Commit c56f02a9 authored by Maxym Borodenko's avatar Maxym Borodenko

Access token as Cookie

parent c49a8704
/*
* Copyright 2019 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.genesys2.server.servlet.filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* Converts the "access_token" cookie to the "Authorization" HTTP request header.
*
* @author Maxym Borodenko
*/
public class AccessTokenInCookieFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String token = null;
if (request.getHeader("Authorization") == null && request.getCookies() != null) {
for (Cookie cookie : request.getCookies()) {
if (cookie.getName().equalsIgnoreCase("access_token")) {
token = cookie.getValue();
break;
}
}
}
if (StringUtils.isNotBlank(token)) {
// Wrap the request
CustomHeadersRequest customHeadersRequest = new CustomHeadersRequest(request);
customHeadersRequest.addHeader("Authorization", "Bearer " + token);
filterChain.doFilter(customHeadersRequest, response);
return;
}
filterChain.doFilter(request, response);
}
static class CustomHeadersRequest extends HttpServletRequestWrapper {
private Map<String, String> customHeaders = new HashMap<>();
public CustomHeadersRequest(HttpServletRequest request) {
super(request);
}
public void addHeader(String name, String value) {
customHeaders.put(name, value);
}
@Override
public String getHeader(String name) {
if (customHeaders.containsKey(name)) {
return customHeaders.get(name);
}
return super.getHeader(name);
}
@Override
public Enumeration<String> getHeaderNames() {
List<String> names = Collections.list(super.getHeaderNames());
names.addAll(customHeaders.keySet());
return Collections.enumeration(names);
}
@Override
public Enumeration<String> getHeaders(String name) {
List<String> values = Collections.list(super.getHeaders(name));
if (customHeaders.containsKey(name)) {
values.add(customHeaders.get(name));
}
return Collections.enumeration(values);
}
}
}
......@@ -26,6 +26,7 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import javax.servlet.SessionTrackingMode;
import org.genesys2.server.servlet.filter.AccessTokenInCookieFilter;
import org.genesys2.server.servlet.filter.LocaleURLFilter;
import org.genesys2.server.servlet.filter.SuppressRequestRejectedExceptionFilter;
import org.sitemesh.builder.SiteMeshFilterBuilder;
......@@ -118,6 +119,10 @@ public class WebInitializer extends AbstractAnnotationConfigDispatcherServletIni
localeURLFilter.setInitParameter("excludePaths", "/html,/login-attempt");
localeURLFilter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST, DispatcherType.INCLUDE, DispatcherType.FORWARD), false, "/*");
// Convert the cookie to the Authorization HTTP request header
final FilterRegistration.Dynamic accessTokenInCookieFilter = servletContext.addFilter("accessTokenInCookieFilter", AccessTokenInCookieFilter.class);
accessTokenInCookieFilter.addMappingForUrlPatterns(null, false, "/api/*");
// Then the spring security
final DelegatingFilterProxy filter = new DelegatingFilterProxy("springSecurityFilterChain");
filter.setContextAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment