ENTRYPOINT FILE
@Component
public class ApiAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
response.sendError(401, "unauthorized");
}
}
FILTER FILE
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Autowired
JwtUtil jwtUtil;
@Autowired
UserAuthService userService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
String header = request.getHeader("JWT");
String token = null;
String username = null;
UserDetails userDetails = null;
if (header != null && header.startsWith("Bearer")) {
UserDetails user = userService.loadUserByUsername(username);
token = header.substring(7);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails user = userService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(user, null,
user.getAuthorities());
auth.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(auth);
}
filterChain.doFilter(request, response);
}
}
CONFIG FILE
public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
ApiAuthenticationEntryPoint entryPoint;
@Autowired
JwtAuthenticationFilter filter;
@Autowired
UserAuthService userDetails;
@Autowired
public void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetails).passwordEncoder(getPasswordEncoder());
}
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers("/api/public/**").permitAll()
.antMatchers("/api/auth/consumer/**").hasAnyAuthority("CONSUMER")
.antMatchers("/api/auth/seller/**").hasAnyAuthority("SELLER")
.anyRequest()
.authenticated();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.exceptionHandling().authenticationEntryPoint(entryPoint);
http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
JWT UTIL
public class JwtUtil {
@Autowired
UserAuthService userService;
public User getUser(String token) {
String username = extractUsername(token);
return userService.loadUserByUsername(username);
}
public String extractUsername(String token) {
return extractClaims(token).getSubject();
}
public Claims extractClaims(String token) {
return Jwts.parser()
.setSigningKey("secret")
.parseClaimsJws(token)
.getBody();
}
public String generateToken(String username) {
Map<String, Object> claims = new HashMap<>();
return Jwts.builder()
.setClaims(claims)
.setSubject(username)
.setExpiration(new Date(System.currentTimeMillis() + 60 * 60 * 1000 * 2))
.signWith(SignatureAlgorithm.HS256, "secret")
.compact();
}
public boolean validateToken(String token) {
User user = getUser(token);
return user.getUsername().equals(extractUsername(token)) && extractExpiration(token).after(new Date());
}
public Date extractExpiration(String token) {
return extractClaims(token).getExpiration();
}
}
