Apereo-Learning-Analytics-Initiative / OpenLRW

import java.io.IOException;

import javax.servlet.FilterChain;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.security.core.Authentication;

import org.springframework.security.core.AuthenticationException;

import org.springframework.security.core.context.SecurityContext;

import org.springframework.security.core.context.SecurityContextHolder;

import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;

import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import org.springframework.security.web.util.matcher.RequestMatcher;

import unicon.matthews.security.auth.JwtAuthenticationToken;

import unicon.matthews.security.auth.jwt.extractor.TokenExtractor;

import unicon.matthews.security.config.WebSecurityConfig;

import unicon.matthews.security.model.token.RawAccessJwtToken;

/**

 * Performs validation of provided JWT Token.

 * 

 * @author vladimir.stankovic

 *

 * Aug 5, 2016

 */

public class JwtTokenAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {

    private final AuthenticationFailureHandler failureHandler;

    private final TokenExtractor tokenExtractor;

    @Autowired

    public JwtTokenAuthenticationProcessingFilter(AuthenticationFailureHandler failureHandler, 

            TokenExtractor tokenExtractor, RequestMatcher matcher) {

        super(matcher);

        this.failureHandler = failureHandler;

        this.tokenExtractor = tokenExtractor;

    }

    @Override

    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,

            Authentication authResult) throws IOException, ServletException {

        SecurityContext context = SecurityContextHolder.createEmptyContext();

        context.setAuthentication(authResult);

        SecurityContextHolder.setContext(context);

        chain.doFilter(request, response);

    }

    @Override

    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,

            AuthenticationException failed) throws IOException, ServletException {

        SecurityContextHolder.clearContext();

        failureHandler.onAuthenticationFailure(request, response, failed);

    }

}