blog-examples/jwt-client-spring
1
0
Fork 0
mirror of https://github.com/Example-uPagge/jwt-client-spring.git synced 2024-06-14 11:52:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Обновил версии библиотек. Заменил устаревшие подходы на современные.

Browse Source
This commit is contained in:
Struchkov Mark 2022-06-21 11:47:52 +03:00
parent ce80c83491
commit c71d9883ba
10 changed files with 76 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pom.xml
View File

@ -5,17 +5,24 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.3</version>
<version>2.7.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.sadech.exaple.jwt.client.one</groupId>
<artifactId>client-one</artifactId>
<groupId>dev.struchkov.example</groupId>
<artifactId>jwt-client-one</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>client-one</name>
<description>client-one</description>
<properties>
<java.version>11</java.version>
<java.version>17</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
@ -33,13 +40,26 @@
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
<artifactId>jjwt-api</artifactId>
<version>0.11.5</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.4.0-b180830.0359</version>
<version>2.3.1</version>
</dependency>
</dependencies>

2
src/main/java/org/sadech/exaple/jwt/client/one/ClientOneApplication.java → src/main/java/dev/struchkov/example/jwt/client/one/ClientOneApplication.java
View File

@ -1,4 +1,4 @@
package org.sadech.exaple.jwt.client.one;
package dev.struchkov.example.jwt.client.one;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

36
src/main/java/org/sadech/exaple/jwt/client/one/config/SecurityConfig.java → src/main/java/dev/struchkov/example/jwt/client/one/config/SecurityConfig.java
View File

@ -1,16 +1,16 @@
package org.sadech.exaple.jwt.client.one.config;
package dev.struchkov.example.jwt.client.one.config;
import lombok.RequiredArgsConstructor;
import org.sadech.exaple.jwt.client.one.filter.JwtFilter;
import dev.struchkov.example.jwt.client.one.filter.JwtFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.http.HttpServletResponse;
@ -19,20 +19,17 @@ import javax.servlet.http.HttpServletResponse;
@EnableWebSecurity
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public class SecurityConfig {
private final JwtFilter jwtFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http = http.httpBasic().disable()
.csrf().disable();
http = http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and();
http = http
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.httpBasic().disable()
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(
(request, response, ex) -> response.sendError(
@ -40,12 +37,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
ex.getMessage()
)
)
.and();
http
.authorizeRequests().anyRequest().authenticated()
.and()
.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class);
.authorizeHttpRequests(
authz -> authz
.anyRequest().authenticated()
.and()
.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class)
).build();
}
@Bean

4
src/main/java/org/sadech/exaple/jwt/client/one/controller/Controller.java → src/main/java/dev/struchkov/example/jwt/client/one/controller/Controller.java
View File

@ -1,7 +1,7 @@
package org.sadech.exaple.jwt.client.one.controller;
package dev.struchkov.example.jwt.client.one.controller;
import lombok.RequiredArgsConstructor;
import org.sadech.exaple.jwt.client.one.service.AuthService;
import dev.struchkov.example.jwt.client.one.service.AuthService;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;

2
src/main/java/org/sadech/exaple/jwt/client/one/domain/JwtAuthentication.java → src/main/java/dev/struchkov/example/jwt/client/one/domain/JwtAuthentication.java
View File

@ -1,4 +1,4 @@
package org.sadech.exaple.jwt.client.one.domain;
package dev.struchkov.example.jwt.client.one.domain;
import lombok.Getter;
import lombok.Setter;

2
src/main/java/org/sadech/exaple/jwt/client/one/domain/Role.java → src/main/java/dev/struchkov/example/jwt/client/one/domain/Role.java
View File

@ -1,4 +1,4 @@
package org.sadech.exaple.jwt.client.one.domain;
package dev.struchkov.example.jwt.client.one.domain;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.GrantedAuthority;

8
src/main/java/org/sadech/exaple/jwt/client/one/filter/JwtFilter.java → src/main/java/dev/struchkov/example/jwt/client/one/filter/JwtFilter.java
View File

@ -1,11 +1,11 @@
package org.sadech.exaple.jwt.client.one.filter;
package dev.struchkov.example.jwt.client.one.filter;
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
import dev.struchkov.example.jwt.client.one.service.AuthService;
import dev.struchkov.example.jwt.client.one.service.JwtUtils;
import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
import org.sadech.exaple.jwt.client.one.service.AuthService;
import org.sadech.exaple.jwt.client.one.service.JwtUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

25
src/main/java/org/sadech/exaple/jwt/client/one/service/AuthService.java → src/main/java/dev/struchkov/example/jwt/client/one/service/AuthService.java
View File

@ -1,31 +1,38 @@
package org.sadech.exaple.jwt.client.one.service;
package dev.struchkov.example.jwt.client.one.service;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import lombok.NonNull;
import lombok.extern.slf4j.Slf4j;
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
@Slf4j
@Component
public final class AuthService {
private final String jwtSecret;
private final SecretKey jwtSecret;
public AuthService(@Value("${jwt.secret}") String secret) {
this.jwtSecret = secret;
this.jwtSecret = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));
}
public boolean validateToken(String token) {
try {
Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token);
Jwts.parserBuilder()
.setSigningKey(jwtSecret)
.build()
.parseClaimsJws(token);
return true;
} catch (ExpiredJwtException expEx) {
log.error("Token expired", expEx);
@ -42,7 +49,11 @@ public final class AuthService {
}
public Claims getClaims(@NonNull String token) {
return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody();
return Jwts.parserBuilder()
.setSigningKey(jwtSecret)
.build()
.parseClaimsJws(token)
.getBody();
}
public JwtAuthentication getAuthentication() {

6
src/main/java/org/sadech/exaple/jwt/client/one/service/JwtUtils.java → src/main/java/dev/struchkov/example/jwt/client/one/service/JwtUtils.java
View File

@ -1,10 +1,10 @@
package org.sadech.exaple.jwt.client.one.service;
package dev.struchkov.example.jwt.client.one.service;
import dev.struchkov.example.jwt.client.one.domain.Role;
import io.jsonwebtoken.Claims;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
import org.sadech.exaple.jwt.client.one.domain.Role;
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
import java.util.List;
import java.util.Set;

4
src/main/resources/application.properties
View File

@ -1,2 +1,2 @@
server.port=8082
jwt.secret=supermegasecret
server.port=8099
jwt.secret=qBTmv4oXFFR2GwjexDJ4t6fsIUIUhhXqlktXjXdkcyygs8nPVEwMfo29VDRRepYDVV5IkIxBMzr7OEHXEHd37w==