Jwt classes

Author: ranjani2412

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,32 @@
+package com.reflectoring.security.config;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType(APPLICATION_JSON_VALUE);
+        Exception exception = (Exception) request.getAttribute("exception");
+        String message;
+        if (exception != null) {
+
+        } else {
+            if (authException.getCause() != null) {
+                message = authException.getCause().toString();
+            } else {
+
+            }
+        }
+    }
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/JwtProperties.java

@@ -0,0 +1,16 @@
+package com.reflectoring.security.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@ConfigurationProperties(prefix = "jwt")
+@Configuration
+@Data
+public class JwtProperties {
+
+    private String secretKey;
+    private long validity;
+    private long refreshExpiry;
+
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/config/SecurityConfiguration.java

@@ -0,0 +1,4 @@
+package com.reflectoring.security.config;
+
+public class SecurityConfiguration {
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/filter/JwtFilter.java

@@ -1,6 +1,18 @@
 package com.reflectoring.security.filter;
 
+import com.reflectoring.security.jwt.JwtHelper;
+import com.reflectoring.security.service.AuthUserDetailsService;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.UnsupportedJwtException;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -9,6 +21,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Objects;
 
 
 @Component
@@ -17,9 +30,53 @@ public class JwtFilter extends OncePerRequestFilter {
 
     public static final String AUTHORIZATION = "Authorization";
 
+    private final AuthUserDetailsService userDetailsService;
+
+    private final JwtHelper jwtHelper;
+
+    public JwtFilter(AuthUserDetailsService userDetailsService, JwtHelper jwtHelper) {
+        this.userDetailsService = userDetailsService;
+        this.jwtHelper = jwtHelper;
+    }
+
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        try {
+            final String authorizationHeader = request.getHeader(AUTHORIZATION);
+            String jwt = null;
+            String username = null;
+            if (Objects.nonNull(authorizationHeader) && authorizationHeader.startsWith("Bearer ")) {
+                jwt = authorizationHeader.substring(7);
+                username = jwtHelper.extractUsername(jwt);
+            }
+
+            if (Objects.nonNull(username) && SecurityContextHolder.getContext().getAuthentication() == null) {
+                UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
+                boolean isTokenValidated = jwtHelper.validateToken(jwt, userDetails);
+                if (isTokenValidated) {
+                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+                            new UsernamePasswordAuthenticationToken(userDetails, null);
+                    usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+                }
+            }
+        } catch (ExpiredJwtException jwtException) {
+            Boolean isRefreshToken = Boolean.valueOf(request.getHeader("isRefreshToken"));
+            String requestUri = request.getRequestURI();
+            if (Objects.nonNull(isRefreshToken) && isRefreshToken && requestUri.contains("refresh")) {
+                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+                        new UsernamePasswordAuthenticationToken(null, null);
+                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+                request.setAttribute("claims", jwtException.getClaims());
+            } else {
+                request.setAttribute("exception", jwtException);
+            }
+        } catch (BadCredentialsException | UnsupportedJwtException | MalformedJwtException e) {
+            request.setAttribute("exception", e);
+        }
+
+        filterChain.doFilter(request, response);
 
     }
 }

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/jwt/JwtHelper.java

@@ -0,0 +1,88 @@
+package com.reflectoring.security.jwt;
+
+import com.reflectoring.security.config.JwtProperties;
+import io.jsonwebtoken.*;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.security.Key;
+import java.time.Instant;
+import java.util.*;
+import java.util.function.Function;
+
+@Component
+public class JwtHelper {
+
+    private final JwtProperties jwtProperties;
+
+
+    public JwtHelper(JwtProperties jwtProperties) {
+        this.jwtProperties = jwtProperties;
+    }
+
+    private Jws<Claims> extractClaims(String bearerToken) {
+        return Jwts.parserBuilder().setSigningKey(jwtProperties.getSecretKey())
+                .build().parseClaimsJws(bearerToken);
+    }
+
+    public <T> T extractClaimBody(String bearerToken, Function<Claims, T> claimsResolver) {
+        Jws<Claims> jwsClaims = extractClaims(bearerToken);
+        return claimsResolver.apply(jwsClaims.getBody());
+    }
+
+    public <T> T extractClaimHeader(String bearerToken, Function<JwsHeader, T> claimsResolver) {
+        Jws<Claims> jwsClaims = extractClaims(bearerToken);
+        return claimsResolver.apply(jwsClaims.getHeader());
+    }
+
+    public Date extractExpiry(String bearerToken) {
+        return extractClaimBody(bearerToken, Claims::getExpiration);
+    }
+
+    public String extractUsername(String bearerToken) {
+        return extractClaimBody(bearerToken, Claims::getSubject);
+    }
+
+    private Boolean isTokenExpired(String bearerToken) {
+        return extractExpiry(bearerToken).before(new Date());
+    }
+
+    public String createToken(Map<String, Object> claims, String subject) {
+        Date expiryDate = Date.from(Instant.ofEpochMilli(System.currentTimeMillis() + jwtProperties.getValidity()));
+        Key hmacKey = new SecretKeySpec(Base64.getDecoder().decode(jwtProperties.getSecretKey()),
+                SignatureAlgorithm.HS256.getJcaName());
+        return Jwts.builder()
+                .setClaims(claims)
+                .setSubject(subject)
+                .setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(expiryDate)
+                .signWith(hmacKey)
+                .compact();
+    }
+
+    public boolean validateToken(String token, UserDetails userDetails) {
+        final String userName = extractUsername(token);
+        return userName.equals(userDetails.getUsername()) && !isTokenExpired(token);
+    }
+
+    public String generateRefreshToken(String subject) {
+        Date expiryDate = Date.from(Instant.ofEpochMilli(System.currentTimeMillis() + jwtProperties.getRefreshExpiry()));
+        Key hmacKey = new SecretKeySpec(Base64.getDecoder().decode(jwtProperties.getSecretKey()),
+                SignatureAlgorithm.HS256.getJcaName());
+        return Jwts.builder()
+                .setClaims(Collections.EMPTY_MAP)
+                .setSubject(subject)
+                .setIssuedAt(new Date(System.currentTimeMillis()))
+                .setExpiration(expiryDate)
+                .signWith(hmacKey)
+                .compact();
+    }
+
+
+
+
+
+
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/model/TokenRequest.java

@@ -0,0 +1,15 @@
+package com.reflectoring.security.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+public class TokenRequest {
+    private String username;
+    private String password;
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/model/TokenResponse.java

@@ -0,0 +1,16 @@
+package com.reflectoring.security.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+public class TokenResponse {
+
+    private String token;
+
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/service/TokenService.java

@@ -0,0 +1,48 @@
+package com.reflectoring.security.service;
+
+import com.reflectoring.security.jwt.JwtHelper;
+import com.reflectoring.security.model.TokenRequest;
+import com.reflectoring.security.model.TokenResponse;
+import org.apache.catalina.User;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+
+@Service
+public class TokenService {
+
+    private final AuthenticationManager authenticationManager;
+
+    private final AuthUserDetailsService userDetailsService;
+
+    private final JwtHelper jwtHelper;
+
+    public TokenService(AuthenticationManager authenticationManager,
+                        AuthUserDetailsService userDetailsService,
+                        JwtHelper jwtHelper) {
+        this.authenticationManager = authenticationManager;
+        this.userDetailsService = userDetailsService;
+        this.jwtHelper = jwtHelper;
+    }
+
+
+    public TokenResponse generateToken(TokenRequest tokenRequest) {
+        this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(tokenRequest.getUsername(), tokenRequest.getPassword()));
+        final UserDetails userDetails = userDetailsService.loadUserByUsername(tokenRequest.getUsername());
+        String token = jwtHelper.createToken(Collections.emptyMap(), userDetails.getUsername());
+        return TokenResponse.builder()
+                .token(token)
+                .build();
+    }
+
+    public TokenResponse generateRefreshToken(String subject) {
+        String token = jwtHelper.generateRefreshToken(subject);
+        return TokenResponse.builder()
+                .token(token)
+                .build();
+    }
+}

spring-security-jwt/getting-started/SecureApplication/src/main/java/com/reflectoring/security/web/TokenController.java

@@ -0,0 +1,29 @@
+package com.reflectoring.security.web;
+
+import com.reflectoring.security.model.TokenRequest;
+import com.reflectoring.security.model.TokenResponse;
+import com.reflectoring.security.service.TokenService;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestAttribute;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class TokenController {
+
+    private final TokenService tokenService;
+
+    public TokenController(TokenService tokenService) {
+        this.tokenService = tokenService;
+    }
+
+    @PostMapping("/token/create")
+    public TokenResponse createToken(@RequestBody TokenRequest tokenRequest) {
+        return tokenService.generateToken(tokenRequest);
+    }
+
+    @PostMapping("/token/refresh")
+    public TokenResponse refreshToken(@RequestAttribute String claims) {
+        return tokenService.generateRefreshToken(claims);
+    }
+}

spring-security-jwt/getting-started/SecureApplication/src/main/resources/application.yml

@@ -12,6 +12,11 @@ spring:
     username: sa
     password:
 
+jwt:
+  secretKey: 5JzoMbk6E5qIqHSuBTgeQCARtUsxAkBiHwdjXOSW8kWdXzYmP3X51C0
+  validity: 600000
+  refreshExpiry: 600000
+
 
 logging:
   level: