tvolkmann/labswp_2019_sose_geocaching
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implemented Login with JWT

Browse Source
This commit is contained in:
Maximilian Leopold 2019-04-06 12:29:09 +02:00
parent 48b3be41aa
commit 99512b4250
3 changed files with 50 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
build.gradle
View File

@ -37,6 +37,11 @@ dependencies {
compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.4.RELEASE' compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.4.RELEASE'
//JWT
compile 'io.jsonwebtoken:jjwt-api:0.10.5'
runtime 'io.jsonwebtoken:jjwt-impl:0.10.5',
'io.jsonwebtoken:jjwt-jackson:0.10.5'
} }
node { node {

48
src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
View File

@ -1,20 +1,27 @@
package hhn.labsw.bugageocaching.controller; package hhn.labsw.bugageocaching.controller;
import com.google.gson.Gson; import com.google.gson.Gson;
import hhn.labsw.bugageocaching.entities.*; import hhn.labsw.bugageocaching.entities.*;
import hhn.labsw.bugageocaching.exceptions.IllegalParameterException; import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
import hhn.labsw.bugageocaching.repositories.*; import hhn.labsw.bugageocaching.repositories.*;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.bcrypt.BCrypt; import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import java.util.ArrayList; import javax.annotation.PostConstruct;
import java.util.List; import javax.xml.bind.DatatypeConverter;
import java.util.Optional; import java.security.Key;
import java.util.Random; import java.security.SecureRandom;
import java.util.*;
import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicLong;
import java.util.logging.Logger;
@RestController @RestController
public class Controller { public class Controller {
@ -44,6 +51,13 @@ public class Controller {
StationReihenfolgeRepository stationReihenfolgeRepository; StationReihenfolgeRepository stationReihenfolgeRepository;
private AtomicLong counter = new AtomicLong(); private AtomicLong counter = new AtomicLong();
byte[] key = new byte[64];
@PostConstruct
public void init(){
new SecureRandom().nextBytes(key);
System.out.println(Arrays.toString(key));
}
@CrossOrigin(origins = "http://localhost:8081") // only for dev purpose @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
@RequestMapping("/api/allCaches") @RequestMapping("/api/allCaches")
@ -65,14 +79,32 @@ public class Controller {
return ResponseEntity.status(404).body("User was not found"); return ResponseEntity.status(404).body("User was not found");
} }
if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) { SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
String token = Jwts.builder().setSubject(user.getUsername()).claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)).setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))).signWith(signatureAlgorithm, key).compact();
System.out.println(token);
Claims claims = Jwts.parser()
.setSigningKey(key)
.parseClaimsJws(token).getBody();
System.out.println("ID: " + claims.getId());
System.out.println("Subject: " + claims.getSubject());
System.out.println("Issuer: " + claims.getIssuer());
System.out.println("Admin: " + claims.get("admin"));
System.out.println("Expiration: " + claims.getExpiration());
return ResponseEntity.status(200).body(token);
}
/*if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
String token = user.getUsername() + BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt()); String token = user.getUsername() + BCrypt.hashpw(String.valueOf(System.currentTimeMillis() + counter.incrementAndGet()), BCrypt.gensalt());
String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt()); String hashedToken = BCrypt.hashpw(token, BCrypt.gensalt());
userRepository.findByUsername(user.getUsername()).setToken(hashedToken); userRepository.findByUsername(user.getUsername()).setToken(hashedToken);
userRepository.save(userRepository.findByUsername(user.getUsername())); userRepository.save(userRepository.findByUsername(user.getUsername()));
//return ResponseEntity.ok(new Gson().toJson(token)); //return ResponseEntity.ok(new Gson().toJson(token));
return ResponseEntity.status(200).body(token); return ResponseEntity.status(200).body(token);
} }*/
return ResponseEntity.status(400).body("Es ist ein Fehler aufgetreten"); return ResponseEntity.status(400).body("Es ist ein Fehler aufgetreten");
} }
@ -132,14 +164,14 @@ public class Controller {
@ResponseBody @ResponseBody
public ResponseEntity logout(@RequestParam String token) { public ResponseEntity logout(@RequestParam String token) {
// System.out.println("logout"); // System.out.println("logout");
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$"))); /*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
// System.out.println(token); // System.out.println(token);
// System.out.println(user.getToken()); // System.out.println(user.getToken());
if (user == null || user.getToken().isEmpty()) { if (user == null || user.getToken().isEmpty()) {
return ResponseEntity.status(404).body("User was not found"); return ResponseEntity.status(404).body("User was not found");
} }
user.setToken(null); user.setToken(null);
userRepository.save(user); userRepository.save(user);*/
return ResponseEntity.status(200).body("Token was deleted"); return ResponseEntity.status(200).body("Token was deleted");
} }

5
src/main/java/hhn/labsw/bugageocaching/entities/Role.java
View File

@ -31,4 +31,9 @@ public class Role {
public void setName(String name) { public void setName(String name) {
this.name = name; this.name = name;
} }
@Override
public String toString() {
return name;
}
} }