• Home
• com.github.rlon008
• spring-stateless-security
• 1.2
• source code
• XAuthTokenHttpServletBinder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

nz.co.katatech.springboot.security.stateless.XAuthTokenHttpServletBinder Maven / Gradle / Ivy

package nz.co.katatech.springboot.security.stateless;


import org.springframework.security.core.Authentication;
import org.springframework.util.StringUtils;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import static org.springframework.util.StringUtils.isEmpty;

public class XAuthTokenHttpServletBinder implements HttpServletBinder {
    private final TokenParser tokenParser;
    private String path = "/";
    private AuthenticationConverter authenticationConverter;

    public XAuthTokenHttpServletBinder( TokenParser tokenParser, AuthenticationConverter authenticationConverter ) {
        this.tokenParser = tokenParser;
        this.authenticationConverter = authenticationConverter;
    }

    @Override
    public void bind( HttpServletResponse response, Authentication authentication ) {
        String subject = authenticationConverter.convert( authentication );
        final String token = tokenParser.generate( subject );
        final Cookie cookie = new Cookie( X_AUTH_TOKEN, token );
        cookie.setPath( path );
        cookie.setHttpOnly( true );
        response.addCookie( cookie );
    }

    @Override
    public Authentication retrieve( HttpServletRequest request ) {
        final String token = getToken( request );
        if ( token != null ) {
            try {
                String parsedToken = tokenParser.parse( token );
                return authenticationConverter.convert( parsedToken );
            } catch ( Exception ignored ) {
            }
        }
        return null;
    }

    private String getToken( HttpServletRequest request ) {
        String headerToken = request.getHeader( X_AUTH_TOKEN );
        return !isEmpty( headerToken ) ? headerToken : findCookieToken( request );
    }

    public XAuthTokenHttpServletBinder withCookiePath( String path ) {
        this.path = path;
        return this;
    }

    private String findCookieToken( HttpServletRequest request ) {
        final Cookie[] cookies = request.getCookies();
        if ( cookies != null ) {
            for ( Cookie cookie : cookies ) {
                if ( X_AUTH_TOKEN.equals( cookie.getName() ) ) {
                    return cookie.getValue();
                }
            }
        }
        return null;
    }
}