├── .gitignore
├── .mvn
└── wrapper
│ ├── MavenWrapperDownloader.java
│ ├── maven-wrapper.jar
│ └── maven-wrapper.properties
├── README.md
├── mvnw
├── mvnw.cmd
├── pom.xml
├── spring-boot-jwt-authentication-spring-security-architecture.png
├── spring-boot-refresh-token-jwt-example-flow.png
├── spring-boot-spring-security-jwt-authentication-flow.png
└── src
├── main
├── java
│ └── com
│ │ └── bezkoder
│ │ └── spring
│ │ └── security
│ │ └── jwt
│ │ ├── SpringBootSecurityJwtApplication.java
│ │ ├── advice
│ │ ├── ErrorMessage.java
│ │ └── TokenControllerAdvice.java
│ │ ├── controllers
│ │ ├── AuthController.java
│ │ └── TestController.java
│ │ ├── exception
│ │ └── TokenRefreshException.java
│ │ ├── models
│ │ ├── ERole.java
│ │ ├── RefreshToken.java
│ │ ├── Role.java
│ │ └── User.java
│ │ ├── payload
│ │ ├── request
│ │ │ ├── LoginRequest.java
│ │ │ ├── SignupRequest.java
│ │ │ └── TokenRefreshRequest.java
│ │ └── response
│ │ │ ├── JwtResponse.java
│ │ │ ├── MessageResponse.java
│ │ │ └── TokenRefreshResponse.java
│ │ ├── repository
│ │ ├── RefreshTokenRepository.java
│ │ ├── RoleRepository.java
│ │ └── UserRepository.java
│ │ └── security
│ │ ├── WebSecurityConfig.java
│ │ ├── jwt
│ │ ├── AuthEntryPointJwt.java
│ │ ├── AuthTokenFilter.java
│ │ └── JwtUtils.java
│ │ └── services
│ │ ├── RefreshTokenService.java
│ │ ├── UserDetailsImpl.java
│ │ └── UserDetailsServiceImpl.java
└── resources
│ └── application.properties
└── test
└── java
└── com
└── bezkoder
└── spring
└── security
└── jwt
└── SpringBootSecurityJwtApplicationTests.java
/.gitignore:
--------------------------------------------------------------------------------
1 | HELP.md
2 | target/
3 | !.mvn/wrapper/maven-wrapper.jar
4 | !**/src/main/**/target/
5 | !**/src/test/**/target/
6 |
7 | ### STS ###
8 | .apt_generated
9 | .classpath
10 | .factorypath
11 | .project
12 | .settings
13 | .springBeans
14 | .sts4-cache
15 |
16 | ### IntelliJ IDEA ###
17 | .idea
18 | *.iws
19 | *.iml
20 | *.ipr
21 |
22 | ### NetBeans ###
23 | /nbproject/private/
24 | /nbbuild/
25 | /dist/
26 | /nbdist/
27 | /.nb-gradle/
28 | build/
29 | !**/src/main/**/build/
30 | !**/src/test/**/build/
31 |
32 | ### VS Code ###
33 | .vscode/
34 |
--------------------------------------------------------------------------------
/.mvn/wrapper/MavenWrapperDownloader.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2007-present the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * https://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | import java.net.*;
17 | import java.io.*;
18 | import java.nio.channels.*;
19 | import java.util.Properties;
20 |
21 | public class MavenWrapperDownloader {
22 |
23 | private static final String WRAPPER_VERSION = "0.5.6";
24 | /**
25 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
26 | */
27 | private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
28 | + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
29 |
30 | /**
31 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
32 | * use instead of the default one.
33 | */
34 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
35 | ".mvn/wrapper/maven-wrapper.properties";
36 |
37 | /**
38 | * Path where the maven-wrapper.jar will be saved to.
39 | */
40 | private static final String MAVEN_WRAPPER_JAR_PATH =
41 | ".mvn/wrapper/maven-wrapper.jar";
42 |
43 | /**
44 | * Name of the property which should be used to override the default download url for the wrapper.
45 | */
46 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
47 |
48 | public static void main(String args[]) {
49 | System.out.println("- Downloader started");
50 | File baseDirectory = new File(args[0]);
51 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
52 |
53 | // If the maven-wrapper.properties exists, read it and check if it contains a custom
54 | // wrapperUrl parameter.
55 | File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
56 | String url = DEFAULT_DOWNLOAD_URL;
57 | if(mavenWrapperPropertyFile.exists()) {
58 | FileInputStream mavenWrapperPropertyFileInputStream = null;
59 | try {
60 | mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
61 | Properties mavenWrapperProperties = new Properties();
62 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
63 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
64 | } catch (IOException e) {
65 | System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
66 | } finally {
67 | try {
68 | if(mavenWrapperPropertyFileInputStream != null) {
69 | mavenWrapperPropertyFileInputStream.close();
70 | }
71 | } catch (IOException e) {
72 | // Ignore ...
73 | }
74 | }
75 | }
76 | System.out.println("- Downloading from: " + url);
77 |
78 | File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
79 | if(!outputFile.getParentFile().exists()) {
80 | if(!outputFile.getParentFile().mkdirs()) {
81 | System.out.println(
82 | "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
83 | }
84 | }
85 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
86 | try {
87 | downloadFileFromURL(url, outputFile);
88 | System.out.println("Done");
89 | System.exit(0);
90 | } catch (Throwable e) {
91 | System.out.println("- Error downloading");
92 | e.printStackTrace();
93 | System.exit(1);
94 | }
95 | }
96 |
97 | private static void downloadFileFromURL(String urlString, File destination) throws Exception {
98 | if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) {
99 | String username = System.getenv("MVNW_USERNAME");
100 | char[] password = System.getenv("MVNW_PASSWORD").toCharArray();
101 | Authenticator.setDefault(new Authenticator() {
102 | @Override
103 | protected PasswordAuthentication getPasswordAuthentication() {
104 | return new PasswordAuthentication(username, password);
105 | }
106 | });
107 | }
108 | URL website = new URL(urlString);
109 | ReadableByteChannel rbc;
110 | rbc = Channels.newChannel(website.openStream());
111 | FileOutputStream fos = new FileOutputStream(destination);
112 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
113 | fos.close();
114 | rbc.close();
115 | }
116 |
117 | }
118 |
--------------------------------------------------------------------------------
/.mvn/wrapper/maven-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bezkoder/spring-boot-refresh-token-jwt/154154b07694799d0718be75536bf2d7845d829e/.mvn/wrapper/maven-wrapper.jar
--------------------------------------------------------------------------------
/.mvn/wrapper/maven-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
2 | wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
3 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Spring Boot Refresh Token with JWT example
2 |
3 | Build JWT Refresh Token in the Java Spring Boot Application. You can know how to expire the JWT, then renew the Access Token with Refresh Token.
4 |
5 | The instruction can be found at:
6 | [Spring Boot Refresh Token with JWT example](https://bezkoder.com/spring-boot-refresh-token-jwt/)
7 |
8 | ## User Registration, User Login and Authorization process.
9 | The diagram shows flow of how we implement User Registration, User Login and Authorization process.
10 |
11 | 
12 |
13 | And this is for Refresh Token:
14 |
15 | 
16 |
17 | ## Spring Boot Server Architecture with Spring Security
18 | You can have an overview of our Spring Boot Server with the diagram below:
19 |
20 | 
21 |
22 | ## Configure Spring Datasource, JPA, App properties
23 | Open `src/main/resources/application.properties`
24 |
25 | ```properties
26 | spring.datasource.url= jdbc:mysql://localhost:3306/testdb?useSSL=false
27 | spring.datasource.username= root
28 | spring.datasource.password= 123456
29 |
30 | spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQL5InnoDBDialect
31 | spring.jpa.hibernate.ddl-auto= update
32 |
33 | # App Properties
34 | bezkoder.app.jwtSecret= bezKoderSecretKey
35 | bezkoder.app.jwtExpirationMs= 3600000
36 | bezkoder.app.jwtRefreshExpirationMs= 86400000
37 | ```
38 |
39 | ## Run Spring Boot application
40 | ```
41 | mvn spring-boot:run
42 | ```
43 |
44 | ## Run following SQL insert statements
45 | ```
46 | INSERT INTO roles(name) VALUES('ROLE_USER');
47 | INSERT INTO roles(name) VALUES('ROLE_MODERATOR');
48 | INSERT INTO roles(name) VALUES('ROLE_ADMIN');
49 | ```
50 |
51 | Related Posts:
52 | > [Spring Boot JWT Refresh Token using HttpOnly Cookies](https://www.bezkoder.com/spring-security-refresh-token/)
53 |
54 | > [Spring Boot, Spring Security, MySQL: JWT Authentication & Authorization example](https://bezkoder.com/spring-boot-jwt-authentication/)
55 |
56 | > [For PostgreSQL](https://bezkoder.com/spring-boot-security-postgresql-jwt-authentication/)
57 |
58 | > [For MongoDB](https://bezkoder.com/spring-boot-jwt-auth-mongodb/)
59 |
60 | ## More Practice:
61 | > [Spring Boot File upload example with Multipart File](https://bezkoder.com/spring-boot-file-upload/)
62 |
63 | > [Exception handling: @RestControllerAdvice example in Spring Boot](https://bezkoder.com/spring-boot-restcontrolleradvice/)
64 |
65 | > [Spring Boot Repository Unit Test with @DataJpaTest](https://bezkoder.com/spring-boot-unit-test-jpa-repo-datajpatest/)
66 |
67 | > [Spring Boot Pagination & Sorting example](https://www.bezkoder.com/spring-boot-pagination-sorting-example/)
68 |
69 | Associations:
70 | > [Spring Boot One To Many example with Spring JPA, Hibernate](https://www.bezkoder.com/jpa-one-to-many/)
71 |
72 | > [Spring Boot Many To Many example with Spring JPA, Hibernate](https://www.bezkoder.com/jpa-many-to-many/)
73 |
74 | > [JPA One To One example with Spring Boot](https://www.bezkoder.com/jpa-one-to-one/)
75 |
76 | Deployment:
77 | > [Deploy Spring Boot App on AWS – Elastic Beanstalk](https://www.bezkoder.com/deploy-spring-boot-aws-eb/)
78 |
79 | > [Docker Compose Spring Boot and MySQL example](https://www.bezkoder.com/docker-compose-spring-boot-mysql/)
80 |
81 | ## Fullstack Authentication
82 |
83 | > [Spring Boot + Vue.js JWT Authentication](https://bezkoder.com/spring-boot-vue-js-authentication-jwt-spring-security/)
84 |
85 | > [Spring Boot + Angular 8 JWT Authentication](https://bezkoder.com/angular-spring-boot-jwt-auth/)
86 |
87 | > [Spring Boot + Angular 10 JWT Authentication](https://bezkoder.com/angular-10-spring-boot-jwt-auth/)
88 |
89 | > [Spring Boot + Angular 11 JWT Authentication](https://bezkoder.com/angular-11-spring-boot-jwt-auth/)
90 |
91 | > [Spring Boot + Angular 12 JWT Authentication](https://www.bezkoder.com/angular-12-spring-boot-jwt-auth/)
92 |
93 | > [Spring Boot + Angular 13 JWT Authentication](https://www.bezkoder.com/angular-13-spring-boot-jwt-auth/)
94 |
95 | > [Spring Boot + Angular 14 JWT Authentication](https://www.bezkoder.com/angular-14-spring-boot-jwt-auth/)
96 |
97 | > [Spring Boot + Angular 15 JWT Authentication](https://www.bezkoder.com/angular-15-spring-boot-jwt-auth/)
98 |
99 | > [Spring Boot + Angular 16 JWT Authentication](https://www.bezkoder.com/angular-16-spring-boot-jwt-auth/)
100 |
101 | > [Spring Boot + Angular 17 JWT Authentication](https://www.bezkoder.com/angular-17-spring-boot-jwt-auth/)
102 |
103 | > [Spring Boot + React JWT Authentication](https://bezkoder.com/spring-boot-react-jwt-auth/)
104 |
105 | ## Fullstack CRUD App
106 |
107 | > [Vue.js + Spring Boot + H2 Embedded database example](https://www.bezkoder.com/spring-boot-vue-js-crud-example/)
108 |
109 | > [Vue.js + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-vue-js-mysql/)
110 |
111 | > [Vue.js + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-vue-js-postgresql/)
112 |
113 | > [Angular 8 + Spring Boot + Embedded database example](https://www.bezkoder.com/angular-spring-boot-crud/)
114 |
115 | > [Angular 8 + Spring Boot + MySQL example](https://bezkoder.com/angular-spring-boot-crud/)
116 |
117 | > [Angular 8 + Spring Boot + PostgreSQL example](https://bezkoder.com/angular-spring-boot-postgresql/)
118 |
119 | > [Angular 10 + Spring Boot + MySQL example](https://bezkoder.com/angular-10-spring-boot-crud/)
120 |
121 | > [Angular 10 + Spring Boot + PostgreSQL example](https://bezkoder.com/angular-10-spring-boot-postgresql/)
122 |
123 | > [Angular 11 + Spring Boot + MySQL example](https://bezkoder.com/angular-11-spring-boot-crud/)
124 |
125 | > [Angular 11 + Spring Boot + PostgreSQL example](https://bezkoder.com/angular-11-spring-boot-postgresql/)
126 |
127 | > [Angular 12 + Spring Boot + Embedded database example](https://www.bezkoder.com/angular-12-spring-boot-crud/)
128 |
129 | > [Angular 12 + Spring Boot + MySQL example](https://www.bezkoder.com/angular-12-spring-boot-mysql/)
130 |
131 | > [Angular 12 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/angular-12-spring-boot-postgresql/)
132 |
133 | > [Angular 13 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-13-crud/)
134 |
135 | > [Angular 13 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-13-mysql/)
136 |
137 | > [Angular 13 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-13-postgresql/)
138 |
139 | > [Angular 14 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-14-crud/)
140 |
141 | > [Angular 14 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-14-mysql/)
142 |
143 | > [Angular 14 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-14-postgresql/)
144 |
145 | > [Angular 15 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-15-mysql/)
146 |
147 | > [Angular 15 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-15-postgresql/)
148 |
149 | > [Angular 15 + Spring Boot + MongoDB example](https://www.bezkoder.com/spring-boot-angular-15-mongodb/)
150 |
151 | > [Angular 16 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-16-crud/)
152 |
153 | > [Angular 16 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-16-mysql/)
154 |
155 | > [Angular 16 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-16-postgresql/)
156 |
157 | > [Angular 16 + Spring Boot + MongoDB example](https://www.bezkoder.com/spring-boot-angular-16-mongodb/)
158 |
159 | > [Angular 17 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-17-crud/)
160 |
161 | > [Angular 17 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-17-mysql/)
162 |
163 | > [Angular 17 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-17-postgresql/)
164 |
165 | > [Angular 17 + Spring Boot + MongoDB example](https://www.bezkoder.com/spring-boot-angular-17-mongodb/)
166 |
167 | > [React + Spring Boot + MySQL example](https://bezkoder.com/react-spring-boot-crud/)
168 |
169 | > [React + Spring Boot + PostgreSQL example](https://bezkoder.com/spring-boot-react-postgresql/)
170 |
171 | > [React + Spring Boot + MongoDB example](https://bezkoder.com/react-spring-boot-mongodb/)
172 |
173 | Run both Back-end & Front-end in one place:
174 | > [Integrate Angular with Spring Boot Rest API](https://bezkoder.com/integrate-angular-spring-boot/)
175 |
176 | > [Integrate React.js with Spring Boot Rest API](https://bezkoder.com/integrate-reactjs-spring-boot/)
177 |
178 | > [Integrate Vue.js with Spring Boot Rest API](https://bezkoder.com/integrate-vue-spring-boot/)
179 |
180 | ## More Practice:
181 | > [Spring Boot File upload example with Multipart File](https://bezkoder.com/spring-boot-file-upload/)
182 |
183 | > [Exception handling: @RestControllerAdvice example in Spring Boot](https://bezkoder.com/spring-boot-restcontrolleradvice/)
184 |
185 | > [Spring Boot Repository Unit Test with @DataJpaTest](https://bezkoder.com/spring-boot-unit-test-jpa-repo-datajpatest/)
186 |
187 | > [Spring Boot Pagination & Sorting example](https://www.bezkoder.com/spring-boot-pagination-sorting-example/)
188 |
189 | Associations:
190 | > [JPA/Hibernate One To Many example](https://www.bezkoder.com/jpa-one-to-many/)
191 |
192 | > [JPA/Hibernate Many To Many example](https://www.bezkoder.com/jpa-many-to-many/)
193 |
194 | > [JPA/Hibernate One To One example](https://www.bezkoder.com/jpa-one-to-one/)
195 |
196 | Deployment:
197 | > [Deploy Spring Boot App on AWS – Elastic Beanstalk](https://www.bezkoder.com/deploy-spring-boot-aws-eb/)
198 |
199 | > [Docker Compose Spring Boot and MySQL example](https://www.bezkoder.com/docker-compose-spring-boot-mysql/)
200 |
--------------------------------------------------------------------------------
/mvnw:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ----------------------------------------------------------------------------
3 | # Licensed to the Apache Software Foundation (ASF) under one
4 | # or more contributor license agreements. See the NOTICE file
5 | # distributed with this work for additional information
6 | # regarding copyright ownership. The ASF licenses this file
7 | # to you under the Apache License, Version 2.0 (the
8 | # "License"); you may not use this file except in compliance
9 | # with the License. You may obtain a copy of the License at
10 | #
11 | # https://www.apache.org/licenses/LICENSE-2.0
12 | #
13 | # Unless required by applicable law or agreed to in writing,
14 | # software distributed under the License is distributed on an
15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 | # KIND, either express or implied. See the License for the
17 | # specific language governing permissions and limitations
18 | # under the License.
19 | # ----------------------------------------------------------------------------
20 |
21 | # ----------------------------------------------------------------------------
22 | # Maven Start Up Batch script
23 | #
24 | # Required ENV vars:
25 | # ------------------
26 | # JAVA_HOME - location of a JDK home dir
27 | #
28 | # Optional ENV vars
29 | # -----------------
30 | # M2_HOME - location of maven2's installed home dir
31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven
32 | # e.g. to debug Maven itself, use
33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files
35 | # ----------------------------------------------------------------------------
36 |
37 | if [ -z "$MAVEN_SKIP_RC" ] ; then
38 |
39 | if [ -f /etc/mavenrc ] ; then
40 | . /etc/mavenrc
41 | fi
42 |
43 | if [ -f "$HOME/.mavenrc" ] ; then
44 | . "$HOME/.mavenrc"
45 | fi
46 |
47 | fi
48 |
49 | # OS specific support. $var _must_ be set to either true or false.
50 | cygwin=false;
51 | darwin=false;
52 | mingw=false
53 | case "`uname`" in
54 | CYGWIN*) cygwin=true ;;
55 | MINGW*) mingw=true;;
56 | Darwin*) darwin=true
57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
59 | if [ -z "$JAVA_HOME" ]; then
60 | if [ -x "/usr/libexec/java_home" ]; then
61 | export JAVA_HOME="`/usr/libexec/java_home`"
62 | else
63 | export JAVA_HOME="/Library/Java/Home"
64 | fi
65 | fi
66 | ;;
67 | esac
68 |
69 | if [ -z "$JAVA_HOME" ] ; then
70 | if [ -r /etc/gentoo-release ] ; then
71 | JAVA_HOME=`java-config --jre-home`
72 | fi
73 | fi
74 |
75 | if [ -z "$M2_HOME" ] ; then
76 | ## resolve links - $0 may be a link to maven's home
77 | PRG="$0"
78 |
79 | # need this for relative symlinks
80 | while [ -h "$PRG" ] ; do
81 | ls=`ls -ld "$PRG"`
82 | link=`expr "$ls" : '.*-> \(.*\)$'`
83 | if expr "$link" : '/.*' > /dev/null; then
84 | PRG="$link"
85 | else
86 | PRG="`dirname "$PRG"`/$link"
87 | fi
88 | done
89 |
90 | saveddir=`pwd`
91 |
92 | M2_HOME=`dirname "$PRG"`/..
93 |
94 | # make it fully qualified
95 | M2_HOME=`cd "$M2_HOME" && pwd`
96 |
97 | cd "$saveddir"
98 | # echo Using m2 at $M2_HOME
99 | fi
100 |
101 | # For Cygwin, ensure paths are in UNIX format before anything is touched
102 | if $cygwin ; then
103 | [ -n "$M2_HOME" ] &&
104 | M2_HOME=`cygpath --unix "$M2_HOME"`
105 | [ -n "$JAVA_HOME" ] &&
106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
107 | [ -n "$CLASSPATH" ] &&
108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
109 | fi
110 |
111 | # For Mingw, ensure paths are in UNIX format before anything is touched
112 | if $mingw ; then
113 | [ -n "$M2_HOME" ] &&
114 | M2_HOME="`(cd "$M2_HOME"; pwd)`"
115 | [ -n "$JAVA_HOME" ] &&
116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
117 | fi
118 |
119 | if [ -z "$JAVA_HOME" ]; then
120 | javaExecutable="`which javac`"
121 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
122 | # readlink(1) is not available as standard on Solaris 10.
123 | readLink=`which readlink`
124 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
125 | if $darwin ; then
126 | javaHome="`dirname \"$javaExecutable\"`"
127 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
128 | else
129 | javaExecutable="`readlink -f \"$javaExecutable\"`"
130 | fi
131 | javaHome="`dirname \"$javaExecutable\"`"
132 | javaHome=`expr "$javaHome" : '\(.*\)/bin'`
133 | JAVA_HOME="$javaHome"
134 | export JAVA_HOME
135 | fi
136 | fi
137 | fi
138 |
139 | if [ -z "$JAVACMD" ] ; then
140 | if [ -n "$JAVA_HOME" ] ; then
141 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
142 | # IBM's JDK on AIX uses strange locations for the executables
143 | JAVACMD="$JAVA_HOME/jre/sh/java"
144 | else
145 | JAVACMD="$JAVA_HOME/bin/java"
146 | fi
147 | else
148 | JAVACMD="`which java`"
149 | fi
150 | fi
151 |
152 | if [ ! -x "$JAVACMD" ] ; then
153 | echo "Error: JAVA_HOME is not defined correctly." >&2
154 | echo " We cannot execute $JAVACMD" >&2
155 | exit 1
156 | fi
157 |
158 | if [ -z "$JAVA_HOME" ] ; then
159 | echo "Warning: JAVA_HOME environment variable is not set."
160 | fi
161 |
162 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
163 |
164 | # traverses directory structure from process work directory to filesystem root
165 | # first directory with .mvn subdirectory is considered project base directory
166 | find_maven_basedir() {
167 |
168 | if [ -z "$1" ]
169 | then
170 | echo "Path not specified to find_maven_basedir"
171 | return 1
172 | fi
173 |
174 | basedir="$1"
175 | wdir="$1"
176 | while [ "$wdir" != '/' ] ; do
177 | if [ -d "$wdir"/.mvn ] ; then
178 | basedir=$wdir
179 | break
180 | fi
181 | # workaround for JBEAP-8937 (on Solaris 10/Sparc)
182 | if [ -d "${wdir}" ]; then
183 | wdir=`cd "$wdir/.."; pwd`
184 | fi
185 | # end of workaround
186 | done
187 | echo "${basedir}"
188 | }
189 |
190 | # concatenates all lines of a file
191 | concat_lines() {
192 | if [ -f "$1" ]; then
193 | echo "$(tr -s '\n' ' ' < "$1")"
194 | fi
195 | }
196 |
197 | BASE_DIR=`find_maven_basedir "$(pwd)"`
198 | if [ -z "$BASE_DIR" ]; then
199 | exit 1;
200 | fi
201 |
202 | ##########################################################################################
203 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
204 | # This allows using the maven wrapper in projects that prohibit checking in binary data.
205 | ##########################################################################################
206 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
207 | if [ "$MVNW_VERBOSE" = true ]; then
208 | echo "Found .mvn/wrapper/maven-wrapper.jar"
209 | fi
210 | else
211 | if [ "$MVNW_VERBOSE" = true ]; then
212 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
213 | fi
214 | if [ -n "$MVNW_REPOURL" ]; then
215 | jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
216 | else
217 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
218 | fi
219 | while IFS="=" read key value; do
220 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
221 | esac
222 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
223 | if [ "$MVNW_VERBOSE" = true ]; then
224 | echo "Downloading from: $jarUrl"
225 | fi
226 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
227 | if $cygwin; then
228 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
229 | fi
230 |
231 | if command -v wget > /dev/null; then
232 | if [ "$MVNW_VERBOSE" = true ]; then
233 | echo "Found wget ... using wget"
234 | fi
235 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
236 | wget "$jarUrl" -O "$wrapperJarPath"
237 | else
238 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
239 | fi
240 | elif command -v curl > /dev/null; then
241 | if [ "$MVNW_VERBOSE" = true ]; then
242 | echo "Found curl ... using curl"
243 | fi
244 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
245 | curl -o "$wrapperJarPath" "$jarUrl" -f
246 | else
247 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
248 | fi
249 |
250 | else
251 | if [ "$MVNW_VERBOSE" = true ]; then
252 | echo "Falling back to using Java to download"
253 | fi
254 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
255 | # For Cygwin, switch paths to Windows format before running javac
256 | if $cygwin; then
257 | javaClass=`cygpath --path --windows "$javaClass"`
258 | fi
259 | if [ -e "$javaClass" ]; then
260 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
261 | if [ "$MVNW_VERBOSE" = true ]; then
262 | echo " - Compiling MavenWrapperDownloader.java ..."
263 | fi
264 | # Compiling the Java class
265 | ("$JAVA_HOME/bin/javac" "$javaClass")
266 | fi
267 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
268 | # Running the downloader
269 | if [ "$MVNW_VERBOSE" = true ]; then
270 | echo " - Running MavenWrapperDownloader.java ..."
271 | fi
272 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
273 | fi
274 | fi
275 | fi
276 | fi
277 | ##########################################################################################
278 | # End of extension
279 | ##########################################################################################
280 |
281 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
282 | if [ "$MVNW_VERBOSE" = true ]; then
283 | echo $MAVEN_PROJECTBASEDIR
284 | fi
285 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
286 |
287 | # For Cygwin, switch paths to Windows format before running java
288 | if $cygwin; then
289 | [ -n "$M2_HOME" ] &&
290 | M2_HOME=`cygpath --path --windows "$M2_HOME"`
291 | [ -n "$JAVA_HOME" ] &&
292 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
293 | [ -n "$CLASSPATH" ] &&
294 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
295 | [ -n "$MAVEN_PROJECTBASEDIR" ] &&
296 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
297 | fi
298 |
299 | # Provide a "standardized" way to retrieve the CLI args that will
300 | # work with both Windows and non-Windows executions.
301 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
302 | export MAVEN_CMD_LINE_ARGS
303 |
304 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
305 |
306 | exec "$JAVACMD" \
307 | $MAVEN_OPTS \
308 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
309 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
310 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
311 |
--------------------------------------------------------------------------------
/mvnw.cmd:
--------------------------------------------------------------------------------
1 | @REM ----------------------------------------------------------------------------
2 | @REM Licensed to the Apache Software Foundation (ASF) under one
3 | @REM or more contributor license agreements. See the NOTICE file
4 | @REM distributed with this work for additional information
5 | @REM regarding copyright ownership. The ASF licenses this file
6 | @REM to you under the Apache License, Version 2.0 (the
7 | @REM "License"); you may not use this file except in compliance
8 | @REM with the License. You may obtain a copy of the License at
9 | @REM
10 | @REM https://www.apache.org/licenses/LICENSE-2.0
11 | @REM
12 | @REM Unless required by applicable law or agreed to in writing,
13 | @REM software distributed under the License is distributed on an
14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 | @REM KIND, either express or implied. See the License for the
16 | @REM specific language governing permissions and limitations
17 | @REM under the License.
18 | @REM ----------------------------------------------------------------------------
19 |
20 | @REM ----------------------------------------------------------------------------
21 | @REM Maven Start Up Batch script
22 | @REM
23 | @REM Required ENV vars:
24 | @REM JAVA_HOME - location of a JDK home dir
25 | @REM
26 | @REM Optional ENV vars
27 | @REM M2_HOME - location of maven2's installed home dir
28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
31 | @REM e.g. to debug Maven itself, use
32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
34 | @REM ----------------------------------------------------------------------------
35 |
36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
37 | @echo off
38 | @REM set title of command window
39 | title %0
40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
42 |
43 | @REM set %HOME% to equivalent of $HOME
44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
45 |
46 | @REM Execute a user defined script before this one
47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending
49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
51 | :skipRcPre
52 |
53 | @setlocal
54 |
55 | set ERROR_CODE=0
56 |
57 | @REM To isolate internal variables from possible post scripts, we use another setlocal
58 | @setlocal
59 |
60 | @REM ==== START VALIDATION ====
61 | if not "%JAVA_HOME%" == "" goto OkJHome
62 |
63 | echo.
64 | echo Error: JAVA_HOME not found in your environment. >&2
65 | echo Please set the JAVA_HOME variable in your environment to match the >&2
66 | echo location of your Java installation. >&2
67 | echo.
68 | goto error
69 |
70 | :OkJHome
71 | if exist "%JAVA_HOME%\bin\java.exe" goto init
72 |
73 | echo.
74 | echo Error: JAVA_HOME is set to an invalid directory. >&2
75 | echo JAVA_HOME = "%JAVA_HOME%" >&2
76 | echo Please set the JAVA_HOME variable in your environment to match the >&2
77 | echo location of your Java installation. >&2
78 | echo.
79 | goto error
80 |
81 | @REM ==== END VALIDATION ====
82 |
83 | :init
84 |
85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
86 | @REM Fallback to current working directory if not found.
87 |
88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
90 |
91 | set EXEC_DIR=%CD%
92 | set WDIR=%EXEC_DIR%
93 | :findBaseDir
94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound
95 | cd ..
96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound
97 | set WDIR=%CD%
98 | goto findBaseDir
99 |
100 | :baseDirFound
101 | set MAVEN_PROJECTBASEDIR=%WDIR%
102 | cd "%EXEC_DIR%"
103 | goto endDetectBaseDir
104 |
105 | :baseDirNotFound
106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
107 | cd "%EXEC_DIR%"
108 |
109 | :endDetectBaseDir
110 |
111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
112 |
113 | @setlocal EnableExtensions EnableDelayedExpansion
114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
116 |
117 | :endReadAdditionalConfig
118 |
119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
122 |
123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
124 |
125 | FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
127 | )
128 |
129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data.
131 | if exist %WRAPPER_JAR% (
132 | if "%MVNW_VERBOSE%" == "true" (
133 | echo Found %WRAPPER_JAR%
134 | )
135 | ) else (
136 | if not "%MVNW_REPOURL%" == "" (
137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
138 | )
139 | if "%MVNW_VERBOSE%" == "true" (
140 | echo Couldn't find %WRAPPER_JAR%, downloading it ...
141 | echo Downloading from: %DOWNLOAD_URL%
142 | )
143 |
144 | powershell -Command "&{"^
145 | "$webclient = new-object System.Net.WebClient;"^
146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
148 | "}"^
149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
150 | "}"
151 | if "%MVNW_VERBOSE%" == "true" (
152 | echo Finished downloading %WRAPPER_JAR%
153 | )
154 | )
155 | @REM End of extension
156 |
157 | @REM Provide a "standardized" way to retrieve the CLI args that will
158 | @REM work with both Windows and non-Windows executions.
159 | set MAVEN_CMD_LINE_ARGS=%*
160 |
161 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
162 | if ERRORLEVEL 1 goto error
163 | goto end
164 |
165 | :error
166 | set ERROR_CODE=1
167 |
168 | :end
169 | @endlocal & set ERROR_CODE=%ERROR_CODE%
170 |
171 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
172 | @REM check for post script, once with legacy .bat ending and once with .cmd ending
173 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
174 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
175 | :skipRcPost
176 |
177 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
178 | if "%MAVEN_BATCH_PAUSE%" == "on" pause
179 |
180 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
181 |
182 | exit /B %ERROR_CODE%
183 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
4 | 4.0.0
5 |
6 | org.springframework.boot
7 | spring-boot-starter-parent
8 | 2.7.3
9 |
10 |
11 | com.bezkoder
12 | spring-boot-security-jwt
13 | 0.0.1-SNAPSHOT
14 | spring-boot-security-jwt
15 | Spring Boot, Spring Security: JWT Authentication & Authorization with Refresh Token example
16 |
17 |
18 | 1.8
19 |
20 |
21 |
22 |
23 | org.springframework.boot
24 | spring-boot-starter-data-jpa
25 |
26 |
27 |
28 | org.springframework.boot
29 | spring-boot-starter-security
30 |
31 |
32 |
33 | org.springframework.boot
34 | spring-boot-starter-web
35 |
36 |
37 |
38 | org.springframework.boot
39 | spring-boot-starter-validation
40 |
41 |
42 |
43 | mysql
44 | mysql-connector-java
45 | runtime
46 |
47 |
48 |
49 | io.jsonwebtoken
50 | jjwt
51 | 0.9.1
52 |
53 |
54 |
55 | org.springframework.boot
56 | spring-boot-starter-test
57 | test
58 |
59 |
60 |
61 | org.springframework.security
62 | spring-security-test
63 | test
64 |
65 |
66 |
67 |
68 |
69 |
70 | org.springframework.boot
71 | spring-boot-maven-plugin
72 |
73 |
74 |
75 |
76 |
77 |
--------------------------------------------------------------------------------
/spring-boot-jwt-authentication-spring-security-architecture.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bezkoder/spring-boot-refresh-token-jwt/154154b07694799d0718be75536bf2d7845d829e/spring-boot-jwt-authentication-spring-security-architecture.png
--------------------------------------------------------------------------------
/spring-boot-refresh-token-jwt-example-flow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bezkoder/spring-boot-refresh-token-jwt/154154b07694799d0718be75536bf2d7845d829e/spring-boot-refresh-token-jwt-example-flow.png
--------------------------------------------------------------------------------
/spring-boot-spring-security-jwt-authentication-flow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bezkoder/spring-boot-refresh-token-jwt/154154b07694799d0718be75536bf2d7845d829e/spring-boot-spring-security-jwt-authentication-flow.png
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/SpringBootSecurityJwtApplication.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt;
2 |
3 | import org.springframework.boot.SpringApplication;
4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
5 |
6 | @SpringBootApplication
7 | public class SpringBootSecurityJwtApplication {
8 |
9 | public static void main(String[] args) {
10 | SpringApplication.run(SpringBootSecurityJwtApplication.class, args);
11 | }
12 |
13 | }
14 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/advice/ErrorMessage.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.advice;
2 |
3 | import java.util.Date;
4 |
5 | public class ErrorMessage {
6 | private int statusCode;
7 | private Date timestamp;
8 | private String message;
9 | private String description;
10 |
11 | public ErrorMessage(int statusCode, Date timestamp, String message, String description) {
12 | this.statusCode = statusCode;
13 | this.timestamp = timestamp;
14 | this.message = message;
15 | this.description = description;
16 | }
17 |
18 | public int getStatusCode() {
19 | return statusCode;
20 | }
21 |
22 | public Date getTimestamp() {
23 | return timestamp;
24 | }
25 |
26 | public String getMessage() {
27 | return message;
28 | }
29 |
30 | public String getDescription() {
31 | return description;
32 | }
33 | }
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/advice/TokenControllerAdvice.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.advice;
2 |
3 | import java.util.Date;
4 |
5 | import org.springframework.http.HttpStatus;
6 | import org.springframework.web.bind.annotation.ExceptionHandler;
7 | import org.springframework.web.bind.annotation.ResponseStatus;
8 | import org.springframework.web.bind.annotation.RestControllerAdvice;
9 | import org.springframework.web.context.request.WebRequest;
10 |
11 | import com.bezkoder.spring.security.jwt.exception.TokenRefreshException;
12 |
13 | @RestControllerAdvice
14 | public class TokenControllerAdvice {
15 |
16 | @ExceptionHandler(value = TokenRefreshException.class)
17 | @ResponseStatus(HttpStatus.FORBIDDEN)
18 | public ErrorMessage handleTokenRefreshException(TokenRefreshException ex, WebRequest request) {
19 | return new ErrorMessage(
20 | HttpStatus.FORBIDDEN.value(),
21 | new Date(),
22 | ex.getMessage(),
23 | request.getDescription(false));
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/controllers/AuthController.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.controllers;
2 |
3 | import java.util.HashSet;
4 | import java.util.List;
5 | import java.util.Set;
6 | import java.util.stream.Collectors;
7 |
8 | import javax.validation.Valid;
9 |
10 | import org.springframework.beans.factory.annotation.Autowired;
11 | import org.springframework.http.ResponseEntity;
12 | import org.springframework.security.authentication.AuthenticationManager;
13 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
14 | import org.springframework.security.core.Authentication;
15 | import org.springframework.security.core.context.SecurityContextHolder;
16 | import org.springframework.security.crypto.password.PasswordEncoder;
17 | import org.springframework.web.bind.annotation.CrossOrigin;
18 | import org.springframework.web.bind.annotation.PostMapping;
19 | import org.springframework.web.bind.annotation.RequestBody;
20 | import org.springframework.web.bind.annotation.RequestMapping;
21 | import org.springframework.web.bind.annotation.RestController;
22 |
23 | import com.bezkoder.spring.security.jwt.exception.TokenRefreshException;
24 | import com.bezkoder.spring.security.jwt.models.ERole;
25 | import com.bezkoder.spring.security.jwt.models.RefreshToken;
26 | import com.bezkoder.spring.security.jwt.models.Role;
27 | import com.bezkoder.spring.security.jwt.models.User;
28 | import com.bezkoder.spring.security.jwt.payload.request.LoginRequest;
29 | import com.bezkoder.spring.security.jwt.payload.request.SignupRequest;
30 | import com.bezkoder.spring.security.jwt.payload.request.TokenRefreshRequest;
31 | import com.bezkoder.spring.security.jwt.payload.response.JwtResponse;
32 | import com.bezkoder.spring.security.jwt.payload.response.MessageResponse;
33 | import com.bezkoder.spring.security.jwt.payload.response.TokenRefreshResponse;
34 | import com.bezkoder.spring.security.jwt.repository.RoleRepository;
35 | import com.bezkoder.spring.security.jwt.repository.UserRepository;
36 | import com.bezkoder.spring.security.jwt.security.jwt.JwtUtils;
37 | import com.bezkoder.spring.security.jwt.security.services.RefreshTokenService;
38 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsImpl;
39 |
40 | @CrossOrigin(origins = "*", maxAge = 3600)
41 | @RestController
42 | @RequestMapping("/api/auth")
43 | public class AuthController {
44 | @Autowired
45 | AuthenticationManager authenticationManager;
46 |
47 | @Autowired
48 | UserRepository userRepository;
49 |
50 | @Autowired
51 | RoleRepository roleRepository;
52 |
53 | @Autowired
54 | PasswordEncoder encoder;
55 |
56 | @Autowired
57 | JwtUtils jwtUtils;
58 |
59 | @Autowired
60 | RefreshTokenService refreshTokenService;
61 |
62 | @PostMapping("/signin")
63 | public ResponseEntity authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
64 |
65 | Authentication authentication = authenticationManager
66 | .authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));
67 |
68 | SecurityContextHolder.getContext().setAuthentication(authentication);
69 |
70 | UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
71 |
72 | String jwt = jwtUtils.generateJwtToken(userDetails);
73 |
74 | List roles = userDetails.getAuthorities().stream().map(item -> item.getAuthority())
75 | .collect(Collectors.toList());
76 |
77 | RefreshToken refreshToken = refreshTokenService.createRefreshToken(userDetails.getId());
78 |
79 | return ResponseEntity.ok(new JwtResponse(jwt, refreshToken.getToken(), userDetails.getId(),
80 | userDetails.getUsername(), userDetails.getEmail(), roles));
81 | }
82 |
83 | @PostMapping("/signup")
84 | public ResponseEntity registerUser(@Valid @RequestBody SignupRequest signUpRequest) {
85 | if (userRepository.existsByUsername(signUpRequest.getUsername())) {
86 | return ResponseEntity.badRequest().body(new MessageResponse("Error: Username is already taken!"));
87 | }
88 |
89 | if (userRepository.existsByEmail(signUpRequest.getEmail())) {
90 | return ResponseEntity.badRequest().body(new MessageResponse("Error: Email is already in use!"));
91 | }
92 |
93 | // Create new user's account
94 | User user = new User(signUpRequest.getUsername(), signUpRequest.getEmail(),
95 | encoder.encode(signUpRequest.getPassword()));
96 |
97 | Set strRoles = signUpRequest.getRole();
98 | Set roles = new HashSet<>();
99 |
100 | if (strRoles == null) {
101 | Role userRole = roleRepository.findByName(ERole.ROLE_USER)
102 | .orElseThrow(() -> new RuntimeException("Error: Role is not found."));
103 | roles.add(userRole);
104 | } else {
105 | strRoles.forEach(role -> {
106 | switch (role) {
107 | case "admin":
108 | Role adminRole = roleRepository.findByName(ERole.ROLE_ADMIN)
109 | .orElseThrow(() -> new RuntimeException("Error: Role is not found."));
110 | roles.add(adminRole);
111 |
112 | break;
113 | case "mod":
114 | Role modRole = roleRepository.findByName(ERole.ROLE_MODERATOR)
115 | .orElseThrow(() -> new RuntimeException("Error: Role is not found."));
116 | roles.add(modRole);
117 |
118 | break;
119 | default:
120 | Role userRole = roleRepository.findByName(ERole.ROLE_USER)
121 | .orElseThrow(() -> new RuntimeException("Error: Role is not found."));
122 | roles.add(userRole);
123 | }
124 | });
125 | }
126 |
127 | user.setRoles(roles);
128 | userRepository.save(user);
129 |
130 | return ResponseEntity.ok(new MessageResponse("User registered successfully!"));
131 | }
132 |
133 | @PostMapping("/refreshtoken")
134 | public ResponseEntity refreshtoken(@Valid @RequestBody TokenRefreshRequest request) {
135 | String requestRefreshToken = request.getRefreshToken();
136 |
137 | return refreshTokenService.findByToken(requestRefreshToken)
138 | .map(refreshTokenService::verifyExpiration)
139 | .map(RefreshToken::getUser)
140 | .map(user -> {
141 | String token = jwtUtils.generateTokenFromUsername(user.getUsername());
142 | return ResponseEntity.ok(new TokenRefreshResponse(token, requestRefreshToken));
143 | })
144 | .orElseThrow(() -> new TokenRefreshException(requestRefreshToken,
145 | "Refresh token is not in database!"));
146 | }
147 |
148 | @PostMapping("/signout")
149 | public ResponseEntity logoutUser() {
150 | UserDetailsImpl userDetails = (UserDetailsImpl) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
151 | Long userId = userDetails.getId();
152 | refreshTokenService.deleteByUserId(userId);
153 | return ResponseEntity.ok(new MessageResponse("Log out successful!"));
154 | }
155 |
156 | }
157 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/controllers/TestController.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.controllers;
2 |
3 | import org.springframework.security.access.prepost.PreAuthorize;
4 | import org.springframework.web.bind.annotation.CrossOrigin;
5 | import org.springframework.web.bind.annotation.GetMapping;
6 | import org.springframework.web.bind.annotation.RequestMapping;
7 | import org.springframework.web.bind.annotation.RestController;
8 |
9 | @CrossOrigin(origins = "*", maxAge = 3600)
10 | @RestController
11 | @RequestMapping("/api/test")
12 | public class TestController {
13 | @GetMapping("/all")
14 | public String allAccess() {
15 | return "Public Content.";
16 | }
17 |
18 | @GetMapping("/user")
19 | @PreAuthorize("hasRole('USER') or hasRole('MODERATOR') or hasRole('ADMIN')")
20 | public String userAccess() {
21 | return "User Content.";
22 | }
23 |
24 | @GetMapping("/mod")
25 | @PreAuthorize("hasRole('MODERATOR')")
26 | public String moderatorAccess() {
27 | return "Moderator Board.";
28 | }
29 |
30 | @GetMapping("/admin")
31 | @PreAuthorize("hasRole('ADMIN')")
32 | public String adminAccess() {
33 | return "Admin Board.";
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/exception/TokenRefreshException.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.exception;
2 |
3 | import org.springframework.http.HttpStatus;
4 | import org.springframework.web.bind.annotation.ResponseStatus;
5 |
6 | @ResponseStatus(HttpStatus.FORBIDDEN)
7 | public class TokenRefreshException extends RuntimeException {
8 |
9 | private static final long serialVersionUID = 1L;
10 |
11 | public TokenRefreshException(String token, String message) {
12 | super(String.format("Failed for [%s]: %s", token, message));
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/models/ERole.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.models;
2 |
3 | public enum ERole {
4 | ROLE_USER,
5 | ROLE_MODERATOR,
6 | ROLE_ADMIN
7 | }
8 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/models/RefreshToken.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.models;
2 |
3 | import java.time.Instant;
4 |
5 | import javax.persistence.*;
6 |
7 | @Entity(name = "refreshtoken")
8 | public class RefreshToken {
9 | @Id
10 | @GeneratedValue(strategy = GenerationType.AUTO)
11 | private long id;
12 |
13 | @OneToOne
14 | @JoinColumn(name = "user_id", referencedColumnName = "id")
15 | private User user;
16 |
17 | @Column(nullable = false, unique = true)
18 | private String token;
19 |
20 | @Column(nullable = false)
21 | private Instant expiryDate;
22 |
23 | public RefreshToken() {
24 | }
25 |
26 | public long getId() {
27 | return id;
28 | }
29 |
30 | public void setId(long id) {
31 | this.id = id;
32 | }
33 |
34 | public User getUser() {
35 | return user;
36 | }
37 |
38 | public void setUser(User user) {
39 | this.user = user;
40 | }
41 |
42 | public String getToken() {
43 | return token;
44 | }
45 |
46 | public void setToken(String token) {
47 | this.token = token;
48 | }
49 |
50 | public Instant getExpiryDate() {
51 | return expiryDate;
52 | }
53 |
54 | public void setExpiryDate(Instant expiryDate) {
55 | this.expiryDate = expiryDate;
56 | }
57 |
58 | }
59 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/models/Role.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.models;
2 |
3 | import javax.persistence.*;
4 |
5 | @Entity
6 | @Table(name = "roles")
7 | public class Role {
8 | @Id
9 | @GeneratedValue(strategy = GenerationType.IDENTITY)
10 | private Integer id;
11 |
12 | @Enumerated(EnumType.STRING)
13 | @Column(length = 20)
14 | private ERole name;
15 |
16 | public Role() {
17 |
18 | }
19 |
20 | public Role(ERole name) {
21 | this.name = name;
22 | }
23 |
24 | public Integer getId() {
25 | return id;
26 | }
27 |
28 | public void setId(Integer id) {
29 | this.id = id;
30 | }
31 |
32 | public ERole getName() {
33 | return name;
34 | }
35 |
36 | public void setName(ERole name) {
37 | this.name = name;
38 | }
39 | }
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/models/User.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.models;
2 |
3 | import java.util.HashSet;
4 | import java.util.Set;
5 |
6 | import javax.persistence.*;
7 | import javax.validation.constraints.Email;
8 | import javax.validation.constraints.NotBlank;
9 | import javax.validation.constraints.Size;
10 |
11 | @Entity
12 | @Table( name = "users",
13 | uniqueConstraints = {
14 | @UniqueConstraint(columnNames = "username"),
15 | @UniqueConstraint(columnNames = "email")
16 | })
17 | public class User {
18 | @Id
19 | @GeneratedValue(strategy = GenerationType.IDENTITY)
20 | private Long id;
21 |
22 | @NotBlank
23 | @Size(max = 20)
24 | private String username;
25 |
26 | @NotBlank
27 | @Size(max = 50)
28 | @Email
29 | private String email;
30 |
31 | @NotBlank
32 | @Size(max = 120)
33 | private String password;
34 |
35 | @ManyToMany(fetch = FetchType.LAZY)
36 | @JoinTable( name = "user_roles",
37 | joinColumns = @JoinColumn(name = "user_id"),
38 | inverseJoinColumns = @JoinColumn(name = "role_id"))
39 | private Set roles = new HashSet<>();
40 |
41 | public User() {
42 | }
43 |
44 | public User(String username, String email, String password) {
45 | this.username = username;
46 | this.email = email;
47 | this.password = password;
48 | }
49 |
50 | public Long getId() {
51 | return id;
52 | }
53 |
54 | public void setId(Long id) {
55 | this.id = id;
56 | }
57 |
58 | public String getUsername() {
59 | return username;
60 | }
61 |
62 | public void setUsername(String username) {
63 | this.username = username;
64 | }
65 |
66 | public String getEmail() {
67 | return email;
68 | }
69 |
70 | public void setEmail(String email) {
71 | this.email = email;
72 | }
73 |
74 | public String getPassword() {
75 | return password;
76 | }
77 |
78 | public void setPassword(String password) {
79 | this.password = password;
80 | }
81 |
82 | public Set getRoles() {
83 | return roles;
84 | }
85 |
86 | public void setRoles(Set roles) {
87 | this.roles = roles;
88 | }
89 | }
90 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/payload/request/LoginRequest.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.payload.request;
2 |
3 | import javax.validation.constraints.NotBlank;
4 |
5 | public class LoginRequest {
6 | @NotBlank
7 | private String username;
8 |
9 | @NotBlank
10 | private String password;
11 |
12 | public String getUsername() {
13 | return username;
14 | }
15 |
16 | public void setUsername(String username) {
17 | this.username = username;
18 | }
19 |
20 | public String getPassword() {
21 | return password;
22 | }
23 |
24 | public void setPassword(String password) {
25 | this.password = password;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/payload/request/SignupRequest.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.payload.request;
2 |
3 | import java.util.Set;
4 |
5 | import javax.validation.constraints.*;
6 |
7 | public class SignupRequest {
8 | @NotBlank
9 | @Size(min = 3, max = 20)
10 | private String username;
11 |
12 | @NotBlank
13 | @Size(max = 50)
14 | @Email
15 | private String email;
16 |
17 | private Set role;
18 |
19 | @NotBlank
20 | @Size(min = 6, max = 40)
21 | private String password;
22 |
23 | public String getUsername() {
24 | return username;
25 | }
26 |
27 | public void setUsername(String username) {
28 | this.username = username;
29 | }
30 |
31 | public String getEmail() {
32 | return email;
33 | }
34 |
35 | public void setEmail(String email) {
36 | this.email = email;
37 | }
38 |
39 | public String getPassword() {
40 | return password;
41 | }
42 |
43 | public void setPassword(String password) {
44 | this.password = password;
45 | }
46 |
47 | public Set getRole() {
48 | return this.role;
49 | }
50 |
51 | public void setRole(Set role) {
52 | this.role = role;
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/payload/request/TokenRefreshRequest.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.payload.request;
2 |
3 | import javax.validation.constraints.NotBlank;
4 |
5 | public class TokenRefreshRequest {
6 | @NotBlank
7 | private String refreshToken;
8 |
9 | public String getRefreshToken() {
10 | return refreshToken;
11 | }
12 |
13 | public void setRefreshToken(String refreshToken) {
14 | this.refreshToken = refreshToken;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/payload/response/JwtResponse.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.payload.response;
2 |
3 | import java.util.List;
4 |
5 | public class JwtResponse {
6 | private String token;
7 | private String type = "Bearer";
8 | private String refreshToken;
9 | private Long id;
10 | private String username;
11 | private String email;
12 | private List roles;
13 |
14 | public JwtResponse(String accessToken, String refreshToken, Long id, String username, String email, List roles) {
15 | this.token = accessToken;
16 | this.refreshToken = refreshToken;
17 | this.id = id;
18 | this.username = username;
19 | this.email = email;
20 | this.roles = roles;
21 | }
22 |
23 | public String getAccessToken() {
24 | return token;
25 | }
26 |
27 | public void setAccessToken(String accessToken) {
28 | this.token = accessToken;
29 | }
30 |
31 | public String getTokenType() {
32 | return type;
33 | }
34 |
35 | public void setTokenType(String tokenType) {
36 | this.type = tokenType;
37 | }
38 |
39 | public Long getId() {
40 | return id;
41 | }
42 |
43 | public void setId(Long id) {
44 | this.id = id;
45 | }
46 |
47 | public String getEmail() {
48 | return email;
49 | }
50 |
51 | public void setEmail(String email) {
52 | this.email = email;
53 | }
54 |
55 | public String getUsername() {
56 | return username;
57 | }
58 |
59 | public void setUsername(String username) {
60 | this.username = username;
61 | }
62 |
63 | public List getRoles() {
64 | return roles;
65 | }
66 |
67 | public String getRefreshToken() {
68 | return refreshToken;
69 | }
70 |
71 | public void setRefreshToken(String refreshToken) {
72 | this.refreshToken = refreshToken;
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/payload/response/MessageResponse.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.payload.response;
2 |
3 | public class MessageResponse {
4 | private String message;
5 |
6 | public MessageResponse(String message) {
7 | this.message = message;
8 | }
9 |
10 | public String getMessage() {
11 | return message;
12 | }
13 |
14 | public void setMessage(String message) {
15 | this.message = message;
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/payload/response/TokenRefreshResponse.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.payload.response;
2 |
3 | public class TokenRefreshResponse {
4 | private String accessToken;
5 | private String refreshToken;
6 | private String tokenType = "Bearer";
7 |
8 | public TokenRefreshResponse(String accessToken, String refreshToken) {
9 | this.accessToken = accessToken;
10 | this.refreshToken = refreshToken;
11 | }
12 |
13 | public String getAccessToken() {
14 | return accessToken;
15 | }
16 |
17 | public void setAccessToken(String token) {
18 | this.accessToken = token;
19 | }
20 |
21 | public String getRefreshToken() {
22 | return refreshToken;
23 | }
24 |
25 | public void setRefreshToken(String refreshToken) {
26 | this.refreshToken = refreshToken;
27 | }
28 |
29 | public String getTokenType() {
30 | return tokenType;
31 | }
32 |
33 | public void setTokenType(String tokenType) {
34 | this.tokenType = tokenType;
35 | }
36 |
37 | }
38 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/repository/RefreshTokenRepository.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.repository;
2 |
3 | import java.util.Optional;
4 |
5 | import org.springframework.data.jpa.repository.JpaRepository;
6 | import org.springframework.data.jpa.repository.Modifying;
7 | import org.springframework.stereotype.Repository;
8 |
9 | import com.bezkoder.spring.security.jwt.models.RefreshToken;
10 | import com.bezkoder.spring.security.jwt.models.User;
11 |
12 | @Repository
13 | public interface RefreshTokenRepository extends JpaRepository {
14 | Optional findByToken(String token);
15 |
16 | @Modifying
17 | int deleteByUser(User user);
18 | }
19 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/repository/RoleRepository.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.repository;
2 |
3 | import java.util.Optional;
4 |
5 | import org.springframework.data.jpa.repository.JpaRepository;
6 | import org.springframework.stereotype.Repository;
7 |
8 | import com.bezkoder.spring.security.jwt.models.ERole;
9 | import com.bezkoder.spring.security.jwt.models.Role;
10 |
11 | @Repository
12 | public interface RoleRepository extends JpaRepository {
13 | Optional findByName(ERole name);
14 | }
15 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/repository/UserRepository.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.repository;
2 |
3 | import java.util.Optional;
4 |
5 | import org.springframework.data.jpa.repository.JpaRepository;
6 | import org.springframework.stereotype.Repository;
7 |
8 | import com.bezkoder.spring.security.jwt.models.User;
9 |
10 | @Repository
11 | public interface UserRepository extends JpaRepository {
12 | Optional findByUsername(String username);
13 |
14 | Boolean existsByUsername(String username);
15 |
16 | Boolean existsByEmail(String email);
17 | }
18 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/WebSecurityConfig.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.context.annotation.Bean;
5 | import org.springframework.context.annotation.Configuration;
6 | import org.springframework.security.authentication.AuthenticationManager;
7 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
8 | //import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
9 | import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
10 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
11 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
12 | //import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
13 | //import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
14 | import org.springframework.security.config.http.SessionCreationPolicy;
15 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
16 | import org.springframework.security.crypto.password.PasswordEncoder;
17 | import org.springframework.security.web.SecurityFilterChain;
18 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
19 |
20 | import com.bezkoder.spring.security.jwt.security.jwt.AuthEntryPointJwt;
21 | import com.bezkoder.spring.security.jwt.security.jwt.AuthTokenFilter;
22 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsServiceImpl;
23 |
24 | @Configuration
25 | //@EnableWebSecurity
26 | @EnableGlobalMethodSecurity(
27 | // securedEnabled = true,
28 | // jsr250Enabled = true,
29 | prePostEnabled = true)
30 | public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter {
31 | @Autowired
32 | UserDetailsServiceImpl userDetailsService;
33 |
34 | @Autowired
35 | private AuthEntryPointJwt unauthorizedHandler;
36 |
37 | @Bean
38 | public AuthTokenFilter authenticationJwtTokenFilter() {
39 | return new AuthTokenFilter();
40 | }
41 |
42 | // @Override
43 | // public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
44 | // authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
45 | // }
46 |
47 | @Bean
48 | public DaoAuthenticationProvider authenticationProvider() {
49 | DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
50 |
51 | authProvider.setUserDetailsService(userDetailsService);
52 | authProvider.setPasswordEncoder(passwordEncoder());
53 |
54 | return authProvider;
55 | }
56 |
57 | // @Bean
58 | // @Override
59 | // public AuthenticationManager authenticationManagerBean() throws Exception {
60 | // return super.authenticationManagerBean();
61 | // }
62 |
63 | @Bean
64 | public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
65 | return authConfig.getAuthenticationManager();
66 | }
67 |
68 | @Bean
69 | public PasswordEncoder passwordEncoder() {
70 | return new BCryptPasswordEncoder();
71 | }
72 |
73 | // @Override
74 | // protected void configure(HttpSecurity http) throws Exception {
75 | // http.cors().and().csrf().disable()
76 | // .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
77 | // .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
78 | // .authorizeRequests().antMatchers("/api/auth/**").permitAll()
79 | // .antMatchers("/api/test/**").permitAll()
80 | // .anyRequest().authenticated();
81 | //
82 | // http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
83 | // }
84 |
85 | @Bean
86 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
87 | http.cors().and().csrf().disable()
88 | .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
89 | .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
90 | .authorizeRequests().antMatchers("/api/auth/**").permitAll()
91 | .antMatchers("/api/test/**").permitAll()
92 | .anyRequest().authenticated();
93 |
94 | http.authenticationProvider(authenticationProvider());
95 |
96 | http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
97 |
98 | return http.build();
99 | }
100 | }
101 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/jwt/AuthEntryPointJwt.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security.jwt;
2 |
3 | import java.io.IOException;
4 | import java.util.HashMap;
5 | import java.util.Map;
6 |
7 | import javax.servlet.ServletException;
8 | import javax.servlet.http.HttpServletRequest;
9 | import javax.servlet.http.HttpServletResponse;
10 |
11 | import org.slf4j.Logger;
12 | import org.slf4j.LoggerFactory;
13 | import org.springframework.http.MediaType;
14 | import org.springframework.security.core.AuthenticationException;
15 | import org.springframework.security.web.AuthenticationEntryPoint;
16 | import org.springframework.stereotype.Component;
17 |
18 | import com.fasterxml.jackson.databind.ObjectMapper;
19 |
20 | @Component
21 | public class AuthEntryPointJwt implements AuthenticationEntryPoint {
22 |
23 | private static final Logger logger = LoggerFactory.getLogger(AuthEntryPointJwt.class);
24 |
25 | @Override
26 | public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
27 | throws IOException, ServletException {
28 | logger.error("Unauthorized error: {}", authException.getMessage());
29 |
30 | response.setContentType(MediaType.APPLICATION_JSON_VALUE);
31 | response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
32 |
33 | final Map body = new HashMap<>();
34 | body.put("status", HttpServletResponse.SC_UNAUTHORIZED);
35 | body.put("error", "Unauthorized");
36 | body.put("message", authException.getMessage());
37 | body.put("path", request.getServletPath());
38 |
39 | final ObjectMapper mapper = new ObjectMapper();
40 | mapper.writeValue(response.getOutputStream(), body);
41 |
42 | // response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Error: Unauthorized");
43 | }
44 |
45 | }
46 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/jwt/AuthTokenFilter.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security.jwt;
2 |
3 | import java.io.IOException;
4 |
5 | import javax.servlet.FilterChain;
6 | import javax.servlet.ServletException;
7 | import javax.servlet.http.HttpServletRequest;
8 | import javax.servlet.http.HttpServletResponse;
9 |
10 | import org.slf4j.Logger;
11 | import org.slf4j.LoggerFactory;
12 | import org.springframework.beans.factory.annotation.Autowired;
13 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
14 | import org.springframework.security.core.context.SecurityContextHolder;
15 | import org.springframework.security.core.userdetails.UserDetails;
16 | import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
17 | import org.springframework.util.StringUtils;
18 | import org.springframework.web.filter.OncePerRequestFilter;
19 |
20 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsServiceImpl;
21 |
22 | public class AuthTokenFilter extends OncePerRequestFilter {
23 | @Autowired
24 | private JwtUtils jwtUtils;
25 |
26 | @Autowired
27 | private UserDetailsServiceImpl userDetailsService;
28 |
29 | private static final Logger logger = LoggerFactory.getLogger(AuthTokenFilter.class);
30 |
31 | @Override
32 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
33 | throws ServletException, IOException {
34 | try {
35 | String jwt = parseJwt(request);
36 | if (jwt != null && jwtUtils.validateJwtToken(jwt)) {
37 | String username = jwtUtils.getUserNameFromJwtToken(jwt);
38 |
39 | UserDetails userDetails = userDetailsService.loadUserByUsername(username);
40 | UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null,
41 | userDetails.getAuthorities());
42 | authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
43 |
44 | SecurityContextHolder.getContext().setAuthentication(authentication);
45 | }
46 | } catch (Exception e) {
47 | logger.error("Cannot set user authentication: {}", e.getMessage());
48 | }
49 |
50 | filterChain.doFilter(request, response);
51 | }
52 |
53 | private String parseJwt(HttpServletRequest request) {
54 | String headerAuth = request.getHeader("Authorization");
55 |
56 | if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) {
57 | return headerAuth.substring(7, headerAuth.length());
58 | }
59 |
60 | return null;
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/jwt/JwtUtils.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security.jwt;
2 |
3 | import java.util.Date;
4 |
5 | import org.slf4j.Logger;
6 | import org.slf4j.LoggerFactory;
7 | import org.springframework.beans.factory.annotation.Value;
8 | import org.springframework.stereotype.Component;
9 |
10 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsImpl;
11 |
12 | import io.jsonwebtoken.*;
13 |
14 | @Component
15 | public class JwtUtils {
16 | private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
17 |
18 | @Value("${bezkoder.app.jwtSecret}")
19 | private String jwtSecret;
20 |
21 | @Value("${bezkoder.app.jwtExpirationMs}")
22 | private int jwtExpirationMs;
23 |
24 | public String generateJwtToken(UserDetailsImpl userPrincipal) {
25 | return generateTokenFromUsername(userPrincipal.getUsername());
26 | }
27 |
28 | public String generateTokenFromUsername(String username) {
29 | return Jwts.builder().setSubject(username).setIssuedAt(new Date())
30 | .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)).signWith(SignatureAlgorithm.HS512, jwtSecret)
31 | .compact();
32 | }
33 |
34 | public String getUserNameFromJwtToken(String token) {
35 | return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
36 | }
37 |
38 | public boolean validateJwtToken(String authToken) {
39 | try {
40 | Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken);
41 | return true;
42 | } catch (SignatureException e) {
43 | logger.error("Invalid JWT signature: {}", e.getMessage());
44 | } catch (MalformedJwtException e) {
45 | logger.error("Invalid JWT token: {}", e.getMessage());
46 | } catch (ExpiredJwtException e) {
47 | logger.error("JWT token is expired: {}", e.getMessage());
48 | } catch (UnsupportedJwtException e) {
49 | logger.error("JWT token is unsupported: {}", e.getMessage());
50 | } catch (IllegalArgumentException e) {
51 | logger.error("JWT claims string is empty: {}", e.getMessage());
52 | }
53 |
54 | return false;
55 | }
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/services/RefreshTokenService.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security.services;
2 |
3 | import java.time.Instant;
4 | import java.util.Optional;
5 | import java.util.UUID;
6 |
7 | import org.springframework.beans.factory.annotation.Autowired;
8 | import org.springframework.beans.factory.annotation.Value;
9 | import org.springframework.stereotype.Service;
10 | import org.springframework.transaction.annotation.Transactional;
11 |
12 | import com.bezkoder.spring.security.jwt.exception.TokenRefreshException;
13 | import com.bezkoder.spring.security.jwt.models.RefreshToken;
14 | import com.bezkoder.spring.security.jwt.repository.RefreshTokenRepository;
15 | import com.bezkoder.spring.security.jwt.repository.UserRepository;
16 |
17 | @Service
18 | public class RefreshTokenService {
19 | @Value("${bezkoder.app.jwtRefreshExpirationMs}")
20 | private Long refreshTokenDurationMs;
21 |
22 | @Autowired
23 | private RefreshTokenRepository refreshTokenRepository;
24 |
25 | @Autowired
26 | private UserRepository userRepository;
27 |
28 | public Optional findByToken(String token) {
29 | return refreshTokenRepository.findByToken(token);
30 | }
31 |
32 | public RefreshToken createRefreshToken(Long userId) {
33 | RefreshToken refreshToken = new RefreshToken();
34 |
35 | refreshToken.setUser(userRepository.findById(userId).get());
36 | refreshToken.setExpiryDate(Instant.now().plusMillis(refreshTokenDurationMs));
37 | refreshToken.setToken(UUID.randomUUID().toString());
38 |
39 | refreshToken = refreshTokenRepository.save(refreshToken);
40 | return refreshToken;
41 | }
42 |
43 | public RefreshToken verifyExpiration(RefreshToken token) {
44 | if (token.getExpiryDate().compareTo(Instant.now()) < 0) {
45 | refreshTokenRepository.delete(token);
46 | throw new TokenRefreshException(token.getToken(), "Refresh token was expired. Please make a new signin request");
47 | }
48 |
49 | return token;
50 | }
51 |
52 | @Transactional
53 | public int deleteByUserId(Long userId) {
54 | return refreshTokenRepository.deleteByUser(userRepository.findById(userId).get());
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/services/UserDetailsImpl.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security.services;
2 |
3 | import java.util.Collection;
4 | import java.util.List;
5 | import java.util.Objects;
6 | import java.util.stream.Collectors;
7 |
8 | import org.springframework.security.core.GrantedAuthority;
9 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
10 | import org.springframework.security.core.userdetails.UserDetails;
11 |
12 | import com.bezkoder.spring.security.jwt.models.User;
13 | import com.fasterxml.jackson.annotation.JsonIgnore;
14 |
15 | public class UserDetailsImpl implements UserDetails {
16 | private static final long serialVersionUID = 1L;
17 |
18 | private Long id;
19 |
20 | private String username;
21 |
22 | private String email;
23 |
24 | @JsonIgnore
25 | private String password;
26 |
27 | private Collection authorities;
28 |
29 | public UserDetailsImpl(Long id, String username, String email, String password,
30 | Collection authorities) {
31 | this.id = id;
32 | this.username = username;
33 | this.email = email;
34 | this.password = password;
35 | this.authorities = authorities;
36 | }
37 |
38 | public static UserDetailsImpl build(User user) {
39 | List authorities = user.getRoles().stream()
40 | .map(role -> new SimpleGrantedAuthority(role.getName().name()))
41 | .collect(Collectors.toList());
42 |
43 | return new UserDetailsImpl(
44 | user.getId(),
45 | user.getUsername(),
46 | user.getEmail(),
47 | user.getPassword(),
48 | authorities);
49 | }
50 |
51 | @Override
52 | public Collection getAuthorities() {
53 | return authorities;
54 | }
55 |
56 | public Long getId() {
57 | return id;
58 | }
59 |
60 | public String getEmail() {
61 | return email;
62 | }
63 |
64 | @Override
65 | public String getPassword() {
66 | return password;
67 | }
68 |
69 | @Override
70 | public String getUsername() {
71 | return username;
72 | }
73 |
74 | @Override
75 | public boolean isAccountNonExpired() {
76 | return true;
77 | }
78 |
79 | @Override
80 | public boolean isAccountNonLocked() {
81 | return true;
82 | }
83 |
84 | @Override
85 | public boolean isCredentialsNonExpired() {
86 | return true;
87 | }
88 |
89 | @Override
90 | public boolean isEnabled() {
91 | return true;
92 | }
93 |
94 | @Override
95 | public boolean equals(Object o) {
96 | if (this == o)
97 | return true;
98 | if (o == null || getClass() != o.getClass())
99 | return false;
100 | UserDetailsImpl user = (UserDetailsImpl) o;
101 | return Objects.equals(id, user.id);
102 | }
103 | }
104 |
--------------------------------------------------------------------------------
/src/main/java/com/bezkoder/spring/security/jwt/security/services/UserDetailsServiceImpl.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt.security.services;
2 |
3 | import org.springframework.beans.factory.annotation.Autowired;
4 | import org.springframework.security.core.userdetails.UserDetails;
5 | import org.springframework.security.core.userdetails.UserDetailsService;
6 | import org.springframework.security.core.userdetails.UsernameNotFoundException;
7 | import org.springframework.stereotype.Service;
8 | import org.springframework.transaction.annotation.Transactional;
9 |
10 | import com.bezkoder.spring.security.jwt.models.User;
11 | import com.bezkoder.spring.security.jwt.repository.UserRepository;
12 |
13 | @Service
14 | public class UserDetailsServiceImpl implements UserDetailsService {
15 | @Autowired
16 | UserRepository userRepository;
17 |
18 | @Override
19 | @Transactional
20 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
21 | User user = userRepository.findByUsername(username)
22 | .orElseThrow(() -> new UsernameNotFoundException("User Not Found with username: " + username));
23 |
24 | return UserDetailsImpl.build(user);
25 | }
26 |
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/resources/application.properties:
--------------------------------------------------------------------------------
1 | spring.datasource.url= jdbc:mysql://localhost:3306/testdb_spring?useSSL=false
2 | spring.datasource.username= root
3 | spring.datasource.password= 123456
4 |
5 | spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQL5InnoDBDialect
6 | spring.jpa.hibernate.ddl-auto= update
7 |
8 | # App Properties
9 | bezkoder.app.jwtSecret= bezKoderSecretKey
10 | #bezkoder.app.jwtExpirationMs= 3600000
11 | #bezkoder.app.jwtRefreshExpirationMs= 86400000
12 |
13 | ## For test
14 | bezkoder.app.jwtExpirationMs= 60000
15 | bezkoder.app.jwtRefreshExpirationMs= 120000
--------------------------------------------------------------------------------
/src/test/java/com/bezkoder/spring/security/jwt/SpringBootSecurityJwtApplicationTests.java:
--------------------------------------------------------------------------------
1 | package com.bezkoder.spring.security.jwt;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.springframework.boot.test.context.SpringBootTest;
5 |
6 | @SpringBootTest
7 | public class SpringBootSecurityJwtApplicationTests {
8 |
9 | @Test
10 | public void contextLoads() {
11 | }
12 |
13 | }
--------------------------------------------------------------------------------