finished base auth with spring jpa

2025-01-17 00:44:18 +01:00 · 2025-01-17 00:44:18 +01:00 · b3762373d4
commit b3762373d4
parent ed30a5f712
3 changed files with 72 additions and 19 deletions
--- a/src/main/java/de/w665/biblenotes/rest/mappings/TestMapping.java
+++ b/src/main/java/de/w665/biblenotes/rest/mappings/TestMapping.java
@ -0,0 +1,14 @@
+package de.w665.biblenotes.rest.mappings;
+
+import de.w665.biblenotes.rest.SecureApiRestController;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class TestMapping extends SecureApiRestController {
+
+    @GetMapping("/test")
+    public String test() {
+        return "Your authentication works!";
+    }
+}
--- a/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java
+++ b/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java
@ -8,7 +8,6 @@ import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.jetbrains.annotations.NotNull;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@ -35,33 +34,43 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {

        logger.debug("Filtering request: " + request.getRequestURI());

+        // Skip filter for all paths except the secure path
        if(!requestMatcher.matches(request)) {
            logger.debug("Request does not match the secure path. Skipping JWT authentication.");
            filterChain.doFilter(request, response);
            return;
        }

-        try {
-            String jwt = getJwtFromRequest(request);
-            if (jwt != null && authenticationService.validateToken(jwt)) {
-                String username = authenticationService.extractSubject(jwt);
-                // Extract the role from the JWT and set it to Spring AuthenticationContext for access control
-                String role = authenticationService.getClaimValue(jwt, "role", String.class);
-                List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role));
+        // Extract the JWT token from the request
+        String jwt = getJwtFromRequest(request);

-                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, null, authorities);
-                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-                SecurityContextHolder.getContext().setAuthentication(authentication);
-                // SUCCESSFUL AUTHENTICATION
-                filterChain.doFilter(request, response);
-            } else {
-                logger.warn("Unauthorized: Authentication token is missing or invalid.");
-            }
-        } catch (Exception ex) {
-            logger.warn("Could not set user authentication in security context. An error occurred during JWT processing.", ex);
+        if (jwt == null) { // Check if the JWT token is missing
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setContentType("application/json");
+            response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"JWT token is missing.\"}");
+            logger.warn("Unauthorized: JWT token is missing.");
+            return;
        }

-        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        if (!authenticationService.validateToken(jwt)) { // Validate the JWT token
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setContentType("application/json");
+            response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"JWT token is invalid.\"}");
+            logger.warn("Unauthorized: JWT token is invalid.");
+            return;
+        }
+
+        String username = authenticationService.extractSubject(jwt);
+        // Extract the role from the JWT and set it to Spring AuthenticationContext for access control
+        String role = authenticationService.getClaimValue(jwt, "role", String.class);
+        List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role));
+
+        JwtAuthenticationToken auth = new JwtAuthenticationToken(username, jwt, authorities);
+        auth.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        // SUCCESSFUL AUTHENTICATION
+        filterChain.doFilter(request, response);
    }

    private String getJwtFromRequest(HttpServletRequest request) {
--- a/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationToken.java
+++ b/src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationToken.java
@ -0,0 +1,30 @@
+package de.w665.biblenotes.rest.security;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+public class JwtAuthenticationToken extends AbstractAuthenticationToken {
+
+    private final String principal;
+    private final String token;
+
+    public JwtAuthenticationToken(String principal, String token, Collection<? extends GrantedAuthority> authorities) {
+        super(authorities);
+        this.principal = principal;
+        this.token = token;
+        super.setAuthenticated(true); // Set this to true only if authentication is verified
+    }
+
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return null;
+    }
+}