View Javadoc
1   package org.oxerr.spring.security.guest.web.authentication;
2   
3   import java.io.IOException;
4   
5   import javax.servlet.FilterChain;
6   import javax.servlet.ServletException;
7   import javax.servlet.http.HttpServletRequest;
8   import javax.servlet.http.HttpServletResponse;
9   
10  import org.oxerr.spring.security.guest.authentication.GuestAuthenticationToken;
11  import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
12  import org.springframework.security.core.Authentication;
13  import org.springframework.security.core.AuthenticationException;
14  import org.springframework.security.core.context.SecurityContextHolder;
15  import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
16  import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
17  import org.springframework.util.Assert;
18  
19  public class GuestAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
20  
21  	private String headerName = "X-Client-Token";
22  
23  	public GuestAuthenticationFilter() {
24  		super(new AntPathRequestMatcher("/**", ""));
25  	}
26  
27  	@Override
28  	protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
29  		return SecurityContextHolder.getContext().getAuthentication() == null && request.getHeader(headerName) != null;
30  	}
31  
32  	@Override
33  	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
34  			throws AuthenticationException, IOException, ServletException {
35  		String clientToken = request.getHeader(headerName);
36  		GuestAuthenticationToken authRequest = new GuestAuthenticationToken(clientToken);
37  
38  		// Allow subclasses to set the "details" property
39  		setDetails(request, authRequest);
40  
41  		return this.getAuthenticationManager().authenticate(authRequest);
42  	}
43  
44  	@Override
45  	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
46  			Authentication authResult) throws IOException, ServletException {
47  
48  		SecurityContextHolder.getContext().setAuthentication(authResult);
49  
50  		getRememberMeServices().loginSuccess(request, response, authResult);
51  
52  		// Fire event
53  		if (this.eventPublisher != null) {
54  			eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(
55  					authResult, this.getClass()));
56  		}
57  
58  		chain.doFilter(request, response);
59  	}
60  
61  	/**
62  	 * Provided so that subclasses may configure what is put into the authentication
63  	 * request's details property.
64  	 *
65  	 * @param request that an authentication request is being created for
66  	 * @param authRequest the authentication request object that should have its details
67  	 * set
68  	 */
69  	protected void setDetails(HttpServletRequest request,
70  			GuestAuthenticationToken authRequest) {
71  		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
72  	}
73  
74  	public void setHeaderName(String headerName) {
75  		Assert.hasText(headerName, "Header name must not be empty or null");
76  		this.headerName = headerName;
77  	}
78  
79  }