in streampipes-service-core/src/main/java/org/apache/streampipes/service/core/filter/TokenAuthenticationFilter.java [77:120]
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
try {
String jwt = getJwtFromRequest(request);
if (StringUtils.hasText(jwt) && tokenProvider.validateJwtToken(jwt)) {
String username = tokenProvider.getUserIdFromToken(jwt);
applySuccessfulAuth(request, username);
SecurityContext context = SecurityContextHolder.getContext();
repo.saveContext(context, request, response);
} else if (isApiKeyAuth(request)) {
String apiKey = getApiKeyFromRequest(request);
String apiUser = getApiUserFromRequest(request);
if (StringUtils.hasText(apiKey) && StringUtils.hasText(apiUser)) {
String hashedToken = TokenUtil.hashToken(apiKey);
boolean hasValidToken = new TokenService().hasValidToken(apiUser, hashedToken);
if (hasValidToken) {
applySuccessfulAuth(request, apiUser);
}
}
} else {
var authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (authorizationHeader != null && authorizationHeader.startsWith(HttpConstants.BASIC)) {
if (supportedBasicAuthPaths.contains(request.getServletPath())) {
String base64Credentials = authorizationHeader.substring(HttpConstants.BASIC.length()).trim();
String credentials = new String(Base64.getDecoder().decode(base64Credentials));
String[] splitCredentials = credentials.split(":");
String username = splitCredentials[0];
String passphrase = splitCredentials[1];
var principal = StorageDispatcher.INSTANCE.getNoSqlStore().getUserStorageAPI().getUser(username);
if (principal != null && checkCredentials(principal, passphrase)) {
applySuccessfulAuth(request, username);
}
}
}
}
} catch (Exception ex) {
logger.error("Could not set user authentication in security context", ex);
}
filterChain.doFilter(request, response);
}