Skip to content

Commit

Permalink
#195 avoid repeating AuthenticationFilter for /error endpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@max402
max402 committed Jun 25, 2024
1 parent 85f9461 commit ec2255d
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 15 deletions.
1 change: 1 addition & 0 deletions sts-example/src/main/java/de/adorsys/sts/example/config/SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ protected SecurityFilterChain securityFilterChain(HttpSecurity http, TokenAuthen
.requestMatchers(HttpMethod.POST,
"/login"
).permitAll()
.requestMatchers("/error").permitAll()
.anyRequest().authenticated()
;

Expand Down
28 changes: 13 additions & 15 deletions sts-spring/src/main/java/de/adorsys/sts/filter/JWTAuthenticationFilter.java
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,37 @@
package de.adorsys.sts.filter;

import de.adorsys.sts.token.authentication.TokenAuthenticationService;
import jakarta.annotation.Nonnull;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import jakarta.servlet.http.HttpServletResponse;

import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

public class JWTAuthenticationFilter extends GenericFilterBean {
private static final Logger logger = LoggerFactory.getLogger(JWTAuthenticationFilter.class);

private TokenAuthenticationService tokenAuthenticationService;
@Slf4j
@RequiredArgsConstructor
public class JWTAuthenticationFilter extends OncePerRequestFilter {

public JWTAuthenticationFilter(TokenAuthenticationService tokenAuthenticationService) {
this.tokenAuthenticationService = tokenAuthenticationService;
}
private final TokenAuthenticationService tokenAuthenticationService;

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
public void doFilterInternal(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response, @Nonnull FilterChain filterChain)
throws ServletException, IOException {
if (logger.isTraceEnabled()) logger.trace("doFilter start");

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
if (logger.isDebugEnabled())
logger.debug("Authentication is null. Try to get authentication from request...");

authentication = tokenAuthenticationService.getAuthentication((HttpServletRequest) request);
authentication = tokenAuthenticationService.getAuthentication(request);
SecurityContextHolder.getContext().setAuthentication(authentication);
}

Expand Down

0 comments on commit ec2255d

Please sign in to comment.