• Home
• org.interledger.spsp
• spsp-server
• 0.1.1
• source code
• BearerTokenSecurityContextRepository.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.interledger.spsp.server.auth.BearerTokenSecurityContextRepository Maven / Gradle / Ivy

package org.interledger.spsp.server.auth;

import com.google.common.hash.Hashing;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.SecurityContextRepository;

import java.util.Optional;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * @deprecated Remove this once the version of this in `java-ilp-connector` is extracted per #457.
 * @see "https://github.com/sappenin/java-ilpv4-connector/issues/457"
 */
@Deprecated
public class BearerTokenSecurityContextRepository implements SecurityContextRepository {
  private final byte[] ephemeralBytes;

  public BearerTokenSecurityContextRepository(byte[] ephemeralBytes) {
    this.ephemeralBytes = ephemeralBytes;
  }

  @Override
  public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
    SecurityContext context = SecurityContextHolder.createEmptyContext();
    parseToken(requestResponseHolder.getRequest()).ifPresent(token ->
        context.setAuthentication(BearerAuthentication.builder()
            .isAuthenticated(false)
            .hmacSha256(Hashing.hmacSha256(ephemeralBytes).hashBytes(token))
            .bearerToken(token)
            .build()));
    return context;
  }

  @Override
  public void saveContext(SecurityContext context, HttpServletRequest request, HttpServletResponse response) {
    // stateless. do nothing
  }

  @Override
  public boolean containsContext(HttpServletRequest request) {
    return parseToken(request).isPresent();
  }

  private Optional parseToken(HttpServletRequest request) {
    return Optional.ofNullable(request.getHeader("Authorization"))
        .map(authHeader -> {
          int bearerIndex = authHeader.indexOf("Bearer ");
          if (bearerIndex == 0) {
            byte[] token = authHeader.substring(7).getBytes();
            return token;
          } else {
            return null;
          }
        });
  }
}