Merge branch 'master' into stage

paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java

@@ -5,7 +5,6 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@@ -20,20 +19,26 @@ public ApiKeyAuthFilter(String headerName, AuthenticationManager authenticationM
 
     this.headerName = headerName;
     setAuthenticationManager(authenticationManager);
+    setAuthenticationFailureHandler(
+        (request, response, exception) -> {
+          log.debug("Failed to authenticate API key", exception);
+          response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        });
+    setAuthenticationSuccessHandler(
+        (request, response, authentication) -> {
+          log.debug("API key authenticated successfully");
+          response.setStatus(HttpServletResponse.SC_OK);
+        });
   }
 
   @Override
   public Authentication attemptAuthentication(
       HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
     String apiKey = request.getHeader(headerName);
     apiKey = apiKey == null ? null : apiKey.trim();
-    log.info("API Key: {}", apiKey);
     if (apiKey == null || apiKey.isEmpty()) {
-      log.info("API Key not found in request header");
       throw new BadCredentialsException("API Key not found in request header");
     }
-    log.info("API Key found in request header, authenticating");
-    return getAuthenticationManager()
-        .authenticate(new UsernamePasswordAuthenticationToken(apiKey, null));
+    return getAuthenticationManager().authenticate(new ApiKeyAuthenticationToken(apiKey));
   }
 }

paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthenticationProvider.java

@@ -1,12 +1,10 @@
 package dev.luzifer.spring.config;
 
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 
-@Slf4j
 public class ApiKeyAuthenticationProvider implements AuthenticationProvider {
 
   private final String apiKey;
@@ -19,15 +17,12 @@ public ApiKeyAuthenticationProvider(String apiKey) {
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
     ApiKeyAuthenticationToken authenticationToken = (ApiKeyAuthenticationToken) authentication;
 
-    log.info("Authenticating API key: {}", authenticationToken.getCredentials());
     if (authenticationToken.getCredentials() instanceof String credentials) {
       if (apiKey.equals(credentials)) {
-        log.info("API key authenticated successfully");
         return new ApiKeyAuthenticationToken(apiKey);
       }
     }
 
-    log.info("API key was not found or not the expected value");
     throw new BadCredentialsException("The API key was not found or not the expected value.");
   }
 

paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java

@@ -19,14 +19,17 @@
 public class WebSecurityConfig {
 
   private final String apiKey;
+  private final String apiKeyHeader;
 
-  public WebSecurityConfig(@Value("${api.key}") String apiKey) {
+  public WebSecurityConfig(
+      @Value("${api.key}") String apiKey, @Value("${api.key.header}") String apiKeyHeader) {
     this.apiKey = apiKey;
+    this.apiKeyHeader = apiKeyHeader;
   }
 
   @Bean
   public ApiKeyAuthFilter apiKeyAuthFilter(AuthenticationManager authenticationManager) {
-    return new ApiKeyAuthFilter("API-KEY-HEADER", authenticationManager);
+    return new ApiKeyAuthFilter(apiKeyHeader, authenticationManager);
   }
 
   @Bean

paladins-webservice/src/main/resources/application.properties

@@ -17,6 +17,7 @@ spring.data.redis.host=localhost
 spring.data.redis.port=6379
 # API-Requests
 api.key=THV6aSBpc3QgZWluIFPDvMOfaQ==
+api.key.header=API-KEY
 # API-Paths
 api.match=api/match
 api.match.count=api/match/count