保誠-保戶業務員媒合平台
究查 | 歷程 | 修補檔 | 提交 | 提交差異 | 忽略空白
jack
2023-08-11 6bcbe72b43d6fa041d06878d1dae09a6d8903895 
 pamapi/src/main/java/com/pollex/pam/security/jwt/JWTFilter.java


@@ -1,15 +1,24 @@


package com.pollex.pam.security.jwt;




import java.io.IOException;


import java.util.Optional;




import javax.servlet.FilterChain;


import javax.servlet.ServletException;


import javax.servlet.ServletRequest;


import javax.servlet.ServletResponse;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;




import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.context.SecurityContextHolder;


import org.springframework.stereotype.Component;


import org.springframework.util.StringUtils;


import org.springframework.web.filter.GenericFilterBean;




import com.pollex.pam.business.domain.TokenBlackList;


import com.pollex.pam.business.repository.TokenBlackListRepository;




/**


 * Filters incoming requests and installs a Spring Security principal if a header corresponding to a valid user is


@@ -22,6 +31,7 @@


    public static final String AUTHORIZATION_TOKEN = "access_token";




    private final TokenProvider tokenProvider;


    




    public JWTFilter(TokenProvider tokenProvider) {


        this.tokenProvider = tokenProvider;


@@ -32,19 +42,31 @@


        throws IOException, ServletException {


        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;


        String jwt = resolveToken(httpServletRequest);


        if(StringUtils.hasText(jwt) && !jwt.equals("null")) {


           boolean isBlackToken = this.tokenProvider.isBlackListToken(jwt);


           if(isBlackToken) {


              HttpServletResponse response = (HttpServletResponse) servletResponse;


               response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);


           }


        }


        


        if (StringUtils.hasText(jwt) && this.tokenProvider.validateToken(jwt)) {


            Authentication authentication = this.tokenProvider.getAuthentication(jwt);


 


           Authentication authentication = this.tokenProvider.getAuthentication(jwt);


            SecurityContextHolder.getContext().setAuthentication(authentication);


        }


        


        filterChain.doFilter(servletRequest, servletResponse);


    }




    private String resolveToken(HttpServletRequest request) {


    	


        String bearerToken = request.getHeader(AUTHORIZATION_HEADER);


        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {


            return bearerToken.substring(7);


        }


        String jwt = request.getParameter(AUTHORIZATION_TOKEN);


        


        if (StringUtils.hasText(jwt)) {


            return jwt;


        }