Suggest a feature
×

Welcome to TagMyCode

Please login or create account to add a snippet.
0
0
 
0
Language: Text
Posted by: Pityu Szivi
Added: May 13, 2020 10:45 AM
Views: 8
Tags: no tags
  1. package com.security.demo.security;
  2.  
  3. import com.auth0.jwt.JWT;
  4. import com.fasterxml.jackson.databind.ObjectMapper;
  5. import com.security.demo.models.LoginViewModel;
  6. import org.springframework.security.authentication.AuthenticationManager;
  7. import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
  8. import org.springframework.security.core.Authentication;
  9. import org.springframework.security.core.AuthenticationException;
  10. import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
  11.  
  12. import javax.servlet.FilterChain;
  13. import javax.servlet.ServletException;
  14. import javax.servlet.http.HttpServletRequest;
  15. import javax.servlet.http.HttpServletResponse;
  16. import java.io.IOException;
  17. import java.util.ArrayList;
  18. import java.util.Date;
  19.  
  20. import static com.auth0.jwt.algorithms.Algorithm.HMAC512;
  21.  
  22. public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
  23.   private AuthenticationManager authenticationManager;
  24.  
  25.   public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
  26.     this.authenticationManager = authenticationManager;
  27.   }
  28.  
  29.   /* Trigger when we issue POST request to /login
  30.   We also need to pass in {"username":"dan", "password":"dan123"} in the request body
  31.    */
  32.   @Override
  33.   public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
  34.  
  35.     // Grab credentials and map them to login viewmodel
  36.     LoginViewModel credentials = null;
  37.     try {
  38.       credentials = new ObjectMapper().readValue(request.getInputStream(), LoginViewModel.class);
  39.     } catch (IOException e) {
  40.       e.printStackTrace();
  41.     }
  42.  
  43.     // Create login token
  44.     UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
  45.             credentials.getUsername(),
  46.             credentials.getPassword(),
  47.             new ArrayList<>());
  48.  
  49.     // Authenticate user
  50.     Authentication auth = authenticationManager.authenticate(authenticationToken);
  51.  
  52.     return auth;
  53.   }
  54.  
  55.   @Override
  56.   protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
  57.     // Grab principal
  58.     UserPrincipal principal = (UserPrincipal) authResult.getPrincipal();
  59.  
  60.     // Create JWT Token
  61.     String token = JWT.create()
  62.             .withSubject(principal.getUsername())
  63.             .withExpiresAt(new Date(System.currentTimeMillis() + JwtProperties.EXPIRATION_TIME))
  64.             .sign(HMAC512(JwtProperties.SECRET.getBytes()));
  65.  
  66.     // Add token in response
  67.     response.addHeader(JwtProperties.HEADER_STRING, JwtProperties.TOKEN_PREFIX +  token);
  68.   }
  69. }
  70.