Skip to content

T
trismegisto-services
Commit 6748b4bb by Mauro Paolo Josue Zuñiga Mallqui
Options

[ADD] FILES ADDED

parent 69efc884
Showing with 274 additions and 0 deletions
src/main/java/web/multitask/app/api/JwtApi.java 0 → 100644
package web.multitask.app.api;
import org.json.JSONObject;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.*;
import web.multitask.app.model.User;
import web.multitask.app.repository.UserRespository;
import web.multitask.app.utils.JwtTokenUtil;
import java.util.Objects;
@RestController
@RequestMapping("/token")
@CrossOrigin
class JwtApi {
private final JwtTokenUtil jwtTokenUtil;
private final UserRespository userRepo;
public JwtApi(JwtTokenUtil jwtTokenUtil, UserRespository userRepo) {
this.jwtTokenUtil = jwtTokenUtil;
this.userRepo = userRepo;
}
@PostMapping("/authenticate")
public String createAuthenticationToken(@RequestBody String authenticationRequest) {
JSONObject json = new JSONObject(authenticationRequest);
String username = json.getString("username");
UserDetails userDetails = userRepo.findByUsername(username);
if(!Objects.equals(userDetails.getPassword(), json.getString("password"))){
return new JSONObject().put("token", "").put("message", "Invalid Credentials").put("status", false).toString();
}else{
return new JSONObject().put("token", jwtTokenUtil.generateToken((User) userDetails)).put("message", "Generated").put("status", true).toString();
}
}
}
\ No newline at end of file
src/main/java/web/multitask/app/api/TestApi.java 0 → 100644
package web.multitask.app.api;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("test")
public class TestApi {
@RequestMapping("/user")
public String test() {
return "user";
}
@RequestMapping("/admin")
public String test2() {
return "admin";
}
}
src/main/java/web/multitask/app/filter/JwtTokenFilter.java 0 → 100644
package web.multitask.app.filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONObject;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import io.jsonwebtoken.io.IOException;
import web.multitask.app.repository.UserRespository;
import web.multitask.app.utils.JwtTokenUtil;
@Component
@Order(1)
public class JwtTokenFilter extends OncePerRequestFilter {
private JwtTokenUtil jwtTokenUtil = null;
private UserRespository userRepo = null;
public JwtTokenFilter(JwtTokenUtil jwtTokenUtil, UserRespository userRepo) {
this.jwtTokenUtil = jwtTokenUtil;
this.userRepo = userRepo;
}
public JwtTokenFilter() {
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException, java.io.IOException {
final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (request.getRequestURI().startsWith("/token")) {
chain.doFilter(request, response);
} else {
if (header == null || !header.startsWith("Bearer ")) {
response.sendError(403, "Access Denied");
chain.doFilter(request, response);
} else {
String token = header.split(" ")[1];
if (jwtTokenUtil.validateToken(token)) {
JSONObject jsonToken = new JSONObject(jwtTokenUtil.getDataToken(token));
UserDetails userDetails = userRepo.findByUsername(jsonToken.getString("username"));
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
response.setStatus(200, "OK");
chain.doFilter(request, response);
} else {
response.sendError(401, "Invalid Token");
chain.doFilter(request, response);
}
}
}
}
}
\ No newline at end of file
src/main/java/web/multitask/app/model/User.java 0 → 100644
package web.multitask.app.model;
import javax.persistence.*;
import lombok.*;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection;
import java.util.List;
@Data
@NoArgsConstructor
@Getter
@Setter
@Entity(name = "users")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = javax.persistence.GenerationType.IDENTITY)
private Long id;
@NonNull
private String username;
@NonNull
private String password;
@ManyToMany(fetch = javax.persistence.FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "user_roles",
joinColumns = @JoinColumn(name = "user_id"),
inverseJoinColumns = @JoinColumn(name="role_id"))
private java.util.Set<Role> roles = new java.util.HashSet<>();
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<SimpleGrantedAuthority> authorities = new java.util.ArrayList<>();
for (Role role : roles) {
authorities.add(new SimpleGrantedAuthority(role.getDescripcion()));
}
return authorities;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
\ No newline at end of file
src/main/java/web/multitask/app/repository/UserRespository.java 0 → 100644
package web.multitask.app.repository;
import org.springframework.data.jpa.repository.JpaRepository;
import web.multitask.app.model.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public interface UserRespository extends JpaRepository<User, Long> {
UserDetails findByUsername(String username)
throws UsernameNotFoundException;
}
\ No newline at end of file
src/main/java/web/multitask/app/utils/JwtTokenUtil.java 0 → 100644
package web.multitask.app.utils;
import java.io.Serializable;
import java.util.Date;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Value;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import org.springframework.stereotype.Component;
import web.multitask.app.model.User;
@Component
public class JwtTokenUtil implements Serializable{
@Value("${app.jwtSecret}")
private String jwtSecret;
public String generateToken(User user) {
Date now = new Date();
Date expiryDate = new Date(now.getTime() + 3600000);
JSONObject json = new JSONObject();
json.put("username", user.getUsername());
return Jwts.builder()
.setSubject(json.toString())
.setIssuedAt(new Date())
.setExpiration(expiryDate)
.signWith(Keys.hmacShaKeyFor(jwtSecret.getBytes()))
.compact();
}
public boolean validateToken(String token) {
try {
Jwts.parserBuilder()
.setSigningKey(Keys.hmacShaKeyFor(jwtSecret.getBytes()))
.build()
.parseClaimsJws(token);
return true;
} catch (Exception e) {
return false;
}
}
public String getDataToken(String token) {
try {
return Jwts.parserBuilder()
.setSigningKey(Keys.hmacShaKeyFor(jwtSecret.getBytes()))
.build()
.parseClaimsJws(token)
.getBody().getSubject();
}catch (Exception e){
return null;
}
}
public boolean isTokenExpired(String token) {
return Jwts.parserBuilder()
.setSigningKey(Keys.hmacShaKeyFor(jwtSecret.getBytes()))
.build()
.parseClaimsJws(token)
.getBody()
.getExpiration()
.before(new Date());
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment