Skip to content
Snippets Groups Projects

add jwt interceptor

Merged Tucker Gary Siegel requested to merge jwt into develop
1 file
+ 56
0
Compare changes
  • Side-by-side
  • Inline
 
package edu.umd.dawn.common.interceptor;
 
 
import edu.umd.dawn.common.jwt.Claims;
 
import edu.umd.dawn.common.jwt.JWTUtil;
 
import jakarta.servlet.http.HttpServletRequest;
 
import jakarta.servlet.http.HttpServletResponse;
 
import lombok.extern.log4j.Log4j2;
 
 
import org.springframework.web.servlet.HandlerInterceptor;
 
 
/**
 
* interceptor to pull the claims and token for a jwt
 
* @implNote This does NOT throw any error if a jwt is not provided
 
*/
 
@Log4j2
 
public class JWTInterceptor implements HandlerInterceptor {
 
 
private boolean local;
 
private boolean warn;
 
private String accessSecret;
 
 
/**
 
*
 
* @param accessSecret JWT Access Secret from configuration
 
* @param local is the environment a local env or not
 
* @param warn should a warning be thrown if no jwt is provided
 
*/
 
public JWTInterceptor(String accessSecret, boolean local, boolean warn) {
 
this.local = local;
 
this.accessSecret = accessSecret;
 
this.warn = warn;
 
}
 
 
@Override
 
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 
throws Exception {
 
if (!local) {
 
String token = request.getHeader("Authorization");
 
if (token != null && !token.equals("")) {
 
if (token.startsWith("Bearer ")) {
 
token = token.replace("Bearer ", "");
 
}
 
 
Claims claims = JWTUtil.parse(accessSecret, token).getClaims();
 
request.setAttribute("claims", claims);
 
request.setAttribute("token", token);
 
} else if (warn) {
 
log.warn("No jwt provided");
 
}
 
} else {
 
log.warn("JWT interceptor has been disabled - if this is a production environment, consider this a"
 
+ " critical security error");
 
}
 
return true;
 
}
 
}
Loading