You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This project covers the basic SpringBoot appliaction having the below files:
Added a spring security feature to protect user from csrf and enable login and logout by default
Self configure login and logout
Created a User Entity which implements UserDetails(spring security) to grand authority, getPassword and username.
Created a repo parallel to it to store or fetch data from db (UserRepository).
Created a UserService to load User By UserName else throws an runtime exception(ResourceNotFoundException).
Created a FilterChain in WebSecureConfig to implements all the lists of filters in ongoing current request.
Used request Machers for endpoints for -public routings like (/posts. /public/**) we are permitting them all.
Autheniticated other requests than above mention public routes.
Used formLogin() that loads the FormLoginConfigure class that loads login page to authenticate based on username and password.
We have use csrf protection and for now we have remove session based authentification and made the session STATELESS.
All the above feature added in class WebSecureConfig.
Define the jwt secret key in application.properties and used it in JwtService class as a Secret Key (cryptographic key used for symmetric encryption algorithms (e.g., AES, DES, HMAC) ) which is further build in token generation where it is used for signing for token creation.
Created a signUp flow in the user service where we are encripting the password using the passwordEncoder which we have created the bean in WebSecureConfig and whatever password is there we are saving it in db is in encripted.
For the login flow we have created LoginDto for username and password, and inside a controller returning a token ResponseEntity.ok(token).
For authenticating the user we are using AuthenticationManager as a bean first inside WebSecureConfig and use the AuthenticationManager in the service(UserService).
Basically AuthenticationManager is an inferace and we are using UsernamePasswordAuthenticationToken class for authenticating.
We have created a cookie too inside our login controller.
We have created a JwtAuthFiler and inside we have SecurityContextHolder which hold the context after login which is basically our customise Security filter chain.
And we have use the JwtAuthFilter inside our default filter inside our WebSecureConfig by adding addFilterBefore.
To handle handleAuthenticationException we have declare it in GlobalExceptionHandler
Instead of one token now we are using two token -> AccessToken and RefreshToken.
So earlier inside JwtService we have only one method generateToken() but now we have two method one to generateAccessToken and other generateRefreshToken(but with less data compared to AccessToken).
And now after loging we get two token (access+refresh).
And inside AuthService we have added one more service for refreshing the token refreshToken() which is used by AuthController for POST endpoint(/refresh).
Created a LoginResponseDto having values id, refreshToken and accesstoken.
Deployed the db in RDS.
We have deployed our application under Elastic bean stalk and created a mapping for health check. Which is basically the deafault path of elasticbeanstalk.
