Package com.alpaca.security.filter
Class JwtTokenValidatorFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
com.alpaca.security.filter.JwtTokenValidatorFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.web.context.ServletContextAware
public class JwtTokenValidatorFilter
extends org.springframework.web.filter.OncePerRequestFilter
A servlet filter that validates JWT tokens in incoming requests and populates the Spring Security
context.
Extending OncePerRequestFilter, this filter ensures that it is executed only once per
HTTP request, providing efficient and safe token-based authentication. This filter retrieves the
`Authorization` header, checks if it contains a valid Bearer token via isAToken(String),
and if valid, delegates authentication to JJwtManager. A new UsernamePasswordAuthenticationToken is created and set in the SecurityContextHolder.
This integration aligns with standard JWT authentication flows as seen in Spring Security configurations ([OncePerRequestFilter guarantees single execution](https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/OncePerRequestFilter.html) :contentReference[oaicite:0]{index=0}).
- See Also:
-
Field Summary
FieldsFields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) Filters the HTTP request to extract and validate a JWT token if present.booleanDetermines whether the provided string is a valid Bearer token header.Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
manager
-
-
Constructor Details
-
JwtTokenValidatorFilter
public JwtTokenValidatorFilter()
-
-
Method Details
-
doFilterInternal
protected void doFilterInternal(@NonNull jakarta.servlet.http.HttpServletRequest request, @NonNull jakarta.servlet.http.HttpServletResponse response, @NonNull jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException Filters the HTTP request to extract and validate a JWT token if present. If the token is valid, sets the corresponding authentication into the security context.- Specified by:
doFilterInternalin classorg.springframework.web.filter.OncePerRequestFilter- Parameters:
request- the incoming HTTP request (nevernull)response- the HTTP response (nevernull)filterChain- the remaining filter chain (nevernull)- Throws:
jakarta.servlet.ServletException- if an internal servlet error occursIOException- if an I/O error occurs during request handling
-
isAToken
Determines whether the provided string is a valid Bearer token header. It checks if the string starts with "Bearer " and exceeds a minimal plausible length.- Parameters:
token- the rawAuthorizationheader value- Returns:
trueif the header looks like a valid Bearer token;falseotherwise
-