· 4 years ago · Nov 25, 2020, 12:08 PM
1public class JwtTokenVerifired extends OncePerRequestFilter{
2
3 private final SecretKey secretKey;
4
5 public JwtTokenVerifired(SecretKey secretKey) {
6 this.secretKey = secretKey;
7 }
8
9 @Override
10 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
11 throws ServletException, IOException {
12
13 String autherizationHeader = request.getHeader(JwtConstant.AUTHORIZATION_HEADER);
14
15 if(Strings.isNullOrEmpty(autherizationHeader) || !autherizationHeader.startsWith(JwtConstant.TOKEN_PREFIX)) {
16 filterChain.doFilter(request, response);
17 return;
18 }
19
20 String token = autherizationHeader.replace(JwtConstant.TOKEN_PREFIX, "");
21
22 try {
23
24 Jws<Claims> claimsJws = Jwts.parser()
25 .setSigningKey(this.secretKey)
26 .parseClaimsJws(token);
27
28 Claims body = claimsJws.getBody();
29 String username = body.getSubject();
30 var authorities = (List<Map<String, String>>) body.get("authorities");
31
32 Set<SimpleGrantedAuthority> simpleGrantedAuthority = authorities
33 .stream().map(sga -> new SimpleGrantedAuthority(sga.get("authority")))
34 .collect(Collectors.toSet());
35
36 Authentication authentication = new UsernamePasswordAuthenticationToken(
37 username,
38 null,
39 simpleGrantedAuthority
40 );
41
42 SecurityContextHolder.getContext().setAuthentication(authentication);
43 }catch (JwtException e){
44 throw new IllegalStateException(
45 String.format("Token %s cannot be trusted", token));
46 }
47
48 filterChain.doFilter(request, response);
49 }
50
51}