Slf4j;
27 import org.springframework.beans.factory.annotation.Autowired;
28 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
29 import org.springframework.security.core.context.SecurityContextHolder;
30 import org.springframework.security.core.userdetails.UserDetails;
31 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
32 import org.springframework.util.StringUtils;
33 import org.springframework.web.filter.OncePerRequestFilter;
35 import javax.servlet.FilterChain;
36 import javax.servlet.ServletException;
37 import javax.servlet.http.HttpServletRequest;
38 import javax.servlet.http.HttpServletResponse;
39 import java.io.IOException;
44 * Authentication Token Filter
47 public class AuthTokenFilter extends OncePerRequestFilter {
50 private JwtUtils jwtUtils;
53 private UserDetailsServiceImpl userDetailsService;
56 protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
58 String jwt = parseJwt(httpServletRequest);
59 if (jwt != null && jwtUtils.validateJwtToken(jwt)){
60 String username = jwtUtils.getUserNameFromJwtToken(jwt);
61 UserDetails userDetails = userDetailsService.loadUserByUsername(username);
62 UsernamePasswordAuthenticationToken authenticationToken =
63 new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
64 authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
65 SecurityContextHolder.getContext().setAuthentication(authenticationToken);
68 logger.error("Cannot set user authentication: {}", e);
70 filterChain.doFilter(httpServletRequest, httpServletResponse);
73 private String parseJwt(HttpServletRequest httpServletRequest) {
74 String headerAuth = httpServletRequest.getHeader("Authorization");
76 if(StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")){
77 return headerAuth.substring(7, headerAuth.length());