Revize 4afeda3d
Přidáno uživatelem Jakub Šmíd před asi 2 roky(ů)
backend/src/main/java/cz/zcu/kiv/backendapi/security/jwt/JwtTokenVerifier.java | ||
---|---|---|
8 | 8 |
import lombok.RequiredArgsConstructor; |
9 | 9 |
import lombok.extern.slf4j.Slf4j; |
10 | 10 |
import org.springframework.http.HttpHeaders; |
11 |
import org.springframework.http.HttpMethod; |
|
11 | 12 |
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
12 | 13 |
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
13 | 14 |
import org.springframework.security.core.context.SecurityContextHolder; |
... | ... | |
19 | 20 |
import javax.servlet.http.HttpServletRequest; |
20 | 21 |
import javax.servlet.http.HttpServletResponse; |
21 | 22 |
import java.io.IOException; |
22 |
import java.util.Arrays; |
|
23 | 23 |
import java.util.Collection; |
24 | 24 |
import java.util.List; |
25 |
import java.util.Map; |
|
25 | 26 |
import java.util.stream.Collectors; |
26 | 27 |
|
27 | 28 |
|
... | ... | |
38 | 39 |
private final JwtUtils jwtUtils; |
39 | 40 |
|
40 | 41 |
/** |
41 |
* Array or urls with this filter (JWT not needed for them)
|
|
42 |
* Map of permitted endpoints with HTTP method (user does not need to be authenticated perform the request)
|
|
42 | 43 |
*/ |
43 |
private final String[] skipFilterUrls;
|
|
44 |
private final Map<String, HttpMethod> skipFilterEndpoints;
|
|
44 | 45 |
|
45 | 46 |
/** |
46 | 47 |
* Filters request - checks for JWT token and validates it |
... | ... | |
83 | 84 |
* |
84 | 85 |
* @param request request |
85 | 86 |
* @return true if given request should not be scanned for JWT, false otherwise |
86 |
* @throws ServletException servlet exception |
|
87 | 87 |
*/ |
88 | 88 |
@Override |
89 |
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
|
|
90 |
return Arrays.stream(skipFilterUrls).anyMatch(url -> new AntPathRequestMatcher(url).matches(request));
|
|
89 |
protected boolean shouldNotFilter(HttpServletRequest request) { |
|
90 |
return skipFilterEndpoints.entrySet().stream().anyMatch(e -> new AntPathRequestMatcher(e.getKey(), e.getValue().toString()).matches(request));
|
|
91 | 91 |
} |
92 | 92 |
} |
Také k dispozici: Unified diff
Checked, added and fixed rights to endpoints
re #9511