|
|
|
@ -23,7 +23,7 @@ import java.util.Objects; |
|
|
|
|
|
|
|
|
|
public class JWTAuthenticationProvider implements AuthenticationProvider { |
|
|
|
|
|
|
|
|
|
private static final Logger logger = LoggerFactory.getLogger(JWTAuthenticationProvider.class); |
|
|
|
|
private static final Logger LOG = LoggerFactory.getLogger(JWTAuthenticationProvider.class); |
|
|
|
|
|
|
|
|
|
private final String jwtKey; |
|
|
|
|
|
|
|
|
@ -35,7 +35,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider { |
|
|
|
|
public Authentication authenticate(Authentication auth) throws AuthenticationException { |
|
|
|
|
JWTAuthenticationToken authentication = (JWTAuthenticationToken) auth; |
|
|
|
|
if (authentication.getCredentials() == null || !(authentication.getCredentials() instanceof String)) { |
|
|
|
|
logger.error("Credentials not present"); |
|
|
|
|
LOG.error("Credentials not present"); |
|
|
|
|
return null; |
|
|
|
|
} |
|
|
|
|
String rawToken = (String) auth.getCredentials(); |
|
|
|
@ -45,7 +45,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider { |
|
|
|
|
|
|
|
|
|
// TODO:AD This is super unfortunate, but not sure there is a better way when using JSP
|
|
|
|
|
if (StringUtils.contains(authentication.getRequestedPath(), "/WEB-INF/jsp/")) { |
|
|
|
|
logger.warn("BYPASSING AUTH FOR WEB-INF page"); |
|
|
|
|
LOG.warn("BYPASSING AUTH FOR WEB-INF page"); |
|
|
|
|
} else if (!roughlyEqual(path.asString(), authentication.getRequestedPath())) { |
|
|
|
|
throw new InsufficientAuthenticationException("Credentials not valid for path " + authentication |
|
|
|
|
.getRequestedPath() + ". They are valid for " + path.asString()); |
|
|
|
@ -58,9 +58,9 @@ public class JWTAuthenticationProvider implements AuthenticationProvider { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private static boolean roughlyEqual(String expectedRaw, String requestedPathRaw) { |
|
|
|
|
logger.debug("Comparing expected [{}] vs requested [{}]", expectedRaw, requestedPathRaw); |
|
|
|
|
LOG.debug("Comparing expected [{}] vs requested [{}]", expectedRaw, requestedPathRaw); |
|
|
|
|
if (StringUtils.isEmpty(expectedRaw)) { |
|
|
|
|
logger.debug("False: empty expected"); |
|
|
|
|
LOG.debug("False: empty expected"); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
try { |
|
|
|
@ -68,7 +68,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider { |
|
|
|
|
UriComponents requested = UriComponentsBuilder.fromUriString(requestedPathRaw).build(); |
|
|
|
|
|
|
|
|
|
if (!Objects.equals(expected.getPath(), requested.getPath())) { |
|
|
|
|
logger.debug("False: expected path [{}] does not match requested path [{}]", |
|
|
|
|
LOG.debug("False: expected path [{}] does not match requested path [{}]", |
|
|
|
|
expected.getPath(), requested.getPath()); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
@ -80,12 +80,12 @@ public class JWTAuthenticationProvider implements AuthenticationProvider { |
|
|
|
|
!difference.entriesOnlyOnLeft().isEmpty() || |
|
|
|
|
difference.entriesOnlyOnRight().size() != 1 || |
|
|
|
|
difference.entriesOnlyOnRight().get(JWTSecurityService.JWT_PARAM_NAME) == null) { |
|
|
|
|
logger.debug("False: expected query params [{}] do not match requested query params [{}]", expected.getQueryParams(), requested.getQueryParams()); |
|
|
|
|
LOG.debug("False: expected query params [{}] do not match requested query params [{}]", expected.getQueryParams(), requested.getQueryParams()); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} catch (Exception e) { |
|
|
|
|
logger.warn("Exception encountered while comparing paths", e); |
|
|
|
|
LOG.warn("Exception encountered while comparing paths", e); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
return true; |
|
|
|
|