-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #20 from tofiksa/19-upgrade-jsonwebtokens
19 upgrade jsonwebtokens
- Loading branch information
Showing
21 changed files
with
452 additions
and
471 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
48 changes: 48 additions & 0 deletions
48
src/main/java/no/josefushighscore/configure/AuthConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package no.josefushighscore.configure; | ||
|
||
import no.josefushighscore.register.UserRegister; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.authentication.AuthenticationManager; | ||
import org.springframework.security.authentication.AuthenticationProvider; | ||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; | ||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; | ||
import org.springframework.security.core.userdetails.UserDetailsService; | ||
import org.springframework.security.core.userdetails.UsernameNotFoundException; | ||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | ||
|
||
@Configuration | ||
public class AuthConfiguration { | ||
|
||
private final UserRegister userRepository; | ||
|
||
public AuthConfiguration(UserRegister userRepository) { | ||
this.userRepository = userRepository; | ||
} | ||
|
||
@Bean | ||
UserDetailsService userDetailsService() { | ||
return username -> userRepository.findByUsername(username) | ||
.orElseThrow(() -> new UsernameNotFoundException("User not found")); | ||
} | ||
|
||
@Bean | ||
BCryptPasswordEncoder passwordEncoder() { | ||
return new BCryptPasswordEncoder(); | ||
} | ||
|
||
@Bean | ||
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception { | ||
return config.getAuthenticationManager(); | ||
} | ||
|
||
@Bean | ||
AuthenticationProvider authenticationProvider() { | ||
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); | ||
|
||
authProvider.setUserDetailsService(userDetailsService()); | ||
authProvider.setPasswordEncoder(passwordEncoder()); | ||
|
||
return authProvider; | ||
} | ||
} |
78 changes: 78 additions & 0 deletions
78
src/main/java/no/josefushighscore/configure/JwtAuthenticationFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package no.josefushighscore.configure; | ||
|
||
import jakarta.servlet.FilterChain; | ||
import jakarta.servlet.ServletException; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import no.josefushighscore.service.JwtService; | ||
import org.springframework.lang.NonNull; | ||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.security.core.userdetails.UserDetails; | ||
import org.springframework.security.core.userdetails.UserDetailsService; | ||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.web.filter.OncePerRequestFilter; | ||
import org.springframework.web.servlet.HandlerExceptionResolver; | ||
|
||
import java.io.IOException; | ||
|
||
@Component | ||
public class JwtAuthenticationFilter extends OncePerRequestFilter { | ||
|
||
private final HandlerExceptionResolver handlerExceptionResolver; | ||
|
||
private final JwtService jwtService; | ||
private final UserDetailsService userDetailsService; | ||
|
||
public JwtAuthenticationFilter( | ||
JwtService jwtService, | ||
UserDetailsService userDetailsService, | ||
HandlerExceptionResolver handlerExceptionResolver | ||
) { | ||
this.jwtService = jwtService; | ||
this.userDetailsService = userDetailsService; | ||
this.handlerExceptionResolver = handlerExceptionResolver; | ||
} | ||
|
||
@Override | ||
protected void doFilterInternal( | ||
@NonNull HttpServletRequest request, | ||
@NonNull HttpServletResponse response, | ||
@NonNull FilterChain filterChain | ||
) throws ServletException, IOException { | ||
final String authHeader = request.getHeader("Authorization"); | ||
|
||
if (authHeader == null || !authHeader.startsWith("Bearer ")) { | ||
filterChain.doFilter(request, response); | ||
return; | ||
} | ||
|
||
try { | ||
final String jwt = authHeader.substring(7); | ||
final String userName = jwtService.extractUsername(jwt); | ||
|
||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); | ||
|
||
if (userName != null && authentication == null) { | ||
UserDetails userDetails = this.userDetailsService.loadUserByUsername(userName); | ||
|
||
if (jwtService.isTokenValid(jwt, userDetails)) { | ||
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( | ||
userDetails, | ||
null, | ||
userDetails.getAuthorities() | ||
); | ||
|
||
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); | ||
SecurityContextHolder.getContext().setAuthentication(authToken); | ||
} | ||
} | ||
|
||
filterChain.doFilter(request, response); | ||
} catch (Exception exception) { | ||
handlerExceptionResolver.resolveException(request, response, null, exception); | ||
} | ||
} | ||
} |
45 changes: 0 additions & 45 deletions
45
src/main/java/no/josefushighscore/configure/SecurityConfig.java
This file was deleted.
Oops, something went wrong.
66 changes: 66 additions & 0 deletions
66
src/main/java/no/josefushighscore/configure/SecurityConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package no.josefushighscore.configure; | ||
|
||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.authentication.AuthenticationProvider; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.config.http.SessionCreationPolicy; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; | ||
import org.springframework.web.cors.CorsConfiguration; | ||
import org.springframework.web.cors.CorsConfigurationSource; | ||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; | ||
|
||
import java.util.List; | ||
|
||
@Configuration | ||
@EnableWebSecurity | ||
public class SecurityConfiguration { | ||
private final AuthenticationProvider authenticationProvider; | ||
private final JwtAuthenticationFilter jwtAuthenticationFilter; | ||
|
||
public SecurityConfiguration( | ||
JwtAuthenticationFilter jwtAuthenticationFilter, | ||
AuthenticationProvider authenticationProvider | ||
) { | ||
this.authenticationProvider = authenticationProvider; | ||
this.jwtAuthenticationFilter = jwtAuthenticationFilter; | ||
} | ||
|
||
@Bean | ||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { | ||
http.csrf() | ||
.disable() | ||
.authorizeHttpRequests() | ||
.requestMatchers("/auth/**") | ||
.permitAll() | ||
.requestMatchers("/swagger-ui.html", "/swagger-ui/**", "/swagger-resources/**", "/swagger-resources", "/v3/api-docs/*", "/v3/api-docs").hasRole("ANONYMOUS") | ||
.requestMatchers("/register/**").hasRole("ANONYMOUS") | ||
.anyRequest() | ||
.authenticated() | ||
.and() | ||
.sessionManagement() | ||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) | ||
.and() | ||
.authenticationProvider(authenticationProvider) | ||
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); | ||
|
||
return http.build(); | ||
} | ||
|
||
@Bean | ||
CorsConfigurationSource corsConfigurationSource() { | ||
CorsConfiguration configuration = new CorsConfiguration(); | ||
|
||
configuration.setAllowedOrigins(List.of("http://localhost:8005")); | ||
configuration.setAllowedMethods(List.of("GET","POST")); | ||
configuration.setAllowedHeaders(List.of("Authorization","Content-Type")); | ||
|
||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); | ||
|
||
source.registerCorsConfiguration("/**",configuration); | ||
|
||
return source; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 0 additions & 36 deletions
36
src/main/java/no/josefushighscore/security/CustomAuthenticationManager.java
This file was deleted.
Oops, something went wrong.
22 changes: 0 additions & 22 deletions
22
src/main/java/no/josefushighscore/security/jwt/JwtAuthenticationEntryPoint.java
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.