mirror of
https://github.com/Example-uPagge/jwt-client-spring.git
synced 2024-06-14 11:52:53 +03:00
Обновил версии библиотек. Заменил устаревшие подходы на современные.
This commit is contained in:
parent
ce80c83491
commit
c71d9883ba
34
pom.xml
34
pom.xml
@ -5,17 +5,24 @@
|
|||||||
<parent>
|
<parent>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-starter-parent</artifactId>
|
<artifactId>spring-boot-starter-parent</artifactId>
|
||||||
<version>2.5.3</version>
|
<version>2.7.0</version>
|
||||||
<relativePath/> <!-- lookup parent from repository -->
|
<relativePath/> <!-- lookup parent from repository -->
|
||||||
</parent>
|
</parent>
|
||||||
<groupId>org.sadech.exaple.jwt.client.one</groupId>
|
|
||||||
<artifactId>client-one</artifactId>
|
<groupId>dev.struchkov.example</groupId>
|
||||||
|
<artifactId>jwt-client-one</artifactId>
|
||||||
<version>0.0.1-SNAPSHOT</version>
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
|
|
||||||
<name>client-one</name>
|
<name>client-one</name>
|
||||||
<description>client-one</description>
|
<description>client-one</description>
|
||||||
<properties>
|
<properties>
|
||||||
<java.version>11</java.version>
|
<java.version>17</java.version>
|
||||||
|
<maven.compiler.source>${java.version}</maven.compiler.source>
|
||||||
|
<maven.compiler.target>${java.version}</maven.compiler.target>
|
||||||
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
@ -33,13 +40,26 @@
|
|||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>io.jsonwebtoken</groupId>
|
<groupId>io.jsonwebtoken</groupId>
|
||||||
<artifactId>jjwt</artifactId>
|
<artifactId>jjwt-api</artifactId>
|
||||||
<version>0.9.1</version>
|
<version>0.11.5</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>io.jsonwebtoken</groupId>
|
||||||
|
<artifactId>jjwt-impl</artifactId>
|
||||||
|
<version>0.11.5</version>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>io.jsonwebtoken</groupId>
|
||||||
|
<artifactId>jjwt-jackson</artifactId>
|
||||||
|
<version>0.11.5</version>
|
||||||
|
<scope>runtime</scope>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>javax.xml.bind</groupId>
|
<groupId>javax.xml.bind</groupId>
|
||||||
<artifactId>jaxb-api</artifactId>
|
<artifactId>jaxb-api</artifactId>
|
||||||
<version>2.4.0-b180830.0359</version>
|
<version>2.3.1</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
package org.sadech.exaple.jwt.client.one;
|
package dev.struchkov.example.jwt.client.one;
|
||||||
|
|
||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
@ -1,16 +1,16 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.config;
|
package dev.struchkov.example.jwt.client.one.config;
|
||||||
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.sadech.exaple.jwt.client.one.filter.JwtFilter;
|
import dev.struchkov.example.jwt.client.one.filter.JwtFilter;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
@ -19,20 +19,17 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
public class SecurityConfig {
|
||||||
|
|
||||||
private final JwtFilter jwtFilter;
|
private final JwtFilter jwtFilter;
|
||||||
|
|
||||||
@Override
|
@Bean
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||||
http = http.httpBasic().disable()
|
return http
|
||||||
.csrf().disable();
|
.httpBasic().disable()
|
||||||
|
.csrf().disable()
|
||||||
http = http.sessionManagement()
|
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
.and()
|
||||||
.and();
|
|
||||||
|
|
||||||
http = http
|
|
||||||
.exceptionHandling()
|
.exceptionHandling()
|
||||||
.authenticationEntryPoint(
|
.authenticationEntryPoint(
|
||||||
(request, response, ex) -> response.sendError(
|
(request, response, ex) -> response.sendError(
|
||||||
@ -40,12 +37,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
ex.getMessage()
|
ex.getMessage()
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
.and();
|
|
||||||
|
|
||||||
http
|
|
||||||
.authorizeRequests().anyRequest().authenticated()
|
|
||||||
.and()
|
.and()
|
||||||
.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class);
|
.authorizeHttpRequests(
|
||||||
|
authz -> authz
|
||||||
|
.anyRequest().authenticated()
|
||||||
|
.and()
|
||||||
|
.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class)
|
||||||
|
).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
@ -1,7 +1,7 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.controller;
|
package dev.struchkov.example.jwt.client.one.controller;
|
||||||
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.sadech.exaple.jwt.client.one.service.AuthService;
|
import dev.struchkov.example.jwt.client.one.service.AuthService;
|
||||||
import org.springframework.http.ResponseEntity;
|
import org.springframework.http.ResponseEntity;
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
@ -1,4 +1,4 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.domain;
|
package dev.struchkov.example.jwt.client.one.domain;
|
||||||
|
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
@ -1,4 +1,4 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.domain;
|
package dev.struchkov.example.jwt.client.one.domain;
|
||||||
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
@ -1,11 +1,11 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.filter;
|
package dev.struchkov.example.jwt.client.one.filter;
|
||||||
|
|
||||||
|
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
|
||||||
|
import dev.struchkov.example.jwt.client.one.service.AuthService;
|
||||||
|
import dev.struchkov.example.jwt.client.one.service.JwtUtils;
|
||||||
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.Claims;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
|
|
||||||
import org.sadech.exaple.jwt.client.one.service.AuthService;
|
|
||||||
import org.sadech.exaple.jwt.client.one.service.JwtUtils;
|
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
@ -1,31 +1,38 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.service;
|
package dev.struchkov.example.jwt.client.one.service;
|
||||||
|
|
||||||
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.Claims;
|
||||||
import io.jsonwebtoken.ExpiredJwtException;
|
import io.jsonwebtoken.ExpiredJwtException;
|
||||||
import io.jsonwebtoken.Jwts;
|
import io.jsonwebtoken.Jwts;
|
||||||
import io.jsonwebtoken.MalformedJwtException;
|
import io.jsonwebtoken.MalformedJwtException;
|
||||||
import io.jsonwebtoken.SignatureException;
|
|
||||||
import io.jsonwebtoken.UnsupportedJwtException;
|
import io.jsonwebtoken.UnsupportedJwtException;
|
||||||
|
import io.jsonwebtoken.io.Decoders;
|
||||||
|
import io.jsonwebtoken.security.Keys;
|
||||||
|
import io.jsonwebtoken.security.SignatureException;
|
||||||
import lombok.NonNull;
|
import lombok.NonNull;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
|
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import javax.crypto.SecretKey;
|
||||||
|
|
||||||
@Slf4j
|
@Slf4j
|
||||||
@Component
|
@Component
|
||||||
public final class AuthService {
|
public final class AuthService {
|
||||||
|
|
||||||
private final String jwtSecret;
|
private final SecretKey jwtSecret;
|
||||||
|
|
||||||
public AuthService(@Value("${jwt.secret}") String secret) {
|
public AuthService(@Value("${jwt.secret}") String secret) {
|
||||||
this.jwtSecret = secret;
|
this.jwtSecret = Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean validateToken(String token) {
|
public boolean validateToken(String token) {
|
||||||
try {
|
try {
|
||||||
Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token);
|
Jwts.parserBuilder()
|
||||||
|
.setSigningKey(jwtSecret)
|
||||||
|
.build()
|
||||||
|
.parseClaimsJws(token);
|
||||||
return true;
|
return true;
|
||||||
} catch (ExpiredJwtException expEx) {
|
} catch (ExpiredJwtException expEx) {
|
||||||
log.error("Token expired", expEx);
|
log.error("Token expired", expEx);
|
||||||
@ -42,7 +49,11 @@ public final class AuthService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public Claims getClaims(@NonNull String token) {
|
public Claims getClaims(@NonNull String token) {
|
||||||
return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody();
|
return Jwts.parserBuilder()
|
||||||
|
.setSigningKey(jwtSecret)
|
||||||
|
.build()
|
||||||
|
.parseClaimsJws(token)
|
||||||
|
.getBody();
|
||||||
}
|
}
|
||||||
|
|
||||||
public JwtAuthentication getAuthentication() {
|
public JwtAuthentication getAuthentication() {
|
@ -1,10 +1,10 @@
|
|||||||
package org.sadech.exaple.jwt.client.one.service;
|
package dev.struchkov.example.jwt.client.one.service;
|
||||||
|
|
||||||
|
import dev.struchkov.example.jwt.client.one.domain.Role;
|
||||||
import io.jsonwebtoken.Claims;
|
import io.jsonwebtoken.Claims;
|
||||||
import lombok.AccessLevel;
|
import lombok.AccessLevel;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
import org.sadech.exaple.jwt.client.one.domain.JwtAuthentication;
|
import dev.struchkov.example.jwt.client.one.domain.JwtAuthentication;
|
||||||
import org.sadech.exaple.jwt.client.one.domain.Role;
|
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
@ -1,2 +1,2 @@
|
|||||||
server.port=8082
|
server.port=8099
|
||||||
jwt.secret=supermegasecret
|
jwt.secret=qBTmv4oXFFR2GwjexDJ4t6fsIUIUhhXqlktXjXdkcyygs8nPVEwMfo29VDRRepYDVV5IkIxBMzr7OEHXEHd37w==
|
Loading…
Reference in New Issue
Block a user