[ADD] CHANGES

fc85eeaa · Mauro Paolo Josue Zuñiga Mallqui · 16329228 · fc85eeaa · fc85eeaa · fc85eeaa
Commit fc85eeaa authored Dec 21, 2023 by Mauro Paolo Josue Zuñiga Mallqui
7 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -21,15 +21,33 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-jdbc</artifactId>
+			<exclusions>
+				<exclusion>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-starter-logging</artifactId>
+			</exclusion>
+  </exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
+						<exclusions>
+				<exclusion>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-starter-logging</artifactId>
+			</exclusion>
+  </exclusions>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 			<version>3.2.0</version>
+			<exclusions>
+				<exclusion>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-starter-logging</artifactId>
+			</exclusion>
+  </exclusions>
 		</dependency>
 		<!-- JPA -->
 		<dependency>

--- a/src/main/java/web/multitask/app/api/AppApi.java
+++ b/src/main/java/web/multitask/app/api/AppApi.java
@@ -2,7 +2,6 @@ package web.multitask.app.api;

 import org.json.JSONArray;
 import org.json.JSONObject;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import web.multitask.app.mysql.ProcedureMysql;
 import web.multitask.app.repository.UserRespository;

--- a/src/main/java/web/multitask/app/config/SecurityConfig.java
+++ b/src/main/java/web/multitask/app/config/SecurityConfig.java
@@ -34,8 +34,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    }

    @Bean
-    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
-    return authenticationConfiguration.getAuthenticationManager();
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
+            throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
    }

    @Override
@@ -45,17 +46,18 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http
-                 .cors(AbstractHttpConfigurer::disable).csrf(AbstractHttpConfigurer::disable)
+        http.cors(AbstractHttpConfigurer::disable).csrf(AbstractHttpConfigurer::disable)
                .authorizeHttpRequests(
                        authorizeRequests -> authorizeRequests
-                                .antMatchers("/test/admin").hasAuthority("ADMIN")
-                                .antMatchers("/test/user").hasAuthority("USER")
-                                 .antMatchers(HttpMethod.GET, "/**").permitAll()
-                                .antMatchers(HttpMethod.POST, "/**").permitAll()
+                                .antMatchers("/security/**").hasAnyAuthority("ADMIN")
+                                .antMatchers("/api/**").hasAnyAuthority("ADMIN", "USER")
+                                .antMatchers("/token/**").permitAll()
+                                .antMatchers("/private/**").hasAnyAuthority("ADMIN","USER")
+                                .antMatchers("/public/**").permitAll()
+                                .antMatchers(HttpMethod.GET, "/**").permitAll()
                                .anyRequest()
                                .authenticated());
-        http.addFilterBefore(new JwtTokenFilter(jwtTokenUtil,userRepo), UsernamePasswordAuthenticationFilter.class);
+        http.addFilterBefore(new JwtTokenFilter(jwtTokenUtil, userRepo), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
@@ -63,10 +65,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return new BCryptPasswordEncoder();
    }

-        @Bean
+    @Bean
    public CorsFilter corsFilter() {
-        UrlBasedCorsConfigurationSource source =
-            new UrlBasedCorsConfigurationSource();
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");

--- a/src/main/java/web/multitask/app/filter/JwtTokenFilter.java
+++ b/src/main/java/web/multitask/app/filter/JwtTokenFilter.java
@@ -36,32 +36,31 @@ public class JwtTokenFilter extends OncePerRequestFilter {
    }

    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException, java.io.IOException {
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws ServletException, IOException, java.io.IOException {

        final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
-        if (request.getRequestURI().startsWith("/token")) {
+        String token = "";
+        try{
+            token = header.split(" ")[1];
+        }catch (Exception e){
+            token = null;
+        }
+        if (token == null || token.isEmpty()) {
            chain.doFilter(request, response);
        } else {
-            if (header == null || !header.startsWith("Bearer ")) {
-                response.sendError(403, "Access Denied");
+            if (jwtTokenUtil.validateToken(token)) {
+                JSONObject jsonToken = new JSONObject(jwtTokenUtil.getDataToken(token));
+                UserDetails userDetails = userRepo.findByUsername(jsonToken.getString("username"));
+                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+                        userDetails,
+                        null, userDetails.getAuthorities());
+                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authentication);
                chain.doFilter(request, response);
            } else {
-                String token = header.split(" ")[1];
-                if (jwtTokenUtil.validateToken(token)) {
-                    JSONObject jsonToken = new JSONObject(jwtTokenUtil.getDataToken(token));
-                    UserDetails userDetails = userRepo.findByUsername(jsonToken.getString("username"));
-                    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
-                    authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-                    SecurityContextHolder.getContext().setAuthentication(authentication);
-                    response.setStatus(200);
-                    chain.doFilter(request, response);
-                } else {
-                    response.sendError(401, "Invalid Token");
-                    chain.doFilter(request, response);
-                }
+                response.sendError(401, "Invalid Token");
            }
        }
-
    }
-
 }
\ No newline at end of file
--- a/src/main/java/web/multitask/app/mysql/ProcedureMysql.java
+++ b/src/main/java/web/multitask/app/mysql/ProcedureMysql.java
@@ -42,6 +42,8 @@ public class ProcedureMysql {
            List<Map<String, Object>> list = jdbcTemplate.queryForList(query.toString(), params);
            JSONObject result = new JSONObject();
            result.put("data", list);
+            result.put("message", "Success");
+            result.put("status", true);
            return result;
        } catch (Exception e) {
            return new JSONObject().put("data", new JSONObject()).put("message", e.getMessage()).put("status", false);

--- a/src/main/java/web/multitask/app/utils/JwtTokenUtil.java
+++ b/src/main/java/web/multitask/app/utils/JwtTokenUtil.java
@@ -24,7 +24,7 @@ public class JwtTokenUtil implements Serializable{
        JSONObject json = new JSONObject();
        json.put("username", user.getUsername());
        return Jwts.builder()
-                .setSubject(json.toString())
+                .setSubject(json.toString()) 
                .setIssuedAt(new Date())
                .setExpiration(expiryDate)
                .signWith(Keys.hmacShaKeyFor(jwtSecret.getBytes()))

--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -4,7 +4,7 @@ spring.datasource.password=asd123
 spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
 server.port=8081
 server.address=0.0.0.0
-spring.jpa.show-sql=true
+# spring.jpa.show-sql=true
 app.jwtSecret=9a4f2c8d3b7a1e6f45c8a0b3f267d8b1d4e6f3c8a9d2b5f8e3a9c8b5f6v8a3d9
 spring.jpa.hibernate.ddl-auto = update
 spring.security.filter.order=1
\ No newline at end of file