update version and refactoring
This commit is contained in:
Ardiansyah
15
pom.xml
15
pom.xml
@@ -14,14 +14,14 @@
|
||||
<parent>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-parent</artifactId>
|
||||
<version>2.1.1.RELEASE</version>
|
||||
<version>2.2.6.RELEASE</version>
|
||||
<relativePath/> <!-- lookup parent from repository -->
|
||||
</parent>
|
||||
|
||||
<properties>
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||
<java.version>1.8</java.version>
|
||||
<java.version>11</java.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
@@ -40,22 +40,27 @@
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-api</artifactId>
|
||||
<version>0.10.5</version>
|
||||
<version>0.11.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-impl</artifactId>
|
||||
<version>0.10.5</version>
|
||||
<version>0.11.1</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-jackson</artifactId>
|
||||
<version>0.10.5</version>
|
||||
<version>0.11.1</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-devtools</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
|
||||
@@ -28,11 +28,11 @@ public class AuthenticationREST {
|
||||
private PBKDF2Encoder passwordEncoder;
|
||||
|
||||
@Autowired
|
||||
private UserService userRepository;
|
||||
private UserService userService;
|
||||
|
||||
@RequestMapping(value = "/login", method = RequestMethod.POST)
|
||||
public Mono<ResponseEntity<?>> login(@RequestBody AuthRequest ar) {
|
||||
return userRepository.findByUsername(ar.getUsername()).map((userDetails) -> {
|
||||
return userService.findByUsername(ar.getUsername()).map((userDetails) -> {
|
||||
if (passwordEncoder.encode(ar.getPassword()).equals(userDetails.getPassword())) {
|
||||
return ResponseEntity.ok(new AuthResponse(jwtUtil.generateToken(userDetails)));
|
||||
} else {
|
||||
|
||||
@@ -6,6 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.stereotype.Component;
|
||||
import reactor.core.publisher.Mono;
|
||||
@@ -28,26 +29,19 @@ public class AuthenticationManager implements ReactiveAuthenticationManager {
|
||||
public Mono<Authentication> authenticate(Authentication authentication) {
|
||||
String authToken = authentication.getCredentials().toString();
|
||||
|
||||
String username;
|
||||
try {
|
||||
username = jwtUtil.getUsernameFromToken(authToken);
|
||||
} catch (Exception e) {
|
||||
username = null;
|
||||
}
|
||||
if (username != null && jwtUtil.validateToken(authToken)) {
|
||||
String username = jwtUtil.getUsernameFromToken(authToken);
|
||||
if (!jwtUtil.validateToken(authToken)) {
|
||||
return Mono.empty();
|
||||
}
|
||||
Claims claims = jwtUtil.getAllClaimsFromToken(authToken);
|
||||
List<String> rolesMap = claims.get("role", List.class);
|
||||
List<Role> roles = new ArrayList<>();
|
||||
List<GrantedAuthority> authorities = new ArrayList<>();
|
||||
for (String rolemap : rolesMap) {
|
||||
roles.add(Role.valueOf(rolemap));
|
||||
authorities.add(new SimpleGrantedAuthority(rolemap));
|
||||
}
|
||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
|
||||
username,
|
||||
null,
|
||||
roles.stream().map(authority -> new SimpleGrantedAuthority(authority.name())).collect(Collectors.toList())
|
||||
);
|
||||
return Mono.just(auth);
|
||||
} else {
|
||||
return Mono.just(new UsernamePasswordAuthenticationToken(username, null, authorities));
|
||||
} catch (Exception e) {
|
||||
return Mono.empty();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,14 +1,17 @@
|
||||
package com.ard333.springbootwebfluxjjwt.security;
|
||||
|
||||
import com.ard333.springbootwebfluxjjwt.model.User;
|
||||
import java.io.Serializable;
|
||||
import java.util.Base64;
|
||||
import java.security.Key;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@@ -17,18 +20,23 @@ import org.springframework.stereotype.Component;
|
||||
* @author ard333
|
||||
*/
|
||||
@Component
|
||||
public class JWTUtil implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
public class JWTUtil {
|
||||
|
||||
@Value("${springbootwebfluxjjwt.jjwt.secret}")
|
||||
private String secret;
|
||||
|
||||
@Value("${springbootwebfluxjjwt.jjwt.expiration}")
|
||||
private String expirationTime;
|
||||
|
||||
|
||||
private Key key;
|
||||
|
||||
@PostConstruct
|
||||
public void init(){
|
||||
this.key = Keys.hmacShaKeyFor(secret.getBytes());
|
||||
}
|
||||
|
||||
public Claims getAllClaimsFromToken(String token) {
|
||||
return Jwts.parser().setSigningKey(Base64.getEncoder().encodeToString(secret.getBytes())).parseClaimsJws(token).getBody();
|
||||
return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
|
||||
}
|
||||
|
||||
public String getUsernameFromToken(String token) {
|
||||
@@ -55,12 +63,13 @@ public class JWTUtil implements Serializable {
|
||||
|
||||
final Date createdDate = new Date();
|
||||
final Date expirationDate = new Date(createdDate.getTime() + expirationTimeLong * 1000);
|
||||
|
||||
return Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.setSubject(username)
|
||||
.setIssuedAt(createdDate)
|
||||
.setExpiration(expirationDate)
|
||||
.signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString(secret.getBytes()))
|
||||
.signWith(key)
|
||||
.compact();
|
||||
}
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ public class PBKDF2Encoder implements PasswordEncoder{
|
||||
private Integer keylength;
|
||||
|
||||
/**
|
||||
* More info (https://www.owasp.org/index.php/Hashing_Java)
|
||||
* More info (https://www.owasp.org/index.php/Hashing_Java) 404 :(
|
||||
* @param cs password
|
||||
* @return encoded password
|
||||
*/
|
||||
|
||||
@@ -3,6 +3,11 @@ package com.ard333.springbootwebfluxjjwt.service;
|
||||
import com.ard333.springbootwebfluxjjwt.model.User;
|
||||
import com.ard333.springbootwebfluxjjwt.security.model.Role;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
|
||||
import org.springframework.stereotype.Service;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
@@ -14,20 +19,23 @@ import reactor.core.publisher.Mono;
|
||||
public class UserService {
|
||||
|
||||
// this is just an example, you can load the user from the database from the repository
|
||||
|
||||
private Map<String, User> data;
|
||||
|
||||
//username:passwowrd -> user:user
|
||||
private final String userUsername = "user";// password: user
|
||||
private final User user = new User(userUsername, "cBrlgyL2GI2GINuLUUwgojITuIufFycpLG4490dhGtY=", true, Arrays.asList(Role.ROLE_USER));
|
||||
|
||||
//username:passwowrd -> admin:admin
|
||||
private final String adminUsername = "admin";// password: admin
|
||||
private final User admin = new User(adminUsername, "dQNjUIMorJb8Ubj2+wVGYp6eAeYkdekqAcnYp+aRq5w=", true, Arrays.asList(Role.ROLE_ADMIN));
|
||||
@PostConstruct
|
||||
public void init(){
|
||||
data = new HashMap<>();
|
||||
|
||||
//username:passwowrd -> user:user
|
||||
data.put("user", new User("user", "cBrlgyL2GI2GINuLUUwgojITuIufFycpLG4490dhGtY=", true, Arrays.asList(Role.ROLE_USER)));
|
||||
|
||||
//username:passwowrd -> admin:admin
|
||||
data.put("admin", new User("admin", "dQNjUIMorJb8Ubj2+wVGYp6eAeYkdekqAcnYp+aRq5w=", true, Arrays.asList(Role.ROLE_ADMIN)));
|
||||
}
|
||||
|
||||
public Mono<User> findByUsername(String username) {
|
||||
if (username.equals(userUsername)) {
|
||||
return Mono.just(user);
|
||||
} else if (username.equals(adminUsername)) {
|
||||
return Mono.just(admin);
|
||||
if (data.containsKey(username)) {
|
||||
return Mono.just(data.get(username));
|
||||
} else {
|
||||
return Mono.empty();
|
||||
}
|
||||
|
||||
@@ -2,5 +2,5 @@ springbootwebfluxjjwt.password.encoder.secret=mysecret
|
||||
springbootwebfluxjjwt.password.encoder.iteration=33
|
||||
springbootwebfluxjjwt.password.encoder.keylength=256
|
||||
|
||||
springbootwebfluxjjwt.jjwt.secret=ThisIsSecretForJWTHS512SignatureAlgorithmThatMUSTHave512bitsKeySize
|
||||
springbootwebfluxjjwt.jjwt.secret=ThisIsSecretForJWTHS512SignatureAlgorithmThatMUSTHave64ByteLength
|
||||
springbootwebfluxjjwt.jjwt.expiration=28800
|
||||
Reference in New Issue
Block a user