Last active
June 19, 2019 00:02
-
-
Save lazaronixon/d95b730513c2c0d40463cfa1a9e81d83 to your computer and use it in GitHub Desktop.
SpringBoot Simple Secure API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
import java.util.Objects; | |
import javax.servlet.FilterChain; | |
import javax.servlet.ServletException; | |
import javax.servlet.ServletRequest; | |
import javax.servlet.ServletResponse; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpServletResponse; | |
import org.springframework.beans.factory.annotation.Value; | |
import org.springframework.context.annotation.Configuration; | |
import org.springframework.web.filter.GenericFilterBean; | |
@Configuration | |
public class WebSecurityFilter extends GenericFilterBean { | |
private final static String API_TOKEN_KEY = "X-Api-Token"; | |
private HttpServletRequest servletRequest; | |
private HttpServletResponse servletResponse; | |
private FilterChain filterChain; | |
@Value("${app.api_token}") | |
private String apiTokenProperty; | |
@Override | |
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { | |
this.servletRequest = (HttpServletRequest) servletRequest; | |
this.servletResponse = (HttpServletResponse) servletResponse; | |
this.filterChain = filterChain; | |
deauthorizeIncorrectApiToken(); | |
} | |
private void deauthorizeIncorrectApiToken() throws IOException, ServletException { | |
if (isValidToken()) { | |
passThroughFilter(); | |
} else { | |
sendUnauthorizedStatus(); | |
} | |
} | |
private boolean isValidToken() { | |
return Objects.equals(getApiTokenHeader(), apiTokenProperty); | |
} | |
private void passThroughFilter() throws IOException, ServletException { | |
filterChain.doFilter(servletRequest, servletResponse); | |
} | |
private void sendUnauthorizedStatus() throws IOException { | |
servletResponse.sendError(401, "Incorrect User Token"); | |
} | |
private String getApiTokenHeader() { | |
return servletRequest.getHeader(API_TOKEN_KEY); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment