Merge pull request #2 from ESchouten/custom-validator

Custom validator

pom.xml

@@ -6,20 +6,20 @@
 
     <groupId>com.erikschouten</groupId>
     <artifactId>SpringJWTAuthenticator</artifactId>
-    <version>0.1.23</version>
+    <version>0.1.26</version>
 
     <!--mvn versions:update-properties-->
     <!--mvn versions:commit-->
     <properties>
-        <kotlin.version>1.3.30</kotlin.version>
-        <spring.version>5.1.5.RELEASE</spring.version>
+        <kotlin.version>1.3.50</kotlin.version>
+        <spring.version>5.2.0.RELEASE</spring.version>
 
-        <jjwt.version>0.10.6</jjwt.version>
+        <jjwt.version>0.10.7</jjwt.version>
 
-        <jackson-module-kotlin.version>2.9.8</jackson-module-kotlin.version>
+        <jackson-module-kotlin.version>2.10.0.pr3</jackson-module-kotlin.version>
         <javax.servlet-api.version>4.0.1</javax.servlet-api.version>
-        <maven-source-plugin.version>3.0.1</maven-source-plugin.version>
-        <slf4j-api.version>1.7.25</slf4j-api.version>
+        <maven-source-plugin.version>3.1.0</maven-source-plugin.version>
+        <slf4j-api.version>1.7.28</slf4j-api.version>
     </properties>
 
     <dependencies>

src/main/kotlin/com/erikschouten/springjwtauthenticator/APIAuthenticationFilter.kt

@@ -1,14 +1,16 @@
 package com.erikschouten.springjwtauthenticator
 
+import com.erikschouten.springjwtauthenticator.validator.Validator
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import org.springframework.security.authentication.AuthenticationServiceException
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
+import org.springframework.security.core.userdetails.UserDetails
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
 
-class APIAuthenticationFilter(loginUrl: String = "/login") : AbstractAuthenticationProcessingFilter(loginUrl) {
+class APIAuthenticationFilter(loginUrl: String = "/login", private val validator: Validator = Validator()) : AbstractAuthenticationProcessingFilter(loginUrl) {
 
     init {
         setAuthenticationSuccessHandler { _, response, _ -> response.status = HttpServletResponse.SC_OK }
@@ -26,7 +28,11 @@ class APIAuthenticationFilter(loginUrl: String = "/login") : AbstractAuthenticat
         val authToken = UsernamePasswordAuthenticationToken(credentials.username
                 ?: credentials.email, credentials.password)
 
-        return authenticationManager.authenticate(authToken)
+        val authentication = authenticationManager.authenticate(authToken)
+
+        validator.validate(authentication)
+
+        return authentication
     }
 
     class AccountCredentials(val email: String?, val username: String?, val password: String)

src/main/kotlin/com/erikschouten/springjwtauthenticator/JWTSecurityContextRepository.kt

@@ -1,5 +1,7 @@
 package com.erikschouten.springjwtauthenticator
 
+import com.erikschouten.springjwtauthenticator.validator.ValidationException
+import com.erikschouten.springjwtauthenticator.validator.Validator
 import io.jsonwebtoken.ExpiredJwtException
 import io.jsonwebtoken.Jwts
 import io.jsonwebtoken.SignatureAlgorithm
@@ -29,7 +31,8 @@ class JWTSecurityContextRepository(
         private val userDetailsService: UserDetailsService,
         private val tokenTtlMs: Int = 30 * 60 * 1000,
         private val key: SecretKey = Keys.secretKeyFor(SignatureAlgorithm.HS512),
-        private vararg val claimFn: (String) -> Map<String, Any>)
+        private vararg val claimFn: (String) -> Map<String, Any>,
+        private val validator: Validator = Validator())
     : SecurityContextRepository {
 
     private val logger = LoggerFactory.getLogger(JWTSecurityContextRepository::class.java)
@@ -41,6 +44,8 @@ class JWTSecurityContextRepository(
             requestResponseHolder.request.getHeader(AUTHORIZATION_HEADER)?.let { token ->
                 validateTokenAndExtractEmail(token).let { email ->
                     context.authentication = this.userDetailsService.loadUserByUsername(email).let { userDetails ->
+                        validator.validate(userDetails)
+
                         UsernamePasswordAuthenticationToken(userDetails, null, userDetails.authorities).apply {
                             details = WebAuthenticationDetailsSource().buildDetails(requestResponseHolder.request)
                         }
@@ -53,6 +58,8 @@ class JWTSecurityContextRepository(
             logger.info("Token is expired")
         } catch (ex: UsernameNotFoundException) {
             logger.info("Username not found")
+        } catch (ex: ValidationException) {
+            logger.info("Custom jwt validation error")
         } finally {
             requestResponseHolder.response =
                     SaveContextAsJWTOnUpdateOrErrorResponseWrapper(requestResponseHolder.response)

src/main/kotlin/com/erikschouten/springjwtauthenticator/validator/ValidationException.kt

@@ -0,0 +1,5 @@
+package com.erikschouten.springjwtauthenticator.validator
+
+import org.springframework.security.core.AuthenticationException
+
+class ValidationException(message: String): AuthenticationException(message)

src/main/kotlin/com/erikschouten/springjwtauthenticator/validator/Validator.kt

@@ -0,0 +1,12 @@
+package com.erikschouten.springjwtauthenticator.validator
+
+import org.springframework.security.core.Authentication
+import org.springframework.security.core.userdetails.UserDetails
+
+open class Validator {
+    @Throws(ValidationException::class)
+    open fun validate(userDetails: UserDetails) {}
+
+    @Throws(ValidationException::class)
+    open fun validate(authentication: Authentication) {}
+}