Package net.solarnetwork.central.security.web

Class SecurityTokenAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
net.solarnetwork.central.security.web.SecurityTokenAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class SecurityTokenAuthenticationFilter extends org.springframework.web.filter.OncePerRequestFilter implements jakarta.servlet.Filter
Authentication filter for "SolarNetworkWS" style authentication.

This authentication method has been modeled after the Amazon Web Service authentication scheme used by the S3 service (http://docs.amazonwebservices.com/AmazonS3/latest/dev/S3_Authentication2.html). The auth token is fixed at AUTH_TOKEN_LENGTH characters. All query parameters (GET or POST) are added to the request path in the message; parameters are sorted lexicographically and then their keys and first value is appended to the path following a ? character and separated by a & character.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    AUTH_TOKEN_LENGTH
    The fixed length of the auth token.
    static final int
    DEFAULT_MAX_REQUEST_BODY_SIZE
    The default value for the maxRequestBodySize property.

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityTokenAuthenticationFilter()
    Default constructor.
    SecurityTokenAuthenticationFilter(org.springframework.util.PathMatcher pathMatcher, String pathMatcherPrefixStrip)
    Construct with a PathMatcher.
    SecurityTokenAuthenticationFilter(org.springframework.util.PathMatcher pathMatcher, String pathMatcherPrefixStrip, SecurityTokenFilterSettings settings)
    Construct with a PathMatcher.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    afterPropertiesSet()
     
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, jakarta.servlet.FilterChain chain)
     
    SecurityTokenFilterSettings
    getSettings()
    Get the filter settings.
    org.springframework.security.core.userdetails.UserDetailsService
    getUserDetailsService()
    Get the user details service.
    void
    setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
    Set the details source to use.
    void
    setAuthenticationEntryPoint(net.solarnetwork.web.jakarta.security.SecurityTokenAuthenticationEntryPoint entryPoint)
    The SecurityTokenAuthenticationEntryPoint to use as the entry point.
    void
    setMaxDateSkew(long maxDateSkew)
    Set the maximum amount of difference in the supplied HTTP Date (or X-SN-Date) header value with the current time as reported by the system.
    void
    setMaxRequestBodySize(int maxRequestBodySize)
    Set the maximum allowed request body size.
    void
    setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
    Set the details service, which must return users with valid SolarNetwork usernames (email addresses) and plain-text authorization token secret passwords via UserDetails.getUsername() and UserDetails.getPassword().

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface jakarta.servlet.Filter

    destroy, doFilter, init

  • Field Details

    • AUTH_TOKEN_LENGTH

      public static final int AUTH_TOKEN_LENGTH
      The fixed length of the auth token.
      See Also:

    • DEFAULT_MAX_REQUEST_BODY_SIZE

      public static final int DEFAULT_MAX_REQUEST_BODY_SIZE
      The default value for the maxRequestBodySize property.
      Since:
      1.3
      See Also:

  • Constructor Details

    • SecurityTokenAuthenticationFilter

      public SecurityTokenAuthenticationFilter()
      Default constructor.

    • SecurityTokenAuthenticationFilter

      public SecurityTokenAuthenticationFilter(org.springframework.util.PathMatcher pathMatcher, String pathMatcherPrefixStrip)
      Construct with a PathMatcher.
      Parameters:
      pathMatcher - the matcher to use, or null if not supported
      pathMatcherPrefixStrip - a path prefix to strip from HttpServletRequest.getRequestURI() after any HttpServletRequest.getContextPath() has been removed, before comparing paths, or null to not strip any prefix
      Since:
      1.5

    • SecurityTokenAuthenticationFilter

      public SecurityTokenAuthenticationFilter(org.springframework.util.PathMatcher pathMatcher, String pathMatcherPrefixStrip, SecurityTokenFilterSettings settings)
      Construct with a PathMatcher.
      Parameters:
      pathMatcher - the matcher to use, or null if not supported
      pathMatcherPrefixStrip - a path prefix to strip from HttpServletRequest.getRequestURI() after any HttpServletRequest.getContextPath() has been removed, before comparing paths, or null to not strip any prefix
      settings - , or null to create a default instance
      Since:
      1.7

  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
      Overrides:
      afterPropertiesSet in class org.springframework.web.filter.GenericFilterBean

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, jakarta.servlet.FilterChain chain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException

    • getUserDetailsService

      public org.springframework.security.core.userdetails.UserDetailsService getUserDetailsService()
      Get the user details service.
      Returns:
      the service
      Since:
      1.9

    • setUserDetailsService

      public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
      Set the details service, which must return users with valid SolarNetwork usernames (email addresses) and plain-text authorization token secret passwords via UserDetails.getUsername() and UserDetails.getPassword().

      After validating the request authorization, this filter will authenticate the user with Spring Security.

      Parameters:
      userDetailsService - the service

    • setAuthenticationDetailsSource

      public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<jakarta.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
      Set the details source to use.

      Defaults to a WebAuthenticationDetailsSource.

      Parameters:
      authenticationDetailsSource - the source to use

    • setMaxDateSkew

      public void setMaxDateSkew(long maxDateSkew)
      Set the maximum amount of difference in the supplied HTTP Date (or X-SN-Date) header value with the current time as reported by the system.

      If this difference is exceeded, authorization fails.

      Parameters:
      maxDateSkew - the maximum allowed date skew

    • setAuthenticationEntryPoint

      public void setAuthenticationEntryPoint(net.solarnetwork.web.jakarta.security.SecurityTokenAuthenticationEntryPoint entryPoint)
      The SecurityTokenAuthenticationEntryPoint to use as the entry point.
      Parameters:
      entryPoint - the entry point to use

    • setMaxRequestBodySize

      public void setMaxRequestBodySize(int maxRequestBodySize)
      Set the maximum allowed request body size.
      Parameters:
      maxRequestBodySize - the maximum request body size allowed
      Since:
      1.3

    • getSettings

      public SecurityTokenFilterSettings getSettings()
      Get the filter settings.
      Returns:
      the settings, never null
      Since:
      1.7