Package vaultWeb.security

Class JwtAuthFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.web.filter.OncePerRequestFilter

vaultWeb.security.JwtAuthFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

@Component
public class JwtAuthFilter
extends org.springframework.web.filter.OncePerRequestFilter

JWT authentication filter that intercepts incoming HTTP requests and validates JWT tokens.

This filter extracts the JWT token from the "Authorization" header (Bearer scheme), validates it using JwtUtil, and sets the authenticated user in the Spring Security context. Requests to "/api/auth/**" are excluded from authentication.

This filter extends OncePerRequestFilter, ensuring it is executed once per request.

Field Summary

Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
JwtAuthFilter()

Method Summary

Modifier and Type	Method	Description
protected void	doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)	Filters each HTTP request, performing JWT validation and setting authentication in the security context.

Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JwtAuthFilter

public JwtAuthFilter()

Method Details

doFilterInternal

protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 jakarta.servlet.FilterChain filterChain)
                         throws jakarta.servlet.ServletException,
IOException

Filters each HTTP request, performing JWT validation and setting authentication in the security context.

Steps:

1. Skip requests starting with "/api/auth/".
2. Extract JWT from the "Authorization" header if it starts with "Bearer ".
3. Validate the token and extract the username.
4. Load user details and set authentication in the SecurityContextHolder.

If the token is invalid or expired, a 401 Unauthorized response is returned.

Specified by:

doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter

Parameters:

request - the incoming HTTP request

response - the HTTP response

filterChain - the filter chain

Throws:

jakarta.servlet.ServletException - if a servlet error occurs

IOException - if an I/O error occurs