Created
September 18, 2014 10:06
-
-
Save aakhmerov/0d4d387d3c21fd985115 to your computer and use it in GitHub Desktop.
TokenUtils
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Component | |
| public class TokenUtils { | |
| private static final Logger LOGGER = LoggerFactory.getLogger(TokenUtils.class); | |
| private static final String UTF = "UTF-8"; | |
| @Autowired | |
| private PasswordEncoder passwordEncoder; | |
| public static final String MAGIC_KEY = "obfuscate"; | |
| public static final String TOKEN_HEADER = "X-Auth-Token"; | |
| public static final String REQUEST_PARAM = "token"; | |
| public static final String TOKEN_COOKIE = "etracker_token"; | |
| public String createToken(UserDetails userDetails) throws UnsupportedEncodingException { | |
| /* Expires in one hour */ | |
| String expires = Long.valueOf(System.currentTimeMillis() + 1000L * 60 * 60).toString(); | |
| StringBuilder tokenBuilder = new StringBuilder(); | |
| tokenBuilder.append(userDetails.getUsername()); | |
| tokenBuilder.append(":"); | |
| tokenBuilder.append(expires); | |
| tokenBuilder.append(":"); | |
| tokenBuilder.append(this.computeSignature(userDetails, expires)); | |
| return tokenBuilder.toString(); | |
| } | |
| public String computeSignature(UserDetails userDetails, String expires) throws UnsupportedEncodingException { | |
| StringBuilder signatureBuilder = new StringBuilder(); | |
| signatureBuilder.append(userDetails.getUsername()); | |
| signatureBuilder.append(":"); | |
| signatureBuilder.append(expires); | |
| signatureBuilder.append(":"); | |
| signatureBuilder.append(userDetails.getPassword()); | |
| signatureBuilder.append(":"); | |
| signatureBuilder.append(TokenUtils.MAGIC_KEY); | |
| MessageDigest messageDigest = null; | |
| try { | |
| messageDigest = MessageDigest.getInstance("MD5"); | |
| } catch (NoSuchAlgorithmException e) { | |
| LOGGER.error("cannot verify security token",e); | |
| } | |
| messageDigest.update(signatureBuilder.toString().getBytes(UTF)); | |
| String encryptedString = new String(Hex.encode(messageDigest.digest())); | |
| return encryptedString; | |
| } | |
| public String getUserNameFromToken(String authToken) { | |
| if (null == authToken) { | |
| return null; | |
| } | |
| String[] parts = authToken.split(":"); | |
| return parts[0]; | |
| } | |
| public boolean validateToken(String authToken, UserDetails userDetails) throws UnsupportedEncodingException { | |
| String[] parts = authToken.split(":"); | |
| String signature = parts[2]; | |
| String expires = parts[1]; | |
| if (Long.valueOf(expires) < System.currentTimeMillis()) { | |
| return false; | |
| } | |
| return signature.equals(this.computeSignature(userDetails, expires)); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment