1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 package waffle.servlet;
25
26 import jakarta.servlet.Filter;
27 import jakarta.servlet.FilterChain;
28 import jakarta.servlet.FilterConfig;
29 import jakarta.servlet.ServletException;
30 import jakarta.servlet.ServletRequest;
31 import jakarta.servlet.ServletResponse;
32 import jakarta.servlet.http.HttpServletRequest;
33
34 import java.io.IOException;
35
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39 import waffle.util.AuthorizationHeader;
40 import waffle.util.CorsPreFlightCheck;
41
42
43
44
45 public class CorsAwareNegotiateSecurityFilter extends NegotiateSecurityFilter implements Filter {
46
47
48 private static final Logger LOGGER = LoggerFactory.getLogger(CorsAwareNegotiateSecurityFilter.class);
49
50
51
52
53 public CorsAwareNegotiateSecurityFilter() {
54 CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] loaded");
55 }
56
57 @Override
58 public void init(final FilterConfig filterConfig) throws ServletException {
59 CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Starting");
60 super.init(filterConfig);
61 CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Started");
62 }
63
64 @Override
65 public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
66 throws IOException, ServletException {
67
68 CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Filtering");
69
70 final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
71 final AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
72
73 if (CorsPreFlightCheck.isPreflight(httpServletRequest)) {
74 CorsAwareNegotiateSecurityFilter.LOGGER.info(
75 "[waffle.servlet.CorsAwareNegotiateSecurityFilter] Request is CORS preflight; continue filter chain");
76 chain.doFilter(request, response);
77 } else if (authorizationHeader.isBearerAuthorizationHeader()) {
78 CorsAwareNegotiateSecurityFilter.LOGGER
79 .info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Request is Bearer, continue filter chain");
80 chain.doFilter(request, response);
81 } else {
82 CorsAwareNegotiateSecurityFilter.LOGGER
83 .info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Request is Not CORS preflight");
84
85 super.doFilter(request, response, chain);
86
87 CorsAwareNegotiateSecurityFilter.LOGGER
88 .info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Authentication Completed");
89 }
90 }
91
92 @Override
93 public void destroy() {
94 super.destroy();
95 CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] unloaded");
96 }
97
98 }