get current user success
This commit is contained in:
aisensiy
28
src/main/java/io/spring/api/CurrentUserApi.java
Normal file
28
src/main/java/io/spring/api/CurrentUserApi.java
Normal file
@@ -0,0 +1,28 @@
|
||||
package io.spring.api;
|
||||
|
||||
import io.spring.application.user.UserQueryService;
|
||||
import io.spring.core.user.User;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.web.bind.annotation.RequestHeader;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
public class CurrentUserApi {
|
||||
private UserQueryService userQueryService;
|
||||
|
||||
@Autowired
|
||||
public CurrentUserApi(UserQueryService userQueryService) {
|
||||
this.userQueryService = userQueryService;
|
||||
}
|
||||
|
||||
@RequestMapping(path = "/user", method = RequestMethod.GET)
|
||||
public ResponseEntity currentUser(@AuthenticationPrincipal User currentUser,
|
||||
@RequestHeader(value = "Authorization") String authorization) {
|
||||
return ResponseEntity.ok(userQueryService.fetchCurrentUser(currentUser.getUsername(), authorization.split(" ")[1]));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -12,8 +12,10 @@ import org.hibernate.validator.constraints.NotBlank;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.validation.BindingResult;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestHeader;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
@@ -21,21 +23,22 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
import javax.validation.Valid;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/users")
|
||||
public class UsersApi {
|
||||
private UserRepository userRepository;
|
||||
private UserQueryService userQueryService;
|
||||
private String defaultImage;
|
||||
|
||||
@Autowired
|
||||
public UsersApi(UserRepository userRepository, UserQueryService userQueryService, @Value("${image.default}") String defaultImage) {
|
||||
public UsersApi(UserRepository userRepository,
|
||||
UserQueryService userQueryService,
|
||||
@Value("${image.default}") String defaultImage) {
|
||||
this.userRepository = userRepository;
|
||||
this.userQueryService = userQueryService;
|
||||
this.defaultImage = defaultImage;
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public ResponseEntity creeteUser(@Valid @RequestBody RegisterParam registerParam, BindingResult bindingResult) {
|
||||
@RequestMapping(path = "/users", method = RequestMethod.POST)
|
||||
public ResponseEntity createUser(@Valid @RequestBody RegisterParam registerParam, BindingResult bindingResult) {
|
||||
if (bindingResult.hasErrors()) {
|
||||
throw new InvalidRequestException(bindingResult);
|
||||
}
|
||||
|
||||
60
src/main/java/io/spring/api/security/JwtTokenFilter.java
Normal file
60
src/main/java/io/spring/api/security/JwtTokenFilter.java
Normal file
@@ -0,0 +1,60 @@
|
||||
package io.spring.api.security;
|
||||
|
||||
import io.spring.application.JwtService;
|
||||
import io.spring.core.user.User;
|
||||
import io.spring.core.user.UserRepository;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.Optional;
|
||||
|
||||
@SuppressWarnings("SpringJavaAutowiringInspection")
|
||||
public class JwtTokenFilter extends OncePerRequestFilter {
|
||||
@Autowired
|
||||
private UserRepository userRepository;
|
||||
|
||||
@Autowired
|
||||
private JwtService jwtService;
|
||||
|
||||
private String header = "Authorization";
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
||||
getTokenString(request.getHeader(header)).ifPresent(token -> {
|
||||
jwtService.getSubFromToken(token).ifPresent(username -> {
|
||||
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
User user = userRepository.findByUsername(username).get();
|
||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
|
||||
user,
|
||||
null,
|
||||
Collections.emptyList()
|
||||
);
|
||||
authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
private Optional<String> getTokenString(String header) {
|
||||
if (header == null || header.split("").length < 2) {
|
||||
return Optional.empty();
|
||||
} else {
|
||||
return Optional.ofNullable(header.split(" ")[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
33
src/main/java/io/spring/api/security/WebSecurityConfig.java
Normal file
33
src/main/java/io/spring/api/security/WebSecurityConfig.java
Normal file
@@ -0,0 +1,33 @@
|
||||
package io.spring.api.security;
|
||||
|
||||
import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
@Bean
|
||||
public JwtTokenFilter jwtTokenFilter() {
|
||||
return new JwtTokenFilter();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable()
|
||||
.exceptionHandling().authenticationEntryPoint(new Http401AuthenticationEntryPoint("Unauthenticated"))
|
||||
.and()
|
||||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
|
||||
.authorizeRequests()
|
||||
.antMatchers(HttpMethod.POST, "/users", "/users/login").permitAll()
|
||||
.anyRequest().authenticated();
|
||||
|
||||
http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,11 @@
|
||||
package io.spring.application;
|
||||
|
||||
import io.spring.application.user.UserData;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
@Service
|
||||
public interface JwtService {
|
||||
String toToken(UserData userData);
|
||||
|
||||
|
||||
@@ -20,6 +20,9 @@ public class UserQueryService {
|
||||
return new UserWithToken(userData, jwtService.toToken(userData));
|
||||
}
|
||||
|
||||
public UserWithToken fetchCurrentUser(String username, String token) {
|
||||
return new UserWithToken(userReadService.findOne(username), token);
|
||||
}
|
||||
}
|
||||
|
||||
@JsonRootName("user")
|
||||
|
||||
@@ -7,17 +7,20 @@ import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.SignatureException;
|
||||
import io.spring.application.JwtService;
|
||||
import io.spring.application.user.UserData;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.Optional;
|
||||
|
||||
@Service
|
||||
@Component
|
||||
public class DefaultJwtService implements JwtService {
|
||||
private String secret;
|
||||
private int sessionTime;
|
||||
|
||||
@Autowired
|
||||
public DefaultJwtService(@Value("${jwt.secret}") String secret,
|
||||
@Value("${jwt.sessionTime}") int sessionTime) {
|
||||
this.secret = secret;
|
||||
|
||||
Reference in New Issue
Block a user