Skip to content
This repository has been archived by the owner on Aug 13, 2022. It is now read-only.

merge #50 #101 #103

Merged
merged 17 commits into from
Jul 28, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ public Object resolveArgument(MethodParameter parameter,
ModelAndViewContainer mavContainer,
NativeWebRequest webRequest,
WebDataBinderFactory binderFactory) {
if (AuthenticationHolder.hasAuthentication()) {
return AuthenticationHolder.getAuthentication();
}
HttpServletRequest req = (HttpServletRequest) webRequest.getNativeRequest();
Optional<Authentication> optional = authenticationService.getAuthentication(req.getHeader(AUTHORIZATION));
if (optional.isPresent()) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package com.bluedelivery.api.authentication;

import com.bluedelivery.domain.authentication.Authentication;

public class AuthenticationHolder {
private static ThreadLocal<Authentication> authentication = new ThreadLocal<>();

public static boolean hasAuthentication() {
return authentication.get() != null;
}

public static Authentication getAuthentication() {
return authentication.get();
}

public static void setAuthentication(Authentication auth) {
authentication.set(auth);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.HandlerMapping;
Expand All @@ -27,20 +26,13 @@ public class UserAuthInterceptor implements HandlerInterceptor {

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
if (needToBeAuthenticated((HandlerMethod) handler)) {
if (Authentication.isAnnotated(((HandlerMethod) handler).getMethod())) {
Authentication auth = authenticationService.getAuthentication(request.getHeader(AUTHORIZATION))
.orElseThrow(() -> new ApiException(INVALID_AUTHENTICATION));
if (!isSameUser(request, auth) || auth.isInvalidated()) {
throw new ApiException(NOT_AUTHORIZED_ACCESS);
}
}
return true;
}

private boolean needToBeAuthenticated(HandlerMethod handler) {
if (AnnotationUtils.findAnnotation(handler.getMethod(), AuthenticationRequired.class) == null
&& AnnotationUtils.findAnnotation(handler.getBeanType(), AuthenticationRequired.class) == null) {
return false;
AuthenticationHolder.setAuthentication(auth);
}
return true;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
package com.bluedelivery.domain.authentication;

import java.io.Serializable;
import java.lang.reflect.Method;
import java.time.Duration;
import java.time.Instant;
import java.util.Objects;

import org.springframework.core.annotation.AnnotationUtils;

import com.bluedelivery.api.authentication.AuthenticationRequired;

public class Authentication implements Serializable {
public static String AUTH_STR = "auth";
private String token;
Expand All @@ -21,6 +26,14 @@ public Authentication(String token, Long userId) {
this.userId = userId;
}

public static boolean isAnnotated(Method method) {
if (AnnotationUtils.findAnnotation(method, AuthenticationRequired.class) == null
&& AnnotationUtils.findAnnotation(method.getDeclaringClass(), AuthenticationRequired.class) == null) {
return false;
}
return true;
}

public void invalidate() {
this.invalidated = true;
}
Expand Down