Skip to content
This repository has been archived by the owner on May 22, 2021. It is now read-only.

Commit

Permalink
Added Repeatable
Browse files Browse the repository at this point in the history
  • Loading branch information
PAException committed May 11, 2020
1 parent d75b4a9 commit 0383f4b
Show file tree
Hide file tree
Showing 8 changed files with 76 additions and 45 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package com.gewia.common.spring.auth;

import java.lang.annotation.ElementType;
import java.lang.annotation.Repeatable;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
@Repeatable(Authentication.class)
public @interface AuthScope {

String value() default "";

String scope() default "";

}
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,6 @@
@Target(ElementType.METHOD)
public @interface Authentication {

String scope() default "";
AuthScope[] value();

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package com.gewia.common.spring.auth;

import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface IgnoreServiceToken {
}
Original file line number Diff line number Diff line change
@@ -1,20 +1,23 @@
package com.gewia.common.spring.auth;

import com.gewia.common.spring.auth.interceptor.AuthenticationInterceptor;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.PostConstruct;
import lombok.AccessLevel;
import lombok.Getter;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

public abstract class SpringAuthentication {
@ComponentScan("com.gewia.common.spring.auth")
public abstract class SpringAuthentication implements InitializingBean {

@Getter private static List<AuthenticationInterceptor> authenticationInterceptors = new ArrayList<>();
@Getter(AccessLevel.PACKAGE) private static List<HandlerInterceptorAdapter> interceptors = new ArrayList<>();

@PostConstruct
public void registerInterceptor() {
authenticationInterceptors = this.addAuthenticationInterceptors(authenticationInterceptors);
@Override
public void afterPropertiesSet() throws Exception {
interceptors = this.addAuthenticationInterceptors(interceptors);
}

abstract public List<AuthenticationInterceptor> addAuthenticationInterceptors(List<AuthenticationInterceptor> authenticationInterceptors);
abstract public List<HandlerInterceptorAdapter> addAuthenticationInterceptors(List<HandlerInterceptorAdapter> authenticationInterceptors);

}
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package com.gewia.common.spring.auth;

import com.auth0.jwt.interfaces.DecodedJWT;
import com.gewia.common.spring.auth.interceptor.AuthenticationInterceptor;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.springframework.context.annotation.Configuration;
Expand All @@ -13,6 +12,7 @@
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Configuration
@EnableWebMvc
Expand All @@ -35,8 +35,8 @@ public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers)

@Override
public void addInterceptors(InterceptorRegistry registry) {
for (AuthenticationInterceptor authenticationInterceptor : SpringAuthentication.getAuthenticationInterceptors())
registry.addInterceptor(authenticationInterceptor).addPathPatterns("/**/*");
for (HandlerInterceptorAdapter interceptors : SpringAuthentication.getInterceptors())
registry.addInterceptor(interceptors).addPathPatterns("/**/*");
}

}

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -3,43 +3,56 @@
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.gewia.common.auth.jwt.JwtUtil;
import com.gewia.common.spring.auth.AuthScope;
import com.gewia.common.spring.auth.Authentication;
import com.gewia.common.util.Pair;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.AllArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@AllArgsConstructor
public class AuthenticationScopeInterceptor extends AuthenticationInterceptor {
public class ScopeInterceptor extends HandlerInterceptorAdapter {

private JwtUtil jwtUtil;

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
response.setStatus(HttpStatus.FORBIDDEN.value());

List<Authentication> authentications = this.getAuthenticationAnnotations(handler);
HandlerMethod method = (HandlerMethod) handler;

if (authentications.isEmpty()) {
response.setStatus(HttpStatus.OK.value());
return true;
AuthScope[] authScopes;
Authentication auth = method.getMethodAnnotation(Authentication.class);
AuthScope methodAuthScope = method.getMethodAnnotation(AuthScope.class);
if (auth != null) authScopes = auth.value();
else {
if (methodAuthScope == null) {
response.setStatus(HttpStatus.OK.value());
return true;
}
authScopes = new AuthScope[]{methodAuthScope};
}


String jwt = request.getHeader("Authorization");
if (jwt == null || jwt.isBlank()) return false;

Pair<DecodedJWT, JwtUtil.VerificationResult> result = this.jwtUtil.verify(jwt);

if (result.getRight() != JwtUtil.VerificationResult.SUCCESS) return false;

Claim claim = result.getLeft().getClaim("scopes");
List<String> userScopes = claim.asList(String.class);
for (Authentication authentication : authentications) {
if (!authentication.scope().isBlank()) {
for (AuthScope authScope : authScopes) {
String scope = authScope.scope();
if (scope.isBlank()) scope = authScope.value();
if (!scope.isBlank()) {
boolean isPresent = false;
for (String userScope : userScopes)
if (userScope.equalsIgnoreCase(authentication.scope())) {
if (userScope.equalsIgnoreCase(scope)) {
isPresent = true;
break;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,19 +1,28 @@
package com.gewia.common.spring.auth.interceptor;

import com.gewia.common.spring.auth.IgnoreServiceToken;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.AllArgsConstructor;
import org.springframework.http.HttpStatus;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@AllArgsConstructor
public class AuthenticationServiceTokenInterceptor extends AuthenticationInterceptor {
public class ServiceTokenInterceptor extends HandlerInterceptorAdapter {

private String serviceToken;

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
response.setStatus(HttpStatus.FORBIDDEN.value());

HandlerMethod method = (HandlerMethod) handler;
if (method.hasMethodAnnotation(IgnoreServiceToken.class)) {
response.setStatus(HttpStatus.OK.value());
return true;
}

String serviceToken = request.getHeader("X-ServiceToken");

if (serviceToken == null) return false;
Expand Down

0 comments on commit 0383f4b

Please sign in to comment.