1 package org.oxerr.spring.security.guest.web.authentication;
2
3 import java.io.IOException;
4
5 import javax.servlet.FilterChain;
6 import javax.servlet.ServletException;
7 import javax.servlet.http.HttpServletRequest;
8 import javax.servlet.http.HttpServletResponse;
9
10 import org.oxerr.spring.security.guest.authentication.GuestAuthenticationToken;
11 import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
12 import org.springframework.security.core.Authentication;
13 import org.springframework.security.core.AuthenticationException;
14 import org.springframework.security.core.context.SecurityContextHolder;
15 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
16 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
17 import org.springframework.util.Assert;
18
19 public class GuestAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
20
21 private String headerName = "X-Client-Token";
22
23 public GuestAuthenticationFilter() {
24 super(new AntPathRequestMatcher("/**", ""));
25 }
26
27 @Override
28 protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
29 return SecurityContextHolder.getContext().getAuthentication() == null && request.getHeader(headerName) != null;
30 }
31
32 @Override
33 public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
34 throws AuthenticationException, IOException, ServletException {
35 String clientToken = request.getHeader(headerName);
36 GuestAuthenticationToken authRequest = new GuestAuthenticationToken(clientToken);
37
38
39 setDetails(request, authRequest);
40
41 return this.getAuthenticationManager().authenticate(authRequest);
42 }
43
44 @Override
45 protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
46 Authentication authResult) throws IOException, ServletException {
47
48 SecurityContextHolder.getContext().setAuthentication(authResult);
49
50 getRememberMeServices().loginSuccess(request, response, authResult);
51
52
53 if (this.eventPublisher != null) {
54 eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
55 authResult, this.getClass()));
56 }
57
58 chain.doFilter(request, response);
59 }
60
61
62
63
64
65
66
67
68
69 protected void setDetails(HttpServletRequest request,
70 GuestAuthenticationToken authRequest) {
71 authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
72 }
73
74 public void setHeaderName(String headerName) {
75 Assert.hasText(headerName, "Header name must not be empty or null");
76 this.headerName = headerName;
77 }
78
79 }