Creating a Spring Security Key for Signing a JWT Token

2024-03-11 17:52:07 +00:00 · 2024-03-11 17:52:07 +00:00 · 1fea1bf611
parent 5eca855e37
commit 1fea1bf611
13 changed files with 218 additions and 137 deletions
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/SpringJwtApplication.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/SpringJwtApplication.java
@ -1,4 +1,14 @@
 package com.baeldung.jwtsignkey;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@SpringBootApplication
@EnableWebMvc
 public class SpringJwtApplication {
    public static void main(String[] args) {
        SpringApplication.run(com.baeldung.jwtsignkey.SpringJwtApplication.class);
    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/controller/JwtAuthController.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/controller/JwtAuthController.java
@ -3,23 +3,25 @@ package com.baeldung.jwtsignkey.controller;
 import com.baeldung.jwtsignkey.jwtconfig.JwtUtils;
 import com.baeldung.jwtsignkey.model.User;
 import com.baeldung.jwtsignkey.repository.UserRepository;
 import com.baeldung.jwtsignkey.response.JwtResponse;
 import com.baeldung.jwtsignkey.userservice.UserDetailsImpl;
 import com.baeldung.request.LoginRequest;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.io.UnsupportedEncodingException;
@CrossOrigin(origins = "*", maxAge = 3600)
@RestController
 public class JwtAuthController {
@ -38,8 +40,10 @@ public class JwtAuthController {
    @PostMapping("/signup")
    public ResponseEntity<?> registerUser(@RequestBody User signUpRequest, HttpServletRequest request) throws UnsupportedEncodingException {
-
+        if (userRepository.existsByUsername(signUpRequest.getUsername())) {
-        // Create new user's account
+            return ResponseEntity.badRequest()
                .body("Error: Username is already taken!");
        }
        User user = new User();
        user.setUsername(signUpRequest.getUsername());
        user.setPassword(encoder.encode(signUpRequest.getPassword()));
@ -50,7 +54,7 @@ public class JwtAuthController {
    }
    @PostMapping("/signin")
-    public ResponseEntity<?> authenticateUser( @RequestBody LoginRequest loginRequest) {
+    public ResponseEntity<?> authenticateUser(@RequestBody LoginRequest loginRequest) {
        Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));
@ -60,11 +64,14 @@ public class JwtAuthController {
        String jwt = jwtUtils.generateJwtToken(authentication);
-
+        return ResponseEntity.ok(new JwtResponse(jwt, userDetails.getUsername()));
            return ResponseEntity.ok(
              new JwtResponse(jwt, userDetails.getUsername()));
    }
    @RequestMapping("/user-dashboard")
    @PreAuthorize("isAuthenticated()")
    public String dashboard() {
        return "My Dashboard";
    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/AuthTokenFilter.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/AuthTokenFilter.java
@ -27,22 +27,18 @@ public class AuthTokenFilter extends OncePerRequestFilter {
    private static final Logger logger = LoggerFactory.getLogger(AuthTokenFilter.class);
    @Override
-  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    throws ServletException, IOException {
        try {
            String jwt = parseJwt(request);
            if (jwt != null && jwtUtils.validateJwtToken(jwt)) {
                String username = jwtUtils.getUserNameFromJwtToken(jwt);
                UserDetails userDetails = userDetailsService.loadUserByUsername(username);
-        UsernamePasswordAuthenticationToken authentication =
+                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
          new UsernamePasswordAuthenticationToken(
            userDetails,
            null,
            userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-        SecurityContextHolder.getContext().setAuthentication(authentication);
+                SecurityContextHolder.getContext()
                    .setAuthentication(authentication);
            }
        } catch (Exception e) {
            logger.error("Cannot set user authentication: {}", e);
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/JwtUtils.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/JwtUtils.java
@ -1,8 +1,13 @@
 package com.baeldung.jwtsignkey.jwtconfig;
 import com.baeldung.jwtsignkey.userservice.UserDetailsImpl;
-import io.jsonwebtoken.*;
+
 import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.UnsupportedJwtException;
 import io.jsonwebtoken.security.Keys;
 import io.jsonwebtoken.security.SignatureException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@ -28,9 +33,9 @@ public class JwtUtils {
        UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();
        return Jwts.builder()
-      .setSubject((userPrincipal.getUsername()))
+          .subject((userPrincipal.getUsername()))
-      .setIssuedAt(new Date())
+          .issuedAt(new Date())
-      .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs))
+          .expiration(new Date((new Date()).getTime() + jwtExpirationMs))
            .signWith(getSigningKey())
            .compact();
@ -42,14 +47,21 @@ public class JwtUtils {
    }
    public String getUserNameFromJwtToken(String token) {
-    //return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
+        return Jwts.parser()
-    return Jwts.parser().setSigningKey(getSigningKey()).build().parseClaimsJws(token).getBody().getSubject();
+          .setSigningKey(getSigningKey())
          .build()
          .parseSignedClaims(token)
          .getPayload()
            .getSubject();
    }
    public boolean validateJwtToken(String authToken) {
        try {
-      Jwts.parser().setSigningKey(getSigningKey()).build().parseClaimsJws(authToken);
+            Jwts.parser()
                .setSigningKey(getSigningKey())
                .build()
                .parseSignedClaims(authToken);
            return true;
        } catch (SignatureException e) {
            logger.error("Invalid JWT signature: {}", e.getMessage());
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/repository/UserRepository.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/repository/UserRepository.java
@ -7,6 +7,8 @@ import java.util.Optional;
 public interface UserRepository extends JpaRepository<User, Long> {
    Boolean existsByUsername(String username);
    Optional<User> findByUsername(String username);
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/response/JwtResponse.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/response/JwtResponse.java
@ -1,4 +1,4 @@
-package com.baeldung.jwtsignkey;
+package com.baeldung.jwtsignkey.response;
 public class JwtResponse {
    private String token;
@ -6,7 +6,6 @@ public class JwtResponse {
    private String username;
    public JwtResponse(String accessToken, String username) {
        this.token = accessToken;
        this.username = username;
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/securityconfig/SecurityConfiguration.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/securityconfig/SecurityConfiguration.java
@ -3,6 +3,7 @@ package com.baeldung.jwtsignkey.securityconfig;
 import com.baeldung.jwtsignkey.jwtconfig.AuthEntryPointJwt;
 import com.baeldung.jwtsignkey.jwtconfig.AuthTokenFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@ -17,6 +18,8 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
@ -30,16 +33,13 @@ public class SecurityConfiguration {
    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;
-    private static final String[] WHITE_LIST_URL = { "/signin", "/signup"
+    private static final String[] WHITE_LIST_URL = { "/h2-console/**","/signin", "/signup", "/user-dashboard" };
    };
    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }
    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
@ -61,14 +61,14 @@ public class SecurityConfiguration {
    }
    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    public SecurityFilterChain securityFilterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
        http.csrf(AbstractHttpConfigurer::disable)
            .cors(AbstractHttpConfigurer::disable)
            .authorizeHttpRequests(req -> req.requestMatchers(WHITE_LIST_URL)
                .permitAll()
                .anyRequest()
                .authenticated())
-          .exceptionHandling( ex -> ex.authenticationEntryPoint(unauthorizedHandler))
+            .exceptionHandling(ex -> ex.authenticationEntryPoint(unauthorizedHandler))
            .sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
            .authenticationProvider(authenticationProvider())
            .addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
@ -77,4 +77,3 @@ public class SecurityConfiguration {
    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/userservice/UserDetailsImpl.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/userservice/UserDetailsImpl.java
@ -18,7 +18,6 @@ public class UserDetailsImpl implements UserDetails {
    @JsonIgnore
    private String password;
    public UserDetailsImpl(Long id, String username, String password) {
        this.id = id;
        this.username = username;
@ -28,17 +27,13 @@ public class UserDetailsImpl implements UserDetails {
    public static UserDetailsImpl build(User user) {
        return new UserDetailsImpl(user.getId(), user.getUsername(), user.getPassword());
    }
    public Long getId() {
        return id;
    }
    public static long getSerialversionuid() {
        return serialVersionUID;
    }
@ -78,8 +73,6 @@ public class UserDetailsImpl implements UserDetails {
        return true;
    }
    @Override
    public boolean equals(Object o) {
        if (this == o)
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/request/LoginRequest.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/request/LoginRequest.java
@ -0,0 +1,24 @@
 package com.baeldung.request;
 public class LoginRequest {
    private String username;
    private String password;
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/resources/application.properties
+++ b/spring-security-modules/spring-security-core-2/src/main/resources/application.properties
@ -1,3 +1,2 @@
 spring.thymeleaf.prefix=classpath:/templates/
 baeldung.app.jwtSecret= 404E635266556A586E3272357538782F413F4428472B4B6250645367566B5970
 baeldung.app.jwtExpirationMs= 8640000
--- a/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/jwtsecuritykey/JwtSignKeyIntegrationTest.java
+++ b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/jwtsecuritykey/JwtSignKeyIntegrationTest.java
@ -0,0 +1,40 @@
 package com.baeldung.jwtsecuritykey;
 import com.baeldung.jwtsignkey.SpringJwtApplication;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@SpringBootTest(classes = SpringJwtApplication.class)
 public class JwtSignKeyIntegrationTest {
    @Autowired
    private WebApplicationContext context;
    private MockMvc mvc;
    @BeforeEach
    private void setup() {
        mvc = MockMvcBuilders.webAppContextSetup(context)
          .apply(springSecurity())
          .build();
    }
    @Test
    public void givenAnonymous_whenAccessUserDashboard_thenForbidden() throws Exception {
        mvc.perform(get("/user-dashboard"))
          .andExpect(status().isUnauthorized());
    }
 }