Created
November 10, 2019 08:07
-
-
Save abhijeetchopra05/8262e6a1ee8eb84d6e15024592cb2c93 to your computer and use it in GitHub Desktop.
Use of SecurityContextHolder in spring security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.personal.banking.config; | |
import org.springframework.beans.factory.annotation.Autowired; | |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | |
import org.springframework.security.core.context.SecurityContextHolder; | |
import org.springframework.security.core.userdetails.UserDetails; | |
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; | |
import org.springframework.stereotype.Component; | |
import org.springframework.web.filter.OncePerRequestFilter; | |
import javax.servlet.FilterChain; | |
import javax.servlet.ServletException; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import java.io.IOException; | |
@Component | |
public class JwtRequestFilter extends OncePerRequestFilter { | |
@Autowired | |
private JwtTokenUtil jwtTokenUtil; | |
@Autowired | |
private CustomUserDetailService customUserDetailService; | |
@Override | |
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { | |
String userName = null; | |
final String headerToken = request.getHeader("Authorization"); | |
if (headerToken != null && headerToken.startsWith("Bearer ")) { | |
String token = headerToken.substring(7); | |
userName = jwtTokenUtil.getUsernameFromToken(token); | |
if (userName != null && SecurityContextHolder.getContext().getAuthentication() == null) { | |
UserDetails userDetails = customUserDetailService.loadUserByUsername(userName); | |
if (jwtTokenUtil.validateToken(token, userDetails)) { | |
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = | |
new UsernamePasswordAuthenticationToken(userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities()); | |
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); | |
} else { | |
// Token is not valid | |
} | |
} else { | |
// No userName in token. | |
} | |
} else { | |
// No Auth header present exception. | |
} | |
filterChain.doFilter(request, response); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment