TokenAuthenticationFilter.java

TokenAuthenticationFilter.java

public class TokenAuthenticationFilter extends OncePerRequestFilter {

	private ITokenService tokenService;

	public TokenAuthenticationFilter(ITokenService tokenService) {
		Assert.notNull(tokenService, "Can not be null");
		this.tokenService = tokenService;
	}

	@Override
	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
		String data = request.getHeader(SecurityResource.X_AUTH_KEY);
		if (!StringUtils.hasText(data)) {
			filterChain.doFilter(request,response);
			return;
		}

		User user = this.tokenService.getUserFromToken(data);
		if (user == null) {
			filterChain.doFilter(request,response);
			return;
		}
		AuthenticatedUser authenticatedUser = AuthenticatedUser.from(user);

		String[] authorities;
		if (user.getRoles() == null) {
			authorities = new String[]{};
		} else {
			authorities = user.getRoles().toArray(new String[]{});
		}

		Authentication authentication = new PreAuthenticatedAuthenticationToken(
				authenticatedUser,
				data,
				AuthorityUtils.createAuthorityList(authorities)
		);

		SecurityContext context = SecurityContextHolder.createEmptyContext();
		context.setAuthentication(authentication);
		SecurityContextHolder.setContext(context);

		filterChain.doFilter(request, response);
	}
}