28. JWT Token Provider - Part 3 (#2)
This commit is contained in:
Art
@ -53,6 +53,13 @@
|
||||
<artifactId>lombok</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.apache.commons</groupId>
|
||||
<artifactId>commons-lang3</artifactId>
|
||||
<version>3.12.0</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
@ -68,6 +75,7 @@
|
||||
<groupId>com.github.javafaker</groupId>
|
||||
<artifactId>javafaker</artifactId>
|
||||
<version>1.0.2</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
@ -0,0 +1,25 @@
|
||||
package net.shyshkin.study.fullstack.supportportal.backend.config;
|
||||
|
||||
import com.auth0.jwt.JWT;
|
||||
import com.auth0.jwt.JWTVerifier;
|
||||
import com.auth0.jwt.algorithms.Algorithm;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import static net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants.GET_ARRAYS_LLC;
|
||||
|
||||
@Configuration
|
||||
public class JwtConfig {
|
||||
|
||||
@Bean
|
||||
public JWTVerifier jwtVerifier(@Value("${app.jwt.secret}") String secret) {
|
||||
|
||||
Algorithm algorithm = Algorithm.HMAC256(secret);
|
||||
return JWT.require(algorithm)
|
||||
.withIssuer(GET_ARRAYS_LLC)
|
||||
.build(); //Reusable verifier instance
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -4,11 +4,18 @@ import com.auth0.jwt.JWT;
|
||||
import com.auth0.jwt.JWTVerifier;
|
||||
import com.auth0.jwt.algorithms.Algorithm;
|
||||
import com.auth0.jwt.exceptions.JWTVerificationException;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import net.shyshkin.study.fullstack.supportportal.backend.domain.UserPrincipal;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.Arrays;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
@ -16,8 +23,12 @@ import java.util.stream.Collectors;
|
||||
|
||||
import static net.shyshkin.study.fullstack.supportportal.backend.constant.SecurityConstants.*;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class JwtTokenProvider {
|
||||
|
||||
private final JWTVerifier jwtVerifier;
|
||||
|
||||
@Value("${app.jwt.secret}")
|
||||
private String secret;
|
||||
|
||||
@ -40,10 +51,29 @@ public class JwtTokenProvider {
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
public Authentication getAuthentication(String username, List<GrantedAuthority> authorities, HttpServletRequest request) {
|
||||
var userPassAuthToken = new UsernamePasswordAuthenticationToken(username, null, authorities);
|
||||
userPassAuthToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
return userPassAuthToken;
|
||||
}
|
||||
|
||||
public boolean isTokenValid(String username, String token) {
|
||||
return StringUtils.isNotBlank(username) && !isTokenExpired(token);
|
||||
}
|
||||
|
||||
public String getSubject(String token) {
|
||||
return jwtVerifier.verify(token).getSubject();
|
||||
}
|
||||
|
||||
private boolean isTokenExpired(String token) {
|
||||
Date expirationDate = jwtVerifier.verify(token).getExpiresAt();
|
||||
return expirationDate.before(new Date());
|
||||
}
|
||||
|
||||
private String[] getClaimsFromToken(String token) {
|
||||
JWTVerifier verifier = getJwtVerifier();
|
||||
|
||||
try {
|
||||
return verifier.verify(token)
|
||||
return jwtVerifier.verify(token)
|
||||
.getClaim(AUTHORITIES)
|
||||
.asArray(String.class);
|
||||
} catch (JWTVerificationException exception) {
|
||||
@ -51,14 +81,6 @@ public class JwtTokenProvider {
|
||||
}
|
||||
}
|
||||
|
||||
private JWTVerifier getJwtVerifier() {
|
||||
|
||||
Algorithm algorithm = Algorithm.HMAC256(secret);
|
||||
return JWT.require(algorithm)
|
||||
.withIssuer(GET_ARRAYS_LLC)
|
||||
.build(); //Reusable verifier instance
|
||||
}
|
||||
|
||||
private String[] getClaimsFromUser(UserPrincipal userPrincipal) {
|
||||
return userPrincipal.getAuthorities()
|
||||
.stream()
|
||||
|
||||
Reference in New Issue
Block a user