Class PasswordlessAuthFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
com.erudika.para.server.security.filters.PasswordlessAuthFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class PasswordlessAuthFilter extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
A filter which simply authenticates a users without a password by just verifying a simple JWT. The assumption here is that users are verified and authenticated externally - LDAP, SAML, custom authentication (SSO).
Author:
Alex Bogdanovski [[email protected]]
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    The default filter mapping.
  • Constructor Summary

    Constructors
    Constructor
    Description
    PasswordlessAuthFilter(String defaultFilterProcessesUrl)
    Default constructor.
  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.security.core.Authentication
    attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
    Handles an authentication request.
    getOrCreateUser(App app, String accessToken)
    Authenticates or creates a User using an signed JWT token.

    Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

    afterPropertiesSet, doFilter, getRememberMeServices, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    destroy, getEnvironment, getFilterConfig, init, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

  • Constructor Details

    • PasswordlessAuthFilter

      public PasswordlessAuthFilter(String defaultFilterProcessesUrl)
      Default constructor.
      Parameters:
      defaultFilterProcessesUrl - the url of the filter
  • Method Details

    • attemptAuthentication

      public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
      Handles an authentication request.
      Specified by:
      attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
      Parameters:
      request - HTTP request
      response - HTTP response
      Returns:
      an authentication object that contains the principal object if successful.
      Throws:
      IOException - ex
      javax.servlet.ServletException - ex
    • getOrCreateUser

      public UserAuthentication getOrCreateUser(App app, String accessToken)
      Authenticates or creates a User using an signed JWT token. Access token must be a valid JWT signed with "para.app_secret_key".
      Parameters:
      app - the app where the user will be created, use null for root app
      accessToken - JWT
      Returns:
      UserAuthentication object or null if something went wrong