Fixes Auth Filter for Health Checker

2024-02-16 03:08:31 -03:00
parent 336b8491e8
commit c61958816b
4 changed files with 41 additions and 22 deletions
--- a/src/main/java/com/hideyoshi/backendportfolio/base/security/config/SecurityConfig.java
+++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/config/SecurityConfig.java
@@ -67,6 +67,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

        http.authorizeRequests()
                .antMatchers("/session/**").permitAll()
+                .and().authorizeRequests().antMatchers("/health").permitAll()
                .and().authorizeRequests().antMatchers("/user/signup").permitAll()
                .and().authorizeRequests().antMatchers("/user/oauth/**").permitAll()
                .and().authorizeRequests().antMatchers("/user/login/**").permitAll()
--- a/src/main/java/com/hideyoshi/backendportfolio/base/security/filter/CustomAuthorizationFilter.java
+++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/filter/CustomAuthorizationFilter.java
@@ -2,6 +2,10 @@ package com.hideyoshi.backendportfolio.base.security.filter;

 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.hideyoshi.backendportfolio.base.security.service.AuthService;
+import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidException;
+import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidExceptionDetails;
+import com.hideyoshi.backendportfolio.util.exception.BadRequestException;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -11,6 +15,7 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.time.LocalDateTime;
 import java.util.*;

 import static org.springframework.http.HttpHeaders.AUTHORIZATION;
@@ -20,9 +25,12 @@ import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 public class CustomAuthorizationFilter extends OncePerRequestFilter {

    private static final List<String> notProtectedPaths = Arrays.asList(
+            "/health",
            "/user/login",
            "/user/signup",
-            "/user/login/refresh"
+            "/user/login/refresh",
+            "/session/validate",
+            "/session/destroy"
    );

    private static final String AUTHORIZATION_TYPE_STRING = "Bearer ";
@@ -38,32 +46,29 @@ public class CustomAuthorizationFilter extends OncePerRequestFilter {
            throws ServletException, IOException {
        if (this.isPathNotProtected(request.getServletPath())) {
            filterChain.doFilter(request, response);
-        } else {
-            String authorizationHeader = request.getHeader(AUTHORIZATION);
-            if (Objects.nonNull(authorizationHeader) && authorizationHeader.startsWith(AUTHORIZATION_TYPE_STRING)) {
-                try {
+            return;
+        }

-                    UsernamePasswordAuthenticationToken authenticationToken =
-                            this.authService.verifyAccessToken(authorizationHeader);
+        String authorizationHeader = request.getHeader(AUTHORIZATION);

-                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-                    filterChain.doFilter(request, response);
+        try {
+            UsernamePasswordAuthenticationToken authenticationToken =
+                    this.validateUserAccess(authorizationHeader);

-                } catch (Exception e) {
-                    response.setHeader("error", e.getMessage());
+            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+            filterChain.doFilter(request, response);

-                    response.setStatus(FORBIDDEN.value());
+        } catch (Exception e) {
+            response.setHeader("error", e.getMessage());
+            response.setStatus(FORBIDDEN.value());

-                    Map<String, String> error = new HashMap<>();
-                    error.put("error_message", e.getMessage());
+            AuthenticationInvalidExceptionDetails error = new AuthenticationInvalidExceptionDetails("Authentication Failed. Check your credentials.",
+                                HttpStatus.FORBIDDEN.value(), e.getMessage(),
+                                e.getClass().getName(), LocalDateTime.now());

-                    response.setContentType(APPLICATION_JSON_VALUE);
-                    new ObjectMapper()
-                            .writeValue(response.getOutputStream(), error);
-                }
-            } else {
-                filterChain.doFilter(request, response);
-            }
+            response.setContentType(APPLICATION_JSON_VALUE);
+            new ObjectMapper()
+                    .writeValue(response.getOutputStream(), error);
        }
    }

@@ -71,4 +76,11 @@ public class CustomAuthorizationFilter extends OncePerRequestFilter {
        return notProtectedPaths.contains(path);
    }

+    private UsernamePasswordAuthenticationToken validateUserAccess(String authorizationHeader) {
+        if (Objects.nonNull(authorizationHeader) && authorizationHeader.startsWith(AUTHORIZATION_TYPE_STRING)) {
+            return this.authService.verifyAccessToken(authorizationHeader);
+        } else {
+            throw new AuthenticationInvalidException("Access denied");
+        }
+    }
 }
--- a/src/main/java/com/hideyoshi/backendportfolio/base/security/interceptor/UserResourceAccessInterceptor.java
+++ b/src/main/java/com/hideyoshi/backendportfolio/base/security/interceptor/UserResourceAccessInterceptor.java
@@ -2,6 +2,7 @@ package com.hideyoshi.backendportfolio.base.security.interceptor;

 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.hideyoshi.backendportfolio.base.user.service.UserService;
+import com.hideyoshi.backendportfolio.util.exception.AuthenticationInvalidException;
 import com.hideyoshi.backendportfolio.util.exception.BadRequestException;
 import com.hideyoshi.backendportfolio.util.guard.UserResourceGuard;
 import lombok.RequiredArgsConstructor;
@@ -36,7 +37,7 @@ public class UserResourceAccessInterceptor implements HandlerInterceptor {
            Boolean accessPermission =
                    annotation.accessType().hasAccess(this.userService, this.objectMapper, request);
            if (!accessPermission) {
-                throw new BadRequestException(annotation.denialMessage());
+                throw new AuthenticationInvalidException(annotation.denialMessage());
            }
        }
        return true;
--- a/src/main/java/com/hideyoshi/backendportfolio/healthChecker/api/HealthCheckerController.java
+++ b/src/main/java/com/hideyoshi/backendportfolio/healthChecker/api/HealthCheckerController.java
@@ -1,6 +1,9 @@
 package com.hideyoshi.backendportfolio.healthChecker.api;


+import com.hideyoshi.backendportfolio.util.guard.UserResourceGuard;
+import com.hideyoshi.backendportfolio.util.guard.UserResourceGuardEnum;
+import lombok.RequiredArgsConstructor;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -11,9 +14,11 @@ import org.springframework.web.bind.annotation.RestController;
@Log4j2
@Controller
@RestController
+@RequiredArgsConstructor
@RequestMapping("/health")
 public class HealthCheckerController {
    @RequestMapping
+    @UserResourceGuard(accessType = UserResourceGuardEnum.OPEN)
    public ResponseEntity<String> healthCheck() {
        log.info("Health check requested");
        return ResponseEntity.ok("Health check successful!");