From 24c35d610df95169a09ba844bab9625bff32ac49 Mon Sep 17 00:00:00 2001 From: Dario Ghunney Ware Date: Wed, 6 Aug 2025 12:07:38 +0100 Subject: [PATCH] corrected api key logic --- .../proprietary/security/filter/JwtAuthenticationFilter.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java index f2061dc9c..faf50832f 100644 --- a/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java +++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/filter/JwtAuthenticationFilter.java @@ -122,6 +122,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { if (apiKey != null && !apiKey.isBlank()) { try { Optional user = userService.getUserByApiKey(apiKey); + if (user.isEmpty()) { handleAuthenticationFailure( request, @@ -129,10 +130,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { new AuthenticationFailureException("Invalid API Key")); return false; } + authentication = new ApiKeyAuthenticationToken( user.get(), apiKey, user.get().getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication); + return true; } catch (AuthenticationException e) { handleAuthenticationFailure( request, @@ -141,6 +144,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { return false; } } + return false; }