Implemented JWT
This commit is contained in:
Maximilian Leopold
parent
affd0a20f8
commit
d8780744a5
@ -6,6 +6,7 @@ import hhn.labsw.bugageocaching.entities.*;
|
||||
import hhn.labsw.bugageocaching.exceptions.IllegalParameterException;
|
||||
import hhn.labsw.bugageocaching.repositories.*;
|
||||
import io.jsonwebtoken.Claims;
|
||||
import io.jsonwebtoken.ExpiredJwtException;
|
||||
import io.jsonwebtoken.Jwts;
|
||||
import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
@ -54,7 +55,7 @@ public class Controller {
|
||||
byte[] key = new byte[64];
|
||||
|
||||
@PostConstruct
|
||||
public void init(){
|
||||
public void init() {
|
||||
new SecureRandom().nextBytes(key);
|
||||
System.out.println(Arrays.toString(key));
|
||||
}
|
||||
@ -81,22 +82,23 @@ public class Controller {
|
||||
|
||||
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
|
||||
|
||||
if(BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())){
|
||||
if (BCrypt.checkpw(user.getPassword(), userRepository.findByUsername(user.getUsername()).getPassword())) {
|
||||
String token = Jwts.builder()
|
||||
.setSubject(user.getUsername())
|
||||
.claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x->x.getId()==0)) //True if user is admin
|
||||
.claim("admin", userRepository.findByUsername(user.getUsername()).getRoles().stream().anyMatch(x -> x.getId() == 0)) //True if user is admin
|
||||
.setExpiration(new Date(new Date().getTime() + (1000 * 60 * 60 * 24))) //One day expiration
|
||||
.signWith(signatureAlgorithm, key).compact();
|
||||
System.out.println(token);
|
||||
.signWith(signatureAlgorithm, key)
|
||||
.compact();
|
||||
/*System.out.println(token);
|
||||
|
||||
Claims claims = Jwts.parser()
|
||||
Claims claims = Jwts.parser() //Parse JWT
|
||||
.setSigningKey(key)
|
||||
.parseClaimsJws(token).getBody();
|
||||
System.out.println("ID: " + claims.getId());
|
||||
System.out.println("Subject: " + claims.getSubject());
|
||||
System.out.println("Issuer: " + claims.getIssuer());
|
||||
System.out.println("Admin: " + claims.get("admin"));
|
||||
System.out.println("Expiration: " + claims.getExpiration());
|
||||
System.out.println("Expiration: " + claims.getExpiration());*/
|
||||
|
||||
return ResponseEntity.status(200).body(token);
|
||||
}
|
||||
@ -122,7 +124,13 @@ public class Controller {
|
||||
|
||||
Bearbeitet bearbeitet = new Bearbeitet();
|
||||
|
||||
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
try {
|
||||
Claims claims = Jwts.parser() //Parse JWT
|
||||
.setSigningKey(key)
|
||||
.parseClaimsJws(token).getBody();
|
||||
|
||||
|
||||
User user = userRepository.findByUsername(claims.getSubject());
|
||||
if (user == null) {
|
||||
return ResponseEntity.status(404).body("User was not found");
|
||||
}
|
||||
@ -151,6 +159,11 @@ public class Controller {
|
||||
bearbeitetRepository.save(bearbeitet);
|
||||
|
||||
return ResponseEntity.status(200).body(new Gson().toJson(bearbeitet));
|
||||
} catch (ExpiredJwtException e) {
|
||||
return ResponseEntity.status(400).body("JWT Token expired");
|
||||
} catch (Exception e){
|
||||
return ResponseEntity.status(400).body("JWT Token invalid");
|
||||
}
|
||||
|
||||
} else { // kein angemeldeter User startet den cache(es wird nur der cache als parameter übergeben)
|
||||
Optional<Cache> cacheOptional = cacheRepository.findById(Integer.valueOf(cacheID));
|
||||
@ -163,6 +176,7 @@ public class Controller {
|
||||
}
|
||||
}
|
||||
|
||||
//Eigentlich brauchen wir mit JWT keine Logout Methode mehr.
|
||||
@CrossOrigin(origins = "http://localhost:8081") // only for dev purpose
|
||||
@RequestMapping("/api/logout")
|
||||
@ResponseBody
|
||||
@ -233,8 +247,21 @@ public class Controller {
|
||||
@RequestMapping("/api/checkAdmin")
|
||||
@ResponseBody
|
||||
public ResponseEntity checkAdmin(@RequestParam String token) {
|
||||
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
if(user == null){
|
||||
|
||||
try {
|
||||
Claims claims = Jwts.parser() //Parse JWT
|
||||
.setSigningKey(key)
|
||||
.parseClaimsJws(token).getBody();
|
||||
|
||||
return ResponseEntity.status(200).body(claims.get("admin"));
|
||||
}catch (ExpiredJwtException e) {
|
||||
return ResponseEntity.status(400).body("JWT Token expired");
|
||||
} catch (Exception e){
|
||||
return ResponseEntity.status(400).body("JWT Token invalid");
|
||||
}
|
||||
|
||||
/*User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
if (user == null) {
|
||||
return ResponseEntity.status(404).body("User was not found");
|
||||
}
|
||||
for (Role role : user.getRoles()) {
|
||||
@ -242,7 +269,7 @@ public class Controller {
|
||||
return ResponseEntity.status(200).body("User is Admin");
|
||||
}
|
||||
}
|
||||
return ResponseEntity.status(401).body("User is no Admin");
|
||||
return ResponseEntity.status(401).body("User is no Admin");*/
|
||||
}
|
||||
|
||||
//Bis hier
|
||||
@ -340,7 +367,14 @@ public class Controller {
|
||||
@ResponseBody
|
||||
public ResponseEntity getMyCaches(@RequestParam String token) {
|
||||
try {
|
||||
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
|
||||
Claims claims = Jwts.parser() //Parse JWT
|
||||
.setSigningKey(key)
|
||||
.parseClaimsJws(token).getBody();
|
||||
|
||||
|
||||
User user = userRepository.findByUsername(claims.getSubject());
|
||||
|
||||
if (user != null) {
|
||||
ArrayList<Bearbeitet> bearbeitetList = new ArrayList<>();
|
||||
|
||||
@ -353,8 +387,10 @@ public class Controller {
|
||||
} else {
|
||||
return ResponseEntity.status(404).body("User was not found in the database");
|
||||
}
|
||||
} catch (StringIndexOutOfBoundsException e) {
|
||||
return ResponseEntity.status(400).body("Invalid token");
|
||||
} catch (ExpiredJwtException e) {
|
||||
return ResponseEntity.status(400).body("JWT Token expired");
|
||||
} catch (Exception e){
|
||||
return ResponseEntity.status(400).body("JWT Token invalid");
|
||||
}
|
||||
}
|
||||
|
||||
@ -370,14 +406,21 @@ public class Controller {
|
||||
@ResponseBody
|
||||
public ResponseEntity getUser(@RequestParam String token) {
|
||||
try {
|
||||
User user = userRepository.findByUsername(token.substring(0, token.indexOf("$")));
|
||||
Claims claims = Jwts.parser() //Parse JWT
|
||||
.setSigningKey(key)
|
||||
.parseClaimsJws(token).getBody();
|
||||
|
||||
|
||||
User user = userRepository.findByUsername(claims.getSubject());
|
||||
if (user != null) {
|
||||
return ResponseEntity.status(200).body(new Gson().toJson(user));
|
||||
} else {
|
||||
return ResponseEntity.status(404).body("User was not found in the database");
|
||||
}
|
||||
} catch (StringIndexOutOfBoundsException e) {
|
||||
return ResponseEntity.status(400).body("Invalid token");
|
||||
} catch (ExpiredJwtException e) {
|
||||
return ResponseEntity.status(400).body("JWT Token expired");
|
||||
} catch (Exception e){
|
||||
return ResponseEntity.status(400).body("JWT Token invalid");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -26,9 +26,6 @@ public class User {
|
||||
@ManyToMany
|
||||
private List<Role> roles;
|
||||
|
||||
private String token;
|
||||
|
||||
|
||||
@ManyToOne
|
||||
private Team team;
|
||||
|
||||
@ -108,12 +105,4 @@ public class User {
|
||||
this.roles = roles;
|
||||
}
|
||||
|
||||
public String getToken() {
|
||||
return token;
|
||||
}
|
||||
|
||||
public void setToken(String token) {
|
||||
this.token = token;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user