tvolkmann/labswp_2019_sose_geocaching
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implemented JWT

Browse Source
This commit is contained in:
Maximilian Leopold 2019-04-06 16:10:01 +02:00
parent affd0a20f8
commit d8780744a5
2 changed files with 89 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
src/main/java/hhn/labsw/bugageocaching/controller/Controller.java
View File

@ -6,6 +6,7 @@ import hhn.labsw.bugageocaching.entities.*;
import hhn.labsw.bugageocaching.exceptions.IllegalParameterException; import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
import hhn.labsw.bugageocaching.repositories.*; import hhn.labsw.bugageocaching.repositories.*;
import io.jsonwebtoken.Claims; import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys; import io.jsonwebtoken.security.Keys;
@ -54,7 +55,7 @@ public class Controller {
byte[] key = new byte[64]; byte[] key = new byte[64];
@PostConstruct @PostConstruct
public void init(){ public void init() {
new SecureRandom().nextBytes(key); new SecureRandom().nextBytes(key);
System.out.println(Arrays.toString(key)); System.out.println(Arrays.toString(key));
} }
@ -81,22 +82,23 @@ public class Controller {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){ if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
String token = Jwts.builder() String token = Jwts.builder()
.setSubject(user.getUsername()) .setSubject(user.getUsername())
.claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)) //True if user is admin .claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x -> x.getId() == 0)) //True if user is admin
.setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))) //One day expiration .setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))) //One day expiration
.signWith(signatureAlgorithm, key).compact(); .signWith(signatureAlgorithm, key)
System.out.println(token); .compact();
/*System.out.println(token);
Claims claims = Jwts.parser() Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key) .setSigningKey(key)
.parseClaimsJws(token).getBody(); .parseClaimsJws(token).getBody();
System.out.println("ID: " + claims.getId()); System.out.println("ID: " + claims.getId());
System.out.println("Subject: " + claims.getSubject()); System.out.println("Subject: " + claims.getSubject());
System.out.println("Issuer: " + claims.getIssuer()); System.out.println("Issuer: " + claims.getIssuer());
System.out.println("Admin: " + claims.get("admin")); System.out.println("Admin: " + claims.get("admin"));
System.out.println("Expiration: " + claims.getExpiration()); System.out.println("Expiration: " + claims.getExpiration());*/
return ResponseEntity.status(200).body(token); return ResponseEntity.status(200).body(token);
} }
@ -122,7 +124,13 @@ public class Controller {
Bearbeitet bearbeitet = new Bearbeitet(); Bearbeitet bearbeitet = new Bearbeitet();
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$"))); try {
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
User user = userRepository.findByUsername(claims.getSubject());
if (user == null) { if (user == null) {
return ResponseEntity.status(404).body("User was not found"); return ResponseEntity.status(404).body("User was not found");
} }
@ -151,6 +159,11 @@ public class Controller {
bearbeitetRepository.save(bearbeitet); bearbeitetRepository.save(bearbeitet);
return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet)); return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet));
} catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
}
} else { // kein angemeldeter User startet den cache(es wird nur der cache als parameter übergeben) } else { // kein angemeldeter User startet den cache(es wird nur der cache als parameter übergeben)
Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID)); Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
@ -163,6 +176,7 @@ public class Controller {
} }
} }
//Eigentlich brauchen wir mit JWT keine Logout Methode mehr.
@CrossOrigin(origins = "http://localhost:8081") // only for dev purpose @CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
@RequestMapping("/api/logout") @RequestMapping("/api/logout")
@ResponseBody @ResponseBody
@ -233,8 +247,21 @@ public class Controller {
@RequestMapping("/api/checkAdmin") @RequestMapping("/api/checkAdmin")
@ResponseBody @ResponseBody
public ResponseEntity checkAdmin(@RequestParam String token) { public ResponseEntity checkAdmin(@RequestParam String token) {
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
if(user == null){ try {
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
return ResponseEntity.status(200).body(claims.get("admin"));
}catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
}
/*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
if (user == null) {
return ResponseEntity.status(404).body("User was not found"); return ResponseEntity.status(404).body("User was not found");
} }
for (Role role : user.getRoles()) { for (Role role : user.getRoles()) {
@ -242,7 +269,7 @@ public class Controller {
return ResponseEntity.status(200).body("User is Admin"); return ResponseEntity.status(200).body("User is Admin");
} }
} }
return ResponseEntity.status(401).body("User is no Admin"); return ResponseEntity.status(401).body("User is no Admin");*/
} }
//Bis hier //Bis hier
@ -340,7 +367,14 @@ public class Controller {
@ResponseBody @ResponseBody
public ResponseEntity getMyCaches(@RequestParam String token) { public ResponseEntity getMyCaches(@RequestParam String token) {
try { try {
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
User user = userRepository.findByUsername(claims.getSubject());
if (user != null) { if (user != null) {
ArrayList<Bearbeitet> bearbeitetList = new ArrayList<>(); ArrayList<Bearbeitet> bearbeitetList = new ArrayList<>();
@ -353,8 +387,10 @@ public class Controller {
} else { } else {
return ResponseEntity.status(404).body("User was not found in the database"); return ResponseEntity.status(404).body("User was not found in the database");
} }
} catch (StringIndexOutOfBoundsException e) { } catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("Invalid token"); return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
} }
} }
@ -370,14 +406,21 @@ public class Controller {
@ResponseBody @ResponseBody
public ResponseEntity getUser(@RequestParam String token) { public ResponseEntity getUser(@RequestParam String token) {
try { try {
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$"))); Claims claims = Jwts.parser() //Parse JWT
.setSigningKey(key)
.parseClaimsJws(token).getBody();
User user = userRepository.findByUsername(claims.getSubject());
if (user != null) { if (user != null) {
return ResponseEntity.status(200).body(new Gson().toJson(user)); return ResponseEntity.status(200).body(new Gson().toJson(user));
} else { } else {
return ResponseEntity.status(404).body("User was not found in the database"); return ResponseEntity.status(404).body("User was not found in the database");
} }
} catch (StringIndexOutOfBoundsException e) { } catch (ExpiredJwtException e) {
return ResponseEntity.status(400).body("Invalid token"); return ResponseEntity.status(400).body("JWT Token expired");
} catch (Exception e){
return ResponseEntity.status(400).body("JWT Token invalid");
} }
} }
} }

11
src/main/java/hhn/labsw/bugageocaching/entities/User.java
View File

@ -26,9 +26,6 @@ public class User {
@ManyToMany @ManyToMany
private List<Role> roles; private List<Role> roles;
private String token;
@ManyToOne @ManyToOne
private Team team; private Team team;
@ -108,12 +105,4 @@ public class User {
this.roles = roles; this.roles = roles;
} }
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
} }