From 67d1b9e2a8d3d9890f625f5941e81cff41d9cdb0 Mon Sep 17 00:00:00 2001 From: Le Zhou Date: Mon, 9 Jun 2025 11:48:11 +0800 Subject: [PATCH] add auth type --- .../center/interceptor/BaseInterceptor.java | 18 ++++++++++++++++++ .../center/service/AuthTokenService.java | 12 ++++++++++++ 2 files changed, 30 insertions(+) diff --git a/center/src/main/java/com/microsoft/hydralab/center/interceptor/BaseInterceptor.java b/center/src/main/java/com/microsoft/hydralab/center/interceptor/BaseInterceptor.java index 47b14f45f..884ca1525 100644 --- a/center/src/main/java/com/microsoft/hydralab/center/interceptor/BaseInterceptor.java +++ b/center/src/main/java/com/microsoft/hydralab/center/interceptor/BaseInterceptor.java @@ -71,8 +71,26 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons if (authToken != null) { authToken = authToken.replaceAll("Bearer ", ""); } + + // For Azure AD authentication + String accessToken = request.getHeader("X-MS-TOKEN-AAD-ACCESS-TOKEN"); + + LOGGER.info("IdToken: " + request.getHeader("X-MS-TOKEN-AAD-ID-TOKEN")); + LOGGER.info("AccessToken: " + request.getHeader("X-MS-TOKEN-AAD-ACCESS-TOKEN")); + LOGGER.info("UserId: " + request.getHeader("X-MS-CLIENT-PRINCIPAL-ID")); + LOGGER.info("UserName: " + request.getHeader("X-MS-CLIENT-PRINCIPAL-NAME")); + //check is ignore if (!authUtil.isIgnore(requestURI)) { + //invoked by API client + if (!StringUtils.isEmpty(accessToken)) { + if (authTokenService.checkAADToken(accessToken)) { + return true; + } else { + response.sendError(HttpStatus.UNAUTHORIZED.value(), "unauthorized, error authorization code"); + } + } + //invoke by client if (!StringUtils.isEmpty(authToken)) { if (authTokenService.checkAuthToken(authToken)) { diff --git a/center/src/main/java/com/microsoft/hydralab/center/service/AuthTokenService.java b/center/src/main/java/com/microsoft/hydralab/center/service/AuthTokenService.java index 9ef61e18d..6d37b4508 100644 --- a/center/src/main/java/com/microsoft/hydralab/center/service/AuthTokenService.java +++ b/center/src/main/java/com/microsoft/hydralab/center/service/AuthTokenService.java @@ -4,6 +4,7 @@ package com.microsoft.hydralab.center.service; import com.microsoft.hydralab.center.repository.AuthTokenRepository; +import com.microsoft.hydralab.center.util.AuthUtil; import com.microsoft.hydralab.common.entity.center.AuthToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -17,6 +18,8 @@ @Service public class AuthTokenService { + @Resource + AuthUtil authUtil; @Resource AuthTokenRepository authTokenRepository; @Resource @@ -64,6 +67,15 @@ public boolean checkAuthToken(String authToken) { } } + public boolean checkAADToken(String aadToken) { + Authentication authObj = securityUserService.loadUserAuthentication(authUtil.getLoginUserName(aadToken), aadToken); + if (authObj == null) { + return false; + } + SecurityContextHolder.getContext().setAuthentication(authObj); + return true; + } + public void loadDefaultUser(HttpSession session) { securityUserService.addDefaultUserSession(session); }