Compare commits
11 Commits
dimas_rate
...
security_b
| Author | SHA1 | Date | |
|---|---|---|---|
|
a84c498073 | ||
|
|
aaf67ab09b | ||
|
|
0fcacc3e88 | ||
|
|
5a8a8f1197 | ||
|
|
71448a6c21 | ||
|
|
fddd02b9ce | ||
|
|
3bf3f92551 | ||
|
|
fa99d42bee | ||
|
|
c45cd0549f | ||
|
|
07c9ed63ee | ||
|
|
d03e256425 |
@@ -1,10 +1,12 @@
|
||||
package com.faf223.expensetrackerfaf.config;
|
||||
|
||||
import com.faf223.expensetrackerfaf.repository.CredentialRepository;
|
||||
import com.faf223.expensetrackerfaf.repository.UserRepository;
|
||||
import com.faf223.expensetrackerfaf.security.PersonDetails;
|
||||
import com.faf223.expensetrackerfaf.service.CredentialService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Primary;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
@@ -18,11 +20,11 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
@RequiredArgsConstructor
|
||||
public class ApplicationConfig {
|
||||
|
||||
private final CredentialService credentialService;
|
||||
private final CredentialRepository credentialRepository;
|
||||
|
||||
@Bean
|
||||
public UserDetailsService userDetailsService() {
|
||||
return username -> new PersonDetails(credentialService.findByEmail(username).orElseThrow((() -> new UsernameNotFoundException("User not found"))));
|
||||
return username -> new PersonDetails(credentialRepository.findByEmail(username).orElseThrow(() -> new UsernameNotFoundException("User not found")));
|
||||
}
|
||||
|
||||
@Bean
|
||||
@@ -42,4 +44,10 @@ public class ApplicationConfig {
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
@Bean
|
||||
@Primary
|
||||
public JwtAuthenticationFilter customJwtAuthenticationFilter(JwtService jwtService, UserDetailsService userDetailsService) {
|
||||
return new JwtAuthenticationFilter(jwtService, userDetailsService);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -62,10 +62,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
response.setContentType("application/json");
|
||||
|
||||
ErrorResponse errorResponse = new ErrorResponse("Your session has expired. Refresh your token.");
|
||||
ObjectMapper objectMapper = new ObjectMapper(); // You may need to import ObjectMapper
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
|
||||
|
||||
|
||||
response.getWriter().flush();
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.io.Decoders;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.stereotype.Service;
|
||||
@@ -16,6 +17,7 @@ import java.util.Map;
|
||||
import java.util.function.Function;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class JwtService {
|
||||
|
||||
@Value("${application.security.jwt.secret-key}")
|
||||
@@ -25,6 +27,7 @@ public class JwtService {
|
||||
@Value("${application.security.jwt.refresh-token.expiration}")
|
||||
private long refreshExpiration;
|
||||
|
||||
|
||||
public String extractUsername(String token) {
|
||||
return extractClaim(token, Claims::getSubject);
|
||||
}
|
||||
|
||||
@@ -1,31 +1,43 @@
|
||||
package com.faf223.expensetrackerfaf.config;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import com.faf223.expensetrackerfaf.controller.auth.JwtAuthenticationSuccessHandler;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.CorsConfigurationSource;
|
||||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@RequiredArgsConstructor
|
||||
@EnableMethodSecurity
|
||||
public class SecurityConfiguration {
|
||||
|
||||
private final JwtAuthenticationFilter jwtAuthFilter;
|
||||
private final AuthenticationProvider authenticationProvider;
|
||||
private final ClientRegistrationRepository clientRegistrationRepository;
|
||||
|
||||
public SecurityConfiguration(JwtAuthenticationFilter jwtAuthFilter,
|
||||
AuthenticationProvider authenticationProvider,
|
||||
ClientRegistrationRepository clientRegistrationRepository) {
|
||||
this.jwtAuthFilter = jwtAuthFilter;
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
this.clientRegistrationRepository = clientRegistrationRepository;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
@@ -33,15 +45,18 @@ public class SecurityConfiguration {
|
||||
.cors(Customizer.withDefaults())
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/api/v1/auth/**").permitAll()
|
||||
.requestMatchers("/api/v1/auth/*").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||
.authenticationProvider(authenticationProvider)
|
||||
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); // will be executed before UsernamePasswordAuthenticationFilter
|
||||
.oauth2Login(withDefaults());
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public JwtAuthenticationSuccessHandler jwtAuthenticationSuccessHandler() {
|
||||
return new JwtAuthenticationSuccessHandler();
|
||||
}
|
||||
@Bean
|
||||
public CorsConfigurationSource corsConfigurationSource() {
|
||||
CorsConfiguration configuration = new CorsConfiguration();
|
||||
@@ -54,4 +69,8 @@ public class SecurityConfiguration {
|
||||
return source;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationEntryPoint authenticationEntryPoint() {
|
||||
return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,16 +14,19 @@ public class AuthenticationController {
|
||||
|
||||
@PostMapping("/register")
|
||||
public ResponseEntity<AuthenticationResponse> register(@RequestBody RegisterRequest request) {
|
||||
System.out.println("register");
|
||||
return ResponseEntity.ok(service.register(request));
|
||||
}
|
||||
|
||||
@PostMapping("/authenticate")
|
||||
public ResponseEntity<AuthenticationResponse> authenticate(@RequestBody AuthenticationRequest request) {
|
||||
System.out.println("Refresh token!========================");
|
||||
return ResponseEntity.ok(service.authenticate(request));
|
||||
}
|
||||
|
||||
@PostMapping("/refreshtoken")
|
||||
public ResponseEntity<AuthenticationResponse> refreshAccessToken(@RequestBody TokenRefreshRequest request) {
|
||||
System.out.println("Refresh token!========================");
|
||||
return ResponseEntity.ok(service.refreshAccessToken(request));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
package com.faf223.expensetrackerfaf.controller.auth;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
public class JwtAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
|
||||
|
||||
@Override
|
||||
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
|
||||
|
||||
super.onAuthenticationSuccess(request, response, authentication);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
package com.faf223.expensetrackerfaf.controller.auth;
|
||||
|
||||
import com.faf223.expensetrackerfaf.service.AuthenticationService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
@RequiredArgsConstructor
|
||||
public class OAuth2SuccessController {
|
||||
|
||||
private final AuthenticationService jwtService;
|
||||
|
||||
@GetMapping()
|
||||
public AuthenticationResponse getUser(@AuthenticationPrincipal OAuth2User oAuth2User) {
|
||||
|
||||
AuthenticationResponse response = jwtService.register(oAuth2User);
|
||||
System.out.println("Response: " + response);
|
||||
|
||||
return response;
|
||||
}
|
||||
}
|
||||
@@ -34,8 +34,6 @@ public class User {
|
||||
private String username;
|
||||
|
||||
@Transient
|
||||
@NotNull(message = "Password must not be null")
|
||||
@NotEmpty(message = "Password must not be empty")
|
||||
private String password;
|
||||
|
||||
@OneToMany(mappedBy = "user", fetch = FetchType.LAZY)
|
||||
|
||||
@@ -17,6 +17,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Optional;
|
||||
@@ -30,6 +31,7 @@ public class AuthenticationService {
|
||||
private final PasswordEncoder passwordEncoder;
|
||||
private final JwtService jwtService;
|
||||
private final AuthenticationManager authenticationManager;
|
||||
private final PasswordGenerator passwordGenerator;
|
||||
|
||||
public AuthenticationResponse register(RegisterRequest request) {
|
||||
|
||||
@@ -47,12 +49,63 @@ public class AuthenticationService {
|
||||
String jwtToken = jwtService.generateToken(userDetails);
|
||||
String refreshToken = jwtService.generateRefreshToken(userDetails);
|
||||
|
||||
System.out.println(user);
|
||||
return AuthenticationResponse.builder()
|
||||
.accessToken(jwtToken)
|
||||
.refreshToken(refreshToken)
|
||||
.build();
|
||||
}
|
||||
|
||||
public AuthenticationResponse register(OAuth2User oAuth2User) {
|
||||
String userEmail = oAuth2User.getAttribute("email");
|
||||
|
||||
// Check if the user is already registered
|
||||
Optional<Credential> existingCredential = credentialRepository.findByEmail(userEmail);
|
||||
if (existingCredential.isPresent()) {
|
||||
UserDetails userDetails = new PersonDetails(existingCredential.get());
|
||||
String jwtToken = jwtService.generateToken(userDetails);
|
||||
String refreshToken = jwtService.generateRefreshToken(userDetails);
|
||||
|
||||
return AuthenticationResponse.builder()
|
||||
.accessToken(jwtToken)
|
||||
.refreshToken(refreshToken)
|
||||
.build();
|
||||
}
|
||||
|
||||
|
||||
String givenName = oAuth2User.getAttribute("given_name");
|
||||
String familyName = oAuth2User.getAttribute("family_name");
|
||||
String email = oAuth2User.getAttribute("email");
|
||||
|
||||
User user = User.builder()
|
||||
.firstName(givenName)
|
||||
.lastName(familyName)
|
||||
.username(email)
|
||||
.build();
|
||||
|
||||
String randomPassword = passwordGenerator.generateRandomPassword(8);
|
||||
|
||||
user.setPassword(passwordEncoder.encode(randomPassword));
|
||||
|
||||
userRepository.save(user);
|
||||
Credential credential = new Credential(user, email, passwordEncoder.encode(randomPassword));
|
||||
credentialRepository.save(credential);
|
||||
|
||||
UserDetails userDetails = new PersonDetails(credential);
|
||||
String jwtToken = jwtService.generateToken(userDetails);
|
||||
String refreshToken = jwtService.generateRefreshToken(userDetails);
|
||||
|
||||
System.out.println("New user: " + user);
|
||||
System.out.println("New credentials: " + credential);
|
||||
|
||||
return AuthenticationResponse.builder()
|
||||
.accessToken(jwtToken)
|
||||
.refreshToken(refreshToken)
|
||||
.build();
|
||||
}
|
||||
|
||||
|
||||
|
||||
public AuthenticationResponse authenticate(AuthenticationRequest request) {
|
||||
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(request.getEmail(), request.getPassword()));
|
||||
|
||||
@@ -61,6 +114,7 @@ public class AuthenticationService {
|
||||
UserDetails userDetails = new PersonDetails(credential);
|
||||
String jwtToken = jwtService.generateToken(userDetails);
|
||||
String refreshToken = jwtService.generateRefreshToken(userDetails);
|
||||
System.out.println(jwtToken);
|
||||
return AuthenticationResponse.builder()
|
||||
.accessToken(jwtToken)
|
||||
.refreshToken(refreshToken)
|
||||
@@ -75,6 +129,7 @@ public class AuthenticationService {
|
||||
UserDetails userDetails = new PersonDetails(credential.get());
|
||||
|
||||
String jwtToken = jwtService.generateToken(userDetails);
|
||||
System.out.println(jwtToken);
|
||||
return AuthenticationResponse.builder()
|
||||
.accessToken(jwtToken)
|
||||
.refreshToken(refreshToken)
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
package com.faf223.expensetrackerfaf.service;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Base64;
|
||||
|
||||
@Service
|
||||
public class PasswordGenerator {
|
||||
|
||||
private final SecureRandom secureRandom = new SecureRandom();
|
||||
|
||||
public String generateRandomPassword(int length) {
|
||||
byte[] randomBytes = new byte[length];
|
||||
secureRandom.nextBytes(randomBytes);
|
||||
return Base64.getUrlEncoder().withoutPadding().encodeToString(randomBytes);
|
||||
}
|
||||
}
|
||||
@@ -17,14 +17,13 @@ public class TransactionFilter {
|
||||
private final CredentialService credentialService;
|
||||
|
||||
public List<? extends IMoneyTransaction> filterByEmail(List<? extends IMoneyTransaction> transactions, String email) {
|
||||
return transactions
|
||||
.stream()
|
||||
.filter(transaction -> {
|
||||
Optional<Credential> credential = credentialService.findByEmail(email);
|
||||
if(credential.isEmpty())
|
||||
throw new UserNotFoundException("The user has not been found");
|
||||
return credential.get().getUser().equals(transaction.getUser());
|
||||
})
|
||||
|
||||
return transactions
|
||||
.stream()
|
||||
.filter(transaction -> credential.get().getUser().equals(transaction.getUser()))
|
||||
.toList();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user