java source code of WebSocketAuthenticatorService

joal-master
- src
  - main
    - resources
      - public
        service-worker.js
        asset-manifest.json
        precache-manifest.a3c2c7d0a9fd8e9c7e4bd352249a9796.js
        favicon.ico
        manifest.json
        index.html
        static
        media
        roboto-latin-700.037d8304.woff2
        roboto-latin-400.bafb105b.woff
        roboto-latin-700.cf6613d1.woff
        roboto-latin-500.de8b7431.woff
        fontawesome-webfont.fee66e71.woff
        roboto-latin-900.19b7a0ad.woff2
        roboto-latin-300.a1471d1d.woff
        roboto-latin-500italic.ffcc050b.woff
        roboto-latin-900italic.7b770d6c.woff2
        fontawesome-webfont.af7ae505.woff2
        roboto-latin-100italic.6232f43d.woff2
        roboto-latin-400italic.9680d5a0.woff
        roboto-latin-900italic.bc833e72.woff
        roboto-latin-100.e9dbbe8a.woff
        roboto-latin-700italic.846d1890.woff
        roboto-latin-300.55536c8e.woff2
        roboto-latin-900.8c2ade50.woff
        roboto-latin-300italic.d69924b9.woff2
        roboto-latin-100italic.d704bb3d.woff
        roboto-latin-500italic.510dec37.woff2
        roboto-latin-500.28546717.woff2
        roboto-latin-300italic.210a7c78.woff
        roboto-latin-400italic.d8bcbe72.woff2
        roboto-latin-100.987b8457.woff2
        fontawesome-webfont.674f50d2.eot
        fontawesome-webfont.b06871f2.ttf
        roboto-latin-400.5d4aeb4e.woff2
        roboto-latin-700italic.010c1aee.woff2
        js
        runtime~main.d653cc00.js
        main.e17f1893.chunk.js.map
        runtime~main.d653cc00.js.map
        main.e17f1893.chunk.js
        css
        2.cffeb17f.chunk.css
        main.e1aa03ba.chunk.css
        2.cffeb17f.chunk.css.map
        main.e1aa03ba.chunk.css.map
      - log4j2.xml
      - application.properties
    - java
      - org
        araymond
        joal
        web
        services
        JoalMessageSendingTemplate.java
        corelistener
        WebGlobalEventListener.java
        WebAnnounceEventListener.java
        WebEventListener.java
        WebTorrentFileEventListener.java
        WebConfigEventListener.java
        WebSpeedEventListener.java
        resources
        WebSocketController.java
        messages
        incoming
        config
        ConfigIncomingMessage.java
        Base64TorrentIncomingMessage.java
        outgoing
        impl
        global
        state
        GlobalSeedStartedPayload.java
        GlobalSeedStoppedPayload.java
        speed
        SeedingSpeedHasChangedPayload.java
        files
        FailedToAddTorrentFilePayload.java
        TorrentFileDeletedPayload.java
        TorrentFileAddedPayload.java
        config
        ListOfClientFilesPayload.java
        ConfigHasBeenLoadedPayload.java
        ConfigIsInDirtyStatePayload.java
        InvalidConfigPayload.java
        announce
        TooManyAnnouncesFailedPayload.java
        WillAnnouncePayload.java
        SuccessfullyAnnouncePayload.java
        AnnouncePayload.java
        FailedToAnnouncePayload.java
        MessagePayload.java
        StompMessageTypes.java
        StompMessage.java
        config
        security
        websocket
        services
        WebSocketAuthenticatorService.java
        interceptor
        AuthChannelInterceptorAdapter.java
        WebSocketAuthorizationSecurityConfig.java
        WebSocketAuthenticationSecurityConfig.java
        WebSecurityConfig.java
        WebMvcConfiguration.java
        obfuscation
        AbortNonPrefixedRequestFilter.java
        EndpointObfuscatorConfiguration.java
        JacksonConfig.java
        BeanConfig.java
        WebSocketConfig.java
        annotations
        ConditionalOnWebUi.java
        ApplicationClosingListener.java
        ApplicationReadyListener.java
        JackOfAllTradesApplication.java
        core
        bandwith
        RandomSpeedProvider.java
        Peers.java
        BandwidthDispatcherFacade.java
        TorrentSeedStats.java
        BandwidthDispatcher.java
        weight
        PeersAwareWeightCalculator.java
        WeightHolder.java
        SpeedChangedListener.java
        Speed.java
        CoreEventListener.java
        client
        emulated
        utils
        Casing.java
        BitTorrentClientConfig.java
        BitTorrentClient.java
        BitTorrentClientProvider.java
        TorrentClientConfigIntegrityException.java
        generator
        numwant
        NumwantProvider.java
        peerid
        TorrentPersistentRefreshPeerIdGenerator.java
        TorrentVolatileRefreshPeerIdGenerator.java
        AlwaysRefreshPeerIdGenerator.java
        PeerIdGenerator.java
        generation
        RegexPatternPeerIdAlgorithm.java
        PeerIdAlgorithm.java
        RandomPoolWithChecksumPeerIdAlgorithm.java
        TimedRefreshPeerIdGenerator.java
        NeverRefreshPeerIdGenerator.java
        UrlEncoder.java
        key
        TorrentVolatileRefreshKeyGenerator.java
        NeverRefreshKeyGenerator.java
        AlwaysRefreshKeyGenerator.java
        TorrentPersistentRefreshKeyGenerator.java
        KeyGenerator.java
        TimedOrAfterStartedAnnounceRefreshKeyGenerator.java
        TimedRefreshKeyGenerator.java
        algorithm
        KeyAlgorithm.java
        HashKeyAlgorithm.java
        RegexPatternKeyAlgorithm.java
        HashNoLeadingZeroKeyAlgorithm.java
        DigitRangeTransformedToHexWithoutLeadingZeroAlgorithm.java
        ttorrent
        client
        Client.java
        DelayQueue.java
        ClientFacade.java
        ConnectionHandler.java
        ClientBuilder.java
        announcer
        response
        AnnounceResponseCallback.java
        AnnounceEventPublisher.java
        BandwidthDispatcherNotifier.java
        AnnounceResponseHandlerChain.java
        ClientNotifier.java
        AnnounceResponseHandlerChainElement.java
        AnnounceReEnqueuer.java
        request
        AnnouncerExecutor.java
        SuccessAnnounceResponse.java
        AnnounceRequest.java
        AnnounceDataAccessor.java
        tracker
        NoMoreUriAvailableException.java
        TrackerResponseHandler.java
        TrackerClient.java
        TrackerClientUriProvider.java
        Announcer.java
        exceptions
        TooMuchAnnouncesFailedInARawException.java
        AnnouncerFacade.java
        AnnouncerFactory.java
        config
        AppConfiguration.java
        JoalConfigProvider.java
        AppConfigurationIntegrityException.java
        exception
        UnrecognizedClientPlaceholder.java
        NoMoreTorrentsFileAvailableException.java
        SeedManager.java
        torrent
        torrent
        InfoHash.java
        MockedTorrent.java
        watcher
        TorrentFileChangeAware.java
        TorrentFileProvider.java
        TorrentFileWatcher.java
        events
        global
        state
        GlobalSeedStoppedEvent.java
        GlobalSeedStartedEvent.java
        speed
        SeedingSpeedsHasChangedEvent.java
        config
        ListOfClientFilesEvent.java
        ConfigHasBeenLoadedEvent.java
        ConfigurationIsInDirtyStateEvent.java
        torrent
        files
        TorrentFileAddedEvent.java
        FailedToAddTorrentFileEvent.java
        TorrentFileDeletedEvent.java
        announce
        TooManyAnnouncesFailedEvent.java
        SuccessfullyAnnounceEvent.java
        WillAnnounceEvent.java
        FailedToAnnounceEvent.java
        conf
        SpringConf.java
  - test
    - resources
      - configtest
        config.json
        clients
        azureus-5.7.5.0.client
      - log4j2.xml
      - torrent-store
        Audio_20160422_archive.torrent
        ubuntu-17.04-desktop-amd64.iso.torrent
        Ninja_Heat_160.avi.torrent
      - rewritable-config
        .gitkeep
    - java
      - org
        araymond
        joal
        web
        services
        JoalMessageSendingTemplateTest.java
        resources
        WebSocketControllerTest.java
        config
        security
        WebSocketAuthorizationSecurityConfigTest.java
        websocket
        services
        WebSocketAuthenticatorServiceTest.java
        interceptor
        AuthChannelInterceptorAdapterWebAppTest.java
        WebSocketAuthenticationSecurityConfigTest.java
        WebSecurityConfigWebAppTest.java
        EndpointObfuscatorConfigurationWebAppTest.java
        obfuscation
        AbortNonPrefixedRequestFilterTest.java
        WebSocketConfigWebAppTest.java
        JacksonConfigWebAppTest.java
        springtestconf
        MockedSeedManagerBean.java
        StaticClientFilesTester.java
        core
        bandwith
        BandwidthDispatcherTest.java
        weight
        PeersAwareWeightCalculatorTest.java
        WeightHolderTest.java
        RandomSpeedProviderTest.java
        TorrentSeedStatsTest.java
        utils
        MockedInjections.java
        TorrentFileCreator.java
        CoreEventListenerTest.java
        client
        emulated
        BitTorrentClientConfigSerializationTest.java
        HttpHeaderTest.java
        BitTorrentClientConfigTest.java
        BitTorrentClientTest.java
        HttpHeaderSerializationTest.java
        generator
        UrlEncoderTest.java
        numwant
        NumwantProviderTest.java
        peerid
        TimedRefreshPeerIdGeneratorTest.java
        TorrentPersistentRefreshPeerIdGeneratorTest.java
        TorrentVolatileRefreshPeerIdGeneratorTest.java
        AlwaysRefreshPeerIdGeneratorTest.java
        generation
        RegexPatternPeerIdAlgorithmTest.java
        RandomPoolWithChecksumPeerIdAlgorithmTest.java
        NeverRefreshKeyGeneratorTest.java
        PeerIdGeneratorTest.java
        PeerIdGeneratorSerializationTest.java
        UrlEncoderSerializationTest.java
        key
        TimedOrAfterStartedAnnounceRefreshKeyGeneratorTest.java
        KeyGeneratorSerializationTest.java
        TorrentVolatileRefreshKeyGeneratorTest.java
        KeyGeneratorTest.java
        AlwaysRefreshKeyGeneratorTest.java
        TimedRefreshKeyGeneratorTest.java
        NeverRefreshKeyGeneratorTest.java
        TorrentPersistentRefreshKeyGeneratorTest.java
        algorithm
        DigitRangeTransformedToHexWithoutLeadingZeroAlgorithmTest.java
        HashNoLeadingZeroKeyAlgorithmTest.java
        HashKeyAlgorithmTest.java
        RegexPatternKeyAlgorithmTest.java
        BitTorrentClientProviderTest.java
        ttorrent
        client
        utils
        DelayQueueTest.java
        ClientTest.java
        ConnectionHandlerTest.java
        announcer
        AnnouncerTest.java
        response
        ClientNotifierTest.java
        BandwidthDispatcherNotifierTest.java
        AnnounceEventPublisherTest.java
        AnnounceResponseHandlerChainTest.java
        AnnounceReEnqueuerTest.java
        AnnouncerFactoryTest.java
        request
        AnnouncerExecutorTest.java
        SuccessAnnounceResponseTest.java
        AnnounceDataAccessorTest.java
        AnnounceRequestTest.java
        tracker
        TrackerClientUriProviderTest.java
        TrackerClientTest.java
        exceptions
        TooMuchAnnouncesFailedInARawExceptionTest.java
        config
        AppConfigurationTest.java
        AppConfigurationSerializationTest.java
        JoalConfigProviderTest.java
        torrent
        torrent
        MockedTorrentTest.java
        InfoHashTest.java
        watcher
        TorrentFileWatcherTest.java
        TorrentFileProviderTest.java
        events
        global
        state
        GlobalSeedStoppedEventTest.java
        GlobalSeedStartedEventTest.java
        speed
        SeedingSpeedsHasChangedEventTest.java
        config
        ConfigurationIsInDirtyStateEventTest.java
        ListOfClientFilesEventTest.java
        torrent
        files
        TorrentFileDeletedEventTest.java
        FailedToAddTorrentFileEventTest.java
        TorrentFileAddedEventTest.java
        TestConstant.java
        conf
        SpringConfTest.java
- publish.sh
- resources
  - config.json
  - torrents
    - archived
      - .gitkeep
    - .gitkeep
  - clients
    - transmission-2.94.client
    - utorrent-3.5.0_44294.client
    - utorrent-3.5.3_44358.client
    - qbittorrent-4.2.1.client
    - qbittorrent-4.1.8.client
    - transmission-2.93.client
    - qbittorrent-4.1.3.client
    - qbittorrent-4.1.9.client
    - qbittorrent-4.2.0.client
    - qbittorrent-3.3.1.client
    - vuze-5.7.5.0.client
    - bittorrent-7.10.3_44429.client
    - qbittorrent-4.0.4.client
    - deluge-1.3.15.client
    - qbittorrent-4.1.5.client
    - utorrent-3.5.3_44428.client
    - deluge-1.3.14.client
    - bittorrent-7.10.1_43917.client
    - qbittorrent-4.1.7.client
    - qbittorrent-4.1.1.client
    - utorrent-3.5.4_44498.client
    - qbittorrent-4.2.4.client
    - qbittorrent-4.0.2.client
    - rtorrent-0.9.6_0.13.6.client
    - bittorrent-7.10.3_44359.client
    - qbittorrent-4.1.4.client
    - qbittorrent-3.3.14.client
    - utorrent-3.2.2_28500.client
    - transmission-2.82_14160.client
    - qbittorrent-3.3.15.client
    - qbittorrent-3.3.7.client
    - utorrent-3.5.1_44332.client
    - qbittorrent-4.0.3.client
    - qbittorrent-4.2.2.client
    - qbittorrent-4.0.1.client
    - transmission-2.92_14714.client
    - qbittorrent-4.1.0.client
    - qbittorrent-4.1.6.client
    - deluge-1.3.13.client
    - utorrent-3.5.0_43916.client
    - qbittorrent-3.3.16.client
    - qbittorrent-4.2.5.client
    - leap-2.6.0.1.client
    - qbittorrent-4.2.3.client
    - qbittorrent-4.0.0.client
    - utorrent-3.5.0_44090.client
    - qbittorrent-3.3.13.client
    - qbittorrent-4.1.2.client
- pom.xml
- LICENSE
- travis
  - docker_deploy.sh
- readme-assets
  - jetbrains.svg
  - credits.md
  - browsers
- THANKS.md
- .mvn
  - wrapper
    - maven-wrapper.properties
- .travis.yml
- README.md
- scripts
  - bittorrent-client-update-detector
    - qBittorrent.sh
    - transmission.sh
    - libtorrent_funcs.sh
- Dockerfile
- .gitignore
- .dockerignore

package org.araymond.joal.web.config.security.websocket.services;

import org.apache.commons.lang3.StringUtils;
import org.araymond.joal.web.annotations.ConditionalOnWebUi;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;

import java.util.Collections;

/**
 * Created by raymo on 30/07/2017.
 */
@ConditionalOnWebUi
@Component
public class WebSocketAuthenticatorService {
    private final String appSecretToken;

    public WebSocketAuthenticatorService(@Value("${joal.ui.secret-token}") final String appSecretToken) {
        this.appSecretToken = appSecretToken;
    }

    // This method must return a UsernamePasswordAuthenticationToken, another component in the security chain is testing it with 'instanceof'
    @SuppressWarnings("TypeMayBeWeakened")
    public UsernamePasswordAuthenticationToken getAuthenticatedOrFail(final CharSequence username, final CharSequence authToken) throws AuthenticationException {
        if (StringUtils.isBlank(username)) {
            throw new AuthenticationCredentialsNotFoundException("Username was null or empty.");
        }
        if (StringUtils.isBlank(authToken)) {
            throw new AuthenticationCredentialsNotFoundException("Authentication token was null or empty.");
        }
        if (!appSecretToken.contentEquals(authToken)) {
            throw new BadCredentialsException("Authentication token does not match the expected token");
        }

        // Everything is fine, return an authenticated Authentication. (the constructor with grantedAuthorities auto set authenticated = true)
        // null credentials, we do not pass the password along to prevent security flaw
        return new UsernamePasswordAuthenticationToken(
                username,
                null,
                Collections.singleton((GrantedAuthority) () -> "USER")
        );
    }

}