• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• multitenancy-master
  • src
    • main
      • resources
        • application.yml
        • templates
          • user
            • index.html
          • index.html
          • login.html
        • static
          • css
            • main.css
      • java
        • com
          • example
            • security
              • CustomUserDetailsService.java
              • CustomAuthenticationFilter.java
              • CustomUserDetailsAuthenticationProvider.java
              • CustomUserDetailsServiceImpl.java
              • CustomSecurityConfig.java
              • CustomAuthenticationToken.java
            • MultitenancyMySqlApplication.java
            • web
              • LoginController.java
            • util
              • TenantContextHolder.java
            • service
              • UserService.java
              • RoleServiceImpl.java
              • RoleService.java
              • UserServiceImpl.java
            • multitenancy
              • MultiTenancyJpaConfiguration.java
              • DataSourceBasedMultiTenantConnectionProviderImpl.java
              • CurrentTenantIdentifierResolverImpl.java
              • MultitenancyProperties.java
            • model
              • Employee.java
              • Role.java
              • User.java
              • CustomUserDetails.java
            • repository
              • RoleRepository.java
              • UserRepository.java
    • test
      • java
        • com
          • example
            • MultitenancyMySqlApplicationTests.java
  • pom.xml
  • LICENSE
  • README.md
  • .gitignore

/**
 * Copyright 2018 onwards - Sunit Katkar ([email protected])
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.example.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.example.util.TenantContextHolder;

/**
 * This is the filter which is called first when the user submits the login
 * form. This filter extracts the username, password, and tenant fields from the
 * request. These values are used to create an instance of
 * {@link CustomAuthenticationToken} which is passed to the
 * {@link AuthenticationProvider} for authentication:
 * 
 * @author Sunit Katkar
 * @version 1.0
 * @since 1.0 (April 2018)
 *
 */
public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    public static final String SPRING_SECURITY_FORM_TENANT_NAME_KEY = "tenant";

    /*
     * (non-Javadoc)
     * 
     * @see org.springframework.security.web.authentication.
     * UsernamePasswordAuthenticationFilter#attemptAuthentication(javax.servlet.http
     * .HttpServletRequest, javax.servlet.http.HttpServletResponse)
     */
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {
        if (!request.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
        }

        CustomAuthenticationToken authRequest = getAuthRequest(request);

        // put in tenant context threadlocal
        String tenant = authRequest.getTenant();
        TenantContextHolder.setTenantId(tenant);

        setDetails(request, authRequest);

        return this.getAuthenticationManager().authenticate(authRequest);
    }

    /**
     * @param request
     * @return
     */
    private CustomAuthenticationToken getAuthRequest(HttpServletRequest request) {
        String username = obtainUsername(request);
        String password = obtainPassword(request);
        String tenant = obtainTenant(request);

        if (username == null) {
            username = "";
        }
        if (password == null) {
            password = "";
        }
        if (tenant == null) {
            tenant = "";
        }

        return new CustomAuthenticationToken(username, password, tenant);
    }

    /**
     * @param request
     * @return
     */
    private String obtainTenant(HttpServletRequest request) {
        return request.getParameter(SPRING_SECURITY_FORM_TENANT_NAME_KEY);
    }

}