Обновил версии библиотек. Заменил устаревшие подходы на современные.

This commit is contained in:
Struchkov Mark 2022-06-21 11:47:52 +03:00
parent ce80c83491
commit c71d9883ba
10 changed files with 76 additions and 47 deletions

34
pom.xml
View File

@ -5,17 +5,24 @@
<parent> <parent>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId> <artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.3</version> <version>2.7.0</version>
<relativePath/> <!-- lookup parent from repository --> <relativePath/> <!-- lookup parent from repository -->
</parent> </parent>
<groupId>org.sadech.exaple.jwt.client.one</groupId>
<artifactId>client-one</artifactId> <groupId>dev.struchkov.example</groupId>
<artifactId>jwt-client-one</artifactId>
<version>0.0.1-SNAPSHOT</version> <version>0.0.1-SNAPSHOT</version>
<name>client-one</name> <name>client-one</name>
<description>client-one</description> <description>client-one</description>
<properties> <properties>
<java.version>11</java.version> <java.version>17</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
</properties> </properties>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
@ -33,13 +40,26 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>io.jsonwebtoken</groupId> <groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId> <artifactId>jjwt-api</artifactId>
<version>0.9.1</version> <version>0.11.5</version>
</dependency> </dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.11.5</version>
<scope>runtime</scope>
</dependency>
<dependency> <dependency>
<groupId>javax.xml.bind</groupId> <groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId> <artifactId>jaxb-api</artifactId>
<version>2.4.0-b180830.0359</version> <version>2.3.1</version>
</dependency> </dependency>
</dependencies> </dependencies>

View File

@ -1,4 +1,4 @@
package org.sadech.exaple.jwt.client.one; package dev.struchkov.example.jwt.client.one;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;

View File

@ -1,16 +1,16 @@
package org.sadech.exaple.jwt.client.one.config; package dev.struchkov.example.jwt.client.one.config;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.sadech.exaple.jwt.client.one.filter.JwtFilter; import dev.struchkov.example.jwt.client.one.filter.JwtFilter;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -19,20 +19,17 @@ import javax.servlet.http.HttpServletResponse;
@EnableWebSecurity @EnableWebSecurity
@RequiredArgsConstructor @RequiredArgsConstructor
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter { public class SecurityConfig {
private final JwtFilter jwtFilter; private final JwtFilter jwtFilter;
@Override @Bean
protected void configure(HttpSecurity http) throws Exception { public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http = http.httpBasic().disable() return http
.csrf().disable(); .httpBasic().disable()
.csrf().disable()
http = http.sessionManagement() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and()
.and();
http = http
.exceptionHandling() .exceptionHandling()
.authenticationEntryPoint( .authenticationEntryPoint(
(request, response, ex) -> response.sendError( (request, response, ex) -> response.sendError(
@ -40,12 +37,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
ex.getMessage() ex.getMessage()
) )
) )
.and();
http
.authorizeRequests().anyRequest().authenticated()
.and() .and()
.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class); .authorizeHttpRequests(
authz -> authz
.anyRequest().authenticated()
.and()
.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class)
).build();
} }
@Bean @Bean

View File

@ -1,7 +1,7 @@
package org.sadech.exaple.jwt.client.one.controller; package dev.struchkov.example.jwt.client.one.controller;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.sadech.exaple.jwt.client.one.service.AuthService; import dev.struchkov.example.jwt.client.one.service.AuthService;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;

View File

@ -1,4 +1,4 @@
package org.sadech.exaple.jwt.client.one.domain; package dev.struchkov.example.jwt.client.one.domain;
import lombok.Getter; import lombok.Getter;
import lombok.Setter; import lombok.Setter;

View File

@ -1,4 +1,4 @@
package org.sadech.exaple.jwt.client.one.domain; package dev.struchkov.example.jwt.client.one.domain;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;

View File

@ -1,11 +1,11 @@
package org.sadech.exaple.jwt.client.one.filter; package dev.struchkov.example.jwt.client.one.filter;
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
import dev.struchkov.example.jwt.client.one.service.AuthService;
import dev.struchkov.example.jwt.client.one.service.JwtUtils;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
import org.sadech.exaple.jwt.client.one.service.AuthService;
import org.sadech.exaple.jwt.client.one.service.JwtUtils;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;

View File

@ -1,31 +1,38 @@
package org.sadech.exaple.jwt.client.one.service; package dev.struchkov.example.jwt.client.one.service;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.MalformedJwtException; import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.UnsupportedJwtException; import io.jsonwebtoken.UnsupportedJwtException;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import lombok.NonNull; import lombok.NonNull;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication; import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
@Slf4j @Slf4j
@Component @Component
public final class AuthService { public final class AuthService {
private final String jwtSecret; private final SecretKey jwtSecret;
public AuthService(@Value("${jwt.secret}") String secret) { public AuthService(@Value("${jwt.secret}") String secret) {
this.jwtSecret = secret; this.jwtSecret = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));
} }
public boolean validateToken(String token) { public boolean validateToken(String token) {
try { try {
Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token); Jwts.parserBuilder()
.setSigningKey(jwtSecret)
.build()
.parseClaimsJws(token);
return true; return true;
} catch (ExpiredJwtException expEx) { } catch (ExpiredJwtException expEx) {
log.error("Token expired", expEx); log.error("Token expired", expEx);
@ -42,7 +49,11 @@ public final class AuthService {
} }
public Claims getClaims(@NonNull String token) { public Claims getClaims(@NonNull String token) {
return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody(); return Jwts.parserBuilder()
.setSigningKey(jwtSecret)
.build()
.parseClaimsJws(token)
.getBody();
} }
public JwtAuthentication getAuthentication() { public JwtAuthentication getAuthentication() {

View File

@ -1,10 +1,10 @@
package org.sadech.exaple.jwt.client.one.service; package dev.struchkov.example.jwt.client.one.service;
import dev.struchkov.example.jwt.client.one.domain.Role;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import lombok.AccessLevel; import lombok.AccessLevel;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication; import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
import org.sadech.exaple.jwt.client.one.domain.Role;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;

View File

@ -1,2 +1,2 @@
server.port=8082 server.port=8099
jwt.secret=supermegasecret jwt.secret=qBTmv4oXFFR2GwjexDJ4t6fsIUIUhhXqlktXjXdkcyygs8nPVEwMfo29VDRRepYDVV5IkIxBMzr7OEHXEHd37w==