View Javadoc
1   /*
2    * MIT License
3    *
4    * Copyright (c) 2010-2020 The Waffle Project Contributors: https://github.com/Waffle/waffle/graphs/contributors
5    *
6    * Permission is hereby granted, free of charge, to any person obtaining a copy
7    * of this software and associated documentation files (the "Software"), to deal
8    * in the Software without restriction, including without limitation the rights
9    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10   * copies of the Software, and to permit persons to whom the Software is
11   * furnished to do so, subject to the following conditions:
12   *
13   * The above copyright notice and this permission notice shall be included in all
14   * copies or substantial portions of the Software.
15   *
16   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22   * SOFTWARE.
23   */
24  package waffle.servlet;
25  
26  import jakarta.servlet.Filter;
27  import jakarta.servlet.FilterChain;
28  import jakarta.servlet.FilterConfig;
29  import jakarta.servlet.ServletException;
30  import jakarta.servlet.ServletRequest;
31  import jakarta.servlet.ServletResponse;
32  import jakarta.servlet.http.HttpServletRequest;
33  
34  import java.io.IOException;
35  
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  import waffle.util.AuthorizationHeader;
40  import waffle.util.CorsPreFlightCheck;
41  
42  /**
43   * The Class CorsAwareNegotiateSecurityFilter.
44   */
45  public class CorsAwareNegotiateSecurityFilter extends NegotiateSecurityFilter implements Filter {
46  
47      /** The Constant LOGGER. */
48      private static final Logger LOGGER = LoggerFactory.getLogger(CorsAwareNegotiateSecurityFilter.class);
49  
50      /**
51       * Instantiates a new negotiate security filter.
52       */
53      public CorsAwareNegotiateSecurityFilter() {
54          CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] loaded");
55      }
56  
57      @Override
58      public void init(final FilterConfig filterConfig) throws ServletException {
59          CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Starting");
60          super.init(filterConfig);
61          CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Started");
62      }
63  
64      @Override
65      public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
66              throws IOException, ServletException {
67  
68          CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Filtering");
69  
70          final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
71          final AuthorizationHeader authorizationHeader = new AuthorizationHeader(httpServletRequest);
72  
73          if (CorsPreFlightCheck.isPreflight(httpServletRequest)) {
74              CorsAwareNegotiateSecurityFilter.LOGGER.info(
75                      "[waffle.servlet.CorsAwareNegotiateSecurityFilter] Request is CORS preflight; continue filter chain");
76              chain.doFilter(request, response);
77          } else if (authorizationHeader.isBearerAuthorizationHeader()) {
78              CorsAwareNegotiateSecurityFilter.LOGGER
79                      .info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Request is Bearer, continue filter chain");
80              chain.doFilter(request, response);
81          } else {
82              CorsAwareNegotiateSecurityFilter.LOGGER
83                      .info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Request is Not CORS preflight");
84  
85              super.doFilter(request, response, chain);
86  
87              CorsAwareNegotiateSecurityFilter.LOGGER
88                      .info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] Authentication Completed");
89          }
90      }
91  
92      @Override
93      public void destroy() {
94          super.destroy();
95          CorsAwareNegotiateSecurityFilter.LOGGER.info("[waffle.servlet.CorsAwareNegotiateSecurityFilter] unloaded");
96      }
97  
98  }