Package tech.lastbox.lastshield.security.core

Class SecurityFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
tech.lastbox.lastshield.security.core.SecurityFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
@Component public class SecurityFilter extends org.springframework.web.filter.OncePerRequestFilter
A custom security filter that intercepts HTTP requests and performs token validation to authenticate users based on a JWT (JSON Web Token). This filter checks whether a token is provided in the "Authorization" header of the request, validates the token, and sets the authentication context for the request if the token is valid.

The filter checks for token validity only if the application is configured to perform advanced filtering (as indicated by the AdvancedFilterChecker). If advanced filtering is enabled, it processes the token, validates it using the JwtService, retrieves the associated user from the repository, and sets the authenticated user in the SecurityContextHolder.

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecurityFilter(JwtService jwtService, org.springframework.context.ApplicationContext applicationContext, SecurityUtil securityUtil)
    Constructs a new SecurityFilter.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
    Filters HTTP requests by validating JWT tokens and setting the authentication context.
    void
    setUserRepository(Class<?> userRepositoryClass)
    Sets the user repository class to be used for user lookups during authentication.
    protected boolean
    shouldNotFilter(jakarta.servlet.http.HttpServletRequest request)
    Determines if this filter should be applied to the given HTTP request.

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SecurityFilter

      public SecurityFilter(JwtService jwtService, org.springframework.context.ApplicationContext applicationContext, SecurityUtil securityUtil)
      Constructs a new SecurityFilter.

      This constructor initializes the filter with the required dependencies:

      • JwtService for validating JWT tokens.
      • ApplicationContext for accessing Spring beans, such as the user repository.
      • SecurityUtil for handling user lookups and authority retrieval.
      Parameters:
      jwtService - the JWT service used to validate and decode tokens.
      applicationContext - the Spring application context to fetch the user repository bean.
      securityUtil - utility class for performing security-related operations like user lookup and authority retrieval.

  • Method Details

    • setUserRepository

      public void setUserRepository(Class<?> userRepositoryClass)
      Sets the user repository class to be used for user lookups during authentication. The repository bean is retrieved from the Spring application context.
      Parameters:
      userRepositoryClass - the class type of the user repository.

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Filters HTTP requests by validating JWT tokens and setting the authentication context.

      If the token is valid, it retrieves the associated user from the repository and sets the user as the authenticated principal in the security context.

      If the token is missing or invalid, the filter sends an appropriate error response with the status:

      • 401 Unauthorized if the token is missing or invalid.
      • 403 Forbidden if the user cannot be found or the token is invalid.
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Parameters:
      request - the HTTP request to be filtered.
      response - the HTTP response to be sent back to the client.
      filterChain - the filter chain to pass the request and response to the next filter.
      Throws:
      jakarta.servlet.ServletException - if an error occurs during filter processing.
      IOException - if an I/O error occurs during the filter process.

    • shouldNotFilter

      protected boolean shouldNotFilter(jakarta.servlet.http.HttpServletRequest request)
      Determines if this filter should be applied to the given HTTP request.

      This method checks if the request path is in the list of paths that should not be filtered.

      Overrides:
      shouldNotFilter in class org.springframework.web.filter.OncePerRequestFilter
      Parameters:
      request - the HTTP request.
      Returns:
      true if the request should not be filtered; false otherwise.