diff --git a/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java b/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java index f0f239c..71b9c5f 100644 --- a/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java +++ b/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java @@ -25,4 +25,6 @@ public interface RequestAccessManager { void manageWithAuthentication(HttpMethod method, String uri, Set roles); void manageWithoutAuthentication(HttpMethod method, String uri); + + boolean isUnsecuredRequest(HttpMethod method, String uri); } diff --git a/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java b/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java index ec9723b..1870f2f 100644 --- a/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java +++ b/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java @@ -20,6 +20,8 @@ import io.wwan13.wintersecurity.auth.RequestStorage; import io.wwan13.wintersecurity.auth.TokenExtractor; import io.wwan13.wintersecurity.constant.Constants; +import io.wwan13.wintersecurity.exception.unauthirized.ExpiredJwtTokenException; +import io.wwan13.wintersecurity.exception.unauthirized.InvalidJwtTokenException; import io.wwan13.wintersecurity.jwt.TokenClaims; import io.wwan13.wintersecurity.jwt.TokenDecoder; import org.springframework.http.HttpMethod; @@ -56,15 +58,24 @@ private void actionIfTokenPresent( HttpServletRequest request, RequestStorage storage ) { - TokenClaims claims = tokenDecoder.decode(token); + try { + TokenClaims claims = tokenDecoder.decode(token); - accessManager.manageWithAuthentication( - HttpMethod.resolve(request.getMethod()), - request.getRequestURI(), - claims.getRoles() - ); + accessManager.manageWithAuthentication( + HttpMethod.resolve(request.getMethod()), + request.getRequestURI(), + claims.getRoles() + ); + + storage.save(Constants.ATTRIBUTE_CLAIMS_KEY, claims); + } catch (InvalidJwtTokenException | ExpiredJwtTokenException e) { + HttpMethod method = HttpMethod.resolve(request.getMethod()); + String uri = request.getRequestURI(); - storage.save(Constants.ATTRIBUTE_CLAIMS_KEY, claims); + if (!accessManager.isUnsecuredRequest(method, uri)) { + throw e; + } + } } private void actionIfTokenAbsent(HttpServletRequest request) { diff --git a/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java b/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java index dc8f9b5..1afed0f 100644 --- a/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java +++ b/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java @@ -34,6 +34,7 @@ public HttpRequestAccessManager(AuthPatterns authPatterns) { this.authPatterns = authPatterns; } + @Override public void manageWithAuthentication( HttpMethod method, String uri, @@ -44,11 +45,16 @@ public void manageWithAuthentication( } } + @Override public void manageWithoutAuthentication(HttpMethod method, String uri) { - Set role = Collections.singleton(DefaultAuthPattern.ANONYMOUS_ROLE); - - if (!authPatterns.isAccessibleRequest(method, uri, role)) { + if (!isUnsecuredRequest(method, uri)) { throw new UnauthorizedException(); } } + + @Override + public boolean isUnsecuredRequest(HttpMethod method, String uri) { + Set role = Collections.singleton(DefaultAuthPattern.ANONYMOUS_ROLE); + return authPatterns.isAccessibleRequest(method, uri, role); + } }