Add JWT authentication support with login and token refresh endpoints
This commit is contained in:
sumedh
11
pom.xml
11
pom.xml
@@ -30,6 +30,8 @@
|
|||||||
<java.version>21</java.version>
|
<java.version>21</java.version>
|
||||||
<spring-ai.version>1.0.0-M6</spring-ai.version>
|
<spring-ai.version>1.0.0-M6</spring-ai.version>
|
||||||
<spring-cloud.version>2023.0.3</spring-cloud.version>
|
<spring-cloud.version>2023.0.3</spring-cloud.version>
|
||||||
|
<maven.compiler.source>21</maven.compiler.source>
|
||||||
|
<maven.compiler.target>21</maven.compiler.target>
|
||||||
</properties>
|
</properties>
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
|
||||||
@@ -47,6 +49,15 @@
|
|||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-data-mongodb</artifactId>
|
<artifactId>spring-boot-starter-data-mongodb</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.azure.spring</groupId>
|
||||||
|
<artifactId>azure-spring-boot-starter-active-directory</artifactId>
|
||||||
|
<version>4.0.0</version> <!-- or latest -->
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-test</artifactId>
|
<artifactId>spring-boot-starter-test</artifactId>
|
||||||
|
|||||||
@@ -1,14 +1,15 @@
|
|||||||
package com.olympus.apollo.security.config;
|
package com.olympus.apollo.security.config;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.*;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||||
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
@@ -24,18 +25,11 @@ public class SecurityConfig {
|
|||||||
@Autowired
|
@Autowired
|
||||||
CustomUserDetailsService userDetailsService;
|
CustomUserDetailsService userDetailsService;
|
||||||
|
|
||||||
/* @Autowired
|
|
||||||
private AuthEntryPointJwt unauthorizedHandler;
|
|
||||||
*/
|
|
||||||
@Bean
|
@Bean
|
||||||
public JwtTokenFilter authenticationJwtTokenFilter() {
|
public JwtTokenFilter authenticationJwtTokenFilter() {
|
||||||
return new JwtTokenFilter();
|
return new JwtTokenFilter();
|
||||||
}
|
}
|
||||||
|
|
||||||
//@Override
|
|
||||||
//public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
|
|
||||||
// authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
|
|
||||||
//}
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public DaoAuthenticationProvider authenticationProvider() {
|
public DaoAuthenticationProvider authenticationProvider() {
|
||||||
@@ -47,38 +41,50 @@ public class SecurityConfig {
|
|||||||
return authProvider;
|
return authProvider;
|
||||||
}
|
}
|
||||||
|
|
||||||
//@Bean
|
|
||||||
//@Override
|
|
||||||
//public AuthenticationManager authenticationManagerBean() throws Exception {
|
@Bean
|
||||||
// return super.authenticationManagerBean();
|
PasswordEncoder passwordEncoder() {
|
||||||
//}
|
return NoOpPasswordEncoder.getInstance();
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
|
public SecurityFilterChain oauth2Security(HttpSecurity http) throws Exception {
|
||||||
return authConfig.getAuthenticationManager();
|
http
|
||||||
}
|
.securityMatcher("/msauth/**") // Match only specific OAuth2 endpoints
|
||||||
|
.authorizeHttpRequests(auth -> auth
|
||||||
|
.anyRequest().authenticated()
|
||||||
@Bean
|
)
|
||||||
PasswordEncoder passwordEncoder() {
|
.oauth2ResourceServer(oauth2 -> oauth2.jwt()); // Enable OAuth2 JWT Validation
|
||||||
return NoOpPasswordEncoder.getInstance();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Bean
|
|
||||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
|
||||||
http.csrf(csrf -> csrf.disable())
|
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
|
||||||
.authorizeHttpRequests(auth -> auth.requestMatchers("/api/auth/**").permitAll()
|
|
||||||
.requestMatchers("/api/test/**").permitAll()
|
|
||||||
.requestMatchers("/**").permitAll()
|
|
||||||
.anyRequest().authenticated()); //permitAll());
|
|
||||||
|
|
||||||
http.authenticationProvider(authenticationProvider());
|
|
||||||
|
|
||||||
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
|
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
// 🔓 2. Default security for all other URLs
|
||||||
|
@Bean
|
||||||
|
public SecurityFilterChain defaultSecurity(HttpSecurity http) throws Exception {
|
||||||
|
http
|
||||||
|
.csrf().disable()
|
||||||
|
.authorizeHttpRequests(auth -> auth
|
||||||
|
.requestMatchers("/api/auth/**", "/login").permitAll()
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
)
|
||||||
|
.authenticationProvider(authenticationProvider())
|
||||||
|
.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public AuthenticationManager authManager(HttpSecurity http) throws Exception {
|
||||||
|
return http.getSharedObject(AuthenticationManagerBuilder.class)
|
||||||
|
.userDetailsService(userDetailsService)
|
||||||
|
.passwordEncoder(passwordEncoder())
|
||||||
|
.and()
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,90 +1,32 @@
|
|||||||
package com.olympus.apollo.security.controllers;
|
package com.olympus.apollo.security.controllers;
|
||||||
|
|
||||||
import java.security.Principal;
|
import com.olympus.apollo.security.services.JwtService;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.http.HttpHeaders;
|
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.oauth2.jwt.Jwt;
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
|
||||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
import org.springframework.web.bind.annotation.PostMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestBody;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import com.olympus.apollo.security.dto.AuthenticationRequest;
|
import java.util.Map;
|
||||||
import com.olympus.apollo.security.dto.AuthenticationResponse;
|
|
||||||
import com.olympus.apollo.security.dto.FetchUserResponse;
|
|
||||||
import com.olympus.apollo.security.entity.User;
|
|
||||||
import com.olympus.apollo.security.utility.JwtTokenProvider;
|
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@CrossOrigin
|
@RequestMapping("/msauth")
|
||||||
@RequestMapping("/api/auth")
|
|
||||||
public class AuthController {
|
public class AuthController {
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private AuthenticationManager authenticationManager;
|
|
||||||
|
|
||||||
@Autowired
|
private final JwtService jwtService;
|
||||||
private JwtTokenProvider jwtTokenProvider;
|
|
||||||
|
|
||||||
@PostMapping("/login")
|
|
||||||
public ResponseEntity<?> authenticateUser(@RequestBody AuthenticationRequest authenticationRequest) {
|
|
||||||
|
|
||||||
Authentication authentication = authenticationManager.authenticate(
|
|
||||||
new UsernamePasswordAuthenticationToken(
|
|
||||||
authenticationRequest.getUsername(),
|
|
||||||
authenticationRequest.getPassword()
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
||||||
String jwt = jwtTokenProvider.createToken(authentication);
|
|
||||||
|
|
||||||
|
|
||||||
HttpHeaders httpHeaders = new HttpHeaders();
|
|
||||||
httpHeaders.add("authorization", jwt);
|
|
||||||
httpHeaders.add("access-control-expose-headers", "authorization");
|
|
||||||
AuthenticationResponse authenticationResponse = new AuthenticationResponse(jwt, (User) authentication.getPrincipal());
|
|
||||||
|
|
||||||
return ResponseEntity.ok().headers(httpHeaders).body(authenticationResponse);
|
|
||||||
|
|
||||||
|
public AuthController(JwtService jwtService) {
|
||||||
|
this.jwtService = jwtService;
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/fetch-user")
|
@PostMapping("/exchange")
|
||||||
public FetchUserResponse fetchUser(Authentication authentication) {
|
public ResponseEntity<?> exchangeToken(@AuthenticationPrincipal Jwt azureJwt) {
|
||||||
User principal = (User) authentication.getPrincipal();
|
String internalToken = jwtService.generateInternalToken(azureJwt);
|
||||||
principal.setPassword(null);
|
return ResponseEntity.ok(Map.of("token", internalToken));
|
||||||
FetchUserResponse fetchUserResponse = new FetchUserResponse();
|
|
||||||
fetchUserResponse.setData(principal);
|
|
||||||
return fetchUserResponse;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@GetMapping("/refresh-token")
|
|
||||||
public ResponseEntity<?> refreshToken(Authentication authentication) {
|
|
||||||
|
|
||||||
|
|
||||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
||||||
String jwt = jwtTokenProvider.createToken(authentication);
|
|
||||||
|
|
||||||
|
|
||||||
HttpHeaders httpHeaders = new HttpHeaders();
|
|
||||||
httpHeaders.add("authorization", jwt);
|
|
||||||
httpHeaders.add("access-control-expose-headers", "authorization");
|
|
||||||
AuthenticationResponse authenticationResponse = new AuthenticationResponse(jwt, (User) authentication.getPrincipal());
|
|
||||||
|
|
||||||
return ResponseEntity.ok().headers(httpHeaders).body(authenticationResponse);
|
|
||||||
}
|
|
||||||
|
|
||||||
@GetMapping("/test")
|
|
||||||
public ResponseEntity<?> test() {
|
|
||||||
return ResponseEntity.ok(" you have access now ");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,82 @@
|
|||||||
|
package com.olympus.apollo.security.controllers;
|
||||||
|
|
||||||
|
import com.olympus.apollo.security.dto.AuthenticationRequest;
|
||||||
|
import com.olympus.apollo.security.dto.AuthenticationResponse;
|
||||||
|
import com.olympus.apollo.security.dto.FetchUserResponse;
|
||||||
|
import com.olympus.apollo.security.entity.User;
|
||||||
|
import com.olympus.apollo.security.services.JwtService;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.http.HttpHeaders;
|
||||||
|
import org.springframework.http.ResponseEntity;
|
||||||
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
@RequestMapping("/api/auth")
|
||||||
|
public class LoginController {
|
||||||
|
@Autowired
|
||||||
|
private AuthenticationManager authenticationManager;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private JwtService jwtTokenProvider;
|
||||||
|
|
||||||
|
@PostMapping("/login")
|
||||||
|
public ResponseEntity<?> authenticateUser(@RequestBody AuthenticationRequest authenticationRequest) {
|
||||||
|
|
||||||
|
Authentication authentication = authenticationManager.authenticate(
|
||||||
|
new UsernamePasswordAuthenticationToken(
|
||||||
|
authenticationRequest.getUsername(),
|
||||||
|
authenticationRequest.getPassword()
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||||
|
String jwt = jwtTokenProvider.generateInternalTokenFromUsername(authentication);
|
||||||
|
|
||||||
|
HttpHeaders httpHeaders = new HttpHeaders();
|
||||||
|
httpHeaders.add("authorization", jwt);
|
||||||
|
httpHeaders.add("access-control-expose-headers", "authorization");
|
||||||
|
|
||||||
|
AuthenticationResponse authenticationResponse = new AuthenticationResponse(jwt, (User) authentication.getPrincipal());
|
||||||
|
|
||||||
|
return ResponseEntity.ok().headers(httpHeaders).body(authenticationResponse);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/fetch-user")
|
||||||
|
public FetchUserResponse fetchUser(Authentication authentication) {
|
||||||
|
User principal = (User) authentication.getPrincipal();
|
||||||
|
principal.setPassword("fake");
|
||||||
|
FetchUserResponse fetchUserResponse = new FetchUserResponse();
|
||||||
|
fetchUserResponse.setData(principal);
|
||||||
|
return fetchUserResponse;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@GetMapping("/refresh-token")
|
||||||
|
public ResponseEntity<?> refreshToken(Authentication authentication) {
|
||||||
|
|
||||||
|
|
||||||
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||||
|
String jwt = jwtTokenProvider.generateInternalTokenFromUsername(authentication);
|
||||||
|
|
||||||
|
|
||||||
|
HttpHeaders httpHeaders = new HttpHeaders();
|
||||||
|
httpHeaders.add("authorization", jwt);
|
||||||
|
httpHeaders.add("access-control-expose-headers", "authorization");
|
||||||
|
AuthenticationResponse authenticationResponse = new AuthenticationResponse(jwt, (User) authentication.getPrincipal());
|
||||||
|
|
||||||
|
return ResponseEntity.ok().headers(httpHeaders).body(authenticationResponse);
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/test")
|
||||||
|
public ResponseEntity<?> test() {
|
||||||
|
return ResponseEntity.ok(" you have access now ");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@@ -2,6 +2,7 @@ package com.olympus.apollo.security.filter;
|
|||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import com.olympus.apollo.security.services.JwtService;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
@@ -11,8 +12,6 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
|
|||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
import com.olympus.apollo.security.utility.JwtTokenProvider;
|
|
||||||
|
|
||||||
import jakarta.servlet.FilterChain;
|
import jakarta.servlet.FilterChain;
|
||||||
import jakarta.servlet.ServletException;
|
import jakarta.servlet.ServletException;
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
@@ -26,7 +25,7 @@ import lombok.NoArgsConstructor;
|
|||||||
public class JwtTokenFilter extends OncePerRequestFilter {
|
public class JwtTokenFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtTokenProvider jwtTokenProvider;
|
private JwtService jwtTokenProvider;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserDetailsService userDetailsService;
|
private UserDetailsService userDetailsService;
|
||||||
|
|||||||
@@ -0,0 +1,116 @@
|
|||||||
|
package com.olympus.apollo.security.services;
|
||||||
|
|
||||||
|
import io.jsonwebtoken.ExpiredJwtException;
|
||||||
|
import io.jsonwebtoken.Jwts;
|
||||||
|
import io.jsonwebtoken.MalformedJwtException;
|
||||||
|
import io.jsonwebtoken.SignatureAlgorithm;
|
||||||
|
import io.jsonwebtoken.UnsupportedJwtException;
|
||||||
|
import io.jsonwebtoken.io.Decoders;
|
||||||
|
import io.jsonwebtoken.security.Keys;
|
||||||
|
import io.jsonwebtoken.security.SignatureException;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
|
import org.springframework.security.oauth2.jwt.Jwt;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
|
import java.security.Key;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
@Service
|
||||||
|
@Slf4j
|
||||||
|
public class JwtService {
|
||||||
|
|
||||||
|
private final long EXPIRATION_MS = 3600_000; // 1 hour
|
||||||
|
|
||||||
|
|
||||||
|
public static final String SECRET = "5367566B59703373367639792F423F4528482B4D6251655468576D5A713474375367566B59703373367639792F423F4528482B4D6251655468576D5A71347437";
|
||||||
|
|
||||||
|
|
||||||
|
private Key getSignKey() {
|
||||||
|
byte[] keyBytes = Decoders.BASE64.decode(SECRET);
|
||||||
|
return Keys.hmacShaKeyFor(keyBytes);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public String generateInternalToken(Jwt azureJwt) {
|
||||||
|
Date now = new Date();
|
||||||
|
Date expiry = new Date(now.getTime() + EXPIRATION_MS);
|
||||||
|
|
||||||
|
String username="";
|
||||||
|
String email = azureJwt.getClaim("email");
|
||||||
|
String username_claim = azureJwt.getClaim("username");
|
||||||
|
String unique_name = azureJwt.getClaim("unique_name");
|
||||||
|
|
||||||
|
if(username_claim == null){
|
||||||
|
username = unique_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( username.contains("@") ){
|
||||||
|
username = username.split("@")[0];
|
||||||
|
}
|
||||||
|
return Jwts.builder()
|
||||||
|
.setSubject(username)
|
||||||
|
.setIssuedAt(new Date())
|
||||||
|
.setExpiration(expiry)
|
||||||
|
.signWith(getSignKey(), SignatureAlgorithm.HS512)
|
||||||
|
//.signWith(SignatureAlgorithm.HS512, SECRET)
|
||||||
|
.compact();
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public String generateInternalTokenFromUsername(Authentication authentication) {
|
||||||
|
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
|
||||||
|
Date now = new Date();
|
||||||
|
Date expiry = new Date(now.getTime() + EXPIRATION_MS);
|
||||||
|
|
||||||
|
return Jwts.builder()
|
||||||
|
.setSubject(userDetails.getUsername())
|
||||||
|
.setIssuedAt(now)
|
||||||
|
.setExpiration(expiry)
|
||||||
|
.signWith(getSignKey(), SignatureAlgorithm.HS512)
|
||||||
|
.compact();
|
||||||
|
}
|
||||||
|
|
||||||
|
public String resolveToken(HttpServletRequest request) {
|
||||||
|
|
||||||
|
String bearerToken = request.getHeader("Authorization");
|
||||||
|
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
|
||||||
|
return bearerToken.substring(7);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the token is valid and not expired
|
||||||
|
public boolean validateToken(String token) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
Jwts.parser().setSigningKey(getSignKey()).parseClaimsJws(token);
|
||||||
|
return true;
|
||||||
|
} catch (MalformedJwtException ex) {
|
||||||
|
log.error("Invalid JWT token");
|
||||||
|
} catch (ExpiredJwtException ex) {
|
||||||
|
log.error("Expired JWT token");
|
||||||
|
} catch (UnsupportedJwtException ex) {
|
||||||
|
log.error("Unsupported JWT token");
|
||||||
|
} catch (IllegalArgumentException ex) {
|
||||||
|
log.error("JWT claims string is empty");
|
||||||
|
} catch (SignatureException e) {
|
||||||
|
log.error("there is an error with the signature of you token ");
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Extract the username from the JWT token
|
||||||
|
public String getUsername(String token) {
|
||||||
|
|
||||||
|
return Jwts.parser()
|
||||||
|
.setSigningKey(getSignKey())
|
||||||
|
.parseClaimsJws(token)
|
||||||
|
.getBody()
|
||||||
|
.getSubject();
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,88 +0,0 @@
|
|||||||
package com.olympus.apollo.security.utility;
|
|
||||||
|
|
||||||
import org.springframework.stereotype.Component;
|
|
||||||
|
|
||||||
import io.jsonwebtoken.*;
|
|
||||||
import io.jsonwebtoken.io.Decoders;
|
|
||||||
import io.jsonwebtoken.security.Keys;
|
|
||||||
import io.jsonwebtoken.security.SignatureException;
|
|
||||||
import jakarta.servlet.http.HttpServletRequest;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
|
||||||
import org.springframework.util.StringUtils;
|
|
||||||
import java.security.Key;
|
|
||||||
import java.util.Date;
|
|
||||||
|
|
||||||
@Component
|
|
||||||
@Slf4j
|
|
||||||
public class JwtTokenProvider {
|
|
||||||
|
|
||||||
Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
|
|
||||||
|
|
||||||
|
|
||||||
public static final String SECRET = "5367566B59703373367639792F423F4528482B4D6251655468576D5A713474375367566B59703373367639792F423F4528482B4D6251655468576D5A71347437";
|
|
||||||
|
|
||||||
|
|
||||||
private Key getSignKey() {
|
|
||||||
byte[] keyBytes = Decoders.BASE64.decode(SECRET);
|
|
||||||
return Keys.hmacShaKeyFor(keyBytes);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public String createToken(Authentication authentication) {
|
|
||||||
|
|
||||||
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
|
|
||||||
Date now = new Date();
|
|
||||||
Date expiryDate = new Date(now.getTime() + 3600000);
|
|
||||||
|
|
||||||
return Jwts.builder()
|
|
||||||
.setSubject(userDetails.getUsername())
|
|
||||||
.setIssuedAt(new Date())
|
|
||||||
.setExpiration(expiryDate)
|
|
||||||
.signWith(getSignKey(), SignatureAlgorithm.HS512)
|
|
||||||
//.signWith(SignatureAlgorithm.HS512, SECRET)
|
|
||||||
.compact();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public String resolveToken(HttpServletRequest request) {
|
|
||||||
|
|
||||||
String bearerToken = request.getHeader("Authorization");
|
|
||||||
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
|
|
||||||
return bearerToken.substring(7);
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if the token is valid and not expired
|
|
||||||
public boolean validateToken(String token) {
|
|
||||||
|
|
||||||
try {
|
|
||||||
Jwts.parser().setSigningKey(getSignKey()).parseClaimsJws(token);
|
|
||||||
return true;
|
|
||||||
} catch (MalformedJwtException ex) {
|
|
||||||
log.error("Invalid JWT token");
|
|
||||||
} catch (ExpiredJwtException ex) {
|
|
||||||
log.error("Expired JWT token");
|
|
||||||
} catch (UnsupportedJwtException ex) {
|
|
||||||
log.error("Unsupported JWT token");
|
|
||||||
} catch (IllegalArgumentException ex) {
|
|
||||||
log.error("JWT claims string is empty");
|
|
||||||
} catch (SignatureException e) {
|
|
||||||
log.error("there is an error with the signature of you token ");
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Extract the username from the JWT token
|
|
||||||
public String getUsername(String token) {
|
|
||||||
|
|
||||||
return Jwts.parser()
|
|
||||||
.setSigningKey(getSignKey())
|
|
||||||
.parseClaimsJws(token)
|
|
||||||
.getBody()
|
|
||||||
.getSubject();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -13,6 +13,11 @@ generic-file-parser-module:
|
|||||||
spring:
|
spring:
|
||||||
application:
|
application:
|
||||||
name: apollo
|
name: apollo
|
||||||
|
security:
|
||||||
|
oauth2:
|
||||||
|
resourceserver:
|
||||||
|
jwt:
|
||||||
|
issuer-uri: https://sts.windows.net/e0793d39-0939-496d-b129-198edd916feb/
|
||||||
ai:
|
ai:
|
||||||
azure:
|
azure:
|
||||||
openai:
|
openai:
|
||||||
|
|||||||
Reference in New Issue
Block a user