From cc18bcc8fecaff8add119801fa84e6239df2190a Mon Sep 17 00:00:00 2001 From: Josh Long Date: Mon, 20 Jan 2014 01:43:20 -0800 Subject: [PATCH] updated attributions --- .../main/java/example/xauth/TokenUtils.java | 86 ++++++++++--------- .../xauth/UserXAuthTokenController.java | 3 + .../example/xauth/XAuthTokenConfigurer.java | 4 + .../java/example/xauth/XAuthTokenFilter.java | 80 ++++++++--------- 4 files changed, 93 insertions(+), 80 deletions(-) diff --git a/x-auth-security/src/main/java/example/xauth/TokenUtils.java b/x-auth-security/src/main/java/example/xauth/TokenUtils.java index 825cd21..0fd1e96 100644 --- a/x-auth-security/src/main/java/example/xauth/TokenUtils.java +++ b/x-auth-security/src/main/java/example/xauth/TokenUtils.java @@ -1,49 +1,53 @@ package example.xauth; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.codec.Hex; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +/** + * @author Philip W. Sorst (philip@sorst.net) + * @author Josh Long (josh@joshlong.com) + */ class TokenUtils { - public static final String MAGIC_KEY = "obfuscate"; - - public String createToken(UserDetails userDetails) { - long expires = System.currentTimeMillis() + 1000L * 60 * 60; - return userDetails.getUsername() + ":" + expires + ":" + computeSignature(userDetails, expires); - } - - public String computeSignature(UserDetails userDetails, long expires) { - StringBuilder signatureBuilder = new StringBuilder(); - signatureBuilder.append(userDetails.getUsername()).append(":"); - signatureBuilder.append(expires).append(":"); - signatureBuilder.append(userDetails.getPassword()).append(":"); - signatureBuilder.append(TokenUtils.MAGIC_KEY); - - MessageDigest digest; - try { - digest = MessageDigest.getInstance("MD5"); - } catch (NoSuchAlgorithmException e) { - throw new IllegalStateException("No MD5 algorithm available!"); - } - return new String(Hex.encode(digest.digest(signatureBuilder.toString().getBytes()))); - } - - public String getUserNameFromToken(String authToken) { - if (null == authToken) { - return null; - } - String[] parts = authToken.split(":"); - return parts[0]; - } - - public boolean validateToken(String authToken, UserDetails userDetails) { - String[] parts = authToken.split(":"); - long expires = Long.parseLong(parts[1]); - String signature = parts[2]; - String signatureToMatch = computeSignature(userDetails, expires); - return expires >= System.currentTimeMillis() && signature.equals(signatureToMatch); - } + public static final String MAGIC_KEY = "obfuscate"; + + public String createToken(UserDetails userDetails) { + long expires = System.currentTimeMillis() + 1000L * 60 * 60; + return userDetails.getUsername() + ":" + expires + ":" + computeSignature(userDetails, expires); + } + + public String computeSignature(UserDetails userDetails, long expires) { + StringBuilder signatureBuilder = new StringBuilder(); + signatureBuilder.append(userDetails.getUsername()).append(":"); + signatureBuilder.append(expires).append(":"); + signatureBuilder.append(userDetails.getPassword()).append(":"); + signatureBuilder.append(TokenUtils.MAGIC_KEY); + + MessageDigest digest; + try { + digest = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("No MD5 algorithm available!"); + } + return new String(Hex.encode(digest.digest(signatureBuilder.toString().getBytes()))); + } + + public String getUserNameFromToken(String authToken) { + if (null == authToken) { + return null; + } + String[] parts = authToken.split(":"); + return parts[0]; + } + + public boolean validateToken(String authToken, UserDetails userDetails) { + String[] parts = authToken.split(":"); + long expires = Long.parseLong(parts[1]); + String signature = parts[2]; + String signatureToMatch = computeSignature(userDetails, expires); + return expires >= System.currentTimeMillis() && signature.equals(signatureToMatch); + } } \ No newline at end of file diff --git a/x-auth-security/src/main/java/example/xauth/UserXAuthTokenController.java b/x-auth-security/src/main/java/example/xauth/UserXAuthTokenController.java index 88baf83..790e82d 100644 --- a/x-auth-security/src/main/java/example/xauth/UserXAuthTokenController.java +++ b/x-auth-security/src/main/java/example/xauth/UserXAuthTokenController.java @@ -20,6 +20,9 @@ /** * This controller generates the token that must be present in subsequent REST * invocations. + * + * @author Philip W. Sorst (philip@sorst.net) + * @author Josh Long (josh@joshlong.com) */ @RestController public class UserXAuthTokenController { diff --git a/x-auth-security/src/main/java/example/xauth/XAuthTokenConfigurer.java b/x-auth-security/src/main/java/example/xauth/XAuthTokenConfigurer.java index fbf3be5..938277e 100644 --- a/x-auth-security/src/main/java/example/xauth/XAuthTokenConfigurer.java +++ b/x-auth-security/src/main/java/example/xauth/XAuthTokenConfigurer.java @@ -6,6 +6,10 @@ import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +/** + * @author Philip W. Sorst (philip@sorst.net) + * @author Josh Long (josh@joshlong.com) + */ public class XAuthTokenConfigurer extends SecurityConfigurerAdapter { private UserDetailsService detailsService; diff --git a/x-auth-security/src/main/java/example/xauth/XAuthTokenFilter.java b/x-auth-security/src/main/java/example/xauth/XAuthTokenFilter.java index cf5fe29..2ccc8a7 100644 --- a/x-auth-security/src/main/java/example/xauth/XAuthTokenFilter.java +++ b/x-auth-security/src/main/java/example/xauth/XAuthTokenFilter.java @@ -1,13 +1,5 @@ package example.xauth; -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; - import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; @@ -15,40 +7,50 @@ import org.springframework.util.StringUtils; import org.springframework.web.filter.GenericFilterBean; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import java.io.IOException; + /** - * sifts through all incoming requests and installs a Spring Security principal - * if a header corresponding to a valid user is found. + * Sifts through all incoming requests and installs a Spring Security principal + * if a header corresponding to a valid user is found. + * + * @author Philip W. Sorst (philip@sorst.net) + * @author Josh Long (josh@joshlong.com) */ public class XAuthTokenFilter extends GenericFilterBean { - private final UserDetailsService detailsService; - private final TokenUtils tokenUtils = new TokenUtils(); - private String xAuthTokenHeaderName = "x-auth-token"; - - public XAuthTokenFilter( UserDetailsService userDetailsService) { - this.detailsService = userDetailsService; - } - - @Override - public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain filterChain) throws IOException, ServletException { - try { - HttpServletRequest httpServletRequest = (HttpServletRequest) arg0; - String authToken = httpServletRequest.getHeader(this.xAuthTokenHeaderName); - - if (StringUtils.hasText(authToken)) { - String username = this.tokenUtils.getUserNameFromToken(authToken); - - UserDetails details = this.detailsService.loadUserByUsername(username); - - if (this.tokenUtils.validateToken(authToken, details)) { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(details, details.getPassword(), details.getAuthorities()); - SecurityContextHolder.getContext().setAuthentication(token); - } - } - filterChain.doFilter(arg0, arg1); - } catch (Exception ex) { - throw new RuntimeException(ex); - } - } + private final UserDetailsService detailsService; + private final TokenUtils tokenUtils = new TokenUtils(); + private String xAuthTokenHeaderName = "x-auth-token"; + + public XAuthTokenFilter(UserDetailsService userDetailsService) { + this.detailsService = userDetailsService; + } + + @Override + public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain filterChain) throws IOException, ServletException { + try { + HttpServletRequest httpServletRequest = (HttpServletRequest) arg0; + String authToken = httpServletRequest.getHeader(this.xAuthTokenHeaderName); + + if (StringUtils.hasText(authToken)) { + String username = this.tokenUtils.getUserNameFromToken(authToken); + + UserDetails details = this.detailsService.loadUserByUsername(username); + + if (this.tokenUtils.validateToken(authToken, details)) { + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(details, details.getPassword(), details.getAuthorities()); + SecurityContextHolder.getContext().setAuthentication(token); + } + } + filterChain.doFilter(arg0, arg1); + } catch (Exception ex) { + throw new RuntimeException(ex); + } + } } \ No newline at end of file