![[Jenkins]](/kapua/static/dff81f37/images/svgs/logo.svg){kind=logo}
Package: KapuaTokenAuthenticationFilter
KapuaTokenAuthenticationFilter
| name | instruction | branch | complexity | line | method | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| KapuaTokenAuthenticationFilter() |
|
|
|
|
|
||||||||||||||||||||
| createToken(ServletRequest, ServletResponse) |
|
|
|
|
|
||||||||||||||||||||
| isAccessAllowed(ServletRequest, ServletResponse, Object) |
|
|
|
|
|
||||||||||||||||||||
| onAccessDenied(ServletRequest, ServletResponse) |
|
|
|
|
|
||||||||||||||||||||
Coverage
1: /*******************************************************************************
2: * Copyright (c) 2016, 2022 Eurotech and/or its affiliates and others
3: *
4: * This program and the accompanying materials are made
5: * available under the terms of the Eclipse Public License 2.0
6: * which is available at https://www.eclipse.org/legal/epl-2.0/
7: *
8: * SPDX-License-Identifier: EPL-2.0
9: *
10: * Contributors:
11: * Eurotech - initial API and implementation
12: *******************************************************************************/
13: package org.eclipse.kapua.app.api.core.auth;
14:
15: import org.apache.shiro.authc.AuthenticationException;
16: import org.apache.shiro.authc.AuthenticationToken;
17: import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
18: import org.apache.shiro.web.util.WebUtils;
19: import org.eclipse.kapua.KapuaRuntimeException;
20: import org.eclipse.kapua.locator.KapuaLocator;
21: import org.eclipse.kapua.service.authentication.AccessTokenCredentials;
22: import org.eclipse.kapua.service.authentication.CredentialsFactory;
23:
24: import javax.servlet.ServletRequest;
25: import javax.servlet.ServletResponse;
26: import javax.servlet.http.HttpServletRequest;
27: import javax.servlet.http.HttpServletResponse;
28:
29: public class KapuaTokenAuthenticationFilter extends AuthenticatingFilter {
30:
31: private static final String OPTIONS = "OPTIONS";
32: private static final String AUTHORIZATION_HEADER = "Authorization";
33: private static final String BEARER = "Bearer";
34:
35: @Override
36: protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
37:• if (OPTIONS.equals(((HttpServletRequest) request).getMethod())) {
38: return true;
39: }
40:
41: try {
42: return executeLogin(request, response);
43: } catch (AuthenticationException ae) {
44: return onLoginFailure(null, ae, request, response);
45: } catch (Exception e) {
46: throw KapuaRuntimeException.internalError(e);
47: }
48: }
49:
50: @Override
51: protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) {
52:
53: //
54: // Extract token
55: HttpServletRequest httpRequest = (HttpServletRequest) request;
56:
57: String authorizationHeader = httpRequest.getHeader(AUTHORIZATION_HEADER);
58: String tokenId = null;
59:• if (authorizationHeader != null) {
60: tokenId = httpRequest.getHeader(AUTHORIZATION_HEADER).replace(BEARER + " ", "");
61: }
62:
63: //
64: // Build AccessToken for Shiro Auth
65: KapuaLocator locator = KapuaLocator.getInstance();
66: CredentialsFactory credentialsFactory = locator.getFactory(CredentialsFactory.class);
67: AccessTokenCredentials accessTokenCredentials = credentialsFactory.newAccessTokenCredentials(tokenId);
68:
69: //
70: // Return token
71: return (AuthenticationToken) accessTokenCredentials;
72: }
73:
74: @Override
75: protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
76: HttpServletResponse httpResponse = WebUtils.toHttp(response);
77: httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
78: // Continue with the filter chain, because CORS headers are still needed in the case when token is not authenticated or expired
79: return true;
80: }
81:
82: }