fi.evolver.basics.spring.auth.JwtAuthorizationManager Maven / Gradle / Ivy

Go to download
package fi.evolver.basics.spring.auth;

import java.util.function.Supplier;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Component;

import fi.evolver.basics.spring.auth.entity.JwtToken;
import jakarta.servlet.http.HttpServletRequest;

@Component
@ConditionalOnProperty(JwtAuthorization.ENV_AUTHORIZATION_SECRET)
public final class JwtAuthorizationManager implements AuthorizationManager {
    private static final Logger LOG = LoggerFactory.getLogger(JwtAuthorizationManager.class);

    @Autowired
    private JwtAuthorization jwtAuthorization;

    @Override
    public AuthorizationDecision check(Supplier authentication, RequestAuthorizationContext context) {
        HttpServletRequest request = context.getRequest();

        JwtToken token = jwtAuthorization.authorizeToken(request.getHeader("Authorization"));
        if (!token.isFullyAuthenticated()) {
            LOG.info("Token: {} not authenticated", token.getJwtId());
            return new AuthorizationDecision(false);
        }

        String permission = request.getServletPath();
        boolean result = token.hasPermission(permission);

        LOG.info("HasPermission: {} => {}", permission, result);
        if (!result)
            LOG.warn("Token {} missing permission {}", token.getJwtId(), permission);

        return new AuthorizationDecision(result);
    }
}