From 81fc3d5a80d10569150541288e63862eccf2b6e9 Mon Sep 17 00:00:00 2001
From: Art <d.art.shishkin@gmail.com>
Date: Sun, 5 Sep 2021 13:00:53 +0300
Subject: [PATCH] 30. JWT Authorization Filter - Part 2 (#2)

---
 .../backend/filter/JwtAuthorizationFilter.java      | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAuthorizationFilter.java b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAuthorizationFilter.java
index 350ab61..85b81a4 100644
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAuthorizationFilter.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/filter/JwtAuthorizationFilter.java
@@ -5,6 +5,8 @@ import net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConst
 import net.shyshkin.study.fullstack.supportportal.backend.utility.JwtTokenProvider;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
@@ -13,6 +15,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 
+@Component
 @RequiredArgsConstructor
 public class JwtAuthorizationFilter extends OncePerRequestFilter {
 
@@ -23,7 +26,15 @@ public class JwtAuthorizationFilter extends OncePerRequestFilter {
         if (!request.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.name())) {
             String authHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
             if (authHeader != null && authHeader.startsWith(SecurityConstants.TOKEN_PREFIX)) {
-
+                String token = authHeader.replace(SecurityConstants.TOKEN_PREFIX, "").trim();
+                String username = jwtTokenProvider.getSubject(token);
+                if (jwtTokenProvider.isTokenValid(username, token)) {
+                    var authorities = jwtTokenProvider.getAuthorities(token);
+                    var authentication = jwtTokenProvider.getAuthentication(username, authorities, request);
+                    SecurityContextHolder.getContext().setAuthentication(authentication);
+                } else {
+                    SecurityContextHolder.clearContext();
+                }
             }
         }
         filterChain.doFilter(request, response);