Refactor authentication filter again

22a7311f · johnniang · 30f21c50 · 22a7311f · 22a7311f · 22a7311f
3 changed file
--- a/src/main/java/run/halo/app/security/filter/AbstractAuthenticationFilter.java
+++ b/src/main/java/run/halo/app/security/filter/AbstractAuthenticationFilter.java
@@ -8,6 +8,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 import run.halo.app.config.properties.HaloProperties;
 import run.halo.app.exception.NotInstallException;
 import run.halo.app.model.properties.PrimaryProperties;
+import run.halo.app.security.context.SecurityContextHolder;
 import run.halo.app.security.handler.AuthenticationFailureHandler;
 import run.halo.app.security.handler.DefaultAuthenticationFailureHandler;
 import run.halo.app.service.OptionService;
@@ -75,6 +76,7 @@ public abstract class AbstractAuthenticationFilter extends OncePerRequestFilter
     * @param request http servlet request must not be null.
     * @return true if the request should skip authentication failure; false otherwise
     */
+    @Deprecated
    protected boolean shouldSkipAuthenticateFailure(@NonNull HttpServletRequest request) {
        Assert.notNull(request, "Http servlet request must not be null");

@@ -126,6 +128,7 @@ public abstract class AbstractAuthenticationFilter extends OncePerRequestFilter
     * @param url    url must not be blank
     * @param method method must not be blank
     */
+    @Deprecated
    public void addTryAuthUrlMethodPattern(@NonNull String url, @NonNull String method) {
        Assert.hasText(url, "Try authenticating url must not be blank");
        Assert.hasText(method, "Try authenticating method must not be blank");
@@ -176,5 +179,19 @@ public abstract class AbstractAuthenticationFilter extends OncePerRequestFilter
            getFailureHandler().onFailure(request, response, new NotInstallException("The blog has not been initialized yet!"));
            return;
        }
+
+        if (shouldNotFilter(request)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        try {
+            // Do authenticate
+            doAuthenticate(request, response, filterChain);
+        } finally {
+            SecurityContextHolder.clearContext();
+        }
    }
+
+    protected abstract void doAuthenticate(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException;
 }
--- a/src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
+++ b/src/main/java/run/halo/app/security/filter/AdminAuthenticationFilter.java
@@ -77,47 +77,45 @@ public class AdminAuthenticationFilter extends AbstractAuthenticationFilter {
    }

    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+    protected void doAuthenticate(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

-        super.doFilterInternal(request, response, filterChain);
-
-        if (haloProperties.isAuthEnabled()) {
-            // Get token from request
-            String token = getTokenFromRequest(request);
+        if (!haloProperties.isAuthEnabled()) {
+            // Set security
+            userService.getCurrentUser().ifPresent(user ->
+                    SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))));

-            if (StringUtils.isBlank(token)) {
-                if (!shouldSkipAuthenticateFailure(request)) {
-                    getFailureHandler().onFailure(request, response, new AuthenticationException("You have to login before accessing admin api"));
-                    return;
-                }
-            } else {
-                // Get user id from cache
-                Optional<Integer> optionalUserId = cacheStore.getAny(SecurityUtils.buildTokenAccessKey(token), Integer.class);
+            // Do filter
+            filterChain.doFilter(request, response);
+            return;
+        }

-                if (!optionalUserId.isPresent()) {
-                    getFailureHandler().onFailure(request, response, new AuthenticationException("The token has been expired or not exist").setErrorData(token));
-                    return;
-                }
+        // Get token from request
+        String token = getTokenFromRequest(request);

-                // Get the user
-                User user = userService.getById(optionalUserId.get());
+        if (StringUtils.isBlank(token)) {
+            getFailureHandler().onFailure(request, response, new AuthenticationException("You have to login before accessing admin api"));
+            return;
+        }

-                // Build user detail
-                UserDetail userDetail = new UserDetail(user);
+        // Get user id from cache
+        Optional<Integer> optionalUserId = cacheStore.getAny(SecurityUtils.buildTokenAccessKey(token), Integer.class);

-                // Set security
-                SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(userDetail)));
-            }
-        } else {
-            // Set security
-            userService.getCurrentUser().ifPresent(user ->
-                    SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))));
+        if (!optionalUserId.isPresent()) {
+            getFailureHandler().onFailure(request, response, new AuthenticationException("The token has been expired or not exist").setErrorData(token));
+            return;
        }

-        filterChain.doFilter(request, response);
+        // Get the user
+        User user = userService.getById(optionalUserId.get());

-        // Clear context
-        SecurityContextHolder.clearContext();
+        // Build user detail
+        UserDetail userDetail = new UserDetail(user);
+
+        // Set security
+        SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(userDetail)));
+
+        // Do filter
+        filterChain.doFilter(request, response);
    }

    @Override

--- a/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java
+++ b/src/main/java/run/halo/app/security/filter/ApiAuthenticationFilter.java
@@ -39,9 +39,7 @@ public class ApiAuthenticationFilter extends AbstractAuthenticationFilter {
    }

    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
-
-        super.doFilterInternal(request, response, filterChain);
+    protected void doAuthenticate(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {

        // Get token
        String token = getTokenFromRequest(request);