DevAuthenticationFilter.java

package fr.avenirsesr.portfolio.security.infrastructure.filter;

import fr.avenirsesr.portfolio.security.infrastructure.model.HmacAuthenticationToken;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.UUID;
import lombok.NonNull;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

@Slf4j
public class DevAuthenticationFilter extends OncePerRequestFilter {

  public DevAuthenticationFilter() {}

  @Override
  protected boolean shouldNotFilter(@NonNull HttpServletRequest request) {
    return false;
  }

  @Override
  protected void doFilterInternal(
      @NonNull HttpServletRequest request,
      @NonNull HttpServletResponse response,
      @NonNull FilterChain filterChain)
      throws ServletException, IOException {
    String devUser = request.getHeader("user-id");
    if (devUser != null && !devUser.isBlank()) {
      Authentication auth = new HmacAuthenticationToken(UUID.fromString(devUser));
      SecurityContextHolder.getContext().setAuthentication(auth);
      log.debug("Dev authentication enabled for user: {}", devUser);
    }
    filterChain.doFilter(request, response);
  }
}