Untitled
unknown
plain_text
3 years ago
7.8 kB
3
Indexable
Customers
import java.util.ArrayList;
import java.util.Objects;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.org.foodapp.POJO.User;
import com.org.foodapp.dao.UserDao;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@Service
public class CustomerUsersDetailsService implements UserDetailsService {
@Autowired
UserDao userDao;
private com.org.foodapp.POJO.User userDetail;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//log.info = userDao.findByEmailId(username)
userDetail = userDao.findByEmailId(username);
if (!Objects.isNull(userDetail))
return new User(userDetail.getEmail(),userDetail.getPassword(),new ArrayList<>());
else
throw new UsernameNotFoundException("User not found,");
}
public com.org.foodapp.POJO.User getUserDetail{
return userDetail;
}
}
JWtFiler
package com.org.foodapp.JWT;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
@Component
public class JwtFilter extends OncePerRequestFilter{
@Autowired
private JwtUtil jwtUtil;
@Autowired
private CustomerUsersDetailsService service;
Claims claims = null;
private String userName = null;
@Override
protected void doFilterInternal(HttpServletRequest httpServletrequest , HttpServletResponse httpServletresponse, FilterChain filterChain )throws ServletException, IOException {
if(httpServletrequest.getServletPath().matches("/user/login|/user/forgotPassword|/user/signup")) {
filterChain.doFilter(httpServletrequest, httpServletresponse);
}else {
String authorizationHeader = httpServletrequest.getHeader("Authorization");
String token= null;
if(authorizationHeader != null && authorizationHeader.startsWith("Bearer")){
token = authorizationHeader.substring(7);
userName = jwtUtil.extractUsername(token);
claims = jwtUtil.extractAllClaims(token);
}
if(userName != null && SecurityContextHolder.getContext().getAuthentication()==null) {
UserDetails userDetails = service.loadUserByUsername(userName);
if(jwtUtil.validateToken(token,userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(
new WebAuthenticationDetailsSource.buildDetails(httpServletrequest));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(httpServletrequest, httpServletresponse);
}
public boolean isAdmin() {
return "admin".equalsIgnoreCase((String) claims.get("role"));
}
public boolean isUser() {
return "user".equalsIgnoreCase((String) claims.get("role"));
}
public String getCurrentUser() {
return userName;
}
}
}
JWtUtil
package com.org.foodapp.JWT;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import java.sql.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
@Service
public class JwtUtil{
private String secret="aksav";
public String extractUsername(String token) {
return extractClaims(token,Claims::getSubject);
}
public Date extractExpiration(String token) {
return extractClaims(token,Claims::getExpiration);
}
public <T> T extractClamis(String token, Function<Claims, T> claimsResolver) {
final Claims claims = extractAllClaims(token);
return claimsResolver.apply(claims);
}
public Claims extractAllClaims(String token) {
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
}
private Boolean isTokenExpired(String token) {
return extractExpiration(token).before(new Date());
}
public String generateToken(String username ,String role) {
Map<String,Object> claims = new HashMap<>();
claims.put("role", role);
createToken(claims,username);
}
private String createToken(Map<String, Object> claims,String subject) {
return Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(new Date(System.currentTimeMillis()))
.setExpiration(new Date(System.currentTimeMillis()+ 1000*60*60*10))
.signWith(SignatureAlgorithm.HS256,secret).compact();
}
public Boolean validateToken(String token, UserDetails userDetails) {
final String username = extractUsername(token);
return (Username.equals(userDetails.getUsername()) && !isTokenExpired(token));
}
}
SecurityConfig
package com.org.foodapp.JWT;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
@Configuration
@EnableWebSecurity
public class SecurityConfig implements WebSecurityConfigureAdapter {
@Autowired
CustomerUsersDetailsService customerUsersDetailsService;
@Autowired
JwtFilter jwtFilter;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(customerUsersDetailsService);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean(name= BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues())
.and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/user/login", "/user/singup", "/useer/forgotPassword")
.permitAll()
.anyRequest()
.authenticated()
.and().exceptionHandling()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
}
}Editor is loading...