From dd1c2d73a4ca3f3b070b2c7acc9cbbc68c70bd12 Mon Sep 17 00:00:00 2001 From: Miguel Figueira Date: Mon, 31 May 2021 12:10:58 +0100 Subject: [PATCH] Add init-param to exclude urls from the filter. --- README.md | 8 ++++++-- ...rocessEngineAuthenticationFilterJwt.groovy | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0fa2e25..a4e741f 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,14 @@ This provider is added into the Camunda's engine-rest application which is the R A Servlet Filter is added into the engine-rest app which will process requests in the JWT Authentication provider. -Two initialization parameters of the filter are provided for easy customization: +The following initialization parameters are provided for easy customization of the filter: 1. `jwt-secret-path` : The file path to a file containing the JWT secret used to decode/validate the JWT. The value can be null if you get your secret from a different source. -1. `jwt-validator` : The fully qualified class name of the class that will validate the JWT. +2. `jwt-validator` : The fully qualified class name of the class that will validate the JWT. +3. `excluded-urls` (optional) : Comma-separated list of paths to be excluded from the filter. + + - If `/path` is excluded, all paths under `/path` will also be excluded. + - If `/path/` (with trailing slash) is listed, only the paths under it are excluded. It is expected that the JWT is using the standard `Authorization` header with the format `Bearer theJwtTokenHere` diff --git a/src/main/groovy/io/digitalstate/camunda/authentication/jwt/ProcessEngineAuthenticationFilterJwt.groovy b/src/main/groovy/io/digitalstate/camunda/authentication/jwt/ProcessEngineAuthenticationFilterJwt.groovy index 675977d..66023fb 100644 --- a/src/main/groovy/io/digitalstate/camunda/authentication/jwt/ProcessEngineAuthenticationFilterJwt.groovy +++ b/src/main/groovy/io/digitalstate/camunda/authentication/jwt/ProcessEngineAuthenticationFilterJwt.groovy @@ -52,9 +52,11 @@ public class ProcessEngineAuthenticationFilterJwt implements Filter { public static final String AUTHENTICATION_PROVIDER_PARAM = "authentication-provider"; public static final String JWT_SECRET_PATH_PARAM = "jwt-secret-path"; public static final String JWT_VALIDATOR_PARAM = "jwt-validator"; + public static final String EXCLUDED_URLS_PARAM = "excluded-urls"; private static String jwtSecretPath private static String jwtValidator private static Class jwtValidatorClass + private static List excludedUrls protected AuthenticationProviderJwt authenticationProvider; @@ -71,6 +73,13 @@ public class ProcessEngineAuthenticationFilterJwt implements Filter { jwtValidator = filterConfig.getInitParameter(JWT_VALIDATOR_PARAM) } + if (!excludedUrls){ + String excludedList = filterConfig.getInitParameter(EXCLUDED_URLS_PARAM); + if (excludedList != null) { + excludedUrls = Arrays.asList(excludedList.split(",")) + } + } + if (authenticationProviderClassName == null) { throw new ServletException("Cannot instantiate authentication filter: no authentication provider set. init-param " + AUTHENTICATION_PROVIDER_PARAM + " missing"); } @@ -106,6 +115,16 @@ public class ProcessEngineAuthenticationFilterJwt implements Filter { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse resp = (HttpServletResponse) response; + String path = req.getRequestURI().substring(req.getContextPath().length()); + + if (excludedUrls != null) { + for (excludedPath in excludedUrls) { + if (path.startsWith(excludedPath)) { + chain.doFilter(request, response); + return; + } + } + } ProcessEngine engine = BpmPlatform.getDefaultProcessEngine();