diff --git a/pom.xml b/pom.xml
index 2f35cc377c8bc1faf641d65e4602e6f067c4c741..e3c606f37e598f8214620ffd64660494a1650f01 100755
--- a/pom.xml
+++ b/pom.xml
@@ -29,6 +29,7 @@
UTF-8
2.2.6.RELEASE
1.18.10
+ 2.2.2.RELEASE
@@ -97,6 +98,22 @@
lombok
${lombok.version}
+
+ gson
+ com.google.code.gson
+ 2.8.2
+
+
+ spring-security-oauth2-autoconfigure
+
+
+ jackson-mapper-asl
+ org.codehaus.jackson
+
+
+ org.springframework.security.oauth.boot
+ ${spring-security-oauth2-autoconfigure.version}
+
diff --git a/src/main/java/org/edgegallery/mecm/appo/apihandler/access/AccessTokenFilter.java b/src/main/java/org/edgegallery/mecm/appo/apihandler/access/AccessTokenFilter.java
new file mode 100644
index 0000000000000000000000000000000000000000..c21f758617c70768748f347c64d32a58911965a7
--- /dev/null
+++ b/src/main/java/org/edgegallery/mecm/appo/apihandler/access/AccessTokenFilter.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2020 Huawei Technologies Co., Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.edgegallery.mecm.appo.apihandler.access;
+
+import java.io.IOException;
+import java.util.Map;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Component
+@Import({ResourceServerTokenServicesConfiguration.class})
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class AccessTokenFilter extends OncePerRequestFilter {
+
+ @Autowired
+ TokenStore jwtTokenStore;
+
+ private String invalidToken = "Invalid access token";
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws ServletException, IOException {
+
+ String accessTokenStr = request.getHeader("access_token");
+ if (StringUtils.isEmpty(accessTokenStr)) {
+ response.sendError(HttpStatus.UNAUTHORIZED.value(), "Access token is empty");
+ return;
+ }
+
+ OAuth2AccessToken accessToken = jwtTokenStore.readAccessToken(accessTokenStr);
+ if (accessToken == null || accessToken.isExpired()) {
+ response.sendError(HttpStatus.UNAUTHORIZED.value(), invalidToken);
+ return;
+ }
+
+ Map additionalInfoMap = accessToken.getAdditionalInformation();
+ OAuth2Authentication auth = jwtTokenStore.readAuthentication(accessToken);
+ if (additionalInfoMap == null || auth == null) {
+ response.sendError(HttpStatus.UNAUTHORIZED.value(), invalidToken);
+ return;
+ }
+
+ SecurityContextHolder.getContext().setAuthentication(auth);
+
+ filterChain.doFilter(request, response);
+ }
+}