public void doFilter()

in resource-server/src/main/java/org/apache/servicecomb/fence/resource/AuthenticationAuthFilter.java [43:68]

• 19 lines of code
• 4 McCabe index (conditional complexity)

  public void doFilter(Invocation invocation) throws InvocationException {
    AccessDynamicProperties config = AccessDynamicPropertiesManager.getAccessConfiguration(invocation);

    // by pass authentication
    if (!config.needAuth) {
      // TODO : shall we do authorization without authenticated? 
      createSecurityContext(new HashSet<>());
      return;
    }

    String idTokenValue = invocation.getContext(CommonConstants.CONTEXT_HEADER_AUTHORIZATION);
    if (idTokenValue == null) {
      throw new InvocationException(403, "forbidden", "not authenticated");
    }

    // verify tokens
    JWTTokenStore store = BeanUtils.getBean(CommonConstants.BEAN_AUTH_ID_TOKEN_STORE);
    JWTToken idToken = store.createTokenByValue(idTokenValue);
    if (idToken == null) {
      throw new InvocationException(403, "forbidden", "not authenticated");
    }

    Set<GrantedAuthority> grantedAuthorities = new HashSet<>(idToken.getClaims().getAuthorities().size());
    idToken.getClaims().getAuthorities().forEach(v -> grantedAuthorities.add(new SimpleGrantedAuthority(v)));
    createSecurityContext(grantedAuthorities);
  }