1
|
package cz.zcu.kiv.backendapi.security.jwt;
|
2
|
|
3
|
import com.auth0.jwt.JWT;
|
4
|
import com.auth0.jwt.algorithms.Algorithm;
|
5
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
6
|
import cz.zcu.kiv.backendapi.user.UserEntity;
|
7
|
import lombok.RequiredArgsConstructor;
|
8
|
import lombok.extern.slf4j.Slf4j;
|
9
|
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
10
|
import org.springframework.security.authentication.AuthenticationManager;
|
11
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
12
|
import org.springframework.security.core.Authentication;
|
13
|
import org.springframework.security.core.AuthenticationException;
|
14
|
import org.springframework.security.core.GrantedAuthority;
|
15
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
16
|
|
17
|
import javax.servlet.FilterChain;
|
18
|
import javax.servlet.http.HttpServletRequest;
|
19
|
import javax.servlet.http.HttpServletResponse;
|
20
|
import java.io.IOException;
|
21
|
import java.time.LocalDate;
|
22
|
import java.time.LocalDateTime;
|
23
|
import java.time.ZoneId;
|
24
|
import java.util.Date;
|
25
|
import java.util.stream.Collectors;
|
26
|
|
27
|
/**
|
28
|
* Class that checks login and provides user with tokens after successful login
|
29
|
*/
|
30
|
@Slf4j
|
31
|
@RequiredArgsConstructor
|
32
|
public class JwtUsernameAndPasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
|
33
|
/**
|
34
|
* Authentication manager
|
35
|
*/
|
36
|
private final AuthenticationManager authenticationManager;
|
37
|
|
38
|
/**
|
39
|
* JWT utils
|
40
|
*/
|
41
|
private final JwtUtils jwtUtils;
|
42
|
|
43
|
/**
|
44
|
* Attempts authentication - checks username and password
|
45
|
*
|
46
|
* @param request request (contains username and password)
|
47
|
* @param response response
|
48
|
* @return authentication manager
|
49
|
* @throws AuthenticationException authentication exception
|
50
|
*/
|
51
|
@Override
|
52
|
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
|
53
|
try {
|
54
|
UsernameAndPasswordAuthenticationRequest authenticationRequest = new ObjectMapper()
|
55
|
.readValue(request.getInputStream(), UsernameAndPasswordAuthenticationRequest.class);
|
56
|
Authentication authentication = new UsernamePasswordAuthenticationToken(
|
57
|
authenticationRequest.getUsername(),
|
58
|
authenticationRequest.getPassword()
|
59
|
);
|
60
|
return authenticationManager.authenticate(authentication);
|
61
|
} catch (IOException e) {
|
62
|
log.error("Error getting authentication request from request: " + e.getMessage());
|
63
|
throw new AuthenticationCredentialsNotFoundException(e.getMessage());
|
64
|
}
|
65
|
}
|
66
|
|
67
|
/**
|
68
|
* Handles successful authentication - sends tokens to client
|
69
|
*
|
70
|
* @param request request
|
71
|
* @param response response
|
72
|
* @param chain filter chain
|
73
|
* @param authentication authentication
|
74
|
* @throws IOException I/O exception
|
75
|
*/
|
76
|
@Override
|
77
|
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authentication) throws IOException {
|
78
|
UserEntity user = (UserEntity) authentication.getPrincipal();
|
79
|
|
80
|
Algorithm algorithm = jwtUtils.getAlgorithm();
|
81
|
|
82
|
String access_token = JWT.create()
|
83
|
.withSubject(user.getUsername())
|
84
|
.withExpiresAt(Date.from((LocalDateTime.now().plusMinutes(jwtUtils.getTokenExpirationAfterMinutes())).atZone(ZoneId.systemDefault()).toInstant()))
|
85
|
.withIssuer(request.getRequestURL().toString())
|
86
|
.withClaim(jwtUtils.getClaimAuthoritiesName(), user.getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()))
|
87
|
.sign(algorithm);
|
88
|
|
89
|
String refresh_token = JWT.create()
|
90
|
.withSubject(user.getUsername())
|
91
|
.withExpiresAt(Date.from((LocalDate.now().plusMonths(jwtUtils.getRefreshTokenExpirationAfterMonths())).atStartOfDay().atZone(ZoneId.systemDefault()).toInstant()))
|
92
|
.withIssuer(request.getRequestURL().toString())
|
93
|
.sign(algorithm);
|
94
|
|
95
|
jwtUtils.writeTokensToResponse(response, access_token, refresh_token);
|
96
|
}
|
97
|
}
|