update version and refactoring
This commit is contained in:
Ardiansyah
15
pom.xml
15
pom.xml
@@ -14,14 +14,14 @@
|
|||||||
<parent>
|
<parent>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-parent</artifactId>
|
<artifactId>spring-boot-starter-parent</artifactId>
|
||||||
<version>2.1.1.RELEASE</version>
|
<version>2.2.6.RELEASE</version>
|
||||||
<relativePath/> <!-- lookup parent from repository -->
|
<relativePath/> <!-- lookup parent from repository -->
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||||
<java.version>1.8</java.version>
|
<java.version>11</java.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
@@ -40,22 +40,27 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>io.jsonwebtoken</groupId>
|
<groupId>io.jsonwebtoken</groupId>
|
||||||
<artifactId>jjwt-api</artifactId>
|
<artifactId>jjwt-api</artifactId>
|
||||||
<version>0.10.5</version>
|
<version>0.11.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>io.jsonwebtoken</groupId>
|
<groupId>io.jsonwebtoken</groupId>
|
||||||
<artifactId>jjwt-impl</artifactId>
|
<artifactId>jjwt-impl</artifactId>
|
||||||
<version>0.10.5</version>
|
<version>0.11.1</version>
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>io.jsonwebtoken</groupId>
|
<groupId>io.jsonwebtoken</groupId>
|
||||||
<artifactId>jjwt-jackson</artifactId>
|
<artifactId>jjwt-jackson</artifactId>
|
||||||
<version>0.10.5</version>
|
<version>0.11.1</version>
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-devtools</artifactId>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-test</artifactId>
|
<artifactId>spring-boot-starter-test</artifactId>
|
||||||
|
|||||||
@@ -28,11 +28,11 @@ public class AuthenticationREST {
|
|||||||
private PBKDF2Encoder passwordEncoder;
|
private PBKDF2Encoder passwordEncoder;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserService userRepository;
|
private UserService userService;
|
||||||
|
|
||||||
@RequestMapping(value = "/login", method = RequestMethod.POST)
|
@RequestMapping(value = "/login", method = RequestMethod.POST)
|
||||||
public Mono<ResponseEntity<?>> login(@RequestBody AuthRequest ar) {
|
public Mono<ResponseEntity<?>> login(@RequestBody AuthRequest ar) {
|
||||||
return userRepository.findByUsername(ar.getUsername()).map((userDetails) -> {
|
return userService.findByUsername(ar.getUsername()).map((userDetails) -> {
|
||||||
if (passwordEncoder.encode(ar.getPassword()).equals(userDetails.getPassword())) {
|
if (passwordEncoder.encode(ar.getPassword()).equals(userDetails.getPassword())) {
|
||||||
return ResponseEntity.ok(new AuthResponse(jwtUtil.generateToken(userDetails)));
|
return ResponseEntity.ok(new AuthResponse(jwtUtil.generateToken(userDetails)));
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
import reactor.core.publisher.Mono;
|
import reactor.core.publisher.Mono;
|
||||||
@@ -28,26 +29,19 @@ public class AuthenticationManager implements ReactiveAuthenticationManager {
|
|||||||
public Mono<Authentication> authenticate(Authentication authentication) {
|
public Mono<Authentication> authenticate(Authentication authentication) {
|
||||||
String authToken = authentication.getCredentials().toString();
|
String authToken = authentication.getCredentials().toString();
|
||||||
|
|
||||||
String username;
|
|
||||||
try {
|
try {
|
||||||
username = jwtUtil.getUsernameFromToken(authToken);
|
String username = jwtUtil.getUsernameFromToken(authToken);
|
||||||
} catch (Exception e) {
|
if (!jwtUtil.validateToken(authToken)) {
|
||||||
username = null;
|
return Mono.empty();
|
||||||
}
|
}
|
||||||
if (username != null && jwtUtil.validateToken(authToken)) {
|
|
||||||
Claims claims = jwtUtil.getAllClaimsFromToken(authToken);
|
Claims claims = jwtUtil.getAllClaimsFromToken(authToken);
|
||||||
List<String> rolesMap = claims.get("role", List.class);
|
List<String> rolesMap = claims.get("role", List.class);
|
||||||
List<Role> roles = new ArrayList<>();
|
List<GrantedAuthority> authorities = new ArrayList<>();
|
||||||
for (String rolemap : rolesMap) {
|
for (String rolemap : rolesMap) {
|
||||||
roles.add(Role.valueOf(rolemap));
|
authorities.add(new SimpleGrantedAuthority(rolemap));
|
||||||
}
|
}
|
||||||
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(
|
return Mono.just(new UsernamePasswordAuthenticationToken(username, null, authorities));
|
||||||
username,
|
} catch (Exception e) {
|
||||||
null,
|
|
||||||
roles.stream().map(authority -> new SimpleGrantedAuthority(authority.name())).collect(Collectors.toList())
|
|
||||||
);
|
|
||||||
return Mono.just(auth);
|
|
||||||
} else {
|
|
||||||
return Mono.empty();
|
return Mono.empty();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,14 +1,17 @@
|
|||||||
package com.ard333.springbootwebfluxjjwt.security;
|
package com.ard333.springbootwebfluxjjwt.security;
|
||||||
|
|
||||||
import com.ard333.springbootwebfluxjjwt.model.User;
|
import com.ard333.springbootwebfluxjjwt.model.User;
|
||||||
import java.io.Serializable;
|
import java.security.Key;
|
||||||
import java.util.Base64;
|
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.annotation.PostConstruct;
|
||||||
|
|
||||||
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.Claims;
|
||||||
import io.jsonwebtoken.Jwts;
|
import io.jsonwebtoken.Jwts;
|
||||||
import io.jsonwebtoken.SignatureAlgorithm;
|
import io.jsonwebtoken.security.Keys;
|
||||||
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
@@ -17,18 +20,23 @@ import org.springframework.stereotype.Component;
|
|||||||
* @author ard333
|
* @author ard333
|
||||||
*/
|
*/
|
||||||
@Component
|
@Component
|
||||||
public class JWTUtil implements Serializable {
|
public class JWTUtil {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
|
||||||
|
|
||||||
@Value("${springbootwebfluxjjwt.jjwt.secret}")
|
@Value("${springbootwebfluxjjwt.jjwt.secret}")
|
||||||
private String secret;
|
private String secret;
|
||||||
|
|
||||||
@Value("${springbootwebfluxjjwt.jjwt.expiration}")
|
@Value("${springbootwebfluxjjwt.jjwt.expiration}")
|
||||||
private String expirationTime;
|
private String expirationTime;
|
||||||
|
|
||||||
|
private Key key;
|
||||||
|
|
||||||
|
@PostConstruct
|
||||||
|
public void init(){
|
||||||
|
this.key = Keys.hmacShaKeyFor(secret.getBytes());
|
||||||
|
}
|
||||||
|
|
||||||
public Claims getAllClaimsFromToken(String token) {
|
public Claims getAllClaimsFromToken(String token) {
|
||||||
return Jwts.parser().setSigningKey(Base64.getEncoder().encodeToString(secret.getBytes())).parseClaimsJws(token).getBody();
|
return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token).getBody();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getUsernameFromToken(String token) {
|
public String getUsernameFromToken(String token) {
|
||||||
@@ -55,12 +63,13 @@ public class JWTUtil implements Serializable {
|
|||||||
|
|
||||||
final Date createdDate = new Date();
|
final Date createdDate = new Date();
|
||||||
final Date expirationDate = new Date(createdDate.getTime() + expirationTimeLong * 1000);
|
final Date expirationDate = new Date(createdDate.getTime() + expirationTimeLong * 1000);
|
||||||
|
|
||||||
return Jwts.builder()
|
return Jwts.builder()
|
||||||
.setClaims(claims)
|
.setClaims(claims)
|
||||||
.setSubject(username)
|
.setSubject(username)
|
||||||
.setIssuedAt(createdDate)
|
.setIssuedAt(createdDate)
|
||||||
.setExpiration(expirationDate)
|
.setExpiration(expirationDate)
|
||||||
.signWith(SignatureAlgorithm.HS512, Base64.getEncoder().encodeToString(secret.getBytes()))
|
.signWith(key)
|
||||||
.compact();
|
.compact();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ public class PBKDF2Encoder implements PasswordEncoder{
|
|||||||
private Integer keylength;
|
private Integer keylength;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* More info (https://www.owasp.org/index.php/Hashing_Java)
|
* More info (https://www.owasp.org/index.php/Hashing_Java) 404 :(
|
||||||
* @param cs password
|
* @param cs password
|
||||||
* @return encoded password
|
* @return encoded password
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -3,6 +3,11 @@ package com.ard333.springbootwebfluxjjwt.service;
|
|||||||
import com.ard333.springbootwebfluxjjwt.model.User;
|
import com.ard333.springbootwebfluxjjwt.model.User;
|
||||||
import com.ard333.springbootwebfluxjjwt.security.model.Role;
|
import com.ard333.springbootwebfluxjjwt.security.model.Role;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.annotation.PostConstruct;
|
||||||
|
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import reactor.core.publisher.Mono;
|
import reactor.core.publisher.Mono;
|
||||||
|
|
||||||
@@ -14,20 +19,23 @@ import reactor.core.publisher.Mono;
|
|||||||
public class UserService {
|
public class UserService {
|
||||||
|
|
||||||
// this is just an example, you can load the user from the database from the repository
|
// this is just an example, you can load the user from the database from the repository
|
||||||
|
|
||||||
|
private Map<String, User> data;
|
||||||
|
|
||||||
//username:passwowrd -> user:user
|
@PostConstruct
|
||||||
private final String userUsername = "user";// password: user
|
public void init(){
|
||||||
private final User user = new User(userUsername, "cBrlgyL2GI2GINuLUUwgojITuIufFycpLG4490dhGtY=", true, Arrays.asList(Role.ROLE_USER));
|
data = new HashMap<>();
|
||||||
|
|
||||||
//username:passwowrd -> admin:admin
|
//username:passwowrd -> user:user
|
||||||
private final String adminUsername = "admin";// password: admin
|
data.put("user", new User("user", "cBrlgyL2GI2GINuLUUwgojITuIufFycpLG4490dhGtY=", true, Arrays.asList(Role.ROLE_USER)));
|
||||||
private final User admin = new User(adminUsername, "dQNjUIMorJb8Ubj2+wVGYp6eAeYkdekqAcnYp+aRq5w=", true, Arrays.asList(Role.ROLE_ADMIN));
|
|
||||||
|
//username:passwowrd -> admin:admin
|
||||||
|
data.put("admin", new User("admin", "dQNjUIMorJb8Ubj2+wVGYp6eAeYkdekqAcnYp+aRq5w=", true, Arrays.asList(Role.ROLE_ADMIN)));
|
||||||
|
}
|
||||||
|
|
||||||
public Mono<User> findByUsername(String username) {
|
public Mono<User> findByUsername(String username) {
|
||||||
if (username.equals(userUsername)) {
|
if (data.containsKey(username)) {
|
||||||
return Mono.just(user);
|
return Mono.just(data.get(username));
|
||||||
} else if (username.equals(adminUsername)) {
|
|
||||||
return Mono.just(admin);
|
|
||||||
} else {
|
} else {
|
||||||
return Mono.empty();
|
return Mono.empty();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,5 +2,5 @@ springbootwebfluxjjwt.password.encoder.secret=mysecret
|
|||||||
springbootwebfluxjjwt.password.encoder.iteration=33
|
springbootwebfluxjjwt.password.encoder.iteration=33
|
||||||
springbootwebfluxjjwt.password.encoder.keylength=256
|
springbootwebfluxjjwt.password.encoder.keylength=256
|
||||||
|
|
||||||
springbootwebfluxjjwt.jjwt.secret=ThisIsSecretForJWTHS512SignatureAlgorithmThatMUSTHave512bitsKeySize
|
springbootwebfluxjjwt.jjwt.secret=ThisIsSecretForJWTHS512SignatureAlgorithmThatMUSTHave64ByteLength
|
||||||
springbootwebfluxjjwt.jjwt.expiration=28800
|
springbootwebfluxjjwt.jjwt.expiration=28800
|
||||||
Reference in New Issue
Block a user