Max665/biblenotes-java
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Max665:sample-java-jwt-auth-app
Branches Tags
Max665:main Max665:sample-java-jwt-auth-app Max665:feature/authentication
..
compare: Max665:3641dbcdf979b94120bea1a809173baef3c35409
Branches Tags
Max665:main Max665:sample-java-jwt-auth-app Max665:feature/authentication

4 Commits
sample-jav ... 3641dbcdf9

Author SHA1 Message Date
Max W.
3641dbcdf9 Added basic JWT authentication 
working state
 2024-09-09 17:15:08 +02:00
Max W.
656e0c0e7a Update SecurityConfig.java 2024-09-09 00:37:06 +02:00
Max W.
2e0c93a400 Update SecurityConfig.java 2024-09-09 00:36:52 +02:00
Max W.
ba239764bf Refactored feature critical authentication classes 2024-09-09 00:22:46 +02:00
24 changed files with 377 additions and 388 deletions
Expand all files Collapse all files

4
build.gradle
View File

@ -1,6 +1,6 @@
plugins {
id 'java'
id 'org.springframework.boot' version '3.4.1'
id 'org.springframework.boot' version '3.3.3'
id 'io.spring.dependency-management' version '1.1.6'
}
@ -26,8 +26,6 @@ repositories {
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
runtimeOnly 'org.postgresql:postgresql'
compileOnly 'org.projectlombok:lombok'
developmentOnly 'org.springframework.boot:spring-boot-devtools'
annotationProcessor 'org.projectlombok:lombok'

21
db/docker-compose.yml
View File

@ -1,21 +0,0 @@
version: '3.8'
services:
cc-database:
image: postgres
restart: always
environment:
POSTGRES_USER: biblenotes
POSTGRES_PASSWORD: ujhfdogiuhfdgiusdfhoviufdnpviusdhdfiuqbfoiudzsfzidfugofduszbdv
POSTGRES_DB: biblenotes
volumes:
- ./sql-scripts:/docker-entrypoint-initdb.d
ports:
- "5432:5432"
adminer:
image: adminer
restart: always
environment:
ADMINER_DEFAULT_SERVER: biblenotes
ports:
- "8081:8081"

19
db/sql-scripts/init.sql
View File

@ -1,19 +0,0 @@
CREATE TABLE users
(
id SERIAL PRIMARY KEY,
username VARCHAR(255) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
email VARCHAR(255) UNIQUE NOT NULL,
role VARCHAR(255) NOT NULL,
created_at TIMESTAMP NOT NULL,
updated_at TIMESTAMP NOT NULL
);
CREATE TABLE user_logins
(
id SERIAL PRIMARY KEY,
user_id BIGINT NOT NULL,
login_time TIMESTAMP NOT NULL,
login_ip VARCHAR(255) NOT NULL,
FOREIGN KEY (user_id) REFERENCES users (id)
);

26
src/main/java/de/w665/biblenotes/config/SecurityConfig.java
View File

@ -6,14 +6,12 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableWebSecurity
@ -35,32 +33,20 @@ public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// TODO: Fix security config for this project (currently old state from sharepulse)
http
.csrf(csrf -> csrf
.ignoringRequestMatchers("/api/v1/**")
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())) // Disable CSRF for API routes
.csrf(csrf -> csrf.ignoringRequestMatchers("/api/v1/**")) // Disable CSRF for API routes
.sessionManagement(sessionManagement -> sessionManagement
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // No session will be created by Spring Security
)
.authorizeHttpRequests(authorize -> authorize
.requestMatchers("/api/v1/secure/**").authenticated() // Secure these endpoints
.requestMatchers("/api/v1/auth/login").permitAll() // Allow access to login endpoint
.requestMatchers("/api/v1/**").authenticated() // Secure all other /api/v1/** routes
.anyRequest().permitAll() // All other requests are allowed without authentication
)
.headers(headers -> headers
.frameOptions(HeadersConfigurer.FrameOptionsConfig::deny) // Prevent clickjacking
//.contentSecurityPolicy(Customizer.withDefaults()) // Blocks loading of resources from other domains
.xssProtection(Customizer.withDefaults())
)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Apply JWT filter
.logout(LogoutConfigurer::permitAll);
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) // Ensure JWT filter is applied after login is allowed
.logout(LogoutConfigurer::permitAll)
.rememberMe(Customizer.withDefaults());
return http.build();
}
/**
* Thoughts:
* - Instead of disabling the contentSecurityPolicy we should simply provide our own libraries so that no external cdns are needed
*/
}

45
src/main/java/de/w665/biblenotes/db/DatabaseInitService.java
View File

@ -1,45 +0,0 @@
package de.w665.biblenotes.db;
import de.w665.biblenotes.db.entity.Role;
import de.w665.biblenotes.db.entity.User;
import de.w665.biblenotes.db.repo.UserRepository;
import jakarta.annotation.PostConstruct;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.time.LocalDateTime;
@Service
@Slf4j
public class DatabaseInitService {
@Value("${database.init.create-default-admin-user}")
private boolean createAdminUser;
private final UserRepository userRepository;
public DatabaseInitService(UserRepository userRepository) {
this.userRepository = userRepository;
}
@PostConstruct
public void init() {
if(createAdminUser && userRepository.count() == 0) {
createDefaultAdminUser();
}
}
private void createDefaultAdminUser() {
log.debug("Inserting admin user...");
User user = new User();
user.setUsername("admin");
user.setPassword("$2a$10$y5u4UL6JwacDrMzXEJqqQO.1Cf3xoZTRhUTab4We/zxnWneI5jTf2");
user.setEmail("admin@example.com");
user.setRole(Role.ADMINISTRATOR);
user.setCreatedAt(LocalDateTime.now());
user.setUpdatedAt(LocalDateTime.now());
userRepository.save(user);
log.debug("Admin user insertion done.");
}
}

18
src/main/java/de/w665/biblenotes/db/RethinkDBConfig.java Normal file
View File

@ -0,0 +1,18 @@
package de.w665.biblenotes.db;
import lombok.Getter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
@Getter
@Configuration
public class RethinkDBConfig {
@Value("${rethinkdb.host}")
private String host;
@Value("${rethinkdb.port}")
private int port;
@Value("${rethinkdb.database}")
private String database;
}

27
src/main/java/de/w665/biblenotes/db/RethinkDBConnector.java Normal file
View File

@ -0,0 +1,27 @@
package de.w665.biblenotes.db;
import com.rethinkdb.RethinkDB;
import com.rethinkdb.net.Connection;
import jakarta.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
@Slf4j
@Component
@RequiredArgsConstructor
public class RethinkDBConnector {
private final RethinkDBConfig config;
@Getter
private final RethinkDB r = RethinkDB.r;
@Getter
private Connection connection;
@PostConstruct
public void connectToDatabae() {
connection = r.connection().hostname(config.getHost()).port(config.getPort()).connect();
log.info("Connected to RethinkDB at " + config.getHost() + ":" + config.getPort() + " on database " + config.getDatabase());
}
}

115
src/main/java/de/w665/biblenotes/db/RethinkDBService.java Normal file
View File

@ -0,0 +1,115 @@
package de.w665.biblenotes.db;
import com.rethinkdb.RethinkDB;
import com.rethinkdb.gen.exc.ReqlOpFailedError;
import com.rethinkdb.net.Connection;
import de.w665.biblenotes.db.repo.UserRepository;
import de.w665.biblenotes.model.User;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import java.util.Optional;
@Slf4j
@Service
public class RethinkDBService {
private final RethinkDBConfig config;
private final RethinkDB r;
private final Connection connection;
private final UserRepository userRepository;
@Value("${biblenotes.auto-reset-on-startup}")
private boolean autoResetOnStartup;
@Value("${biblenotes.management.user.username}")
private String defaultUsername;
@Value("${biblenotes.management.user.password}")
private String defaultPassword;
private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
@Autowired
public RethinkDBService(RethinkDBConfig config, RethinkDBConnector connector, UserRepository userRepository) {
this.config = config;
// mapping to private vars for easier access
this.r = connector.getR();
this.connection = connector.getConnection();
this.userRepository = userRepository;
}
@PostConstruct
public void initialize() {
// rethinkdb check if database exists
try {
r.dbCreate(config.getDatabase()).run(connection).stream();
log.debug("Database " + config.getDatabase() + " created");
} catch (ReqlOpFailedError e) {
log.debug("Database " + config.getDatabase() + " already exists. Error: " + e.getClass().getSimpleName());
}
// rethinkdb check if table users exists
try {
r.db(config.getDatabase()).tableCreate("users").run(connection).stream();
log.debug("Table 'users' created successfully.");
} catch (ReqlOpFailedError e) {
log.debug("Table 'users' already exists.");
if(autoResetOnStartup) {
log.debug("Clearing content...");
r.db(config.getDatabase()).table("users").delete().run(connection);
log.debug("Table 'users' cleared successfully.");
}
}
// rethinkdb check if table user_logins exists
try {
r.db(config.getDatabase()).tableCreate("user_logins").run(connection).stream();
log.debug("Table 'user_logins' created successfully.");
} catch (ReqlOpFailedError e) {
log.debug("Table 'user_logins' already exists.");
if(autoResetOnStartup) {
log.debug("Clearing content...");
r.db(config.getDatabase()).table("user_logins").delete().run(connection);
log.debug("Table 'user_logins' cleared successfully.");
}
} finally {
try {
r.db(config.getDatabase()).table("user_logins").indexCreate("loginTime").run(connection);
log.debug("Secondary index 'loginTime' on table 'user_logins' successfully created.");
} catch (ReqlOpFailedError e) {
log.debug("Secondary index 'loginTime' already exists.");
} finally {
r.db(config.getDatabase()).table("user_logins").indexWait("loginTime").run(connection);
}
}
initializeAdminUser();
log.info("Database ready for operation!");
}
private void initializeAdminUser() {
Optional<User> adminUser = userRepository.retrieveUserByUsername("admin");
if(adminUser.isEmpty()) {
User user = new User();
user.setUsername(defaultUsername);
user.setPassword(passwordEncoder.encode(defaultPassword));
user.setRole("ADMIN");
userRepository.insertUser(user);
log.debug("Admin user created with default credentials. Username: admin, Password: admin");
}
}
@PreDestroy
public void close() {
if (connection != null) {
connection.close();
}
}
}

6
src/main/java/de/w665/biblenotes/db/entity/Role.java
View File

@ -1,6 +0,0 @@
package de.w665.biblenotes.db.entity;
public enum Role {
ADMINISTRATOR,
USER
}

37
src/main/java/de/w665/biblenotes/db/entity/User.java
View File

@ -1,37 +0,0 @@
package de.w665.biblenotes.db.entity;
import jakarta.persistence.*;
import lombok.*;
import java.time.LocalDateTime;
@Entity
@Table(name = "users")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@ToString
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false, unique = true)
private String username;
@Column(nullable = false)
private String password;
@Column(nullable = false, unique = true)
private String email;
@Enumerated(EnumType.STRING)
@Column(nullable = false)
private Role role;
@Column(nullable = false)
private LocalDateTime createdAt;
@Column(nullable = false)
private LocalDateTime updatedAt;
}

28
src/main/java/de/w665/biblenotes/db/entity/UserLogin.java
View File

@ -1,28 +0,0 @@
package de.w665.biblenotes.db.entity;
import jakarta.persistence.*;
import lombok.*;
import java.time.LocalDateTime;
import java.util.Date;
@Entity
@Table(name = "user_logins")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class UserLogin {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(nullable = false)
private Long userId;
@Column(nullable = false)
private LocalDateTime loginTime;
@Column(nullable = false)
private String loginIp;
}

65
src/main/java/de/w665/biblenotes/db/repo/UserLoginRepository.java
View File

@ -1,10 +1,67 @@
package de.w665.biblenotes.db.repo;
import de.w665.biblenotes.db.entity.UserLogin;
import org.springframework.data.jpa.repository.JpaRepository;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.Gson;
import com.rethinkdb.RethinkDB;
import com.rethinkdb.net.Connection;
import com.rethinkdb.net.Result;
import de.w665.biblenotes.db.RethinkDBConfig;
import de.w665.biblenotes.db.RethinkDBConnector;
import de.w665.biblenotes.model.UserLogin;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;
import java.util.List;
public interface UserLoginRepository extends JpaRepository<UserLogin, Long> {
List<UserLogin> findByUserIdOrderByLoginTimeDesc(Long userId);
@Slf4j
@Repository
public class UserLoginRepository {
private final RethinkDB r;
private final Connection connection;
private final RethinkDBConfig config;
private final String TABLE_NAME = "user_logins";
private final Gson gson = new Gson();
private final ObjectMapper mapper = new ObjectMapper();
@Autowired
public UserLoginRepository(RethinkDBConnector connector, RethinkDBConfig config) {
this.r = connector.getR();
this.connection = connector.getConnection();
this.config = config;
}
public void insertUserLogin(UserLogin userLogin) {
String uuid = r.uuid().run(connection, String.class).first();
userLogin.setId(uuid);
r.db(config.getDatabase()).table(TABLE_NAME).insert(userLogin).run(connection);
}
public UserLogin getLastLogin(String userId) {
// Get the second most recent login (the most recent is the current one)
Result<UserLogin> result = r.db(config.getDatabase()).table(TABLE_NAME)
.orderBy().optArg("index", r.desc("loginTime"))
.filter(r.hashMap("userId", userId))
.skip(1).limit(1)
.run(connection, UserLogin.class);
// Return the second most recent login if exists
return result.hasNext() ? result.next() : null;
}
public List<UserLogin> getUserLogins(String userId) {
Result<UserLogin> result = r.db(config.getDatabase()).table(TABLE_NAME)
.orderBy().optArg("index", r.desc("loginTime"))
.filter(r.hashMap("userId", userId))
.run(connection, UserLogin.class);
return result.toList();
}
public void deleteAllUserLogins(String userId) {
r.db(config.getDatabase()).table(TABLE_NAME)
.filter(r.hashMap("userId", userId))
.delete()
.run(connection);
}
}

63
src/main/java/de/w665/biblenotes/db/repo/UserRepository.java
View File

@ -1,20 +1,55 @@
package de.w665.biblenotes.db.repo;
import de.w665.biblenotes.db.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.transaction.annotation.Transactional;
import com.rethinkdb.RethinkDB;
import com.rethinkdb.net.Connection;
import de.w665.biblenotes.db.RethinkDBConfig;
import de.w665.biblenotes.db.RethinkDBConnector;
import de.w665.biblenotes.model.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;
import java.util.*;
import java.time.LocalDateTime;
import java.util.Optional;
@Repository
public class UserRepository {
private final RethinkDB r;
private final Connection connection;
private final RethinkDBConfig config;
@Autowired
public UserRepository(RethinkDBConnector connector, RethinkDBConfig config) {
this.r = connector.getR();
this.connection = connector.getConnection();
this.config = config;
}
public interface UserRepository extends JpaRepository<User, Long> {
Optional<User> findByUsername(String username);
public Optional<User> retrieveUserByUsername(String username) {
try {
User user = r.db(config.getDatabase()).table("users")
.filter(r.hashMap("username", username))
.run(connection, User.class)
.next();
return Optional.ofNullable(user);
} catch (NoSuchElementException e) {
return Optional.empty();
}
}
@Modifying
@Transactional
@Query("UPDATE User u SET u.updatedAt = :lastLogin WHERE u.username = :username")
void updateLastLoginForUser(@Param("username") String username, @Param("lastLogin") LocalDateTime lastLogin);
public void updateLastLoginForUser(String username, Date lastLogin) {
r.db(config.getDatabase()).table("users")
.filter(r.hashMap("username", username))
.update(r.hashMap("lastLogin", lastLogin.getTime()))
.run(connection);
}
public void updateUser(User user) {
r.db(config.getDatabase()).table("users")
.filter(r.hashMap("id", user.getId()))
.update(user)
.run(connection);
}
public void insertUser(User user) {
String optionalUuid = r.uuid().run(connection, String.class).first();
user.setId(optionalUuid);
r.db(config.getDatabase()).table("users").insert(user).run(connection);
}
}

16
src/main/java/de/w665/biblenotes/model/User.java Normal file
View File

@ -0,0 +1,16 @@
package de.w665.biblenotes.model;
import lombok.*;
@Getter
@Setter
@ToString
@NoArgsConstructor
@AllArgsConstructor
public class User {
private String id; // ID is auto mapped by RethinkDB
private String username;
private String password;
private String email;
private String role;
}

21
src/main/java/de/w665/biblenotes/model/UserLogin.java Normal file
View File

@ -0,0 +1,21 @@
package de.w665.biblenotes.model;
import com.fasterxml.jackson.annotation.JsonFormat;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.Date;
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class UserLogin {
String id;
String userId;
@JsonFormat(timezone = "ETC")
Date loginTime;
String loginIp;
}

5
src/main/java/de/w665/biblenotes/rest/SecureApiRestController.java → src/main/java/de/w665/biblenotes/rest/ApiRestController.java
View File

@ -4,6 +4,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/api/v1/secure")
public abstract class SecureApiRestController {
@RequestMapping("/api/v1")
public abstract class ApiRestController {
}

15
src/main/java/de/w665/biblenotes/rest/AuthenticationController.java → src/main/java/de/w665/biblenotes/rest/mappings/AuthenticationController.java
View File

@ -1,4 +1,4 @@
package de.w665.biblenotes.rest;
package de.w665.biblenotes.rest.mappings;
import de.w665.biblenotes.rest.ro.AuthenticationRequest;
import de.w665.biblenotes.service.AuthenticationService;
@ -18,6 +18,7 @@ import java.util.Map;
@RestController
@RequestMapping("/api/v1/auth")
public class AuthenticationController {
private final AuthenticationService authenticationService;
public AuthenticationController(AuthenticationService authenticationService) {
@ -30,15 +31,9 @@ public class AuthenticationController {
String token = authenticationService.authenticate(authenticationRequest.getUsername(), authenticationRequest.getPassword(), request.getRemoteAddr());
Map<String, Object> response = new HashMap<>();
if(token == null) {
log.debug("Authentication failed for username: " + authenticationRequest.getUsername());
response.put("error", "Authentication failed. Username or password incorrect.");
return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED);
}
response.put("token", token);
response.put("success", token != null);
if(token == null) {
log.debug("Authentication failed for username: " + authenticationRequest.getUsername());
return new ResponseEntity<>(response, HttpStatus.UNAUTHORIZED);
@ -46,4 +41,4 @@ public class AuthenticationController {
return new ResponseEntity<>(response, HttpStatus.OK);
}
}
}

6
src/main/java/de/w665/biblenotes/rest/mappings/TestMapping.java → src/main/java/de/w665/biblenotes/rest/mappings/TestController.java
View File

@ -1,14 +1,14 @@
package de.w665.biblenotes.rest.mappings;
import de.w665.biblenotes.rest.SecureApiRestController;
import de.w665.biblenotes.rest.ApiRestController;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class TestMapping extends SecureApiRestController {
public class TestController extends ApiRestController {
@GetMapping("/test")
public String test() {
return "Your authentication works!";
return "Test";
}
}

1
src/main/java/de/w665/biblenotes/rest/ro/AuthenticationRequest.java
View File

@ -13,3 +13,4 @@ public class AuthenticationRequest {
private String username;
private String password;
}

55
src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationFilter.java
View File

@ -8,6 +8,7 @@ import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
@ -27,50 +28,46 @@ import java.util.List;
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final AuthenticationService authenticationService;
private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/api/v1/secure/**");
private final RequestMatcher requestMatcher = new AntPathRequestMatcher("/api/v1/**"); // The filter will verify authentication for all requests starting with /api/v1/
@Override
protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException {
logger.debug("Filtering request: " + request.getRequestURI());
// Skip filter for all paths except the secure path
if ("/api/v1/auth/login".equals(request.getRequestURI())) {
logger.debug("Login request detected. Skipping JWT authentication.");
filterChain.doFilter(request, response);
return;
}
if(!requestMatcher.matches(request)) {
logger.debug("Request does not match the secure path. Skipping JWT authentication.");
filterChain.doFilter(request, response);
return;
}
// Extract the JWT token from the request
String jwt = getJwtFromRequest(request);
try {
String jwt = getJwtFromRequest(request);
if (jwt != null && authenticationService.validateToken(jwt)) {
String username = authenticationService.extractSubject(jwt);
// Extract the role from the JWT and set it to Spring AuthenticationContext for access control
String role = authenticationService.getClaimValue(jwt, "role", String.class);
List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role));
if (jwt == null) { // Check if the JWT token is missing
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"JWT token is missing.\"}");
logger.warn("Unauthorized: JWT token is missing.");
return;
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(username, null, authorities);
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
// SUCCESSFUL AUTHENTICATION
filterChain.doFilter(request, response);
} else {
logger.warn("Unauthorized: Authentication token is missing or invalid.");
}
} catch (Exception ex) {
logger.warn("Could not set user authentication in security context. An error occurred during JWT processing.", ex);
}
if (!authenticationService.validateToken(jwt)) { // Validate the JWT token
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.getWriter().write("{\"error\": \"Unauthorized\", \"message\": \"JWT token is invalid.\"}");
logger.warn("Unauthorized: JWT token is invalid.");
return;
}
String username = authenticationService.extractSubject(jwt);
// Extract the role from the JWT and set it to Spring AuthenticationContext for access control
String role = authenticationService.getClaimValue(jwt, "role", String.class);
List<GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_" + role));
JwtAuthenticationToken auth = new JwtAuthenticationToken(username, jwt, authorities);
auth.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(auth);
// SUCCESSFUL AUTHENTICATION
filterChain.doFilter(request, response);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
private String getJwtFromRequest(HttpServletRequest request) {

30
src/main/java/de/w665/biblenotes/rest/security/JwtAuthenticationToken.java
View File

@ -1,30 +0,0 @@
package de.w665.biblenotes.rest.security;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import java.util.Collection;
public class JwtAuthenticationToken extends AbstractAuthenticationToken {
private final String principal;
private final String token;
public JwtAuthenticationToken(String principal, String token, Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.token = token;
super.setAuthenticated(true); // Set this to true only if authentication is verified
}
@Override
public Object getCredentials() {
return null;
}
@Override
public Object getPrincipal() {
return null;
}
}

29
src/main/java/de/w665/biblenotes/service/AuthenticationService.java
View File

@ -2,8 +2,8 @@ package de.w665.biblenotes.service;
import de.w665.biblenotes.db.repo.UserLoginRepository;
import de.w665.biblenotes.db.repo.UserRepository;
import de.w665.biblenotes.db.entity.User;
import de.w665.biblenotes.db.entity.UserLogin;
import de.w665.biblenotes.model.User;
import de.w665.biblenotes.model.UserLogin;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.Jwts;
@ -15,7 +15,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;
import javax.crypto.SecretKey;
import java.time.LocalDateTime;
import java.util.Base64;
import java.util.Date;
import java.util.Optional;
@ -26,9 +25,9 @@ public class AuthenticationService {
private final UserRepository userRepository;
private final UserLoginRepository userLoginRepository;
@Value("${secureapi.jwt.secret}")
@Value("${jwt.secret}")
private String secretString;
@Value("${secureapi.jwt.expiration}")
@Value("${jwt.expiration}")
private long expirationTime; // in milliseconds
private SecretKey secretKey;
@ -50,33 +49,27 @@ public class AuthenticationService {
if(expirationTime.length > 0) {
this.expirationTime = expirationTime[0];
}
log.debug("Authenticating user: {}", username);
Optional<User> optionalUser = userRepository.findByUsername(username);
Optional<User> optionalUser = userRepository.retrieveUserByUsername(username);
if (optionalUser.isPresent() && passwordEncoder.matches(password, optionalUser.get().getPassword())) {
User user = optionalUser.get();
UserLogin userLogin = new UserLogin();
userLogin.setUserId(user.getId());
userLogin.setLoginTime(LocalDateTime.now());
userLogin.setLoginIp(remoteAddr);
userLoginRepository.save(userLogin);
userRepository.updateLastLoginForUser(user.getUsername(), LocalDateTime.now());
userLoginRepository.insertUserLogin(new UserLogin(""/*Auto generated*/, user.getId(), new Date(), remoteAddr));
userRepository.updateLastLoginForUser(user.getUsername(), new Date());
return generateToken(user);
}
return null;
}
private String generateToken(User user) {
private String generateToken(User username) {
long nowMillis = System.currentTimeMillis();
Date now = new Date(nowMillis);
Date expiryDate = new Date(nowMillis + expirationTime);
return Jwts.builder()
.subject("SharePulse Authentication Token")
.subject("Biblenotes Authentication Token")
.issuedAt(now)
.claim("role", user.getRole())
.claim("username", user.getUsername())
.claim("role", username.getRole())
.claim("username", username.getUsername())
.expiration(expiryDate)
.signWith(secretKey)
.compact();

27
src/main/resources/application.properties
View File

@ -1,18 +1,19 @@
spring.application.name=biblenotes
server.port=665
database.init.create-default-admin-user=true
biblenotes.auto-reset-on-startup=false
biblenotes.management.user.username=admin
biblenotes.management.user.password=admin
secureapi.jwt.secret=someSecretChangeMeInProduction
secureapi.jwt.expiration=86400000
spring.datasource.url=jdbc:postgresql://localhost:5432/biblenotes
spring.datasource.username=biblenotes
spring.datasource.password=ujhfdogiuhfdgiusdfhoviufdnpviusdhdfiuqbfoiudzsfzidfugofduszbdv
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.database=postgresql
# Database
rethinkdb.host=localhost
rethinkdb.port=28015
rethinkdb.database=biblenotes
# Logging
logging.level.de.w665.biblenotes=DEBUG
# Static path
spring.web.resources.static-locations=classpath:/static/
spring.web.resources.static-locations=classpath:/static/browser/
server.port=80
spring.application.name=biblenotes
jwt.secret=sampleKeyToChangeInProduction
jwt.expiration=3600000

86
src/main/resources/static/index.html
View File

@ -1,86 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport"
content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Log in</title>
<!-- Bootstrap CSS -->
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- jQuery -->
<script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
</head>
<body>
<div class="container d-flex justify-content-center align-items-center min-vh-100">
<div class="card shadow p-4" style="width: 100%; max-width: 400px;">
<h3 class="text-center mb-4">Log In</h3>
<form id="loginForm">
<div class="mb-3">
<label for="username" class="form-label">Username</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<div class="d-flex justify-content-center">
<button type="submit" class="btn btn-primary w-100">Log In</button>
</div>
</form>
<div class="mt-3 text-center" id="loader" style="display: none;">
<div class="spinner-border" role="status">
<span class="visually-hidden">Loading...</span>
</div>
</div>
<div class="mt-3 text-center" id="response" style="display: none;"></div>
</div>
</div>
<script>
$(document).ready(function () {
$('#loginForm').on('submit', function (event) {
event.preventDefault();
// Hide previous messages and show loader
$('#response').hide().empty();
$('#loader').show();
// Get form data
const username = $('#username').val();
const password = $('#password').val();
// Send POST request
$.ajax({
url: 'http://localhost:665/api/v1/auth/login',
method: 'POST',
contentType: 'application/json',
data: JSON.stringify({ username, password }),
success: function (response) {
// Hide loader and display token
$('#loader').hide();
$('#response').html(`<div class="alert alert-success">Token: ${response.token}</div>`).show();
},
error: function () {
// Hide loader and show error message
$('#loader').hide();
$('#response').html('<div class="alert alert-danger">Failed to log in. Please try again.</div>').show();
}
});
});
// Allow pressing Enter to submit the form
$('#loginForm').on('keypress', function (event) {
if (event.key === 'Enter') {
event.preventDefault();
$('#loginForm').submit();
}
});
});
</script>
<!-- Bootstrap Bundle with Popper -->
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>