Skip to content
Snippets Groups Projects

add jwt interceptor

Merged add jwt interceptor
jwt into develop
Merged Tucker Gary Siegel requested to merge jwt into develop
Compare
and
1 file
+ 56
0
Compare changes
  • Side-by-side
  • Inline
src/main/java/edu/umd/dawn/common/interceptor/JWTInterceptor.java 0 → 100644
+ 56
0
package edu.umd.dawn.common.interceptor;
import edu.umd.dawn.common.jwt.Claims;
import edu.umd.dawn.common.jwt.JWTUtil;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.log4j.Log4j2;
import org.springframework.web.servlet.HandlerInterceptor;
/**
* interceptor to pull the claims and token for a jwt
* @implNote This does NOT throw any error if a jwt is not provided
*/
@Log4j2
public class JWTInterceptor implements HandlerInterceptor {
private boolean local;
private boolean warn;
private String accessSecret;
/**
*
* @param accessSecret JWT Access Secret from configuration
* @param local is the environment a local env or not
* @param warn should a warning be thrown if no jwt is provided
*/
public JWTInterceptor(String accessSecret, boolean local, boolean warn) {
this.local = local;
this.accessSecret = accessSecret;
this.warn = warn;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if (!local) {
String token = request.getHeader("Authorization");
if (token != null && !token.equals("")) {
if (token.startsWith("Bearer ")) {
token = token.replace("Bearer ", "");
}
Claims claims = JWTUtil.parse(accessSecret, token).getClaims();
request.setAttribute("claims", claims);
request.setAttribute("token", token);
} else if (warn) {
log.warn("No jwt provided");
}
} else {
log.warn("JWT interceptor has been disabled - if this is a production environment, consider this a"
+ " critical security error");
}
return true;
}
}