NFC-47 Pass mobile login path via constructor. Delete MobileAuthInitResponse.java. Remove unnecessary /error permitAll. Rename JSON constant to OBJECT_WRITER and other strings to constant. Inline ChallengeDTO.

Author: SanderKondratjevNortal

example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java

@@ -28,7 +28,6 @@
 import eu.webeid.example.security.WebEidMobileAuthInitFilter;
 import eu.webeid.example.security.ui.WebEidLoginPageGeneratingFilter;
 import eu.webeid.security.challenge.ChallengeNonceGenerator;
-import eu.webeid.security.challenge.ChallengeNonceStore;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
@@ -53,12 +52,12 @@ public SecurityFilterChain filterChain(
         return http
             .authorizeHttpRequests(auth -> auth
                 .requestMatchers("/css/**", "/files/**", "/img/**", "/js/**", "/scripts/**").permitAll()
-                .requestMatchers("/", "/error").permitAll()
+                .requestMatchers("/").permitAll()
                 .requestMatchers("/welcome").hasRole("USER")
                 .anyRequest().authenticated()
             )
             .authenticationProvider(authTokenDTOAuthenticationProvider)
-            .addFilterBefore(new WebEidMobileAuthInitFilter("/auth/mobile/auth/init", challengeNonceGenerator), UsernamePasswordAuthenticationFilter.class)
+            .addFilterBefore(new WebEidMobileAuthInitFilter("/auth/mobile/init", "/auth/mobile/login", challengeNonceGenerator), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(new WebEidChallengeNonceFilter("/auth/challenge", challengeNonceGenerator), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(new WebEidLoginPageGeneratingFilter("/auth/mobile/login"), UsernamePasswordAuthenticationFilter.class)
             .addFilterBefore(new WebEidAjaxLoginProcessingFilter("/auth/login", authConfig.getAuthenticationManager()), UsernamePasswordAuthenticationFilter.class)

example/src/main/java/eu/webeid/example/security/WebEidAjaxLoginProcessingFilter.java

@@ -33,7 +33,9 @@
 import jakarta.servlet.http.HttpServletResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -68,8 +70,8 @@ public WebEidAjaxLoginProcessingFilter(
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
         throws AuthenticationException, IOException {
-        final String contentType = request.getHeader("Content-type");
-        if (contentType == null || !contentType.startsWith("application/json")) {
+        final String contentType = request.getHeader(HttpHeaders.CONTENT_TYPE);
+        if (contentType == null || !contentType.startsWith(MediaType.APPLICATION_JSON_VALUE)) {
             LOG.warn("Content type not supported: {}", contentType);
             throw new AuthenticationServiceException("Content type not supported: " + contentType);
         }

example/src/main/java/eu/webeid/example/security/WebEidChallengeNonceFilter.java

@@ -1,16 +1,36 @@
-
+/*
+ * Copyright (c) 2020-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
 
 package eu.webeid.example.security;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ObjectWriter;
-import eu.webeid.example.service.dto.ChallengeDTO;
 import eu.webeid.security.challenge.ChallengeNonceGenerator;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
 import org.springframework.lang.NonNull;
 import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -19,9 +39,8 @@
 import java.io.IOException;
 
 public final class WebEidChallengeNonceFilter extends OncePerRequestFilter {
-    private static final ObjectWriter JSON = new ObjectMapper().writer();
+    private static final ObjectWriter OBJECT_WRITER = new ObjectMapper().writer();
     private final RequestMatcher requestMatcher;
-
     private final ChallengeNonceGenerator nonceGenerator;
 
     public WebEidChallengeNonceFilter(String path, ChallengeNonceGenerator nonceGenerator) {
@@ -38,10 +57,11 @@ protected void doFilterInternal(@NonNull HttpServletRequest request,
             return;
         }
 
-        var dto = new ChallengeDTO();
-        dto.setNonce(nonceGenerator.generateAndStoreNonce().getBase64EncodedNonce());
+        var dto = new ChallengeDTO(nonceGenerator.generateAndStoreNonce().getBase64EncodedNonce());
 
-        response.setContentType("application/json");
-        JSON.writeValue(response.getWriter(), dto);
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        OBJECT_WRITER.writeValue(response.getWriter(), dto);
     }
+
+    public record ChallengeDTO(String nonce) {}
 }

example/src/main/java/eu/webeid/example/security/WebEidMobileAuthInitFilter.java

@@ -29,6 +29,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
 import org.springframework.lang.NonNull;
 import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -43,12 +44,13 @@
 public final class WebEidMobileAuthInitFilter extends OncePerRequestFilter {
     private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
     private final RequestMatcher requestMatcher;
-
     private final ChallengeNonceGenerator nonceGenerator;
+    private final String loginPath;
 
-    public WebEidMobileAuthInitFilter(String path, ChallengeNonceGenerator nonceGenerator) {
+    public WebEidMobileAuthInitFilter(String path, String loginPath, ChallengeNonceGenerator nonceGenerator) {
         this.requestMatcher = PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.POST, path);
         this.nonceGenerator = nonceGenerator;
+        this.loginPath = loginPath;
     }
 
     @Override
@@ -63,7 +65,7 @@ protected void doFilterInternal(@NonNull HttpServletRequest request,
         var challenge = nonceGenerator.generateAndStoreNonce();
 
         String loginUri = ServletUriComponentsBuilder.fromCurrentContextPath()
-            .path("/auth/eid/login").build().toUriString();
+            .path(loginPath).build().toUriString();
 
         String payloadJson = OBJECT_MAPPER.writeValueAsString(Map.of(
             "challenge", challenge.getBase64EncodedNonce(),
@@ -72,7 +74,7 @@ protected void doFilterInternal(@NonNull HttpServletRequest request,
         String encoded = Base64.getEncoder().encodeToString(payloadJson.getBytes(StandardCharsets.UTF_8));
         String eidAuthUri = "web-eid-mobile://auth#" + encoded;
 
-        response.setContentType("application/json");
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
         OBJECT_MAPPER.writeValue(response.getWriter(), Map.of("auth_uri", eidAuthUri));
     }
 }

example/src/main/java/eu/webeid/example/security/ajax/AjaxAuthenticationSuccessHandler.java

@@ -30,6 +30,8 @@
 import jakarta.servlet.http.HttpServletResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
@@ -56,7 +58,7 @@ public void onAuthenticationSuccess(
         LOG.info("onAuthenticationSuccess(): {}", authentication);
 
         response.setStatus(HttpServletResponse.SC_OK);
-        response.setHeader("Content-Type", "application/json; charset=utf-8");
+        response.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE + ";charset=UTF-8");
 
         response.getWriter().write(AuthSuccessDTO.asJson(authentication));
     }

example/src/main/java/eu/webeid/example/security/ui/WebEidLoginPageGeneratingFilter.java

@@ -27,6 +27,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
 import org.springframework.lang.NonNull;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
@@ -106,7 +107,7 @@ protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull Ht
             csrf != null ? csrf.getHeaderName() : "X-CSRF-TOKEN"
         );
 
-        response.setContentType("text/html;charset=UTF-8");
+        response.setContentType(MediaType.TEXT_HTML_VALUE + ";charset=UTF-8");
         response.getWriter().write(html);
     }
 

example/src/main/java/eu/webeid/example/service/dto/ChallengeDTO.java

@@ -265,7 +265,7 @@ <h3><a id="for-developers"></a>For developers</h3>
 
         try {
             if (isMobileDevice()) {
-                const resp = await fetch("/auth/mobile/auth/init", {
+                const resp = await fetch("/auth/mobile/init", {
                     method: "POST",
                     headers: {
                         "Content-Type": "application/json",

example/src/main/java/eu/webeid/example/service/dto/MobileAuthInitResponse.java

@@ -26,7 +26,9 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
 import org.springframework.security.authentication.AuthenticationManager;
 
 import java.io.BufferedReader;
@@ -51,7 +53,7 @@ void testAttemptAuthentication() throws Exception {
         final HttpServletRequest request = mock(HttpServletRequest.class);
         final HttpServletResponse response = mock(HttpServletResponse.class);
         when(request.getMethod()).thenReturn(HttpMethod.POST.name());
-        when(request.getHeader("Content-type")).thenReturn("application/json");
+        when(request.getHeader(HttpHeaders.CONTENT_TYPE)).thenReturn(MediaType.APPLICATION_JSON_VALUE);
         when(request.getReader()).thenReturn(new BufferedReader(new StringReader(AUTH_TOKEN)));
 
         final AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
@@ -66,7 +68,7 @@ void testAttemptAuthentication_V11AuthToken() throws Exception {
         final HttpServletRequest request = mock(HttpServletRequest.class);
         final HttpServletResponse response = mock(HttpServletResponse.class);
         when(request.getMethod()).thenReturn(HttpMethod.POST.name());
-        when(request.getHeader("Content-type")).thenReturn("application/json");
+        when(request.getHeader(HttpHeaders.CONTENT_TYPE)).thenReturn(MediaType.APPLICATION_JSON_VALUE);
 
         var jsonBody = ObjectMother.toJson(Map.of("auth-token", ObjectMother.mockV11AuthToken().getToken()));