Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fd45729

Browse files
committed
Spring jwt demo completed
1 parent 615a8cb commit fd45729

8 files changed

Lines changed: 255 additions & 15 deletions

File tree

SpringJWT/SpringSecurityJWT/pom.xml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,15 @@
2525
<groupId>org.springframework.boot</groupId>
2626
<artifactId>spring-boot-starter-web</artifactId>
2727
</dependency>
28-
28+
<dependency>
29+
<groupId>io.jsonwebtoken</groupId>
30+
<artifactId>jjwt</artifactId>
31+
<version>0.9.1</version>
32+
</dependency>
33+
<dependency>
34+
<groupId>javax.xml.bind</groupId>
35+
<artifactId>jaxb-api</artifactId>
36+
</dependency>
2937
<dependency>
3038
<groupId>org.springframework.boot</groupId>
3139
<artifactId>spring-boot-devtools</artifactId>

SpringJWT/SpringSecurityJWT/src/main/java/com/rohith/springsecurity/SecurityConfigurer.java

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,27 +2,50 @@
22

33
import org.springframework.beans.factory.annotation.Autowired;
44
import org.springframework.context.annotation.Bean;
5+
import org.springframework.security.authentication.AuthenticationManager;
56
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
7+
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
68
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
79
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
10+
import org.springframework.security.config.http.SessionCreationPolicy;
811
import org.springframework.security.core.userdetails.UserDetailsService;
912
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
1013
import org.springframework.security.crypto.password.PasswordEncoder;
14+
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
1115

16+
import com.rohith.springsecurity.filters.JwtRequestFilter;
1217
import com.rohith.springsecurity.services.MyUserDetailsService;
1318

1419
@EnableWebSecurity
1520
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
1621
@Autowired
1722
private MyUserDetailsService myUserDetailsService;
1823

24+
@Autowired
25+
private JwtRequestFilter jwtRequestFilter;
26+
1927
@Override
2028
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
2129
auth.userDetailsService(myUserDetailsService);
2230
}
23-
31+
2432
@Bean
2533
public PasswordEncoder passwordEncoder() {
2634
return NoOpPasswordEncoder.getInstance();
2735
}
36+
37+
@Override
38+
protected void configure(HttpSecurity http) throws Exception {
39+
// allow /authenticate end point access without authentication
40+
http.csrf().disable().authorizeRequests().antMatchers("/authenticate").permitAll().anyRequest().authenticated()
41+
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
42+
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
43+
}
44+
45+
@Override
46+
@Bean
47+
public AuthenticationManager authenticationManagerBean() throws Exception {
48+
return super.authenticationManagerBean();
49+
}
50+
2851
}
Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
package com.rohith.springsecurity;
2+
3+
import org.springframework.beans.factory.annotation.Autowired;
4+
import org.springframework.http.ResponseEntity;
5+
import org.springframework.security.authentication.AuthenticationManager;
6+
import org.springframework.security.authentication.BadCredentialsException;
7+
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
8+
import org.springframework.security.core.userdetails.UserDetails;
9+
import org.springframework.web.bind.annotation.GetMapping;
10+
import org.springframework.web.bind.annotation.PostMapping;
11+
import org.springframework.web.bind.annotation.RequestBody;
12+
import org.springframework.web.bind.annotation.RestController;
13+
14+
import com.rohith.springsecurity.models.AuthenticationRequest;
15+
import com.rohith.springsecurity.models.AuthenticationResponse;
16+
import com.rohith.springsecurity.services.MyUserDetailsService;
17+
import com.rohith.springsecurity.util.JwtUtil;
18+
19+
@RestController
20+
public class WelcomeEndPoint {
21+
22+
@Autowired
23+
private AuthenticationManager authenticationManager;
24+
25+
@Autowired
26+
private MyUserDetailsService userDetailsService;
27+
28+
@Autowired
29+
private JwtUtil jwtTokenUtil;
30+
31+
@GetMapping("/hello")
32+
public String hello() {
33+
return "Welcome";
34+
}
35+
36+
@PostMapping("/authenticate")
37+
public ResponseEntity<?> createAuthenticationToken(@RequestBody AuthenticationRequest authenticationRequest)
38+
throws Exception {
39+
try {
40+
// takes request and do authentication
41+
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
42+
authenticationRequest.getUsername(), authenticationRequest.getPassword()));
43+
} catch (BadCredentialsException e) {
44+
// if any auth is wrong
45+
throw new Exception("Incorrect username or password", e);
46+
}
47+
// load the username
48+
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
49+
// generate the jwt token
50+
final String jwt = jwtTokenUtil.generateToken(userDetails);
51+
return ResponseEntity.ok(new AuthenticationResponse(jwt));
52+
}
53+
54+
}

SpringJWT/SpringSecurityJWT/src/main/java/com/rohith/springsecurity/controller/WelcomeEndPoint.java

Lines changed: 0 additions & 13 deletions
This file was deleted.
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
package com.rohith.springsecurity.filters;
2+
3+
import java.io.IOException;
4+
5+
import javax.servlet.FilterChain;
6+
import javax.servlet.ServletException;
7+
import javax.servlet.http.HttpServletRequest;
8+
import javax.servlet.http.HttpServletResponse;
9+
10+
import org.springframework.beans.factory.annotation.Autowired;
11+
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
12+
import org.springframework.security.core.context.SecurityContextHolder;
13+
import org.springframework.security.core.userdetails.UserDetails;
14+
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
15+
import org.springframework.stereotype.Component;
16+
import org.springframework.web.filter.OncePerRequestFilter;
17+
18+
import com.rohith.springsecurity.services.MyUserDetailsService;
19+
import com.rohith.springsecurity.util.JwtUtil;
20+
21+
/**
22+
* Filter based on proper authentication
23+
*
24+
* @author rohithvazhathody
25+
*
26+
*/
27+
28+
@Component
29+
public class JwtRequestFilter extends OncePerRequestFilter {
30+
31+
@Autowired
32+
private MyUserDetailsService userDetailsService;
33+
34+
@Autowired
35+
private JwtUtil jwtUtil;
36+
37+
@Override
38+
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
39+
throws ServletException, IOException {
40+
final String authorizationHeader = request.getHeader("Authorization");
41+
String username = null;
42+
String jwt = null;
43+
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
44+
jwt = authorizationHeader.substring(7); // skips the bearer
45+
username = jwtUtil.extractUsername(jwt);
46+
}
47+
// there is no user already authenticated
48+
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
49+
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
50+
if (jwtUtil.validateToken(jwt, userDetails)) {
51+
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
52+
userDetails, null, userDetails.getAuthorities());
53+
usernamePasswordAuthenticationToken
54+
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
55+
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
56+
}
57+
}
58+
chain.doFilter(request, response);
59+
}
60+
61+
}
Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
package com.rohith.springsecurity.models;
2+
3+
public class AuthenticationRequest {
4+
private String username;
5+
private String password;
6+
7+
public AuthenticationRequest() {
8+
}
9+
10+
public AuthenticationRequest(String username, String password) {
11+
this.username = username;
12+
this.password = password;
13+
}
14+
15+
public String getUsername() {
16+
return username;
17+
}
18+
19+
public void setUsername(String username) {
20+
this.username = username;
21+
}
22+
23+
public String getPassword() {
24+
return password;
25+
}
26+
27+
public void setPassword(String password) {
28+
this.password = password;
29+
}
30+
31+
}
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
package com.rohith.springsecurity.models;
2+
3+
public class AuthenticationResponse {
4+
private String jwt;
5+
6+
public AuthenticationResponse() {
7+
}
8+
9+
public AuthenticationResponse(String jwt) {
10+
this.jwt = jwt;
11+
}
12+
13+
public String getJwt() {
14+
return jwt;
15+
}
16+
17+
public void setJwt(String jwt) {
18+
this.jwt = jwt;
19+
}
20+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
package com.rohith.springsecurity.util;
2+
3+
import io.jsonwebtoken.Claims;
4+
import io.jsonwebtoken.Jwts;
5+
import io.jsonwebtoken.SignatureAlgorithm;
6+
import org.springframework.security.core.userdetails.UserDetails;
7+
import org.springframework.stereotype.Service;
8+
9+
import java.util.Date;
10+
import java.util.HashMap;
11+
import java.util.Map;
12+
import java.util.function.Function;
13+
14+
@Service
15+
public class JwtUtil {
16+
17+
private String SECRET_KEY = "secret";
18+
19+
public String extractUsername(String token) {
20+
return extractClaim(token, Claims::getSubject);
21+
}
22+
23+
public Date extractExpiration(String token) {
24+
return extractClaim(token, Claims::getExpiration);
25+
}
26+
27+
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
28+
final Claims claims = extractAllClaims(token);
29+
return claimsResolver.apply(claims);
30+
}
31+
32+
private Claims extractAllClaims(String token) {
33+
return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
34+
}
35+
36+
private Boolean isTokenExpired(String token) {
37+
return extractExpiration(token).before(new Date());
38+
}
39+
40+
public String generateToken(UserDetails userDetails) {
41+
Map<String, Object> claims = new HashMap<>();
42+
return createToken(claims, userDetails.getUsername());
43+
}
44+
45+
private String createToken(Map<String, Object> claims, String subject) {
46+
47+
return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
48+
.setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
49+
.signWith(SignatureAlgorithm.HS256, SECRET_KEY).compact();
50+
}
51+
52+
public Boolean validateToken(String token, UserDetails userDetails) {
53+
final String username = extractUsername(token);
54+
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
55+
}
56+
}

0 commit comments

Comments
 (0)