iSharkFly-Docs
/
java-tutorials
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#BAEL-7434: refactor jwt

This commit is contained in:
h_sharifi 2024-01-17 18:52:26 +03:30
parent 79b63e92fc
commit e8d187fec0
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
persistence-modules/spring-jpa-2/src/main/java/com/baeldung/multitenant/security/AuthenticationService.java
View File

@ -1,26 +1,31 @@
package com.baeldung.multitenant.security; package com.baeldung.multitenant.security;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.security.Keys;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import jakarta.servlet.http.HttpServletRequest; import javax.crypto.SecretKey;
import jakarta.servlet.http.HttpServletResponse; import java.nio.charset.StandardCharsets;
import java.util.Collections; import java.util.Collections;
import java.util.Date; import java.util.Date;
public class AuthenticationService { public class AuthenticationService {
private static final long EXPIRATIONTIME = 864_000_00; // 1 day in milliseconds private static final long EXPIRATIONTIME = 864_000_00; // 1 day in milliseconds
private static final String SIGNINGKEY = "SecretKey"; private static final String SECRETKEY = "q3t6w9zCFJNcQfTjWnq3t6w9zCFJNcQfTjWnZr4u7xADGKaPd";
private static final SecretKey SIGNINGKEY = Keys.hmacShaKeyFor(SECRETKEY.getBytes(StandardCharsets.UTF_8));
private static final String PREFIX = "Bearer"; private static final String PREFIX = "Bearer";
public static void addToken(HttpServletResponse res, String username, String tenant) { public static void addToken(HttpServletResponse res, String username, String tenant) {
String JwtToken = Jwts.builder().setSubject(username) String JwtToken = Jwts.builder()
.setAudience(tenant) .subject(username)
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME)) .audience().add(tenant).and()
.signWith(SignatureAlgorithm.HS512, SIGNINGKEY) .issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + EXPIRATIONTIME))
.signWith(SIGNINGKEY)
.compact(); .compact();
res.addHeader("Authorization", PREFIX + " " + JwtToken); res.addHeader("Authorization", PREFIX + " " + JwtToken);
} }
@ -29,9 +34,8 @@ public class AuthenticationService {
String token = req.getHeader("Authorization"); String token = req.getHeader("Authorization");
if (token != null) { if (token != null) {
String user = Jwts.parser() String user = Jwts.parser()
.setSigningKey(SIGNINGKEY) .verifyWith(SIGNINGKEY)
.build().parseClaimsJws(token.replace(PREFIX, "")) .build().parseClaimsJws(token.replace(PREFIX, "").trim()).getPayload()
.getBody()
.getSubject(); .getSubject();
if (user != null) { if (user != null) {
return new UsernamePasswordAuthenticationToken(user, null, Collections.emptyList()); return new UsernamePasswordAuthenticationToken(user, null, Collections.emptyList());
@ -48,7 +52,7 @@ public class AuthenticationService {
} }
String tenant = Jwts.parser() String tenant = Jwts.parser()
.setSigningKey(SIGNINGKEY) .setSigningKey(SIGNINGKEY)
.build().parseClaimsJws(token.replace(PREFIX, "")) .build().parseClaimsJws(token.replace(PREFIX, "").trim())
.getBody() .getBody()
.getAudience() .getAudience()
.iterator() .iterator()