Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
jami-jams
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Locked files
Deploy
Releases
Model registry
Monitor
Incidents
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
savoirfairelinux
jami-jams
Commits
49da581e
Commit
49da581e
authored
4 years ago
by
Félix Sidokhine
Committed by
Adrien Béraud
4 years ago
Browse files
Options
Downloads
Patches
Plain Diff
fixed Bearer issue, cleaned up some dependencies
Change-Id: I58fcaa511dd26104ecd76e2357355e024c9894c9
parent
3a7111c8
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
+26
-28
26 additions, 28 deletions
...java/net/jami/jams/server/servlets/filters/ApiFilter.java
with
26 additions
and
28 deletions
jams-server/src/main/java/net/jami/jams/server/servlets/filters/ApiFilter.java
+
26
−
28
View file @
49da581e
...
...
@@ -50,8 +50,6 @@ import static net.jami.jams.server.servlets.filters.JWTValidator.verifyValidity;
@Slf4j
public
class
ApiFilter
implements
Filter
{
private
static
final
String
SERVLET_AUTH_METHOD
=
"authorize"
;
@Override
public
void
doFilter
(
ServletRequest
servletRequest
,
ServletResponse
servletResponse
,
FilterChain
filterChain
)
throws
IOException
,
ServletException
{
HttpServletRequest
request
=
(
HttpServletRequest
)
servletRequest
;
...
...
@@ -64,37 +62,37 @@ public class ApiFilter implements Filter {
if
(
request
.
getServletPath
().
contains
(
"login"
))
{
isLogin
=
true
;
}
//This is a backward compatibility function to provide the ability for clients to use the
//authorization header instead of tokens.
//We need to support 2 types of authorization tokens here: the basic and the bearer.
if
(
request
.
getHeader
(
"authorization"
)
!=
null
){
AuthTokenResponse
res
=
null
;
try
{
res
=
processUsernamePasswordAuth
(
request
.
getHeader
(
"authorization"
));
SignedJWT
token
=
SignedJWT
.
parse
(
res
.
getAccess_token
());
request
.
setAttribute
(
"username"
,
token
.
getJWTClaimsSet
().
getSubject
());
request
.
setAttribute
(
"accessLevel"
,
AccessLevel
.
valueOf
(
token
.
getJWTClaimsSet
().
getClaim
(
"scope"
).
toString
()));
}
catch
(
Exception
e
){
log
.
error
(
"Could not authenticate user!"
);
if
(
request
.
getHeader
(
"authorization"
).
contains
(
"basic"
))
{
try
{
res
=
processUsernamePasswordAuth
(
request
.
getHeader
(
"authorization"
));
SignedJWT
token
=
SignedJWT
.
parse
(
res
.
getAccess_token
());
request
.
setAttribute
(
"username"
,
token
.
getJWTClaimsSet
().
getSubject
());
request
.
setAttribute
(
"accessLevel"
,
AccessLevel
.
valueOf
(
token
.
getJWTClaimsSet
().
getClaim
(
"scope"
).
toString
()));
}
catch
(
Exception
e
)
{
log
.
error
(
"Could not authenticate user!"
);
}
if
(
res
!=
null
)
authsuccess
=
true
;
}
if
(
res
!=
null
)
authsuccess
=
true
;
}
else
if
(
request
.
getHeader
(
"Bearer"
)
!=
null
)
{
SignedJWT
signedJWT
=
null
;
try
{
JWSVerifier
jwsVerifier
=
new
RSASSAVerifier
(
userAuthenticationModule
.
getAuthModulePubKey
());
signedJWT
=
SignedJWT
.
parse
(
request
.
getHeader
(
"Bearer"
));
//In this case, we need to ask the "target" resource what are the allowed access levels.
if
(
signedJWT
.
verify
(
jwsVerifier
)
&&
verifyValidity
(
signedJWT
))
{
authsuccess
=
true
;
request
.
setAttribute
(
"username"
,
signedJWT
.
getJWTClaimsSet
().
getSubject
());
if
((
Boolean
)
signedJWT
.
getJWTClaimsSet
().
getClaim
(
"oneTimePassword"
))
{
//TODO: use redirect to enforce the /changepassword url or something.
else
if
(
request
.
getHeader
(
"authorization"
).
contains
(
"bearer"
)
||
request
.
getHeader
(
"authorization"
).
contains
(
"Bearer"
)){
SignedJWT
signedJWT
=
null
;
try
{
JWSVerifier
jwsVerifier
=
new
RSASSAVerifier
(
userAuthenticationModule
.
getAuthModulePubKey
())
;
signedJWT
=
SignedJWT
.
parse
(
request
.
getHeader
(
"authorization"
).
replace
(
"bearer"
,
""
).
replace
(
"Bearer"
,
""
));
//In this case, we need to ask the "target" resource what are the allowed access levels.
if
(
signedJWT
.
verify
(
jwsVerifier
)
&&
verifyValidity
(
signedJWT
))
{
authsuccess
=
true
;
request
.
setAttribute
(
"username"
,
signedJWT
.
getJWTClaimsSet
().
getSubject
());
if
((
Boolean
)
signedJWT
.
getJWTClaimsSet
().
getClaim
(
"oneTimePassword"
))
{
//TODO: use redirect to enforce the /changepassword url or something.
}
request
.
setAttribute
(
"accessLevel"
,
AccessLevel
.
valueOf
(
signedJWT
.
getJWTClaimsSet
().
getClaim
(
"scope"
).
toString
()));
}
request
.
setAttribute
(
"accessLevel"
,
AccessLevel
.
valueOf
(
signedJWT
.
getJWTClaimsSet
().
getClaim
(
"scope"
).
toString
()));
}
catch
(
Exception
e
)
{
log
.
info
(
"Received an invalid token, declining access..."
);
}
}
catch
(
Exception
e
)
{
log
.
info
(
"Received an invalid token, declining access..."
);
}
}
if
(
authsuccess
||
isLogin
)
{
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
