package org.hunt.kriimsilm.camunda.jwt; import java.io.IOException; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.camunda.bpm.engine.ProcessEngine; import org.camunda.bpm.engine.ProcessEngines; import org.camunda.bpm.engine.authorization.Authorization; import org.camunda.bpm.engine.authorization.Groups; import org.camunda.bpm.engine.authorization.Permissions; import org.camunda.bpm.engine.authorization.Resources; import org.camunda.bpm.engine.identity.User; import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationEntity; import org.camunda.bpm.engine.rest.security.auth.AuthenticationProvider; import org.camunda.bpm.engine.rest.security.auth.AuthenticationResult; /** * Camunda JWT filter. * */ public class JwtEngineAuthenticationFilter implements Filter { // init params private static final String AUTHENTICATION_PROVIDER_PARAM = "authentication-provider"; private static final String SERVLET_PATH_PREFIX = "rest-url-pattern-prefix"; private AuthenticationProvider authenticationProvider; private String servletPathPrefix; @Override public void init(FilterConfig filterConfig) throws ServletException { String authenticationProviderClassName = filterConfig.getInitParameter(AUTHENTICATION_PROVIDER_PARAM); if (authenticationProviderClassName == null) { throw new ServletException( "Cannot instantiate authentication filter: no authentication provider set. init-param " + AUTHENTICATION_PROVIDER_PARAM + " missing"); } try { Class authenticationProviderClass = Class.forName(authenticationProviderClassName); authenticationProvider = (AuthenticationProvider) authenticationProviderClass.newInstance(); } catch (ClassNotFoundException e) { throw new ServletException("Cannot instantiate authentication filter: authentication provider not found", e); } catch (InstantiationException e) { throw new ServletException( "Cannot instantiate authentication filter: cannot instantiate authentication provider", e); } catch (IllegalAccessException e) { throw new ServletException("Cannot instantiate authentication filter: constructor not accessible", e); } catch (ClassCastException e) { throw new ServletException( "Cannot instantiate authentication filter: authentication provider does not implement interface " + AuthenticationProvider.class.getName(), e); } servletPathPrefix = filterConfig.getInitParameter(SERVLET_PATH_PREFIX); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; String servletPath = servletPathPrefix; if (servletPath == null) { servletPath = req.getServletPath(); } ProcessEngine processEngine = ProcessEngines.getDefaultProcessEngine(); AuthenticationResult authenticationResult = authenticationProvider.extractAuthenticatedUser(req, null); if (authenticationResult.isAuthenticated()) { try { processEngine.getIdentityService().setAuthentication(authenticationResult.getAuthenticatedUser(), ((AuthenticationResultWithGroups) authenticationResult).getGroupIds()); chain.doFilter(request, response); } finally { clearAuthentication(processEngine); } } else { resp.setStatus(401); authenticationProvider.augmentResponseByAuthenticationChallenge(resp, processEngine); } } @Override public void destroy() { } protected void clearAuthentication(ProcessEngine engine) { engine.getIdentityService().clearAuthentication(); } }