• Home
• io.smsc
• core
• 0.0.2
• source code
• AuthController.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.smsc.controller.AuthController Maven / Gradle / Ivy

package io.smsc.controller;

import io.smsc.jwt.model.*;
import io.smsc.jwt.service.JWTTokenGenerationService;
import io.smsc.jwt.service.JWTUserDetailsService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import static org.springframework.util.MimeTypeUtils.APPLICATION_JSON_VALUE;

/**
 * The AuthController class is used for mapping HTTP requests for receiving and updating
 * access and refresh tokens onto specific methods
 *
 * @author Nazar Lipkovskyy
 * @since 0.0.1-SNAPSHOT
 */
@RestController
public class AuthController {

    private static final Logger LOG = LoggerFactory.getLogger(AuthController.class);

    private final JWTTokenGenerationService jwtTokenGenerationService;

    private final JWTUserDetailsService jwtUserDetailsService;

    @Autowired
    public AuthController(JWTTokenGenerationService jwtTokenGenerationService, JWTUserDetailsService jwtUserDetailsService) {
        this.jwtTokenGenerationService = jwtTokenGenerationService;
        this.jwtUserDetailsService = jwtUserDetailsService;
    }

    /**
     * Method to receive {@link ResponseEntity} with {@link JWTAuthenticationResponse}
     * which contains access and refresh tokens.
     *
     * @param request  the {@link JWTAuthenticationRequest} to take credentials from
     * @param response the {@link HttpServletResponse} to provide HTTP-specific
     *                 functionality in sending a response
     * @return the {@link JWTAuthenticationResponse} with valid access and
     * refresh tokens
     * @throws IOException on input error
     */
    @PostMapping(path = "/rest/auth/token", consumes = APPLICATION_JSON_VALUE, produces = APPLICATION_JSON_VALUE)
    public ResponseEntity token(@RequestBody JWTAuthenticationRequest request, HttpServletResponse response) throws IOException {
        try {
            JWTUser jwtUser = jwtUserDetailsService.loadUserByUsername(request.getUsername());
            Boolean hasRoles = false;
            for(GrantedAuthority authority : jwtUser.getAuthorities()) {
                if(authority.getAuthority().equals("ROLE_ADMIN_USER") || authority.getAuthority().equals("ROLE_POWER_ADMIN_USER")) {
                    hasRoles = true;
                    break;
                }
            }
            if(!hasRoles) {
                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Current user has no appropriate roles. Please contact your administrator");
                return null;
            }
            if (jwtUser.getPassword().equals(request.getPassword())) {
                JWTAuthenticationResponse token = new JWTAuthenticationResponse(jwtTokenGenerationService.generateAccessToken(jwtUser), jwtTokenGenerationService.generateRefreshToken(jwtUser));
                return new ResponseEntity<>(token, HttpStatus.OK);
            }
        }
        catch (Exception ex) {
            LOG.debug("Some exception occurred", ex);
            // going to send error
        }

        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Credentials are invalid. Please enter valid username and password");
        return null;
    }

    /**
     * Method to receive {@link ResponseEntity} with {@link JWTRefreshTokenResponse}
     * which contains refreshed access token.
     *
     * @param request  the {@link JWTRefreshTokenRequest} to take valid refresh
     *                 token and expired access token from
     * @param response the {@link HttpServletResponse} to provide HTTP-specific
     *                 functionality in sending a response
     * @return the {@link JWTRefreshTokenResponse} with refreshed access token
     * @throws IOException on input error
     */
    @PutMapping(path = "/rest/auth/token", consumes = APPLICATION_JSON_VALUE, produces = APPLICATION_JSON_VALUE)
    public ResponseEntity token(@RequestBody JWTRefreshTokenRequest request, HttpServletResponse response) throws IOException {
        try {
            String expiredAccessToken = request.getExpiredToken();
            String refreshToken = request.getRefreshToken();
            JWTUser jwtUser = jwtUserDetailsService.loadUserByUsername(jwtTokenGenerationService.getUsernameFromToken(refreshToken));
            if (jwtTokenGenerationService.validateToken(refreshToken, jwtUser) || jwtTokenGenerationService.getUsernameFromToken(expiredAccessToken).equals(jwtUser.getUsername())) {
                JWTRefreshTokenResponse token = new JWTRefreshTokenResponse(jwtTokenGenerationService.refreshToken(expiredAccessToken));
                return new ResponseEntity<>(token, HttpStatus.OK);
            }
        } catch (Exception ex) {
            LOG.debug("Some exception occurred", ex);
            // going to send error
        }
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Refresh or expired access token is invalid. Please enter valid tokens");
        return null;
    }
}