Not sure what i did there

DDH-RD · May 29, 2024 · 6fab4f1 · 6fab4f1
1 parent ecd31d0
commit 6fab4f1
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 52 deletions.
diff --git a/paladins-webservice/src/main/java/dev/luzifer/PaladinsWebservice.java b/paladins-webservice/src/main/java/dev/luzifer/PaladinsWebservice.java
@@ -6,8 +6,6 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
-import java.util.Optional;
-import java.util.Properties;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.SpringApplication;
 
@@ -18,23 +16,8 @@ public class PaladinsWebservice {
   private static final Path CONFIG_FILE_PATH =
       Paths.get(System.getProperty("user.dir"), CONFIG_FILE_NAME);
 
-  private static final String API_KEY;
-
   static {
     ensureFileExists(CONFIG_FILE_PATH, CONFIG_FILE_NAME);
-
-    API_KEY =
-        loadApiKeyFromProperties(CONFIG_FILE_PATH)
-            .orElseThrow(
-                () -> {
-                  log.error(
-                      "API key is missing in application.properties file at {}", CONFIG_FILE_PATH);
-                  log.error(
-                      "Please add/change the API key in the file and restart the application");
-                  return new IllegalStateException("API key is missing");
-                });
-
-    log.info("API key {} loaded successfully", API_KEY);
   }
 
   private static void ensureFileExists(Path filePath, String fileName) {
@@ -60,21 +43,7 @@ private static void fillFileFromResources(Path filePath, String resourceName) {
     }
   }
 
-  private static Optional<String> loadApiKeyFromProperties(Path filePath) {
-    Properties properties = new Properties();
-    try {
-      properties.load(Files.newInputStream(filePath));
-    } catch (IOException e) {
-      log.error("Failed to load {} file at {}", CONFIG_FILE_NAME, filePath, e);
-    }
-    return Optional.ofNullable(properties.getProperty("api.key"));
-  }
-
   public static void main(String[] args) {
     SpringApplication.run(PaladinsApplication.class, args);
   }
-
-  public static String getApiKey() {
-    return API_KEY;
-  }
 }
diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthFilter.java
@@ -1,9 +1,9 @@
 package dev.luzifer.spring.config;
 
-import dev.luzifer.PaladinsWebservice;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -24,12 +24,11 @@ public ApiKeyAuthFilter(String headerName, AuthenticationManager authenticationM
   public Authentication attemptAuthentication(
       HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
     String apiKey = request.getHeader(headerName);
-    if (apiKey == null) {
-      apiKey = PaladinsWebservice.getApiKey();
+    apiKey = apiKey == null ? null : apiKey.trim();
+    if (apiKey == null || apiKey.isEmpty()) {
+      throw new BadCredentialsException("API Key not found in request header");
     }
-    apiKey = apiKey.trim();
-    UsernamePasswordAuthenticationToken authRequest =
-        new UsernamePasswordAuthenticationToken(apiKey, null);
-    return getAuthenticationManager().authenticate(authRequest);
+    return getAuthenticationManager()
+        .authenticate(new UsernamePasswordAuthenticationToken(apiKey, null));
   }
 }
diff --git a/...dins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthenticationProvider.java b/...dins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthenticationProvider.java
@@ -19,16 +19,10 @@ public ApiKeyAuthenticationProvider(String apiKey) {
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
     ApiKeyAuthenticationToken authenticationToken = (ApiKeyAuthenticationToken) authentication;
 
-    log.info(
-        "Authenticating API key {} against actual API key {}",
-        authenticationToken.getCredentials(),
-        apiKey);
     if (authenticationToken.getCredentials() instanceof String credentials) {
       if (apiKey.equals(credentials)) {
-        log.info("API key {} authenticated successfully", apiKey);
-        return new ApiKeyAuthenticationToken(apiKey, apiKey);
+        return new ApiKeyAuthenticationToken(apiKey);
       }
-      log.info("API key {} was not the expected value", credentials);
     }
 
     throw new BadCredentialsException("The API key was not found or not the expected value.");

diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthenticationToken.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/ApiKeyAuthenticationToken.java
@@ -12,12 +12,6 @@ public ApiKeyAuthenticationToken(String apiKey) {
     setAuthenticated(false);
   }
 
-  public ApiKeyAuthenticationToken(String apiKey, String principal) {
-    super(null);
-    this.apiKey = apiKey;
-    setAuthenticated(true);
-  }
-
   @Override
   public Object getCredentials() {
     return apiKey;

diff --git a/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java b/paladins-webservice/src/main/java/dev/luzifer/spring/config/WebSecurityConfig.java
@@ -46,7 +46,7 @@ public AuthenticationManager authenticationManager(
   }
 
   @Autowired
-  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+  public void configureGlobal(AuthenticationManagerBuilder auth) {
     auth.authenticationProvider(new ApiKeyAuthenticationProvider(apiKey));
   }
 }