Creating a Spring Security Key for Signing a JWT Token

2024-03-11 17:52:07 +00:00 · 2024-03-11 17:52:07 +00:00 · 1fea1bf611
parent 5eca855e37
commit 1fea1bf611
13 changed files with 218 additions and 137 deletions
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/SpringJwtApplication.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/SpringJwtApplication.java
@ -1,4 +1,14 @@
 package com.baeldung.jwtsignkey;

+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+
+@SpringBootApplication
+@EnableWebMvc
 public class SpringJwtApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(com.baeldung.jwtsignkey.SpringJwtApplication.class);
+    }
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/controller/JwtAuthController.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/controller/JwtAuthController.java
@ -3,23 +3,25 @@ package com.baeldung.jwtsignkey.controller;
 import com.baeldung.jwtsignkey.jwtconfig.JwtUtils;
 import com.baeldung.jwtsignkey.model.User;
 import com.baeldung.jwtsignkey.repository.UserRepository;
+import com.baeldung.jwtsignkey.response.JwtResponse;
 import com.baeldung.jwtsignkey.userservice.UserDetailsImpl;
+import com.baeldung.request.LoginRequest;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

 import java.io.UnsupportedEncodingException;

-@CrossOrigin(origins = "*", maxAge = 3600)
@RestController
 public class JwtAuthController {

@ -38,8 +40,10 @@ public class JwtAuthController {
    @PostMapping("/signup")
    public ResponseEntity<?> registerUser(@RequestBody User signUpRequest, HttpServletRequest request) throws UnsupportedEncodingException {

-
-        // Create new user's account
+        if (userRepository.existsByUsername(signUpRequest.getUsername())) {
+            return ResponseEntity.badRequest()
+                .body("Error: Username is already taken!");
+        }
        User user = new User();
        user.setUsername(signUpRequest.getUsername());
        user.setPassword(encoder.encode(signUpRequest.getPassword()));
@ -50,7 +54,7 @@ public class JwtAuthController {
    }

    @PostMapping("/signin")
-    public ResponseEntity<?> authenticateUser( @RequestBody LoginRequest loginRequest) {
+    public ResponseEntity<?> authenticateUser(@RequestBody LoginRequest loginRequest) {

        Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));

@ -60,11 +64,14 @@ public class JwtAuthController {

        String jwt = jwtUtils.generateJwtToken(authentication);

-
-
-            return ResponseEntity.ok(
-              new JwtResponse(jwt, userDetails.getUsername()));
+        return ResponseEntity.ok(new JwtResponse(jwt, userDetails.getUsername()));

    }

+    @RequestMapping("/user-dashboard")
+    @PreAuthorize("isAuthenticated()")
+    public String dashboard() {
+        return "My Dashboard";
+    }
+
 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/AuthTokenFilter.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/AuthTokenFilter.java
@ -27,22 +27,18 @@ public class AuthTokenFilter extends OncePerRequestFilter {
    private static final Logger logger = LoggerFactory.getLogger(AuthTokenFilter.class);

    @Override
-  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-    throws ServletException, IOException {
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        try {
            String jwt = parseJwt(request);
            if (jwt != null && jwtUtils.validateJwtToken(jwt)) {
                String username = jwtUtils.getUserNameFromJwtToken(jwt);

                UserDetails userDetails = userDetailsService.loadUserByUsername(username);
-        UsernamePasswordAuthenticationToken authentication =
-          new UsernamePasswordAuthenticationToken(
-            userDetails,
-            null,
-            userDetails.getAuthorities());
+                UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));

-        SecurityContextHolder.getContext().setAuthentication(authentication);
+                SecurityContextHolder.getContext()
+                    .setAuthentication(authentication);
            }
        } catch (Exception e) {
            logger.error("Cannot set user authentication: {}", e);
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/JwtUtils.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/jwtconfig/JwtUtils.java
@ -1,8 +1,13 @@
 package com.baeldung.jwtsignkey.jwtconfig;

 import com.baeldung.jwtsignkey.userservice.UserDetailsImpl;
-import io.jsonwebtoken.*;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.UnsupportedJwtException;
 import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SignatureException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@ -28,9 +33,9 @@ public class JwtUtils {
        UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();

        return Jwts.builder()
-      .setSubject((userPrincipal.getUsername()))
-      .setIssuedAt(new Date())
-      .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs))
+          .subject((userPrincipal.getUsername()))
+          .issuedAt(new Date())
+          .expiration(new Date((new Date()).getTime() + jwtExpirationMs))
            .signWith(getSigningKey())
            .compact();

@ -42,14 +47,21 @@ public class JwtUtils {
    }

    public String getUserNameFromJwtToken(String token) {
-    //return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
-    return Jwts.parser().setSigningKey(getSigningKey()).build().parseClaimsJws(token).getBody().getSubject();
+        return Jwts.parser()
+          .setSigningKey(getSigningKey())
+          .build()
+          .parseSignedClaims(token)
+          .getPayload()
+            .getSubject();

    }

    public boolean validateJwtToken(String authToken) {
        try {
-      Jwts.parser().setSigningKey(getSigningKey()).build().parseClaimsJws(authToken);
+            Jwts.parser()
+                .setSigningKey(getSigningKey())
+                .build()
+                .parseSignedClaims(authToken);
            return true;
        } catch (SignatureException e) {
            logger.error("Invalid JWT signature: {}", e.getMessage());
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/repository/UserRepository.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/repository/UserRepository.java
@ -7,6 +7,8 @@ import java.util.Optional;

 public interface UserRepository extends JpaRepository<User, Long> {

+    Boolean existsByUsername(String username);
+
    Optional<User> findByUsername(String username);

 }
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/response/JwtResponse.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/response/JwtResponse.java
@ -1,4 +1,4 @@
-package com.baeldung.jwtsignkey;
+package com.baeldung.jwtsignkey.response;

 public class JwtResponse {
    private String token;
@ -6,7 +6,6 @@ public class JwtResponse {

    private String username;

-
    public JwtResponse(String accessToken, String username) {
        this.token = accessToken;
        this.username = username;
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/securityconfig/SecurityConfiguration.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/securityconfig/SecurityConfiguration.java
@ -3,6 +3,7 @@ package com.baeldung.jwtsignkey.securityconfig;
 import com.baeldung.jwtsignkey.jwtconfig.AuthEntryPointJwt;
 import com.baeldung.jwtsignkey.jwtconfig.AuthTokenFilter;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@ -17,6 +18,8 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;

@ -30,16 +33,13 @@ public class SecurityConfiguration {
    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;

-    private static final String[] WHITE_LIST_URL = { "/signin", "/signup"
-    };
+    private static final String[] WHITE_LIST_URL = { "/h2-console/**","/signin", "/signup", "/user-dashboard" };

    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }

-
-
    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
@ -61,14 +61,14 @@ public class SecurityConfiguration {
    }

    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    public SecurityFilterChain securityFilterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
        http.csrf(AbstractHttpConfigurer::disable)
            .cors(AbstractHttpConfigurer::disable)
            .authorizeHttpRequests(req -> req.requestMatchers(WHITE_LIST_URL)
                .permitAll()
                .anyRequest()
                .authenticated())
-          .exceptionHandling( ex -> ex.authenticationEntryPoint(unauthorizedHandler))
+            .exceptionHandling(ex -> ex.authenticationEntryPoint(unauthorizedHandler))
            .sessionManagement(session -> session.sessionCreationPolicy(STATELESS))
            .authenticationProvider(authenticationProvider())
            .addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
@ -77,4 +77,3 @@ public class SecurityConfiguration {
    }

 }
-
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/userservice/UserDetailsImpl.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/jwtsignkey/userservice/UserDetailsImpl.java
@ -18,7 +18,6 @@ public class UserDetailsImpl implements UserDetails {
    @JsonIgnore
    private String password;

-
    public UserDetailsImpl(Long id, String username, String password) {
        this.id = id;
        this.username = username;
@ -28,17 +27,13 @@ public class UserDetailsImpl implements UserDetails {

    public static UserDetailsImpl build(User user) {

-
        return new UserDetailsImpl(user.getId(), user.getUsername(), user.getPassword());
    }

-
    public Long getId() {
        return id;
    }

-
-
    public static long getSerialversionuid() {
        return serialVersionUID;
    }
@ -78,8 +73,6 @@ public class UserDetailsImpl implements UserDetails {
        return true;
    }

-
-
    @Override
    public boolean equals(Object o) {
        if (this == o)
--- a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/request/LoginRequest.java
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/request/LoginRequest.java
@ -0,0 +1,24 @@
+package com.baeldung.request;
+
+public class LoginRequest {
+
+    private String username;
+
+    private String password;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}
--- a/spring-security-modules/spring-security-core-2/src/main/resources/application.properties
+++ b/spring-security-modules/spring-security-core-2/src/main/resources/application.properties
@ -1,3 +1,2 @@
-spring.thymeleaf.prefix=classpath:/templates/
 baeldung.app.jwtSecret= 404E635266556A586E3272357538782F413F4428472B4B6250645367566B5970
 baeldung.app.jwtExpirationMs= 8640000
--- a/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/jwtsecuritykey/JwtSignKeyIntegrationTest.java
+++ b/spring-security-modules/spring-security-core-2/src/test/java/com/baeldung/jwtsecuritykey/JwtSignKeyIntegrationTest.java
@ -0,0 +1,40 @@
+package com.baeldung.jwtsecuritykey;
+
+import com.baeldung.jwtsignkey.SpringJwtApplication;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest(classes = SpringJwtApplication.class)
+public class JwtSignKeyIntegrationTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    private MockMvc mvc;
+
+    @BeforeEach
+    private void setup() {
+        mvc = MockMvcBuilders.webAppContextSetup(context)
+          .apply(springSecurity())
+          .build();
+    }
+
+
+    @Test
+    public void givenAnonymous_whenAccessUserDashboard_thenForbidden() throws Exception {
+        mvc.perform(get("/user-dashboard"))
+          .andExpect(status().isUnauthorized());
+    }
+
+
+}
+