Skip to content

Commit cfa51f4

Browse files
SanderKondratjevNortalSanderKondratjevNortal
committed
NFC-66 Readme update
Signed-off-by: Sander Kondratjev <[email protected]>
1 parent b0f90da commit cfa51f4

File tree

1 file changed

+22
-39
lines changed

1 file changed

+22
-39
lines changed

README.md

Lines changed: 22 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -178,57 +178,40 @@ Similarly, the `WebEidMobileAuthInitFilter` handles `/auth/mobile/init` requests
178178
See the full implementation [here](example/src/main/java/eu/webeid/example/security/WebEidMobileAuthInitFilter.java).
179179

180180
```java
181-
public final class WebEidMobileAuthInitFilter extends OncePerRequestFilter {
182-
private static final ObjectWriter OBJECT_WRITER = new ObjectMapper().writer();
183-
private final RequestMatcher requestMatcher;
184-
private final ChallengeNonceGenerator nonceGenerator;
185-
private final String loginPath;
186-
187-
public WebEidMobileAuthInitFilter(String path, String loginPath, ChallengeNonceGenerator nonceGenerator) {
188-
this.requestMatcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.POST, path);
189-
this.nonceGenerator = nonceGenerator;
190-
this.loginPath = loginPath;
181+
@Override
182+
protected void doFilterInternal(@NonNull HttpServletRequest request,
183+
@NonNull HttpServletResponse response,
184+
@NonNull FilterChain chain) throws IOException, ServletException {
185+
if (!requestMatcher.matches(request)) {
186+
chain.doFilter(request, response);
187+
return;
191188
}
192189

193-
@Override
194-
protected void doFilterInternal(
195-
@NonNull HttpServletRequest request,
196-
@NonNull HttpServletResponse response,
197-
@NonNull FilterChain chain
198-
) throws IOException, ServletException {
199-
if (!requestMatcher.matches(request)) {
200-
chain.doFilter(request, response);
201-
return;
202-
}
190+
var challenge = nonceGenerator.generateAndStoreNonce();
203191

204-
var challenge = nonceGenerator.generateAndStoreNonce();
192+
String loginUri = ServletUriComponentsBuilder.fromCurrentContextPath()
193+
.path(mobileLoginPath).build().toUriString();
205194

206-
String loginUri = ServletUriComponentsBuilder.fromCurrentContextPath()
207-
.path(loginPath).build().toUriString();
208-
209-
String payloadJson = OBJECT_WRITER.writeValueAsString(
210-
new AuthPayload(challenge.getBase64EncodedNonce(), loginUri)
211-
);
212-
String encoded = Base64.getEncoder().encodeToString(payloadJson.getBytes(StandardCharsets.UTF_8));
213-
String eidAuthUri = "web-eid-mobile://auth#" + encoded;
214-
215-
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
216-
OBJECT_WRITER.writeValue(response.getWriter(), new AuthUri(eidAuthUri));
217-
}
195+
String payloadJson = OBJECT_WRITER.writeValueAsString(
196+
new AuthPayload(challenge.getBase64EncodedNonce(), loginUri,
197+
webEidMobileProperties.requestSigningCert() ? Boolean.TRUE : null)
198+
);
199+
String encoded = Base64.getEncoder().encodeToString(payloadJson.getBytes(StandardCharsets.UTF_8));
200+
String authUri = getAuthUri(encoded);
218201

219-
record AuthPayload(String challenge, @JsonProperty("login_uri") String loginUri) {}
220-
record AuthUri(@JsonProperty("auth_uri") String authUri) {}
202+
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
203+
OBJECT_WRITER.writeValue(response.getWriter(), new AuthUri(authUri));
221204
}
222205
```
223206

224207
Both filters are registered in the Spring Security filter chain in ApplicationConfiguration
225208
See the full implementation [here](example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java):
226209
```java
227210
http
228-
.addFilterBefore(new WebEidMobileAuthInitFilter("/auth/mobile/init", "/auth/mobile/login", challengeNonceGenerator),
229-
UsernamePasswordAuthenticationFilter.class)
230-
.addFilterBefore(new WebEidChallengeNonceFilter("/auth/challenge", challengeNonceGenerator),
231-
UsernamePasswordAuthenticationFilter.class);
211+
.addFilterBefore(new WebEidMobileAuthInitFilter("/auth/mobile/init", "/auth/mobile/login", challengeNonceGenerator, webEidMobileProperties),
212+
UsernamePasswordAuthenticationFilter.class)
213+
.addFilterBefore(new WebEidChallengeNonceFilter("/auth/challenge", challengeNonceGenerator),
214+
UsernamePasswordAuthenticationFilter.class)
232215
```
233216

234217
Also, see general guidelines for implementing secure authentication services [here](https://github.com/SK-EID/smart-id-documentation/wiki/Secure-Implementation-Guide).

0 commit comments

Comments
 (0)