added jwt auth to service
This commit is contained in:
93
JWT_AUTH_README.md
Normal file
93
JWT_AUTH_README.md
Normal file
@@ -0,0 +1,93 @@
|
||||
# JWT Authentication Implementation
|
||||
|
||||
This Spring Boot application now includes JWT-based authentication with user registration and login functionality.
|
||||
|
||||
## Features Added
|
||||
|
||||
- ✅ JWT token generation and validation
|
||||
- ✅ User registration endpoint
|
||||
- ✅ User login endpoint
|
||||
- ✅ Protected endpoints requiring authentication
|
||||
- ✅ Public endpoints accessible without authentication
|
||||
- ✅ Password encryption using BCrypt
|
||||
- ✅ User entity with Spring Security integration
|
||||
|
||||
## API Endpoints
|
||||
|
||||
### Public Endpoints (No Authentication Required)
|
||||
- `GET /api/test/public` - Test public endpoint
|
||||
- `POST /auth/register` - User registration
|
||||
- `POST /auth/login` - User login
|
||||
- `GET /auth/test` - Test authentication endpoints
|
||||
|
||||
### Protected Endpoints (Authentication Required)
|
||||
- `GET /api/test/protected` - Test protected endpoint
|
||||
- All other endpoints in the application
|
||||
|
||||
## Testing the Authentication
|
||||
|
||||
### 1. Register a New User
|
||||
```bash
|
||||
curl -X POST http://localhost:6950/auth/register \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"username": "testuser",
|
||||
"password": "password123",
|
||||
"email": "test@example.com",
|
||||
"phone": "+263771234567",
|
||||
"firstName": "Test",
|
||||
"lastName": "User"
|
||||
}'
|
||||
```
|
||||
|
||||
### 2. Login with the User
|
||||
```bash
|
||||
curl -X POST http://localhost:6950/auth/login \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"username": "testuser",
|
||||
"password": "password123"
|
||||
}'
|
||||
```
|
||||
|
||||
### 3. Access Protected Endpoint
|
||||
```bash
|
||||
curl -X GET http://localhost:6950/api/test/protected \
|
||||
-H "Authorization: Bearer YOUR_JWT_TOKEN_HERE"
|
||||
```
|
||||
|
||||
### 4. Test Public Endpoint
|
||||
```bash
|
||||
curl -X GET http://localhost:6950/api/test/public
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
The JWT configuration is in `application.properties`:
|
||||
- `jwt.secret`: Secret key for signing JWT tokens
|
||||
- `jwt.expiration`: Token expiration time in milliseconds (default: 24 hours)
|
||||
|
||||
## Security Features
|
||||
|
||||
- **Password Encryption**: All passwords are encrypted using BCrypt
|
||||
- **JWT Tokens**: Stateless authentication using JSON Web Tokens
|
||||
- **CORS Support**: Cross-origin requests are enabled for testing
|
||||
- **Input Validation**: Request validation using Bean Validation annotations
|
||||
- **Stateless Sessions**: No server-side session storage
|
||||
- **Direct Password Validation**: Login uses direct password comparison for simplicity
|
||||
|
||||
## Database
|
||||
|
||||
The application will automatically create the `users` table when it starts up. The table includes:
|
||||
- User credentials (username, password, email)
|
||||
- Personal information (first name, last name)
|
||||
- Account status flags
|
||||
- Timestamps for creation and updates
|
||||
|
||||
## Notes
|
||||
|
||||
- In production, change the `jwt.secret` to a secure, randomly generated key
|
||||
- The default JWT expiration is set to 24 hours
|
||||
- All passwords must be at least 6 characters long
|
||||
- Usernames and emails must be unique
|
||||
- The application uses PostgreSQL as the database
|
||||
25
pom.xml
25
pom.xml
@@ -108,6 +108,31 @@
|
||||
<artifactId>specification-arg-resolver</artifactId>
|
||||
<version>3.1.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-security</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-api</artifactId>
|
||||
<version>0.12.3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-impl</artifactId>
|
||||
<version>0.12.3</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.jsonwebtoken</groupId>
|
||||
<artifactId>jjwt-jackson</artifactId>
|
||||
<version>0.12.3</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-validation</artifactId>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
package zw.qantra.tm.configs;
|
||||
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import zw.qantra.tm.domain.repositories.UserRepository;
|
||||
import zw.qantra.tm.utils.JwtUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@Component
|
||||
@RequiredArgsConstructor
|
||||
public class JwtAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
private final JwtUtils jwtUtils;
|
||||
private final UserRepository userRepository;
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||
throws ServletException, IOException {
|
||||
|
||||
final String authHeader = request.getHeader("Authorization");
|
||||
final String jwt;
|
||||
final String username;
|
||||
|
||||
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
jwt = authHeader.substring(7);
|
||||
try {
|
||||
username = jwtUtils.extractUsername(jwt);
|
||||
|
||||
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
UserDetails userDetails = userRepository.findByUsername(username)
|
||||
.orElseThrow(() -> new UsernameNotFoundException("User not found with username: " + username));
|
||||
|
||||
if (jwtUtils.validateToken(jwt, userDetails)) {
|
||||
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
|
||||
userDetails, null, userDetails.getAuthorities());
|
||||
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authToken);
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
// Token is invalid, continue without authentication
|
||||
}
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
62
src/main/java/zw/qantra/tm/configs/SecurityConfig.java
Normal file
62
src/main/java/zw/qantra/tm/configs/SecurityConfig.java
Normal file
@@ -0,0 +1,62 @@
|
||||
package zw.qantra.tm.configs;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import zw.qantra.tm.domain.services.UserService;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@RequiredArgsConstructor
|
||||
public class SecurityConfig {
|
||||
|
||||
private final JwtAuthenticationFilter jwtAuthFilter;
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http, UserService userService) throws Exception {
|
||||
http
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.requestMatchers("/auth/**").permitAll()
|
||||
.requestMatchers("/public/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.sessionManagement(session -> session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
|
||||
)
|
||||
.authenticationProvider(authenticationProvider(userService))
|
||||
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationProvider authenticationProvider(UserService userService) {
|
||||
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
|
||||
authProvider.setUserDetailsService(userService);
|
||||
authProvider.setPasswordEncoder(passwordEncoder());
|
||||
return authProvider;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
|
||||
return config.getAuthenticationManager();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
package zw.qantra.tm.domain.controllers;
|
||||
|
||||
import jakarta.validation.Valid;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import zw.qantra.tm.domain.dtos.AuthResponse;
|
||||
import zw.qantra.tm.domain.dtos.LoginRequest;
|
||||
import zw.qantra.tm.domain.dtos.RegisterRequest;
|
||||
import zw.qantra.tm.domain.services.UserService;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/auth")
|
||||
@RequiredArgsConstructor
|
||||
@CrossOrigin(origins = "*")
|
||||
public class AuthController {
|
||||
|
||||
private final UserService userService;
|
||||
|
||||
@PostMapping("/register")
|
||||
public ResponseEntity<AuthResponse> register(@Valid @RequestBody RegisterRequest request) {
|
||||
AuthResponse response = userService.register(request);
|
||||
return ResponseEntity.ok(response);
|
||||
}
|
||||
|
||||
@PostMapping("/login")
|
||||
public ResponseEntity<AuthResponse> login(@Valid @RequestBody LoginRequest request) {
|
||||
AuthResponse response = userService.login(request);
|
||||
return ResponseEntity.ok(response);
|
||||
}
|
||||
|
||||
@GetMapping("/test")
|
||||
public ResponseEntity<String> test() {
|
||||
return ResponseEntity.ok("Authentication endpoints are working!");
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
package zw.qantra.tm.domain.controllers;
|
||||
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/test")
|
||||
@CrossOrigin(origins = "*")
|
||||
public class TestController {
|
||||
|
||||
@GetMapping("/protected")
|
||||
public ResponseEntity<String> protectedEndpoint() {
|
||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
String username = authentication.getName();
|
||||
return ResponseEntity.ok("Hello " + username + "! This is a protected endpoint.");
|
||||
}
|
||||
|
||||
@GetMapping("/public")
|
||||
public ResponseEntity<String> publicEndpoint() {
|
||||
return ResponseEntity.ok("This is a public endpoint - no authentication required!");
|
||||
}
|
||||
}
|
||||
16
src/main/java/zw/qantra/tm/domain/dtos/AuthResponse.java
Normal file
16
src/main/java/zw/qantra/tm/domain/dtos/AuthResponse.java
Normal file
@@ -0,0 +1,16 @@
|
||||
package zw.qantra.tm.domain.dtos;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
public class AuthResponse {
|
||||
private String token;
|
||||
private String type = "Bearer";
|
||||
private String username;
|
||||
private String email;
|
||||
private String phone;
|
||||
private String firstName;
|
||||
private String lastName;
|
||||
}
|
||||
13
src/main/java/zw/qantra/tm/domain/dtos/LoginRequest.java
Normal file
13
src/main/java/zw/qantra/tm/domain/dtos/LoginRequest.java
Normal file
@@ -0,0 +1,13 @@
|
||||
package zw.qantra.tm.domain.dtos;
|
||||
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class LoginRequest {
|
||||
@NotBlank(message = "Username is required")
|
||||
private String username;
|
||||
|
||||
@NotBlank(message = "Password is required")
|
||||
private String password;
|
||||
}
|
||||
30
src/main/java/zw/qantra/tm/domain/dtos/RegisterRequest.java
Normal file
30
src/main/java/zw/qantra/tm/domain/dtos/RegisterRequest.java
Normal file
@@ -0,0 +1,30 @@
|
||||
package zw.qantra.tm.domain.dtos;
|
||||
|
||||
import jakarta.validation.constraints.Email;
|
||||
import jakarta.validation.constraints.NotBlank;
|
||||
import jakarta.validation.constraints.Size;
|
||||
import lombok.Data;
|
||||
|
||||
@Data
|
||||
public class RegisterRequest {
|
||||
@NotBlank(message = "Username is required")
|
||||
@Size(min = 3, max = 50, message = "Username must be between 3 and 50 characters")
|
||||
private String username;
|
||||
|
||||
@NotBlank(message = "Password is required")
|
||||
@Size(min = 6, message = "Password must be at least 6 characters")
|
||||
private String password;
|
||||
|
||||
@NotBlank(message = "Email is required")
|
||||
@Email(message = "Email should be valid")
|
||||
private String email;
|
||||
|
||||
@NotBlank(message = "First name is required")
|
||||
private String firstName;
|
||||
|
||||
@NotBlank(message = "Last name is required")
|
||||
private String lastName;
|
||||
|
||||
@NotBlank(message = "Phone is required")
|
||||
private String phone;
|
||||
}
|
||||
71
src/main/java/zw/qantra/tm/domain/models/User.java
Normal file
71
src/main/java/zw/qantra/tm/domain/models/User.java
Normal file
@@ -0,0 +1,71 @@
|
||||
package zw.qantra.tm.domain.models;
|
||||
|
||||
import jakarta.persistence.*;
|
||||
import lombok.Data;
|
||||
import lombok.EqualsAndHashCode;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
@Entity
|
||||
@Table(name = "users")
|
||||
@Data
|
||||
@EqualsAndHashCode(callSuper = true)
|
||||
public class User extends BaseEntity implements UserDetails {
|
||||
|
||||
@Column(unique = true, nullable = false)
|
||||
private String username;
|
||||
|
||||
@Column(nullable = false)
|
||||
private String password;
|
||||
|
||||
@Column(unique = true, nullable = false)
|
||||
private String email;
|
||||
private String phone;
|
||||
|
||||
@Column(name = "first_name")
|
||||
private String firstName;
|
||||
|
||||
@Column(name = "last_name")
|
||||
private String lastName;
|
||||
|
||||
@Column(name = "is_enabled")
|
||||
private boolean enabled = true;
|
||||
|
||||
@Column(name = "is_account_non_expired")
|
||||
private boolean accountNonExpired = true;
|
||||
|
||||
@Column(name = "is_account_non_locked")
|
||||
private boolean accountNonLocked = true;
|
||||
|
||||
@Column(name = "is_credentials_non_expired")
|
||||
private boolean credentialsNonExpired = true;
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return List.of(new SimpleGrantedAuthority("ROLE_USER"));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonExpired() {
|
||||
return accountNonExpired;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonLocked() {
|
||||
return accountNonLocked;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCredentialsNonExpired() {
|
||||
return credentialsNonExpired;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,16 @@
|
||||
package zw.qantra.tm.domain.repositories;
|
||||
|
||||
import org.springframework.data.jpa.repository.JpaRepository;
|
||||
import org.springframework.stereotype.Repository;
|
||||
import zw.qantra.tm.domain.models.User;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
@Repository
|
||||
public interface UserRepository extends JpaRepository<User, Long> {
|
||||
Optional<User> findByUsername(String username);
|
||||
Optional<User> findByEmail(String email);
|
||||
Optional<User> findByPhone(String phone);
|
||||
boolean existsByUsername(String username);
|
||||
boolean existsByEmail(String email);
|
||||
}
|
||||
67
src/main/java/zw/qantra/tm/domain/services/UserService.java
Normal file
67
src/main/java/zw/qantra/tm/domain/services/UserService.java
Normal file
@@ -0,0 +1,67 @@
|
||||
package zw.qantra.tm.domain.services;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import zw.qantra.tm.domain.dtos.AuthResponse;
|
||||
import zw.qantra.tm.domain.dtos.LoginRequest;
|
||||
import zw.qantra.tm.domain.dtos.RegisterRequest;
|
||||
import zw.qantra.tm.domain.models.User;
|
||||
import zw.qantra.tm.domain.repositories.UserRepository;
|
||||
import zw.qantra.tm.utils.JwtUtils;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class UserService implements UserDetailsService {
|
||||
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder passwordEncoder;
|
||||
private final JwtUtils jwtUtils;
|
||||
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
return userRepository.findByUsername(username)
|
||||
.orElseThrow(() -> new UsernameNotFoundException("User not found with username: " + username));
|
||||
}
|
||||
|
||||
public AuthResponse register(RegisterRequest request) {
|
||||
if (userRepository.existsByUsername(request.getUsername())) {
|
||||
throw new RuntimeException("Username already exists");
|
||||
}
|
||||
|
||||
if (userRepository.existsByEmail(request.getEmail())) {
|
||||
throw new RuntimeException("Email already exists");
|
||||
}
|
||||
|
||||
User user = new User();
|
||||
user.setUsername(request.getUsername());
|
||||
user.setPassword(passwordEncoder.encode(request.getPassword()));
|
||||
user.setEmail(request.getEmail());
|
||||
user.setFirstName(request.getFirstName());
|
||||
user.setLastName(request.getLastName());
|
||||
user.setPhone(request.getPhone());
|
||||
|
||||
User savedUser = userRepository.save(user);
|
||||
String token = jwtUtils.generateToken(savedUser);
|
||||
|
||||
return new AuthResponse(token, "Bearer", savedUser.getUsername(),
|
||||
savedUser.getEmail(), savedUser.getPhone(), savedUser.getFirstName(), savedUser.getLastName());
|
||||
}
|
||||
|
||||
public AuthResponse login(LoginRequest request) {
|
||||
User user = userRepository.findByUsername(request.getUsername())
|
||||
.orElseThrow(() -> new RuntimeException("Invalid username or password"));
|
||||
|
||||
if (!passwordEncoder.matches(request.getPassword(), user.getPassword())) {
|
||||
throw new RuntimeException("Invalid username or password");
|
||||
}
|
||||
|
||||
String token = jwtUtils.generateToken(user);
|
||||
|
||||
return new AuthResponse(token, "Bearer", user.getUsername(),
|
||||
user.getEmail(), user.getPhone(), user.getFirstName(), user.getLastName());
|
||||
}
|
||||
}
|
||||
72
src/main/java/zw/qantra/tm/utils/JwtUtils.java
Normal file
72
src/main/java/zw/qantra/tm/utils/JwtUtils.java
Normal file
@@ -0,0 +1,72 @@
|
||||
package zw.qantra.tm.utils;
|
||||
|
||||
import io.jsonwebtoken.*;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.function.Function;
|
||||
|
||||
@Component
|
||||
public class JwtUtils {
|
||||
|
||||
@Value("${jwt.secret:defaultSecretKey123456789012345678901234567890}")
|
||||
private String secret;
|
||||
|
||||
@Value("${jwt.expiration:86400000}")
|
||||
private Long expiration;
|
||||
|
||||
private SecretKey getSigningKey() {
|
||||
return Keys.hmacShaKeyFor(secret.getBytes());
|
||||
}
|
||||
|
||||
public String extractUsername(String token) {
|
||||
return extractClaim(token, Claims::getSubject);
|
||||
}
|
||||
|
||||
public Date extractExpiration(String token) {
|
||||
return extractClaim(token, Claims::getExpiration);
|
||||
}
|
||||
|
||||
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
|
||||
final Claims claims = extractAllClaims(token);
|
||||
return claimsResolver.apply(claims);
|
||||
}
|
||||
|
||||
private Claims extractAllClaims(String token) {
|
||||
return Jwts.parser()
|
||||
.verifyWith(getSigningKey())
|
||||
.build()
|
||||
.parseSignedClaims(token)
|
||||
.getPayload();
|
||||
}
|
||||
|
||||
private Boolean isTokenExpired(String token) {
|
||||
return extractExpiration(token).before(new Date());
|
||||
}
|
||||
|
||||
public String generateToken(UserDetails userDetails) {
|
||||
Map<String, Object> claims = new HashMap<>();
|
||||
return createToken(claims, userDetails.getUsername());
|
||||
}
|
||||
|
||||
private String createToken(Map<String, Object> claims, String subject) {
|
||||
return Jwts.builder()
|
||||
.setClaims(claims)
|
||||
.setSubject(subject)
|
||||
.setIssuedAt(new Date(System.currentTimeMillis()))
|
||||
.setExpiration(new Date(System.currentTimeMillis() + expiration))
|
||||
.signWith(getSigningKey(), SignatureAlgorithm.HS256)
|
||||
.compact();
|
||||
}
|
||||
|
||||
public Boolean validateToken(String token, UserDetails userDetails) {
|
||||
final String username = extractUsername(token);
|
||||
return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
|
||||
}
|
||||
}
|
||||
@@ -41,3 +41,7 @@ erpnext.income.account=5111 - Sales Income - QPAY
|
||||
erpnext.cost.center=Main - QPAY
|
||||
erpnext.tax.account=VAT - QPAY
|
||||
erpnext.tax.rate=15.0
|
||||
|
||||
# JWT Configuration
|
||||
jwt.secret=your-super-secret-jwt-key-here-make-it-very-long-and-secure-in-production
|
||||
jwt.expiration=86400000
|
||||
|
||||
Reference in New Issue
Block a user