Implemented Login with JWT
This commit is contained in:
Maximilian Leopold
parent
48b3be41aa
commit
99512b4250
@ -37,6 +37,11 @@ dependencies {
|
||||
|
||||
compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.4.RELEASE'
|
||||
|
||||
//JWT
|
||||
compile 'io.jsonwebtoken:jjwt-api:0.10.5'
|
||||
runtime 'io.jsonwebtoken:jjwt-impl:0.10.5',
|
||||
'io.jsonwebtoken:jjwt-jackson:0.10.5'
|
||||
|
||||
}
|
||||
|
||||
node {
|
||||
|
||||
@ -1,20 +1,27 @@
|
||||
package hhn.labsw.bugageocaching.controller;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
|
||||
import hhn.labsw.bugageocaching.entities.*;
|
||||
import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
|
||||
import hhn.labsw.bugageocaching.repositories.*;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.crypto.bcrypt.BCrypt;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Random;
|
||||
import javax.annotation.PostConstruct;
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
import java.security.Key;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.atomic.AtomicLong;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
@RestController
|
||||
public class Controller {
|
||||
@ -44,6 +51,13 @@ public class Controller {
|
||||
StationReihenfolgeRepository stationReihenfolgeRepository;
|
||||
|
||||
private AtomicLong counter = new AtomicLong();
|
||||
byte[] key = new byte[64];
|
||||
|
||||
@PostConstruct
|
||||
public void init(){
|
||||
new SecureRandom().nextBytes(key);
|
||||
System.out.println(Arrays.toString(key));
|
||||
}
|
||||
|
||||
@CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
|
||||
@RequestMapping("/api/allCaches")
|
||||
@ -65,14 +79,32 @@ public class Controller {
|
||||
return ResponseEntity.status(404).body("User was not found");
|
||||
}
|
||||
|
||||
if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
|
||||
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
|
||||
|
||||
if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
|
||||
String token = Jwts.builder().setSubject(user.getUsername()).claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)).setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))).signWith(signatureAlgorithm, key).compact();
|
||||
System.out.println(token);
|
||||
|
||||
Claims claims = Jwts.parser()
|
||||
.setSigningKey(key)
|
||||
.parseClaimsJws(token).getBody();
|
||||
System.out.println("ID: " + claims.getId());
|
||||
System.out.println("Subject: " + claims.getSubject());
|
||||
System.out.println("Issuer: " + claims.getIssuer());
|
||||
System.out.println("Admin: " + claims.get("admin"));
|
||||
System.out.println("Expiration: " + claims.getExpiration());
|
||||
|
||||
return ResponseEntity.status(200).body(token);
|
||||
}
|
||||
|
||||
/*if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
|
||||
String token = user.getUsername() + BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
|
||||
String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt());
|
||||
userRepository.findByUsername(user.getUsername()).setToken(hashedToken);
|
||||
userRepository.save(userRepository.findByUsername(user.getUsername()));
|
||||
//return ResponseEntity.ok(new Gson().toJson(token));
|
||||
return ResponseEntity.status(200).body(token);
|
||||
}
|
||||
}*/
|
||||
return ResponseEntity.status(400).body("Es ist ein Fehler aufgetreten");
|
||||
}
|
||||
|
||||
@ -132,14 +164,14 @@ public class Controller {
|
||||
@ResponseBody
|
||||
public ResponseEntity logout(@RequestParam String token) {
|
||||
// System.out.println("logout");
|
||||
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
/*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
// System.out.println(token);
|
||||
// System.out.println(user.getToken());
|
||||
if (user == null || user.getToken().isEmpty()) {
|
||||
return ResponseEntity.status(404).body("User was not found");
|
||||
}
|
||||
user.setToken(null);
|
||||
userRepository.save(user);
|
||||
userRepository.save(user);*/
|
||||
return ResponseEntity.status(200).body("Token was deleted");
|
||||
}
|
||||
|
||||
|
||||
@ -31,4 +31,9 @@ public class Role {
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return name;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user