Home Esplora Aiuto
Accedi
pk-3
/
PlantsForYou-Technologie-Handlu-Elektronicznego
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Add custom authentication and authorization filters

Blazej 4 anni fa
parent
a60992d7a7
commit
ad5425c240
2 ha cambiato i file con 134 aggiunte e 0 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 66 0
      src/main/java/com/example/plantsforyou/filter/CustomAuthenticationFilter.java
  2. 68 0
      src/main/java/com/example/plantsforyou/filter/CustomAuthorizationFilter.java

+ 66 - 0
src/main/java/com/example/plantsforyou/filter/CustomAuthenticationFilter.java
Vedi File 

@@ -0,0 +1,66 @@
 
+package com.example.plantsforyou.filter;
 
+
 
+import com.auth0.jwt.JWT;
 
+import com.auth0.jwt.algorithms.Algorithm;
 
+import com.example.plantsforyou.appuser.AppUser;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 
+import lombok.extern.slf4j.Slf4j;
 
+import org.springframework.security.authentication.AuthenticationManager;
 
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import org.springframework.security.core.Authentication;
 
+import org.springframework.security.core.AuthenticationException;
 
+import org.springframework.security.core.GrantedAuthority;
 
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
+
 
+import javax.servlet.FilterChain;
 
+import javax.servlet.ServletException;
 
+import javax.servlet.http.HttpServletRequest;
 
+import javax.servlet.http.HttpServletResponse;
 
+import java.io.IOException;
 
+import java.util.Date;
 
+import java.util.HashMap;
 
+import java.util.Map;
 
+import java.util.stream.Collectors;
 
+
 
+import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
+
 
+@Slf4j
 
+public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
 
+    private final AuthenticationManager authenticationManager;
 
+
 
+    public CustomAuthenticationFilter(AuthenticationManager authenticationManager){
 
+        this.authenticationManager = authenticationManager;
 
+    }
 
+
 
+    @Override
 
+    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
 
+        String email = request.getParameter("username");
 
+        String password = request.getParameter("password");
 
+        log.info("Email is: {}", email);
 
+        log.info("Password is: {}", password);
 
+        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(email, password);
 
+        return authenticationManager.authenticate(authenticationToken);
 
+    }
 
+
 
+    @Override
 
+    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication) throws IOException{
 
+        AppUser user = (AppUser) authentication.getPrincipal();
 
+        Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());
 
+        String access_token = JWT.create()
 
+                .withSubject(user.getEmail())
 
+                .withExpiresAt(new Date(System.currentTimeMillis() + 10 * 60 * 1000)) //10 min
 
+                .withIssuer(request.getRequestURL().toString())
 
+                .withClaim("roles", user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
 
+                .sign(algorithm);
 
+        String refresh_token = JWT.create()
 
+                .withSubject(user.getEmail())
 
+                .withExpiresAt(new Date(System.currentTimeMillis() + 7 * 1440 * 60 * 1000)) //7 days
 
+                .withIssuer(request.getRequestURL().toString())
 
+                .sign(algorithm);
 
+        Map<String, String> tokens = new HashMap<>();
 
+        tokens.put("access_token", access_token);
 
+        tokens.put("refresh_token", refresh_token);
 
+        response.setContentType(APPLICATION_JSON_VALUE);
 
+        new ObjectMapper().writeValue(response.getOutputStream(), tokens);
 
+    }
 
+}

+ 68 - 0
src/main/java/com/example/plantsforyou/filter/CustomAuthorizationFilter.java
Vedi File 

@@ -0,0 +1,68 @@
 
+package com.example.plantsforyou.filter;
 
+
 
+import com.auth0.jwt.JWT;
 
+import com.auth0.jwt.JWTVerifier;
 
+import com.auth0.jwt.algorithms.Algorithm;
 
+import com.auth0.jwt.interfaces.DecodedJWT;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 
+import lombok.extern.slf4j.Slf4j;
 
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
+import org.springframework.security.core.context.SecurityContextHolder;
 
+import org.springframework.web.filter.OncePerRequestFilter;
 
+
 
+import javax.servlet.FilterChain;
 
+import javax.servlet.ServletException;
 
+import javax.servlet.http.HttpServletRequest;
 
+import javax.servlet.http.HttpServletResponse;
 
+import java.io.IOException;
 
+import java.util.ArrayList;
 
+import java.util.Collection;
 
+import java.util.HashMap;
 
+import java.util.Map;
 
+
 
+import static java.util.Arrays.stream;
 
+import static org.springframework.http.HttpHeaders.AUTHORIZATION;
 
+import static org.springframework.http.HttpStatus.FORBIDDEN;
 
+import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
+
 
+@Slf4j
 
+public class CustomAuthorizationFilter extends OncePerRequestFilter {
 
+    @Override
 
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
 
+        if(request.getServletPath().equals("/login") || request.getServletPath().equals("/api/v1/register") || request.getServletPath().equals("/api/v*/users/token/refresh/**")){
 
+            filterChain.doFilter(request,response);
 
+        }
 
+        else{
 
+            String authorizationHeader = request.getHeader(AUTHORIZATION);
 
+            if(authorizationHeader != null && authorizationHeader.startsWith("Bearer ")){
 
+                try{
 
+                    String token = authorizationHeader.substring("Bearer ".length());
 
+                    Algorithm algorithm = Algorithm.HMAC256("secret".getBytes());
 
+                    JWTVerifier verifier = JWT.require(algorithm).build();
 
+                    DecodedJWT decodedJWT = verifier.verify(token);
 
+                    String username = decodedJWT.getSubject();
 
+                    String[] roles = decodedJWT.getClaim("roles").asArray(String.class);
 
+                    Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
 
+                    stream(roles).forEach(role -> authorities.add(new SimpleGrantedAuthority(role)));
 
+                    UsernamePasswordAuthenticationToken authenticationToken =
 
+                            new UsernamePasswordAuthenticationToken(username, null, authorities);
 
+                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
 
+                    filterChain.doFilter(request, response);
 
+                }catch (Exception exception){
 
+                    log.error("Error logging in: {}", exception.getMessage());
 
+                    response.setHeader("Error", exception.getMessage());
 
+                    response.setStatus(FORBIDDEN.value());
 
+//                    response.sendError(FORBIDDEN.value());
 
+                    Map<String, String> error = new HashMap<>();
 
+                    error.put("error_message", exception.getMessage());
 
+                    response.setContentType(APPLICATION_JSON_VALUE);
 
+                    new ObjectMapper().writeValue(response.getOutputStream(), error);
 
+                }
 
+            }
 
+            else{
 
+                filterChain.doFilter(request,response);
 
+            }
 
+        }
 
+    }
 
+}