PreAuthTokenProcessingFilter.java

  1. package cn.home1.oss.lib.security.internal.preauth;

  3. import static cn.home1.oss.lib.security.internal.preauth.PreAuthTokenFilter.ATTR_PRINCIPAL;
  4. import static cn.home1.oss.lib.security.internal.preauth.PreAuthTokenFilter.ATTR_PRINCIPAL_TOKEN;
  5. import static lombok.AccessLevel.PROTECTED;

  7. import cn.home1.oss.lib.security.api.GenericUser;
  8. import cn.home1.oss.lib.security.api.Security;

  10. import lombok.Getter;
  11. import lombok.Setter;
  12. import lombok.extern.slf4j.Slf4j;

  14. import org.springframework.beans.factory.annotation.Autowired;
  15. import org.springframework.core.env.Environment;
  16. import org.springframework.security.authentication.AbstractAuthenticationToken;
  17. import org.springframework.security.authentication.AuthenticationDetailsSource;
  18. import org.springframework.security.authentication.AuthenticationManager;
  19. import org.springframework.security.core.Authentication;
  20. import org.springframework.security.core.AuthenticationException;
  21. import org.springframework.security.core.context.SecurityContext;
  22. import org.springframework.security.core.context.SecurityContextHolder;
  23. import org.springframework.security.web.AuthenticationEntryPoint;
  24. import org.springframework.security.web.authentication.NullRememberMeServices;
  25. import org.springframework.security.web.authentication.RememberMeServices;
  26. import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
  27. import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
  28. import org.springframework.web.filter.GenericFilterBean;

  30. import java.io.IOException;

  32. import javax.servlet.FilterChain;
  33. import javax.servlet.ServletException;
  34. import javax.servlet.ServletRequest;
  35. import javax.servlet.ServletResponse;
  36. import javax.servlet.http.HttpServletRequest;
  37. import javax.servlet.http.HttpServletResponse;

  39. /**
  40.  * Not a bean, avoid auto pick-up.
  41.  * after BasicAuthenticationFilter and PreAuthTestUserFilter.
  42.  * see: BasicAuthenticationFilter or AbstractPreAuthenticatedProcessingFilter
  43.  *
  44.  * <p>authenticate against the supplied {@code AuthenticationManager}
  45.  * and use the supplied {@code AuthenticationEntryPoint} to handle authentication failures.</p>
  46.  *
  47.  * @author zhanghaolun
  48.  */
  49. @Setter
  50. @Getter(value = PROTECTED)
  51. @Slf4j
  52. @SuppressWarnings("PMD.ImmutableField")
  53. public class PreAuthTokenProcessingFilter extends GenericFilterBean {

  55.   /**
  56.    * will be invoked when authentication fails. Typically an instance of
  57.    * {@link org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint}.
  58.    */
  59.   private AuthenticationEntryPoint authenticationEntryPoint;
  60.   /**
  61.    * the bean to submit authentication requests to.
  62.    */
  63.   private AuthenticationManager authenticationManager;
  64.   private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
  65.   private RememberMeServices rememberMeServices;

  67.   public PreAuthTokenProcessingFilter() {
  68.     super();

  70.     this.authenticationEntryPoint = null;
  71.     this.authenticationManager = new NoOpAuthenticationManager();

  73.     this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
  74.     this.rememberMeServices = new NullRememberMeServices();
  75.   }

  77.   @Override
  78.   public void doFilter( //
  79.     final ServletRequest req, //
  80.     final ServletResponse res, //
  81.     final FilterChain chain //
  82.   ) throws IOException, ServletException {
  83.     final HttpServletRequest request = (HttpServletRequest) req;
  84.     final HttpServletResponse response = (HttpServletResponse) res;

  86.     try {
  87.       if (this.authenticationIsRequired()) {
  88.         final GenericUser principal = (GenericUser) request.getAttribute(ATTR_PRINCIPAL);
  89.         final String token = (String) request.getAttribute(ATTR_PRINCIPAL_TOKEN);
  90.         request.removeAttribute(ATTR_PRINCIPAL);
  91.         request.removeAttribute(ATTR_PRINCIPAL_TOKEN);

  93.         final AbstractAuthenticationToken authRequest = this.attempAuthentication(request, principal, token);
  94.         authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));

  96.         final Authentication authResult = this.authenticationManager.authenticate(authRequest);

  98.         if (log.isTraceEnabled()) {
  99.           log.trace("AUTH authentication success: {}, principal: {}", authResult, principal);
  100.         }

  102.         final SecurityContext securityContext = SecurityContextHolder.getContext();
  103.         securityContext.setAuthentication(authResult);
  104.         this.rememberMeServices.loginSuccess(request, response, authResult);
  105.         this.onSuccessfulAuthentication(request, response, authResult);
  106.       }
  107.     } catch (final AuthenticationException failed) {
  108.       SecurityContextHolder.clearContext();

  110.       if (log.isTraceEnabled()) {
  111.         log.trace("AUTH authentication failed. not login.", failed);
  112.       }

  114.       this.rememberMeServices.loginFail(request, response);
  115.       this.onUnsuccessfulAuthentication(request, response, failed);
  116.       if (this.getIgnoreFailure()) {
  117.         chain.doFilter(request, response);
  118.       } else {
  119.         this.authenticationEntryPoint.commence(request, response, failed);
  120.       }
  121.       return;
  122.     }

  124.     chain.doFilter(request, response);
  125.   }

  127.   private boolean authenticationIsRequired() {
  128.     return Security.authenticationIsRequired();
  129.   }

  131.   @SuppressWarnings({"PMD.UnusedFormalParameter", "squid:S1172"})
  132.   private AbstractAuthenticationToken attempAuthentication( //
  133.     final HttpServletRequest request, //
  134.     final GenericUser principal, //
  135.     final String token
  136.   ) {
  137.     return new PreAuthenticatedAuthenticationToken(principal, token);
  138.   }

  140.   @SuppressWarnings({"squid:S1172"})
  141.   protected void onSuccessfulAuthentication( //
  142.     final HttpServletRequest request, //
  143.     final HttpServletResponse response, //
  144.     final Authentication authResult //
  145.   ) throws IOException {
  146.     // Do nothing
  147.   }

  149.   @SuppressWarnings({"squid:S1172"})
  150.   protected void onUnsuccessfulAuthentication( //
  151.     final HttpServletRequest request, //
  152.     final HttpServletResponse response, //
  153.     final AuthenticationException failed //
  154.   ) throws IOException {
  155.     // Do nothing
  156.   }

  158.   public Boolean getIgnoreFailure() {
  159.     return this.authenticationEntryPoint == null;
  160.   }

  162.   @Autowired
  163.   @Override
  164.   public void setEnvironment(final Environment environment) {
  165.     super.setEnvironment(environment);
  166.   }

  168.   public static class NoOpAuthenticationManager implements AuthenticationManager {

  170.     @Override
  171.     public Authentication authenticate(final Authentication authentication) {
  172.       return authentication;
  173.     }
  174.   }
  175. }
Created with JaCoCo 0.7.7.201606060606