Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 4afeda3d

Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)

Checked, added and fixed rights to endpoints

re #9511

Zobrazit rozdíly:

backend/src/main/java/cz/zcu/kiv/backendapi/security/jwt/JwtTokenVerifier.java
8 8 
import lombok.RequiredArgsConstructor;
9 9 
import lombok.extern.slf4j.Slf4j;
10 10 
import org.springframework.http.HttpHeaders;
11 
import org.springframework.http.HttpMethod;
11 12 
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
12 13 
import org.springframework.security.core.authority.SimpleGrantedAuthority;
13 14 
import org.springframework.security.core.context.SecurityContextHolder;
......
19 20 
import javax.servlet.http.HttpServletRequest;
20 21 
import javax.servlet.http.HttpServletResponse;
21 22 
import java.io.IOException;
22 
import java.util.Arrays;
23 23 
import java.util.Collection;
24 24 
import java.util.List;
25 
import java.util.Map;
25 26 
import java.util.stream.Collectors;
26 27 

  		




  27
  28
  
    

  		




  ......




  38
  39
  
    
    private final JwtUtils jwtUtils;


  		




  39
  40
  
    

  		




  40
  41
  
    
    /**


  		




  41
  
  
    
     * Array or urls with this filter (JWT not needed for them)


  		




  
  42
  
    
     * Map of permitted endpoints with HTTP method (user does not need to be authenticated perform the request)


  		




  42
  43
  
    
     */


  		




  43
  
  
    
    private final String[] skipFilterUrls;


  		




  
  44
  
    
    private final Map<String, HttpMethod> skipFilterEndpoints;


  		




  44
  45
  
    

  		




  45
  46
  
    
    /**


  		




  46
  47
  
    
     * Filters request - checks for JWT token and validates it


  		




  ......




  83
  84
  
    
     *


  		




  84
  85
  
    
     * @param request request


  		




  85
  86
  
    
     * @return true if given request should not be scanned for JWT, false otherwise


  		




  86
  
  
    
     * @throws ServletException servlet exception


  		




  87
  87
  
    
     */


  		




  88
  88
  
    
    @Override


  		




  89
  
  
    
    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {


  		




  90
  
  
    
        return Arrays.stream(skipFilterUrls).anyMatch(url -> new AntPathRequestMatcher(url).matches(request));


  		




  
  89
  
    
    protected boolean shouldNotFilter(HttpServletRequest request) {


  		




  
  90
  
    
        return skipFilterEndpoints.entrySet().stream().anyMatch(e -> new AntPathRequestMatcher(e.getKey(), e.getValue().toString()).matches(request));


  		




  91
  91
  
    
    }


  		




  92
  92
  
    
}


  		












Také k dispozici:  Unified diff