@Override
public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) throws IOException, ServletException {
boolean tokenAuthenticated = false;
HttpServletRequest request = (HttpServletRequest) sr;
String token = findToken(request);
if ((null == token) || (!authenticationNeeded(request))) {
fc.doFilter(sr, sr1);
return;
}
if (needHttps && (! request.isSecure())) {
TokenAuthenticationToken at = new TokenAuthenticationToken(token);
try {
at.setDetails(detailsSource.buildDetails(request));
Authentication auth = manager.authenticate(at);
if ((auth != null) && (auth.isAuthenticated())) {
SecurityContextHolder.getContext().setAuthentication(auth);
tokenAuthenticated = true;
}
} catch (AuthenticationException e) {
logger.debug("Authentication failed :", e);
}
}
else {
logger.info("Token identification rejected : proto != https");
}
fc.doFilter(sr, sr1);
if (tokenAuthenticated) {
logger.debug("Token authenticated : invalidate session");
HttpSession session = request.getSession(false);
if (session != null)