refactoring

README.md

@@ -1 +1,5 @@
 # spring-boot-webflux-jjwt
+Example Spring Boot and WebFlux (Reactive Web) with Spring Security and JWT for token Authentication and Authorization
+
+### Documantation
+You can se my Medium story, [Authentication and Authorization Using JWT on Spring Webflux](https://medium.com/@ard333/29b81f813e78)

pom.xml

@@ -3,7 +3,7 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
-	<groupId>id.web.ard</groupId>
+	<groupId>com.ard333</groupId>
 	<artifactId>spring-boot-webflux-jjwt</artifactId>
 	<version>0.0.1-SNAPSHOT</version>
 	<packaging>jar</packaging>

src/main/java/com/ard333/springbootwebfluxjjwt/SpringBootWebfluxJjwtApplication.java

@@ -1,4 +1,4 @@
-package id.web.ard.springbootwebfluxjjwt;
+package com.ard333.springbootwebfluxjjwt;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;

src/main/java/com/ard333/springbootwebfluxjjwt/model/Message.java

@@ -1,8 +1,4 @@
-/*
+package com.ard333.springbootwebfluxjjwt.model;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.model;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
@@ -11,7 +7,7 @@ import lombok.ToString;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Data @NoArgsConstructor @AllArgsConstructor @ToString
 public class Message {

src/main/java/com/ard333/springbootwebfluxjjwt/model/User.java

@@ -1,26 +1,23 @@
-/*
+package com.ard333.springbootwebfluxjjwt.model;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.model;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import id.web.ard.springbootwebfluxjjwt.security.model.Role;
+import com.ard333.springbootwebfluxjjwt.security.model.Role;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
-
 import java.util.Collection;
 import java.util.List;
 import java.util.stream.Collectors;
 import lombok.AllArgsConstructor;
+import lombok.Getter;
 import lombok.NoArgsConstructor;
+import lombok.Setter;
 import lombok.ToString;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @ToString @AllArgsConstructor @NoArgsConstructor
 public class User implements UserDetails {
@@ -29,20 +26,21 @@ public class User implements UserDetails {
 	
 	private String password;
 	
+	@Getter @Setter
 	private Boolean enabled;
 	
+	@Getter @Setter
 	private List<Role> roles;
 	
-	public User(String username) {
-		this.username = username;
-	}
-	
 	@Override
 	public String getUsername() {
 		return username;
 	}
+	
+	public void setUsername(String username) {
+		this.username = username;
+	}
 
-	//==============================
 	@Override
 	public boolean isAccountNonExpired() {
 		return false;
@@ -63,15 +61,10 @@ public class User implements UserDetails {
 		return this.enabled;
 	}
 
-	public void setUsername(String username) {
-		this.username = username;
-	}
-
 	@Override
 	public Collection<? extends GrantedAuthority> getAuthorities() {
 		return this.roles.stream().map(authority -> new SimpleGrantedAuthority(authority.name())).collect(Collectors.toList());
 	}
-	//==============================
 
 	@JsonIgnore
 	@Override
@@ -84,20 +77,4 @@ public class User implements UserDetails {
 		this.password = password;
 	}
 
-	public Boolean getEnabled() {
-		return enabled;
-	}
-
-	public void setEnabled(Boolean enabled) {
-		this.enabled = enabled;
-	}
-
-	public List<Role> getRoles() {
-		return roles;
-	}
-
-	public void setRoles(List<Role> roles) {
-		this.roles = roles;
-	}
-
 }

src/main/java/com/ard333/springbootwebfluxjjwt/rest/AuthenticationREST.java

@@ -1,18 +1,13 @@
-/*
+package com.ard333.springbootwebfluxjjwt.rest;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.rest;
 
-import id.web.ard.springbootwebfluxjjwt.security.JWTUtil;
+import com.ard333.springbootwebfluxjjwt.security.JWTUtil;
-import id.web.ard.springbootwebfluxjjwt.security.PBKDF2Encoder;
+import com.ard333.springbootwebfluxjjwt.security.PBKDF2Encoder;
-import id.web.ard.springbootwebfluxjjwt.security.model.AuthRequest;
+import com.ard333.springbootwebfluxjjwt.security.model.AuthRequest;
-import id.web.ard.springbootwebfluxjjwt.security.model.AuthResponse;
+import com.ard333.springbootwebfluxjjwt.security.model.AuthResponse;
-import id.web.ard.springbootwebfluxjjwt.service.UserService;
+import com.ard333.springbootwebfluxjjwt.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -21,13 +16,13 @@ import reactor.core.publisher.Mono;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @RestController
 public class AuthenticationREST {
 
 	@Autowired
-	private JWTUtil jwtTokenUtil;
+	private JWTUtil jwtUtil;
 	
 	@Autowired
 	private PBKDF2Encoder passwordEncoder;
@@ -39,7 +34,7 @@ public class AuthenticationREST {
 	public Mono<ResponseEntity<AuthResponse>> auth(@RequestBody AuthRequest ar) {
 		return userRepository.findByUsername(ar.getUsername()).map((userDetails) -> {
 			if (passwordEncoder.encode(ar.getPassword()).equals(userDetails.getPassword())) {
-				return ResponseEntity.ok(new AuthResponse(jwtTokenUtil.generateToken(userDetails)));
+				return ResponseEntity.ok(new AuthResponse(jwtUtil.generateToken(userDetails)));
 			} else {
 				return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
 			}

src/main/java/com/ard333/springbootwebfluxjjwt/rest/ResourceREST.java

@@ -2,9 +2,9 @@
  * Ardiansyah | http://ard.web.id
  * 
  */
-package id.web.ard.springbootwebfluxjjwt.rest;
+package com.ard333.springbootwebfluxjjwt.rest;
 
-import id.web.ard.springbootwebfluxjjwt.model.Message;
+import com.ard333.springbootwebfluxjjwt.model.Message;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestMapping;

src/main/java/com/ard333/springbootwebfluxjjwt/security/AuthenticationManager.java

@@ -1,10 +1,6 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security;
 
-import id.web.ard.springbootwebfluxjjwt.security.model.Role;
+import com.ard333.springbootwebfluxjjwt.security.model.Role;
 import io.jsonwebtoken.Claims;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
@@ -16,11 +12,10 @@ import reactor.core.publisher.Mono;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
-import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Component
 public class AuthenticationManager implements ReactiveAuthenticationManager {
@@ -32,29 +27,25 @@ public class AuthenticationManager implements ReactiveAuthenticationManager {
 	public Mono<Authentication> authenticate(Authentication authentication) {
 		String authToken = authentication.getCredentials().toString();
 		
-		String username = null;
+		String username;
 		try {
 			username = jwtUtil.getUsernameFromToken(authToken);
 		} catch (Exception e) {
 			username = null;
 		}
-		if (username != null) {
+		if (username != null && jwtUtil.validateToken(authToken)) {
 			Claims claims = jwtUtil.getAllClaimsFromToken(authToken);
-			if (jwtUtil.validateToken(authToken)) {
+			List<String> rolesMap = claims.get("role", List.class);
-				List<String> rolesMap = claims.get("role", List.class);
+			List<Role> roles = new ArrayList<>();
-				List<Role> roles = new ArrayList<>();
+			for (String rolemap : rolesMap) {
-				for (String rolemap : rolesMap) {
+				roles.add(Role.valueOf(rolemap));
-					roles.add(Role.valueOf(rolemap));
-				}
-				UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
-					username,
-					null,
-					roles.stream().map(authority -> new SimpleGrantedAuthority(authority.name())).collect(Collectors.toList())
-				);
-				return Mono.just(auth);
-			} else {
-				return Mono.empty();
 			}
+			UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
+				username,
+				null,
+				roles.stream().map(authority -> new SimpleGrantedAuthority(authority.name())).collect(Collectors.toList())
+			);
+			return Mono.just(auth);
 		} else {
 			return Mono.empty();
 		}

src/main/java/com/ard333/springbootwebfluxjjwt/security/CORSFilter.java

@@ -1,8 +1,4 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.reactive.config.CorsRegistry;
@@ -11,7 +7,7 @@ import org.springframework.web.reactive.config.WebFluxConfigurer;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Configuration
 @EnableWebFlux

src/main/java/com/ard333/springbootwebfluxjjwt/security/JWTUtil.java

@@ -1,10 +1,6 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security;
 
-import id.web.ard.springbootwebfluxjjwt.model.User;
+import com.ard333.springbootwebfluxjjwt.model.User;
 import java.io.Serializable;
 import java.util.Date;
 import java.util.HashMap;
@@ -17,7 +13,7 @@ import org.springframework.stereotype.Component;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Component
 public class JWTUtil implements Serializable {

src/main/java/com/ard333/springbootwebfluxjjwt/security/PBKDF2Encoder.java

@@ -1,8 +1,4 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security;
 
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
@@ -15,7 +11,7 @@ import org.springframework.stereotype.Component;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Component
 public class PBKDF2Encoder implements PasswordEncoder{

src/main/java/com/ard333/springbootwebfluxjjwt/security/SecurityContextRepository.java

@@ -1,8 +1,4 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
@@ -18,7 +14,7 @@ import reactor.core.publisher.Mono;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Component
 public class SecurityContextRepository implements ServerSecurityContextRepository{

src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java

@@ -1,4 +1,4 @@
-package id.web.ard.springbootwebfluxjjwt.security;
+package com.ard333.springbootwebfluxjjwt.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -10,7 +10,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @EnableWebFluxSecurity
 @EnableReactiveMethodSecurity

src/main/java/com/ard333/springbootwebfluxjjwt/security/model/AuthRequest.java

@@ -1,8 +1,4 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security.model;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security.model;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
@@ -11,7 +7,7 @@ import lombok.ToString;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Data @NoArgsConstructor @AllArgsConstructor @ToString
 public class  AuthRequest {

src/main/java/com/ard333/springbootwebfluxjjwt/security/model/AuthResponse.java

@@ -1,8 +1,4 @@
-/*
+package com.ard333.springbootwebfluxjjwt.security.model;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security.model;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
@@ -11,7 +7,7 @@ import lombok.ToString;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Data @NoArgsConstructor @AllArgsConstructor @ToString
 public class AuthResponse {

src/main/java/com/ard333/springbootwebfluxjjwt/security/model/Role.java

@@ -0,0 +1,9 @@
+package com.ard333.springbootwebfluxjjwt.security.model;
+
+/**
+ *
+ * @author ard333
+ */
+public enum Role {
+	ROLE_USER, ROLE_ADMIN
+}

src/main/java/com/ard333/springbootwebfluxjjwt/service/UserService.java

@@ -1,11 +1,7 @@
-/*
+package com.ard333.springbootwebfluxjjwt.service;
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.service;
 
-import id.web.ard.springbootwebfluxjjwt.model.User;
+import com.ard333.springbootwebfluxjjwt.model.User;
-import id.web.ard.springbootwebfluxjjwt.security.model.Role;
+import com.ard333.springbootwebfluxjjwt.security.model.Role;
 import java.util.Arrays;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
@@ -13,7 +9,7 @@ import reactor.core.publisher.Mono;
 
 /**
  *
- * @author ardiansyah
+ * @author ard333
  */
 @Service
 public class UserService {
@@ -49,6 +45,4 @@ public class UserService {
 		}
 	}
 	
-	
-	
 }

src/main/java/id/web/ard/springbootwebfluxjjwt/security/UserDetailsServiceImpl.java

@@ -1,29 +0,0 @@
-/*
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security;
-
-import id.web.ard.springbootwebfluxjjwt.service.UserService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.stereotype.Service;
-import reactor.core.publisher.Mono;
-
-/**
- *
- * @author ardiansyah
- */
-@Service
-public class UserDetailsServiceImpl implements ReactiveUserDetailsService {
-	
-	@Autowired
-	private UserService userRepository;
-	
-	@Override
-	public Mono<UserDetails> findByUsername(String username) {
-		return userRepository.findUserDetailsByUsername(username);
-	}
-	
-}

src/main/java/id/web/ard/springbootwebfluxjjwt/security/model/Role.java

@@ -1,13 +0,0 @@
-/*
- * Ardiansyah | http://ard.web.id
- * 
- */
-package id.web.ard.springbootwebfluxjjwt.security.model;
-
-/**
- *
- * @author ardiansyah
- */
-public enum Role {
-	ROLE_USER, ROLE_ADMIN
-}