Package net.solarnetwork.web.security

Class AuthenticationDataTokenAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
net.solarnetwork.web.security.AuthenticationDataTokenAuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
public class AuthenticationDataTokenAuthenticationFilter extends org.springframework.web.filter.OncePerRequestFilter
Authentication filter for AuthenticationData style token authentication. This filter supports the SolarNetworkWS and SNWS2 HTTP authorization schemes. In addition, a JWT encoded cookie named sntoken can be generated if a request parameter sntoken-cookie=true is passed with the request. That cookie can then be presented on subsequent requests instead of the HTTP authorization.
Version:
2.0
Author:
matt

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    COOKIE_NAME_AUTH_TOKEN
    The name of the cookie used for cookie based tokens.
    static final String
    REQUEST_PARAM_SET_COOKIE
    A request parameter to signal that an authentication cookie should be set on the response.

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthenticationDataTokenAuthenticationFilter()
    Default constructor.
    AuthenticationDataTokenAuthenticationFilter(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
    Construct with a UserDetailsService.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
     
    void
    setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
    Set the details source to use.
    void
    setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
    Set an AuthenticationEntryPoint to handle authentication errors.
    void
    setMaxDateSkew(long maxDateSkew)
    Set the maximum amount of difference in the supplied HTTP Date (or X-SN-Date) header value with the current time as reported by the system.
    void
    setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
    Set the details service.

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • AuthenticationDataTokenAuthenticationFilter

      public AuthenticationDataTokenAuthenticationFilter()
      Default constructor.

    • AuthenticationDataTokenAuthenticationFilter

      public AuthenticationDataTokenAuthenticationFilter(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
      Construct with a UserDetailsService.
      Parameters:
      userDetailsService - The service to use.

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws javax.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      javax.servlet.ServletException
      IOException

    • setUserDetailsService

      public void setUserDetailsService(org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
      Set the details service. The service must return users with valid token identifiers and plain-text token secret passwords via UserDetails.getUsername() and UserDetails.getPassword(), respectfully. After validating the request authentication, this filter will authorize the user with Spring Security by calling SecurityContextHolder.getContext().setAuthentication().
      Parameters:
      userDetailsService - the user details service to use

    • setAuthenticationDetailsSource

      public void setAuthenticationDetailsSource(org.springframework.security.authentication.AuthenticationDetailsSource<javax.servlet.http.HttpServletRequest,?> authenticationDetailsSource)
      Set the details source to use. This defaults to a WebAuthenticationDetailsSource.
      Parameters:
      authenticationDetailsSource - the details source to use

    • setMaxDateSkew

      public void setMaxDateSkew(long maxDateSkew)
      Set the maximum amount of difference in the supplied HTTP Date (or X-SN-Date) header value with the current time as reported by the system. If this difference is exceeded, authorization fails.
      Parameters:
      maxDateSkew - the maximum allowable skew, in milliseconds

    • setAuthenticationEntryPoint

      public void setAuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint authenticationEntryPoint)
      Set an AuthenticationEntryPoint to handle authentication errors. If this is configured, any AuthenticationException thrown during processing will be directed to the configured instance. Otherwise those exceptions will be re-thrown.
      Parameters:
      authenticationEntryPoint - the authenticationEntryPoint to set