├── .gitignore ├── .mvn └── wrapper │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── README.md ├── mvnw ├── mvnw.cmd ├── pom.xml ├── spring-security-jwt-auth-spring-boot-flow.png ├── spring-security-refresh-token-jwt-spring-boot-flow.png └── src ├── main ├── java │ └── com │ │ └── bezkoder │ │ └── spring │ │ └── security │ │ └── jwt │ │ ├── SpringSecurityRefreshTokenApplication.java │ │ ├── advice │ │ ├── ErrorMessage.java │ │ └── TokenControllerAdvice.java │ │ ├── controllers │ │ ├── AuthController.java │ │ └── TestController.java │ │ ├── exception │ │ └── TokenRefreshException.java │ │ ├── models │ │ ├── ERole.java │ │ ├── RefreshToken.java │ │ ├── Role.java │ │ └── User.java │ │ ├── payload │ │ ├── request │ │ │ ├── LoginRequest.java │ │ │ └── SignupRequest.java │ │ └── response │ │ │ ├── MessageResponse.java │ │ │ └── UserInfoResponse.java │ │ ├── repository │ │ ├── RefreshTokenRepository.java │ │ ├── RoleRepository.java │ │ └── UserRepository.java │ │ └── security │ │ ├── WebSecurityConfig.java │ │ ├── jwt │ │ ├── AuthEntryPointJwt.java │ │ ├── AuthTokenFilter.java │ │ └── JwtUtils.java │ │ └── services │ │ ├── RefreshTokenService.java │ │ ├── UserDetailsImpl.java │ │ └── UserDetailsServiceImpl.java └── resources │ └── application.properties └── test └── java └── com └── bezkoder └── spring └── security └── jwt └── SpringSecurityRefreshTokenApplicationTests.java /.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bezkoder/spring-security-refresh-token-jwt/03a1a0553b14b7c9079eb4d9b21c296f0d786654/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Spring Security Refresh Token with JWT in Spring Boot example 2 | 3 | Build JWT Refresh Token with Spring Security in the Spring Boot Application. You can know how to expire the JWT Token, then renew the Access Token with Refresh Token in HttpOnly Cookie. 4 | 5 | The instruction can be found at: 6 | [Spring Security Refresh Token with JWT](https://www.bezkoder.com/spring-security-refresh-token/) 7 | 8 | ## User Registration, User Login and Authorization process. 9 | The diagram shows flow of how we implement User Registration, User Login and Authorization process. 10 | 11 | ![spring-security-jwt-auth-spring-boot-flow](spring-security-jwt-auth-spring-boot-flow.png) 12 | 13 | And this is for Refresh Token: 14 | 15 | ![spring-security-refresh-token-jwt-spring-boot-flow](spring-security-refresh-token-jwt-spring-boot-flow.png) 16 | 17 | ## Configure Spring Datasource, JPA, App properties 18 | Open `src/main/resources/application.properties` 19 | 20 | ```properties 21 | spring.datasource.url= jdbc:mysql://localhost:3306/testdb?useSSL=false 22 | spring.datasource.username= root 23 | spring.datasource.password= 123456 24 | 25 | spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQLDialect 26 | spring.jpa.hibernate.ddl-auto= update 27 | 28 | # App Properties 29 | bezkoder.app.jwtSecret= bezKoderSecretKey 30 | bezkoder.app.jwtExpirationMs= 3600000 31 | bezkoder.app.jwtRefreshExpirationMs= 86400000 32 | ``` 33 | 34 | ## Run Spring Boot application 35 | ``` 36 | mvn spring-boot:run 37 | ``` 38 | 39 | ## Run following SQL insert statements 40 | ``` 41 | INSERT INTO roles(name) VALUES('ROLE_USER'); 42 | INSERT INTO roles(name) VALUES('ROLE_MODERATOR'); 43 | INSERT INTO roles(name) VALUES('ROLE_ADMIN'); 44 | ``` 45 | 46 | Related Posts: 47 | > [Spring Boot, Spring Security: JWT Authentication & Authorization example](https://www.bezkoder.com/spring-boot-security-login-jwt/) 48 | 49 | > [For MySQL/PostgreSQL](https://www.bezkoder.com/spring-boot-login-example-mysql/) 50 | 51 | > [For MongoDB](https://www.bezkoder.com/spring-boot-mongodb-login-example/) 52 | 53 | ## More Practice: 54 | > [Spring Boot File upload example with Multipart File](https://bezkoder.com/spring-boot-file-upload/) 55 | 56 | > [Exception handling: @RestControllerAdvice example in Spring Boot](https://bezkoder.com/spring-boot-restcontrolleradvice/) 57 | 58 | > [Spring Boot Repository Unit Test with @DataJpaTest](https://bezkoder.com/spring-boot-unit-test-jpa-repo-datajpatest/) 59 | 60 | > [Spring Boot Rest Controller Unit Test with @WebMvcTest](https://www.bezkoder.com/spring-boot-webmvctest/) 61 | 62 | > [Spring Boot Pagination & Sorting example](https://www.bezkoder.com/spring-boot-pagination-sorting-example/) 63 | 64 | > Validation: [Spring Boot Validate Request Body](https://www.bezkoder.com/spring-boot-validate-request-body/) 65 | 66 | > Documentation: [Spring Boot and Swagger 3 example](https://www.bezkoder.com/spring-boot-swagger-3/) 67 | 68 | > Caching: [Spring Boot Redis Cache example](https://www.bezkoder.com/spring-boot-redis-cache-example/) 69 | 70 | Associations: 71 | > [Spring Boot One To Many example with Spring JPA, Hibernate](https://www.bezkoder.com/jpa-one-to-many/) 72 | 73 | > [Spring Boot Many To Many example with Spring JPA, Hibernate](https://www.bezkoder.com/jpa-many-to-many/) 74 | 75 | > [JPA One To One example with Spring Boot](https://www.bezkoder.com/jpa-one-to-one/) 76 | 77 | Deployment: 78 | > [Deploy Spring Boot App on AWS – Elastic Beanstalk](https://www.bezkoder.com/deploy-spring-boot-aws-eb/) 79 | 80 | > [Docker Compose Spring Boot and MySQL example](https://www.bezkoder.com/docker-compose-spring-boot-mysql/) 81 | 82 | ## Fullstack Authentication 83 | 84 | > [Spring Boot + Vue.js JWT Authentication](https://bezkoder.com/spring-boot-vue-js-authentication-jwt-spring-security/) 85 | 86 | > [Spring Boot + Angular 8 JWT Authentication](https://bezkoder.com/angular-spring-boot-jwt-auth/) 87 | 88 | > [Spring Boot + Angular 10 JWT Authentication](https://bezkoder.com/angular-10-spring-boot-jwt-auth/) 89 | 90 | > [Spring Boot + Angular 11 JWT Authentication](https://bezkoder.com/angular-11-spring-boot-jwt-auth/) 91 | 92 | > [Spring Boot + Angular 12 JWT Authentication](https://www.bezkoder.com/angular-12-spring-boot-jwt-auth/) 93 | 94 | > [Spring Boot + Angular 13 JWT Authentication](https://www.bezkoder.com/angular-13-spring-boot-jwt-auth/) 95 | 96 | > [Spring Boot + Angular 14 JWT Authentication](https://www.bezkoder.com/angular-14-spring-boot-jwt-auth/) 97 | 98 | > [Spring Boot + Angular 15 JWT Authentication](https://www.bezkoder.com/angular-15-spring-boot-jwt-auth/) 99 | 100 | > [Spring Boot + Angular 16 JWT Authentication](https://www.bezkoder.com/angular-16-spring-boot-jwt-auth/) 101 | 102 | > [Spring Boot + Angular 17 JWT Authentication](https://www.bezkoder.com/angular-17-spring-boot-jwt-auth/) 103 | 104 | > [Spring Boot + React JWT Authentication](https://bezkoder.com/spring-boot-react-jwt-auth/) 105 | 106 | ## Fullstack CRUD App 107 | 108 | > [Vue.js + Spring Boot + H2 Embedded database example](https://www.bezkoder.com/spring-boot-vue-js-crud-example/) 109 | 110 | > [Vue.js + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-vue-js-mysql/) 111 | 112 | > [Vue.js + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-vue-js-postgresql/) 113 | 114 | > [Angular 8 + Spring Boot + Embedded database example](https://www.bezkoder.com/angular-spring-boot-crud/) 115 | 116 | > [Angular 8 + Spring Boot + MySQL example](https://bezkoder.com/angular-spring-boot-crud/) 117 | 118 | > [Angular 8 + Spring Boot + PostgreSQL example](https://bezkoder.com/angular-spring-boot-postgresql/) 119 | 120 | > [Angular 10 + Spring Boot + MySQL example](https://bezkoder.com/angular-10-spring-boot-crud/) 121 | 122 | > [Angular 10 + Spring Boot + PostgreSQL example](https://bezkoder.com/angular-10-spring-boot-postgresql/) 123 | 124 | > [Angular 11 + Spring Boot + MySQL example](https://bezkoder.com/angular-11-spring-boot-crud/) 125 | 126 | > [Angular 11 + Spring Boot + PostgreSQL example](https://bezkoder.com/angular-11-spring-boot-postgresql/) 127 | 128 | > [Angular 12 + Spring Boot + Embedded database example](https://www.bezkoder.com/angular-12-spring-boot-crud/) 129 | 130 | > [Angular 12 + Spring Boot + MySQL example](https://www.bezkoder.com/angular-12-spring-boot-mysql/) 131 | 132 | > [Angular 12 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/angular-12-spring-boot-postgresql/) 133 | 134 | > [Angular 13 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-13-crud/) 135 | 136 | > [Angular 13 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-13-mysql/) 137 | 138 | > [Angular 13 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-13-postgresql/) 139 | 140 | > [Angular 14 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-14-crud/) 141 | 142 | > [Angular 14 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-14-mysql/) 143 | 144 | > [Angular 14 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-14-postgresql/) 145 | 146 | > [Angular 15 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-15-crud/) 147 | 148 | > [Angular 15 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-15-mysql/) 149 | 150 | > [Angular 15 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-15-postgresql/) 151 | 152 | > [Angular 15 + Spring Boot + MongoDB example](https://www.bezkoder.com/spring-boot-angular-15-mongodb/) 153 | 154 | > [Angular 16 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-16-crud/) 155 | 156 | > [Angular 16 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-16-mysql/) 157 | 158 | > [Angular 16 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-16-postgresql/) 159 | 160 | > [Angular 16 + Spring Boot + MongoDB example](https://www.bezkoder.com/spring-boot-angular-16-mongodb/) 161 | 162 | > [Angular 17 + Spring Boot + H2 Embedded Database example](https://www.bezkoder.com/spring-boot-angular-17-crud/) 163 | 164 | > [Angular 17 + Spring Boot + MySQL example](https://www.bezkoder.com/spring-boot-angular-17-mysql/) 165 | 166 | > [Angular 17 + Spring Boot + PostgreSQL example](https://www.bezkoder.com/spring-boot-angular-17-postgresql/) 167 | 168 | > [Angular 17 + Spring Boot + MongoDB example](https://www.bezkoder.com/spring-boot-angular-17-mongodb/) 169 | 170 | > [React + Spring Boot + MySQL example](https://bezkoder.com/react-spring-boot-crud/) 171 | 172 | > [React + Spring Boot + PostgreSQL example](https://bezkoder.com/spring-boot-react-postgresql/) 173 | 174 | > [React + Spring Boot + MongoDB example](https://bezkoder.com/react-spring-boot-mongodb/) 175 | 176 | Run both Back-end & Front-end in one place: 177 | > [Integrate Angular with Spring Boot Rest API](https://bezkoder.com/integrate-angular-spring-boot/) 178 | 179 | > [Integrate React.js with Spring Boot Rest API](https://bezkoder.com/integrate-reactjs-spring-boot/) 180 | 181 | > [Integrate Vue.js with Spring Boot Rest API](https://bezkoder.com/integrate-vue-spring-boot/) 182 | 183 | ## More Practice: 184 | > [Spring Boot File upload example with Multipart File](https://bezkoder.com/spring-boot-file-upload/) 185 | 186 | > [Exception handling: @RestControllerAdvice example in Spring Boot](https://bezkoder.com/spring-boot-restcontrolleradvice/) 187 | 188 | > [Spring Boot Repository Unit Test with @DataJpaTest](https://bezkoder.com/spring-boot-unit-test-jpa-repo-datajpatest/) 189 | 190 | > [Spring Boot Pagination & Sorting example](https://www.bezkoder.com/spring-boot-pagination-sorting-example/) 191 | 192 | Associations: 193 | > [JPA/Hibernate One To Many example](https://www.bezkoder.com/jpa-one-to-many/) 194 | 195 | > [JPA/Hibernate Many To Many example](https://www.bezkoder.com/jpa-many-to-many/) 196 | 197 | > [JPA/Hibernate One To One example](https://www.bezkoder.com/jpa-one-to-one/) 198 | 199 | Deployment: 200 | > [Deploy Spring Boot App on AWS – Elastic Beanstalk](https://www.bezkoder.com/deploy-spring-boot-aws-eb/) 201 | 202 | > [Docker Compose Spring Boot and MySQL example](https://www.bezkoder.com/docker-compose-spring-boot-mysql/) 203 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # https://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /usr/local/etc/mavenrc ] ; then 40 | . /usr/local/etc/mavenrc 41 | fi 42 | 43 | if [ -f /etc/mavenrc ] ; then 44 | . /etc/mavenrc 45 | fi 46 | 47 | if [ -f "$HOME/.mavenrc" ] ; then 48 | . "$HOME/.mavenrc" 49 | fi 50 | 51 | fi 52 | 53 | # OS specific support. $var _must_ be set to either true or false. 54 | cygwin=false; 55 | darwin=false; 56 | mingw=false 57 | case "`uname`" in 58 | CYGWIN*) cygwin=true ;; 59 | MINGW*) mingw=true;; 60 | Darwin*) darwin=true 61 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 62 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 63 | if [ -z "$JAVA_HOME" ]; then 64 | if [ -x "/usr/libexec/java_home" ]; then 65 | export JAVA_HOME="`/usr/libexec/java_home`" 66 | else 67 | export JAVA_HOME="/Library/Java/Home" 68 | fi 69 | fi 70 | ;; 71 | esac 72 | 73 | if [ -z "$JAVA_HOME" ] ; then 74 | if [ -r /etc/gentoo-release ] ; then 75 | JAVA_HOME=`java-config --jre-home` 76 | fi 77 | fi 78 | 79 | if [ -z "$M2_HOME" ] ; then 80 | ## resolve links - $0 may be a link to maven's home 81 | PRG="$0" 82 | 83 | # need this for relative symlinks 84 | while [ -h "$PRG" ] ; do 85 | ls=`ls -ld "$PRG"` 86 | link=`expr "$ls" : '.*-> \(.*\)$'` 87 | if expr "$link" : '/.*' > /dev/null; then 88 | PRG="$link" 89 | else 90 | PRG="`dirname "$PRG"`/$link" 91 | fi 92 | done 93 | 94 | saveddir=`pwd` 95 | 96 | M2_HOME=`dirname "$PRG"`/.. 97 | 98 | # make it fully qualified 99 | M2_HOME=`cd "$M2_HOME" && pwd` 100 | 101 | cd "$saveddir" 102 | # echo Using m2 at $M2_HOME 103 | fi 104 | 105 | # For Cygwin, ensure paths are in UNIX format before anything is touched 106 | if $cygwin ; then 107 | [ -n "$M2_HOME" ] && 108 | M2_HOME=`cygpath --unix "$M2_HOME"` 109 | [ -n "$JAVA_HOME" ] && 110 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 111 | [ -n "$CLASSPATH" ] && 112 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 113 | fi 114 | 115 | # For Mingw, ensure paths are in UNIX format before anything is touched 116 | if $mingw ; then 117 | [ -n "$M2_HOME" ] && 118 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 119 | [ -n "$JAVA_HOME" ] && 120 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 121 | fi 122 | 123 | if [ -z "$JAVA_HOME" ]; then 124 | javaExecutable="`which javac`" 125 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 126 | # readlink(1) is not available as standard on Solaris 10. 127 | readLink=`which readlink` 128 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 129 | if $darwin ; then 130 | javaHome="`dirname \"$javaExecutable\"`" 131 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 132 | else 133 | javaExecutable="`readlink -f \"$javaExecutable\"`" 134 | fi 135 | javaHome="`dirname \"$javaExecutable\"`" 136 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 137 | JAVA_HOME="$javaHome" 138 | export JAVA_HOME 139 | fi 140 | fi 141 | fi 142 | 143 | if [ -z "$JAVACMD" ] ; then 144 | if [ -n "$JAVA_HOME" ] ; then 145 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 146 | # IBM's JDK on AIX uses strange locations for the executables 147 | JAVACMD="$JAVA_HOME/jre/sh/java" 148 | else 149 | JAVACMD="$JAVA_HOME/bin/java" 150 | fi 151 | else 152 | JAVACMD="`\\unset -f command; \\command -v java`" 153 | fi 154 | fi 155 | 156 | if [ ! -x "$JAVACMD" ] ; then 157 | echo "Error: JAVA_HOME is not defined correctly." >&2 158 | echo " We cannot execute $JAVACMD" >&2 159 | exit 1 160 | fi 161 | 162 | if [ -z "$JAVA_HOME" ] ; then 163 | echo "Warning: JAVA_HOME environment variable is not set." 164 | fi 165 | 166 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 167 | 168 | # traverses directory structure from process work directory to filesystem root 169 | # first directory with .mvn subdirectory is considered project base directory 170 | find_maven_basedir() { 171 | 172 | if [ -z "$1" ] 173 | then 174 | echo "Path not specified to find_maven_basedir" 175 | return 1 176 | fi 177 | 178 | basedir="$1" 179 | wdir="$1" 180 | while [ "$wdir" != '/' ] ; do 181 | if [ -d "$wdir"/.mvn ] ; then 182 | basedir=$wdir 183 | break 184 | fi 185 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 186 | if [ -d "${wdir}" ]; then 187 | wdir=`cd "$wdir/.."; pwd` 188 | fi 189 | # end of workaround 190 | done 191 | echo "${basedir}" 192 | } 193 | 194 | # concatenates all lines of a file 195 | concat_lines() { 196 | if [ -f "$1" ]; then 197 | echo "$(tr -s '\n' ' ' < "$1")" 198 | fi 199 | } 200 | 201 | BASE_DIR=`find_maven_basedir "$(pwd)"` 202 | if [ -z "$BASE_DIR" ]; then 203 | exit 1; 204 | fi 205 | 206 | ########################################################################################## 207 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 208 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 209 | ########################################################################################## 210 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 211 | if [ "$MVNW_VERBOSE" = true ]; then 212 | echo "Found .mvn/wrapper/maven-wrapper.jar" 213 | fi 214 | else 215 | if [ "$MVNW_VERBOSE" = true ]; then 216 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 217 | fi 218 | if [ -n "$MVNW_REPOURL" ]; then 219 | jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 220 | else 221 | jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 222 | fi 223 | while IFS="=" read key value; do 224 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 225 | esac 226 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 227 | if [ "$MVNW_VERBOSE" = true ]; then 228 | echo "Downloading from: $jarUrl" 229 | fi 230 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 231 | if $cygwin; then 232 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` 233 | fi 234 | 235 | if command -v wget > /dev/null; then 236 | if [ "$MVNW_VERBOSE" = true ]; then 237 | echo "Found wget ... using wget" 238 | fi 239 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 240 | wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" 241 | else 242 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" 243 | fi 244 | elif command -v curl > /dev/null; then 245 | if [ "$MVNW_VERBOSE" = true ]; then 246 | echo "Found curl ... using curl" 247 | fi 248 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 249 | curl -o "$wrapperJarPath" "$jarUrl" -f 250 | else 251 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f 252 | fi 253 | 254 | else 255 | if [ "$MVNW_VERBOSE" = true ]; then 256 | echo "Falling back to using Java to download" 257 | fi 258 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 259 | # For Cygwin, switch paths to Windows format before running javac 260 | if $cygwin; then 261 | javaClass=`cygpath --path --windows "$javaClass"` 262 | fi 263 | if [ -e "$javaClass" ]; then 264 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 265 | if [ "$MVNW_VERBOSE" = true ]; then 266 | echo " - Compiling MavenWrapperDownloader.java ..." 267 | fi 268 | # Compiling the Java class 269 | ("$JAVA_HOME/bin/javac" "$javaClass") 270 | fi 271 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 272 | # Running the downloader 273 | if [ "$MVNW_VERBOSE" = true ]; then 274 | echo " - Running MavenWrapperDownloader.java ..." 275 | fi 276 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 277 | fi 278 | fi 279 | fi 280 | fi 281 | ########################################################################################## 282 | # End of extension 283 | ########################################################################################## 284 | 285 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 286 | if [ "$MVNW_VERBOSE" = true ]; then 287 | echo $MAVEN_PROJECTBASEDIR 288 | fi 289 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 290 | 291 | # For Cygwin, switch paths to Windows format before running java 292 | if $cygwin; then 293 | [ -n "$M2_HOME" ] && 294 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 295 | [ -n "$JAVA_HOME" ] && 296 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 297 | [ -n "$CLASSPATH" ] && 298 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 299 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 300 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 301 | fi 302 | 303 | # Provide a "standardized" way to retrieve the CLI args that will 304 | # work with both Windows and non-Windows executions. 305 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 306 | export MAVEN_CMD_LINE_ARGS 307 | 308 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 309 | 310 | exec "$JAVACMD" \ 311 | $MAVEN_OPTS \ 312 | $MAVEN_DEBUG_OPTS \ 313 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 314 | "-Dmaven.home=${M2_HOME}" \ 315 | "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 316 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 317 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM https://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* 50 | if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 124 | 125 | FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 127 | ) 128 | 129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 131 | if exist %WRAPPER_JAR% ( 132 | if "%MVNW_VERBOSE%" == "true" ( 133 | echo Found %WRAPPER_JAR% 134 | ) 135 | ) else ( 136 | if not "%MVNW_REPOURL%" == "" ( 137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" 138 | ) 139 | if "%MVNW_VERBOSE%" == "true" ( 140 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 141 | echo Downloading from: %DOWNLOAD_URL% 142 | ) 143 | 144 | powershell -Command "&{"^ 145 | "$webclient = new-object System.Net.WebClient;"^ 146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 148 | "}"^ 149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ 150 | "}" 151 | if "%MVNW_VERBOSE%" == "true" ( 152 | echo Finished downloading %WRAPPER_JAR% 153 | ) 154 | ) 155 | @REM End of extension 156 | 157 | @REM Provide a "standardized" way to retrieve the CLI args that will 158 | @REM work with both Windows and non-Windows executions. 159 | set MAVEN_CMD_LINE_ARGS=%* 160 | 161 | %MAVEN_JAVA_EXE% ^ 162 | %JVM_CONFIG_MAVEN_PROPS% ^ 163 | %MAVEN_OPTS% ^ 164 | %MAVEN_DEBUG_OPTS% ^ 165 | -classpath %WRAPPER_JAR% ^ 166 | "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ 167 | %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 168 | if ERRORLEVEL 1 goto error 169 | goto end 170 | 171 | :error 172 | set ERROR_CODE=1 173 | 174 | :end 175 | @endlocal & set ERROR_CODE=%ERROR_CODE% 176 | 177 | if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost 178 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 179 | if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" 180 | if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" 181 | :skipRcPost 182 | 183 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 184 | if "%MAVEN_BATCH_PAUSE%"=="on" pause 185 | 186 | if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% 187 | 188 | cmd /C exit /B %ERROR_CODE% 189 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | org.springframework.boot 8 | spring-boot-starter-parent 9 | 3.1.0 10 | 11 | 12 | com.bezkoder 13 | spring-security-refresh-token 14 | 0.0.1-SNAPSHOT 15 | spring-security-refresh-token 16 | Spring Security Refresh Token with JWT example in Spring Boot 17 | 18 | 17 19 | 20 | 21 | 22 | org.springframework.boot 23 | spring-boot-starter-data-jpa 24 | 25 | 26 | 27 | org.springframework.boot 28 | spring-boot-starter-security 29 | 30 | 31 | 32 | org.springframework.boot 33 | spring-boot-starter-web 34 | 35 | 36 | 37 | org.springframework.boot 38 | spring-boot-starter-validation 39 | 40 | 41 | 42 | io.jsonwebtoken 43 | jjwt-api 44 | 0.11.5 45 | 46 | 47 | 48 | io.jsonwebtoken 49 | jjwt-impl 50 | 0.11.5 51 | runtime 52 | 53 | 54 | 55 | io.jsonwebtoken 56 | jjwt-jackson 57 | 0.11.5 58 | runtime 59 | 60 | 61 | 62 | com.mysql 63 | mysql-connector-j 64 | runtime 65 | 66 | 67 | 68 | org.springframework.boot 69 | spring-boot-starter-test 70 | test 71 | 72 | 73 | 74 | org.springframework.security 75 | spring-security-test 76 | test 77 | 78 | 79 | 80 | 81 | 82 | 83 | org.springframework.boot 84 | spring-boot-maven-plugin 85 | 86 | 87 | 88 | 89 | 90 | -------------------------------------------------------------------------------- /spring-security-jwt-auth-spring-boot-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bezkoder/spring-security-refresh-token-jwt/03a1a0553b14b7c9079eb4d9b21c296f0d786654/spring-security-jwt-auth-spring-boot-flow.png -------------------------------------------------------------------------------- /spring-security-refresh-token-jwt-spring-boot-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bezkoder/spring-security-refresh-token-jwt/03a1a0553b14b7c9079eb4d9b21c296f0d786654/spring-security-refresh-token-jwt-spring-boot-flow.png -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/SpringSecurityRefreshTokenApplication.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class SpringSecurityRefreshTokenApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(SpringSecurityRefreshTokenApplication.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/advice/ErrorMessage.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.advice; 2 | 3 | import java.util.Date; 4 | 5 | public class ErrorMessage { 6 | private int statusCode; 7 | private Date timestamp; 8 | private String message; 9 | private String description; 10 | 11 | public ErrorMessage(int statusCode, Date timestamp, String message, String description) { 12 | this.statusCode = statusCode; 13 | this.timestamp = timestamp; 14 | this.message = message; 15 | this.description = description; 16 | } 17 | 18 | public int getStatusCode() { 19 | return statusCode; 20 | } 21 | 22 | public Date getTimestamp() { 23 | return timestamp; 24 | } 25 | 26 | public String getMessage() { 27 | return message; 28 | } 29 | 30 | public String getDescription() { 31 | return description; 32 | } 33 | } -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/advice/TokenControllerAdvice.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.advice; 2 | 3 | import java.util.Date; 4 | 5 | import org.springframework.http.HttpStatus; 6 | import org.springframework.web.bind.annotation.ExceptionHandler; 7 | import org.springframework.web.bind.annotation.ResponseStatus; 8 | import org.springframework.web.bind.annotation.RestControllerAdvice; 9 | import org.springframework.web.context.request.WebRequest; 10 | 11 | import com.bezkoder.spring.security.jwt.exception.TokenRefreshException; 12 | 13 | @RestControllerAdvice 14 | public class TokenControllerAdvice { 15 | 16 | @ExceptionHandler(value = TokenRefreshException.class) 17 | @ResponseStatus(HttpStatus.FORBIDDEN) 18 | public ErrorMessage handleTokenRefreshException(TokenRefreshException ex, WebRequest request) { 19 | return new ErrorMessage( 20 | HttpStatus.FORBIDDEN.value(), 21 | new Date(), 22 | ex.getMessage(), 23 | request.getDescription(false)); 24 | } 25 | } -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/controllers/AuthController.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.controllers; 2 | 3 | import java.util.HashSet; 4 | import java.util.List; 5 | import java.util.Set; 6 | import java.util.stream.Collectors; 7 | 8 | import jakarta.servlet.http.HttpServletRequest; 9 | import jakarta.validation.Valid; 10 | 11 | import org.springframework.beans.factory.annotation.Autowired; 12 | import org.springframework.http.HttpHeaders; 13 | import org.springframework.http.ResponseCookie; 14 | import org.springframework.http.ResponseEntity; 15 | import org.springframework.security.authentication.AuthenticationManager; 16 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 17 | import org.springframework.security.core.Authentication; 18 | import org.springframework.security.core.context.SecurityContextHolder; 19 | import org.springframework.security.crypto.password.PasswordEncoder; 20 | import org.springframework.web.bind.annotation.CrossOrigin; 21 | import org.springframework.web.bind.annotation.PostMapping; 22 | import org.springframework.web.bind.annotation.RequestBody; 23 | import org.springframework.web.bind.annotation.RequestMapping; 24 | import org.springframework.web.bind.annotation.RestController; 25 | 26 | import com.bezkoder.spring.security.jwt.exception.TokenRefreshException; 27 | import com.bezkoder.spring.security.jwt.models.ERole; 28 | import com.bezkoder.spring.security.jwt.models.RefreshToken; 29 | import com.bezkoder.spring.security.jwt.models.Role; 30 | import com.bezkoder.spring.security.jwt.models.User; 31 | import com.bezkoder.spring.security.jwt.payload.request.LoginRequest; 32 | import com.bezkoder.spring.security.jwt.payload.request.SignupRequest; 33 | import com.bezkoder.spring.security.jwt.payload.response.UserInfoResponse; 34 | import com.bezkoder.spring.security.jwt.payload.response.MessageResponse; 35 | import com.bezkoder.spring.security.jwt.repository.RoleRepository; 36 | import com.bezkoder.spring.security.jwt.repository.UserRepository; 37 | import com.bezkoder.spring.security.jwt.security.jwt.JwtUtils; 38 | import com.bezkoder.spring.security.jwt.security.services.RefreshTokenService; 39 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsImpl; 40 | 41 | //for Angular Client (withCredentials) 42 | //@CrossOrigin(origins = "http://localhost:8081", maxAge = 3600, allowCredentials="true") 43 | @CrossOrigin(origins = "*", maxAge = 3600) 44 | @RestController 45 | @RequestMapping("/api/auth") 46 | public class AuthController { 47 | @Autowired 48 | AuthenticationManager authenticationManager; 49 | 50 | @Autowired 51 | UserRepository userRepository; 52 | 53 | @Autowired 54 | RoleRepository roleRepository; 55 | 56 | @Autowired 57 | PasswordEncoder encoder; 58 | 59 | @Autowired 60 | JwtUtils jwtUtils; 61 | 62 | @Autowired 63 | RefreshTokenService refreshTokenService; 64 | 65 | @PostMapping("/signin") 66 | public ResponseEntity authenticateUser(@Valid @RequestBody LoginRequest loginRequest) { 67 | 68 | Authentication authentication = authenticationManager 69 | .authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword())); 70 | 71 | SecurityContextHolder.getContext().setAuthentication(authentication); 72 | 73 | UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal(); 74 | 75 | ResponseCookie jwtCookie = jwtUtils.generateJwtCookie(userDetails); 76 | 77 | List roles = userDetails.getAuthorities().stream() 78 | .map(item -> item.getAuthority()) 79 | .collect(Collectors.toList()); 80 | 81 | RefreshToken refreshToken = refreshTokenService.createRefreshToken(userDetails.getId()); 82 | 83 | ResponseCookie jwtRefreshCookie = jwtUtils.generateRefreshJwtCookie(refreshToken.getToken()); 84 | 85 | return ResponseEntity.ok() 86 | .header(HttpHeaders.SET_COOKIE, jwtCookie.toString()) 87 | .header(HttpHeaders.SET_COOKIE, jwtRefreshCookie.toString()) 88 | .body(new UserInfoResponse(userDetails.getId(), 89 | userDetails.getUsername(), 90 | userDetails.getEmail(), 91 | roles)); 92 | } 93 | 94 | @PostMapping("/signup") 95 | public ResponseEntity registerUser(@Valid @RequestBody SignupRequest signUpRequest) { 96 | if (userRepository.existsByUsername(signUpRequest.getUsername())) { 97 | return ResponseEntity.badRequest().body(new MessageResponse("Error: Username is already taken!")); 98 | } 99 | 100 | if (userRepository.existsByEmail(signUpRequest.getEmail())) { 101 | return ResponseEntity.badRequest().body(new MessageResponse("Error: Email is already in use!")); 102 | } 103 | 104 | // Create new user's account 105 | User user = new User(signUpRequest.getUsername(), 106 | signUpRequest.getEmail(), 107 | encoder.encode(signUpRequest.getPassword())); 108 | 109 | Set strRoles = signUpRequest.getRole(); 110 | Set roles = new HashSet<>(); 111 | 112 | if (strRoles == null) { 113 | Role userRole = roleRepository.findByName(ERole.ROLE_USER) 114 | .orElseThrow(() -> new RuntimeException("Error: Role is not found.")); 115 | roles.add(userRole); 116 | } else { 117 | strRoles.forEach(role -> { 118 | switch (role) { 119 | case "admin": 120 | Role adminRole = roleRepository.findByName(ERole.ROLE_ADMIN) 121 | .orElseThrow(() -> new RuntimeException("Error: Role is not found.")); 122 | roles.add(adminRole); 123 | 124 | break; 125 | case "mod": 126 | Role modRole = roleRepository.findByName(ERole.ROLE_MODERATOR) 127 | .orElseThrow(() -> new RuntimeException("Error: Role is not found.")); 128 | roles.add(modRole); 129 | 130 | break; 131 | default: 132 | Role userRole = roleRepository.findByName(ERole.ROLE_USER) 133 | .orElseThrow(() -> new RuntimeException("Error: Role is not found.")); 134 | roles.add(userRole); 135 | } 136 | }); 137 | } 138 | 139 | user.setRoles(roles); 140 | userRepository.save(user); 141 | 142 | return ResponseEntity.ok(new MessageResponse("User registered successfully!")); 143 | } 144 | 145 | @PostMapping("/signout") 146 | public ResponseEntity logoutUser() { 147 | Object principle = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 148 | if (principle.toString() != "anonymousUser") { 149 | Long userId = ((UserDetailsImpl) principle).getId(); 150 | refreshTokenService.deleteByUserId(userId); 151 | } 152 | 153 | ResponseCookie jwtCookie = jwtUtils.getCleanJwtCookie(); 154 | ResponseCookie jwtRefreshCookie = jwtUtils.getCleanJwtRefreshCookie(); 155 | 156 | return ResponseEntity.ok() 157 | .header(HttpHeaders.SET_COOKIE, jwtCookie.toString()) 158 | .header(HttpHeaders.SET_COOKIE, jwtRefreshCookie.toString()) 159 | .body(new MessageResponse("You've been signed out!")); 160 | } 161 | 162 | @PostMapping("/refreshtoken") 163 | public ResponseEntity refreshtoken(HttpServletRequest request) { 164 | String refreshToken = jwtUtils.getJwtRefreshFromCookies(request); 165 | 166 | if ((refreshToken != null) && (refreshToken.length() > 0)) { 167 | return refreshTokenService.findByToken(refreshToken) 168 | .map(refreshTokenService::verifyExpiration) 169 | .map(RefreshToken::getUser) 170 | .map(user -> { 171 | ResponseCookie jwtCookie = jwtUtils.generateJwtCookie(user); 172 | 173 | return ResponseEntity.ok() 174 | .header(HttpHeaders.SET_COOKIE, jwtCookie.toString()) 175 | .body(new MessageResponse("Token is refreshed successfully!")); 176 | }) 177 | .orElseThrow(() -> new TokenRefreshException(refreshToken, 178 | "Refresh token is not in database!")); 179 | } 180 | 181 | return ResponseEntity.badRequest().body(new MessageResponse("Refresh Token is empty!")); 182 | } 183 | } 184 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/controllers/TestController.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.controllers; 2 | 3 | import org.springframework.security.access.prepost.PreAuthorize; 4 | import org.springframework.web.bind.annotation.CrossOrigin; 5 | import org.springframework.web.bind.annotation.GetMapping; 6 | import org.springframework.web.bind.annotation.RequestMapping; 7 | import org.springframework.web.bind.annotation.RestController; 8 | 9 | //for Angular Client (withCredentials) 10 | //@CrossOrigin(origins = "http://localhost:8081", maxAge = 3600, allowCredentials="true") 11 | @CrossOrigin(origins = "*", maxAge = 3600) 12 | @RestController 13 | @RequestMapping("/api/test") 14 | public class TestController { 15 | @GetMapping("/all") 16 | public String allAccess() { 17 | return "Public Content."; 18 | } 19 | 20 | @GetMapping("/user") 21 | @PreAuthorize("hasRole('USER') or hasRole('MODERATOR') or hasRole('ADMIN')") 22 | public String userAccess() { 23 | return "User Content."; 24 | } 25 | 26 | @GetMapping("/mod") 27 | @PreAuthorize("hasRole('MODERATOR')") 28 | public String moderatorAccess() { 29 | return "Moderator Board."; 30 | } 31 | 32 | @GetMapping("/admin") 33 | @PreAuthorize("hasRole('ADMIN')") 34 | public String adminAccess() { 35 | return "Admin Board."; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/exception/TokenRefreshException.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.exception; 2 | 3 | import org.springframework.http.HttpStatus; 4 | import org.springframework.web.bind.annotation.ResponseStatus; 5 | 6 | @ResponseStatus(HttpStatus.FORBIDDEN) 7 | public class TokenRefreshException extends RuntimeException { 8 | 9 | private static final long serialVersionUID = 1L; 10 | 11 | public TokenRefreshException(String token, String message) { 12 | super(String.format("Failed for [%s]: %s", token, message)); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/models/ERole.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.models; 2 | 3 | public enum ERole { 4 | ROLE_USER, 5 | ROLE_MODERATOR, 6 | ROLE_ADMIN 7 | } 8 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/models/RefreshToken.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.models; 2 | 3 | import java.time.Instant; 4 | 5 | import jakarta.persistence.*; 6 | 7 | @Entity(name = "refreshtoken") 8 | public class RefreshToken { 9 | @Id 10 | @GeneratedValue(strategy = GenerationType.AUTO) 11 | private long id; 12 | 13 | @OneToOne 14 | @JoinColumn(name = "user_id", referencedColumnName = "id") 15 | private User user; 16 | 17 | @Column(nullable = false, unique = true) 18 | private String token; 19 | 20 | @Column(nullable = false) 21 | private Instant expiryDate; 22 | 23 | public RefreshToken() { 24 | } 25 | 26 | public long getId() { 27 | return id; 28 | } 29 | 30 | public void setId(long id) { 31 | this.id = id; 32 | } 33 | 34 | public User getUser() { 35 | return user; 36 | } 37 | 38 | public void setUser(User user) { 39 | this.user = user; 40 | } 41 | 42 | public String getToken() { 43 | return token; 44 | } 45 | 46 | public void setToken(String token) { 47 | this.token = token; 48 | } 49 | 50 | public Instant getExpiryDate() { 51 | return expiryDate; 52 | } 53 | 54 | public void setExpiryDate(Instant expiryDate) { 55 | this.expiryDate = expiryDate; 56 | } 57 | 58 | } 59 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/models/Role.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.models; 2 | 3 | import jakarta.persistence.*; 4 | 5 | @Entity 6 | @Table(name = "roles") 7 | public class Role { 8 | @Id 9 | @GeneratedValue(strategy = GenerationType.IDENTITY) 10 | private Integer id; 11 | 12 | @Enumerated(EnumType.STRING) 13 | @Column(length = 20) 14 | private ERole name; 15 | 16 | public Role() { 17 | 18 | } 19 | 20 | public Role(ERole name) { 21 | this.name = name; 22 | } 23 | 24 | public Integer getId() { 25 | return id; 26 | } 27 | 28 | public void setId(Integer id) { 29 | this.id = id; 30 | } 31 | 32 | public ERole getName() { 33 | return name; 34 | } 35 | 36 | public void setName(ERole name) { 37 | this.name = name; 38 | } 39 | } -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/models/User.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.models; 2 | 3 | import java.util.HashSet; 4 | import java.util.Set; 5 | 6 | import jakarta.persistence.*; 7 | import jakarta.validation.constraints.Email; 8 | import jakarta.validation.constraints.NotBlank; 9 | import jakarta.validation.constraints.Size; 10 | 11 | @Entity 12 | @Table(name = "users", 13 | uniqueConstraints = { 14 | @UniqueConstraint(columnNames = "username"), 15 | @UniqueConstraint(columnNames = "email") 16 | }) 17 | public class User { 18 | @Id 19 | @GeneratedValue(strategy = GenerationType.IDENTITY) 20 | private Long id; 21 | 22 | @NotBlank 23 | @Size(max = 20) 24 | private String username; 25 | 26 | @NotBlank 27 | @Size(max = 50) 28 | @Email 29 | private String email; 30 | 31 | @NotBlank 32 | @Size(max = 120) 33 | private String password; 34 | 35 | @ManyToMany(fetch = FetchType.LAZY) 36 | @JoinTable(name = "user_roles", 37 | joinColumns = @JoinColumn(name = "user_id"), 38 | inverseJoinColumns = @JoinColumn(name = "role_id")) 39 | private Set roles = new HashSet<>(); 40 | 41 | public User() { 42 | } 43 | 44 | public User(String username, String email, String password) { 45 | this.username = username; 46 | this.email = email; 47 | this.password = password; 48 | } 49 | 50 | public Long getId() { 51 | return id; 52 | } 53 | 54 | public void setId(Long id) { 55 | this.id = id; 56 | } 57 | 58 | public String getUsername() { 59 | return username; 60 | } 61 | 62 | public void setUsername(String username) { 63 | this.username = username; 64 | } 65 | 66 | public String getEmail() { 67 | return email; 68 | } 69 | 70 | public void setEmail(String email) { 71 | this.email = email; 72 | } 73 | 74 | public String getPassword() { 75 | return password; 76 | } 77 | 78 | public void setPassword(String password) { 79 | this.password = password; 80 | } 81 | 82 | public Set getRoles() { 83 | return roles; 84 | } 85 | 86 | public void setRoles(Set roles) { 87 | this.roles = roles; 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/payload/request/LoginRequest.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.payload.request; 2 | 3 | import jakarta.validation.constraints.NotBlank; 4 | 5 | public class LoginRequest { 6 | @NotBlank 7 | private String username; 8 | 9 | @NotBlank 10 | private String password; 11 | 12 | public String getUsername() { 13 | return username; 14 | } 15 | 16 | public void setUsername(String username) { 17 | this.username = username; 18 | } 19 | 20 | public String getPassword() { 21 | return password; 22 | } 23 | 24 | public void setPassword(String password) { 25 | this.password = password; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/payload/request/SignupRequest.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.payload.request; 2 | 3 | import java.util.Set; 4 | 5 | import jakarta.validation.constraints.*; 6 | 7 | public class SignupRequest { 8 | @NotBlank 9 | @Size(min = 3, max = 20) 10 | private String username; 11 | 12 | @NotBlank 13 | @Size(max = 50) 14 | @Email 15 | private String email; 16 | 17 | private Set role; 18 | 19 | @NotBlank 20 | @Size(min = 6, max = 40) 21 | private String password; 22 | 23 | public String getUsername() { 24 | return username; 25 | } 26 | 27 | public void setUsername(String username) { 28 | this.username = username; 29 | } 30 | 31 | public String getEmail() { 32 | return email; 33 | } 34 | 35 | public void setEmail(String email) { 36 | this.email = email; 37 | } 38 | 39 | public String getPassword() { 40 | return password; 41 | } 42 | 43 | public void setPassword(String password) { 44 | this.password = password; 45 | } 46 | 47 | public Set getRole() { 48 | return this.role; 49 | } 50 | 51 | public void setRole(Set role) { 52 | this.role = role; 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/payload/response/MessageResponse.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.payload.response; 2 | 3 | public class MessageResponse { 4 | private String message; 5 | 6 | public MessageResponse(String message) { 7 | this.message = message; 8 | } 9 | 10 | public String getMessage() { 11 | return message; 12 | } 13 | 14 | public void setMessage(String message) { 15 | this.message = message; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/payload/response/UserInfoResponse.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.payload.response; 2 | 3 | import java.util.List; 4 | 5 | public class UserInfoResponse { 6 | private Long id; 7 | private String username; 8 | private String email; 9 | private List roles; 10 | 11 | public UserInfoResponse(Long id, String username, String email, List roles) { 12 | this.id = id; 13 | this.username = username; 14 | this.email = email; 15 | this.roles = roles; 16 | } 17 | 18 | public Long getId() { 19 | return id; 20 | } 21 | 22 | public void setId(Long id) { 23 | this.id = id; 24 | } 25 | 26 | public String getEmail() { 27 | return email; 28 | } 29 | 30 | public void setEmail(String email) { 31 | this.email = email; 32 | } 33 | 34 | public String getUsername() { 35 | return username; 36 | } 37 | 38 | public void setUsername(String username) { 39 | this.username = username; 40 | } 41 | 42 | public List getRoles() { 43 | return roles; 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/repository/RefreshTokenRepository.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.repository; 2 | import java.util.Optional; 3 | 4 | import org.springframework.data.jpa.repository.JpaRepository; 5 | import org.springframework.data.jpa.repository.Modifying; 6 | import org.springframework.stereotype.Repository; 7 | 8 | import com.bezkoder.spring.security.jwt.models.RefreshToken; 9 | import com.bezkoder.spring.security.jwt.models.User; 10 | 11 | @Repository 12 | public interface RefreshTokenRepository extends JpaRepository { 13 | Optional findByToken(String token); 14 | 15 | @Modifying 16 | int deleteByUser(User user); 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/repository/RoleRepository.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.repository; 2 | 3 | import java.util.Optional; 4 | 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import org.springframework.stereotype.Repository; 7 | 8 | import com.bezkoder.spring.security.jwt.models.ERole; 9 | import com.bezkoder.spring.security.jwt.models.Role; 10 | 11 | @Repository 12 | public interface RoleRepository extends JpaRepository { 13 | Optional findByName(ERole name); 14 | } 15 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/repository/UserRepository.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.repository; 2 | 3 | import java.util.Optional; 4 | 5 | import org.springframework.data.jpa.repository.JpaRepository; 6 | import org.springframework.stereotype.Repository; 7 | 8 | import com.bezkoder.spring.security.jwt.models.User; 9 | 10 | @Repository 11 | public interface UserRepository extends JpaRepository { 12 | Optional findByUsername(String username); 13 | 14 | Boolean existsByUsername(String username); 15 | 16 | Boolean existsByEmail(String email); 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/WebSecurityConfig.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.context.annotation.Bean; 5 | import org.springframework.context.annotation.Configuration; 6 | import org.springframework.security.authentication.AuthenticationManager; 7 | import org.springframework.security.authentication.dao.DaoAuthenticationProvider; 8 | //import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 9 | import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration; 10 | import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; 11 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 12 | //import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 13 | //import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 14 | import org.springframework.security.config.http.SessionCreationPolicy; 15 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 16 | import org.springframework.security.crypto.password.PasswordEncoder; 17 | import org.springframework.security.web.SecurityFilterChain; 18 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 19 | 20 | import com.bezkoder.spring.security.jwt.security.jwt.AuthEntryPointJwt; 21 | import com.bezkoder.spring.security.jwt.security.jwt.AuthTokenFilter; 22 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsServiceImpl; 23 | 24 | @Configuration 25 | //@EnableWebSecurity 26 | @EnableMethodSecurity 27 | //(securedEnabled = true, 28 | //jsr250Enabled = true, 29 | //prePostEnabled = true) // by default 30 | public class WebSecurityConfig { // extends WebSecurityConfigurerAdapter { 31 | @Autowired 32 | UserDetailsServiceImpl userDetailsService; 33 | 34 | @Autowired 35 | private AuthEntryPointJwt unauthorizedHandler; 36 | 37 | @Bean 38 | public AuthTokenFilter authenticationJwtTokenFilter() { 39 | return new AuthTokenFilter(); 40 | } 41 | 42 | // @Override 43 | // public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 44 | // authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); 45 | // } 46 | 47 | @Bean 48 | public DaoAuthenticationProvider authenticationProvider() { 49 | DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider(); 50 | 51 | authProvider.setUserDetailsService(userDetailsService); 52 | authProvider.setPasswordEncoder(passwordEncoder()); 53 | 54 | return authProvider; 55 | } 56 | 57 | // @Bean 58 | // @Override 59 | // public AuthenticationManager authenticationManagerBean() throws Exception { 60 | // return super.authenticationManagerBean(); 61 | // } 62 | 63 | @Bean 64 | public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception { 65 | return authConfig.getAuthenticationManager(); 66 | } 67 | 68 | @Bean 69 | public PasswordEncoder passwordEncoder() { 70 | return new BCryptPasswordEncoder(); 71 | } 72 | 73 | // @Override 74 | // protected void configure(HttpSecurity http) throws Exception { 75 | // http.cors().and().csrf().disable() 76 | // .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() 77 | // .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() 78 | // .authorizeRequests().antMatchers("/api/auth/**").permitAll() 79 | // .antMatchers("/api/test/**").permitAll() 80 | // .anyRequest().authenticated(); 81 | // 82 | // http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class); 83 | // } 84 | 85 | @Bean 86 | public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { 87 | http.csrf(csrf -> csrf.disable()) 88 | .exceptionHandling(exception -> exception.authenticationEntryPoint(unauthorizedHandler)) 89 | .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) 90 | .authorizeHttpRequests(auth -> 91 | auth.requestMatchers("/api/auth/**").permitAll() 92 | .requestMatchers("/api/test/**").permitAll() 93 | .anyRequest().authenticated() 94 | ); 95 | 96 | http.authenticationProvider(authenticationProvider()); 97 | 98 | http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class); 99 | 100 | return http.build(); 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/jwt/AuthEntryPointJwt.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security.jwt; 2 | 3 | import java.io.IOException; 4 | import java.util.HashMap; 5 | import java.util.Map; 6 | 7 | import jakarta.servlet.ServletException; 8 | import jakarta.servlet.http.HttpServletRequest; 9 | import jakarta.servlet.http.HttpServletResponse; 10 | 11 | import org.slf4j.Logger; 12 | import org.slf4j.LoggerFactory; 13 | import org.springframework.http.MediaType; 14 | import org.springframework.security.core.AuthenticationException; 15 | import org.springframework.security.web.AuthenticationEntryPoint; 16 | import org.springframework.stereotype.Component; 17 | 18 | import com.fasterxml.jackson.databind.ObjectMapper; 19 | 20 | @Component 21 | public class AuthEntryPointJwt implements AuthenticationEntryPoint { 22 | 23 | private static final Logger logger = LoggerFactory.getLogger(AuthEntryPointJwt.class); 24 | 25 | @Override 26 | public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) 27 | throws IOException, ServletException { 28 | logger.error("Unauthorized error: {}", authException.getMessage()); 29 | 30 | response.setContentType(MediaType.APPLICATION_JSON_VALUE); 31 | response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); 32 | 33 | final Map body = new HashMap<>(); 34 | body.put("status", HttpServletResponse.SC_UNAUTHORIZED); 35 | body.put("error", "Unauthorized"); 36 | body.put("message", authException.getMessage()); 37 | body.put("path", request.getServletPath()); 38 | 39 | final ObjectMapper mapper = new ObjectMapper(); 40 | mapper.writeValue(response.getOutputStream(), body); 41 | } 42 | 43 | } 44 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/jwt/AuthTokenFilter.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security.jwt; 2 | 3 | import java.io.IOException; 4 | 5 | import jakarta.servlet.FilterChain; 6 | import jakarta.servlet.ServletException; 7 | import jakarta.servlet.http.HttpServletRequest; 8 | import jakarta.servlet.http.HttpServletResponse; 9 | 10 | import org.slf4j.Logger; 11 | import org.slf4j.LoggerFactory; 12 | import org.springframework.beans.factory.annotation.Autowired; 13 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 14 | import org.springframework.security.core.context.SecurityContextHolder; 15 | import org.springframework.security.core.userdetails.UserDetails; 16 | import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; 17 | import org.springframework.web.filter.OncePerRequestFilter; 18 | 19 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsServiceImpl; 20 | 21 | public class AuthTokenFilter extends OncePerRequestFilter { 22 | @Autowired 23 | private JwtUtils jwtUtils; 24 | 25 | @Autowired 26 | private UserDetailsServiceImpl userDetailsService; 27 | 28 | private static final Logger logger = LoggerFactory.getLogger(AuthTokenFilter.class); 29 | 30 | @Override 31 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) 32 | throws ServletException, IOException { 33 | try { 34 | String jwt = parseJwt(request); 35 | if (jwt != null && jwtUtils.validateJwtToken(jwt)) { 36 | String username = jwtUtils.getUserNameFromJwtToken(jwt); 37 | 38 | UserDetails userDetails = userDetailsService.loadUserByUsername(username); 39 | 40 | UsernamePasswordAuthenticationToken authentication = 41 | new UsernamePasswordAuthenticationToken(userDetails, 42 | null, 43 | userDetails.getAuthorities()); 44 | 45 | authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); 46 | 47 | SecurityContextHolder.getContext().setAuthentication(authentication); 48 | } 49 | } catch (Exception e) { 50 | logger.error("Cannot set user authentication: {}", e); 51 | } 52 | 53 | filterChain.doFilter(request, response); 54 | } 55 | 56 | private String parseJwt(HttpServletRequest request) { 57 | String jwt = jwtUtils.getJwtFromCookies(request); 58 | return jwt; 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/jwt/JwtUtils.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security.jwt; 2 | 3 | import java.security.Key; 4 | import java.util.Date; 5 | 6 | import jakarta.servlet.http.Cookie; 7 | import jakarta.servlet.http.HttpServletRequest; 8 | 9 | import org.slf4j.Logger; 10 | import org.slf4j.LoggerFactory; 11 | import org.springframework.beans.factory.annotation.Value; 12 | import org.springframework.http.ResponseCookie; 13 | import org.springframework.stereotype.Component; 14 | import org.springframework.web.util.WebUtils; 15 | 16 | import com.bezkoder.spring.security.jwt.models.User; 17 | import com.bezkoder.spring.security.jwt.security.services.UserDetailsImpl; 18 | 19 | import io.jsonwebtoken.*; 20 | import io.jsonwebtoken.io.Decoders; 21 | import io.jsonwebtoken.security.Keys; 22 | 23 | @Component 24 | public class JwtUtils { 25 | private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class); 26 | 27 | @Value("${bezkoder.app.jwtSecret}") 28 | private String jwtSecret; 29 | 30 | @Value("${bezkoder.app.jwtExpirationMs}") 31 | private int jwtExpirationMs; 32 | 33 | @Value("${bezkoder.app.jwtCookieName}") 34 | private String jwtCookie; 35 | 36 | @Value("${bezkoder.app.jwtRefreshCookieName}") 37 | private String jwtRefreshCookie; 38 | 39 | public ResponseCookie generateJwtCookie(UserDetailsImpl userPrincipal) { 40 | String jwt = generateTokenFromUsername(userPrincipal.getUsername()); 41 | return generateCookie(jwtCookie, jwt, "/api"); 42 | } 43 | 44 | public ResponseCookie generateJwtCookie(User user) { 45 | String jwt = generateTokenFromUsername(user.getUsername()); 46 | return generateCookie(jwtCookie, jwt, "/api"); 47 | } 48 | 49 | public ResponseCookie generateRefreshJwtCookie(String refreshToken) { 50 | return generateCookie(jwtRefreshCookie, refreshToken, "/api/auth/refreshtoken"); 51 | } 52 | 53 | public String getJwtFromCookies(HttpServletRequest request) { 54 | return getCookieValueByName(request, jwtCookie); 55 | } 56 | 57 | public String getJwtRefreshFromCookies(HttpServletRequest request) { 58 | return getCookieValueByName(request, jwtRefreshCookie); 59 | } 60 | 61 | public ResponseCookie getCleanJwtCookie() { 62 | ResponseCookie cookie = ResponseCookie.from(jwtCookie, null).path("/api").build(); 63 | return cookie; 64 | } 65 | 66 | public ResponseCookie getCleanJwtRefreshCookie() { 67 | ResponseCookie cookie = ResponseCookie.from(jwtRefreshCookie, null).path("/api/auth/refreshtoken").build(); 68 | return cookie; 69 | } 70 | 71 | public String getUserNameFromJwtToken(String token) { 72 | return Jwts.parserBuilder().setSigningKey(key()).build() 73 | .parseClaimsJws(token).getBody().getSubject(); 74 | } 75 | 76 | private Key key() { 77 | return Keys.hmacShaKeyFor(Decoders.BASE64.decode(jwtSecret)); 78 | } 79 | 80 | public boolean validateJwtToken(String authToken) { 81 | try { 82 | Jwts.parserBuilder().setSigningKey(key()).build().parse(authToken); 83 | return true; 84 | } catch (MalformedJwtException e) { 85 | logger.error("Invalid JWT token: {}", e.getMessage()); 86 | } catch (ExpiredJwtException e) { 87 | logger.error("JWT token is expired: {}", e.getMessage()); 88 | } catch (UnsupportedJwtException e) { 89 | logger.error("JWT token is unsupported: {}", e.getMessage()); 90 | } catch (IllegalArgumentException e) { 91 | logger.error("JWT claims string is empty: {}", e.getMessage()); 92 | } 93 | 94 | return false; 95 | } 96 | 97 | public String generateTokenFromUsername(String username) { 98 | return Jwts.builder() 99 | .setSubject(username) 100 | .setIssuedAt(new Date()) 101 | .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs)) 102 | .signWith(key(), SignatureAlgorithm.HS256) 103 | .compact(); 104 | } 105 | 106 | private ResponseCookie generateCookie(String name, String value, String path) { 107 | ResponseCookie cookie = ResponseCookie.from(name, value).path(path).maxAge(24 * 60 * 60).httpOnly(true).build(); 108 | return cookie; 109 | } 110 | 111 | private String getCookieValueByName(HttpServletRequest request, String name) { 112 | Cookie cookie = WebUtils.getCookie(request, name); 113 | if (cookie != null) { 114 | return cookie.getValue(); 115 | } else { 116 | return null; 117 | } 118 | } 119 | } 120 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/services/RefreshTokenService.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security.services; 2 | 3 | import java.time.Instant; 4 | import java.util.Optional; 5 | import java.util.UUID; 6 | 7 | import org.springframework.beans.factory.annotation.Autowired; 8 | import org.springframework.beans.factory.annotation.Value; 9 | import org.springframework.stereotype.Service; 10 | import org.springframework.transaction.annotation.Transactional; 11 | 12 | import com.bezkoder.spring.security.jwt.exception.TokenRefreshException; 13 | import com.bezkoder.spring.security.jwt.models.RefreshToken; 14 | import com.bezkoder.spring.security.jwt.repository.RefreshTokenRepository; 15 | import com.bezkoder.spring.security.jwt.repository.UserRepository; 16 | 17 | @Service 18 | public class RefreshTokenService { 19 | @Value("${bezkoder.app.jwtRefreshExpirationMs}") 20 | private Long refreshTokenDurationMs; 21 | 22 | @Autowired 23 | private RefreshTokenRepository refreshTokenRepository; 24 | 25 | @Autowired 26 | private UserRepository userRepository; 27 | 28 | public Optional findByToken(String token) { 29 | return refreshTokenRepository.findByToken(token); 30 | } 31 | 32 | public RefreshToken createRefreshToken(Long userId) { 33 | RefreshToken refreshToken = new RefreshToken(); 34 | 35 | refreshToken.setUser(userRepository.findById(userId).get()); 36 | refreshToken.setExpiryDate(Instant.now().plusMillis(refreshTokenDurationMs)); 37 | refreshToken.setToken(UUID.randomUUID().toString()); 38 | 39 | refreshToken = refreshTokenRepository.save(refreshToken); 40 | return refreshToken; 41 | } 42 | 43 | public RefreshToken verifyExpiration(RefreshToken token) { 44 | if (token.getExpiryDate().compareTo(Instant.now()) < 0) { 45 | refreshTokenRepository.delete(token); 46 | throw new TokenRefreshException(token.getToken(), "Refresh token was expired. Please make a new signin request"); 47 | } 48 | 49 | return token; 50 | } 51 | 52 | @Transactional 53 | public int deleteByUserId(Long userId) { 54 | return refreshTokenRepository.deleteByUser(userRepository.findById(userId).get()); 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/services/UserDetailsImpl.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security.services; 2 | 3 | import java.util.Collection; 4 | import java.util.List; 5 | import java.util.Objects; 6 | import java.util.stream.Collectors; 7 | 8 | import org.springframework.security.core.GrantedAuthority; 9 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 10 | import org.springframework.security.core.userdetails.UserDetails; 11 | 12 | import com.bezkoder.spring.security.jwt.models.User; 13 | import com.fasterxml.jackson.annotation.JsonIgnore; 14 | 15 | public class UserDetailsImpl implements UserDetails { 16 | private static final long serialVersionUID = 1L; 17 | 18 | private Long id; 19 | 20 | private String username; 21 | 22 | private String email; 23 | 24 | @JsonIgnore 25 | private String password; 26 | 27 | private Collection authorities; 28 | 29 | public UserDetailsImpl(Long id, String username, String email, String password, 30 | Collection authorities) { 31 | this.id = id; 32 | this.username = username; 33 | this.email = email; 34 | this.password = password; 35 | this.authorities = authorities; 36 | } 37 | 38 | public static UserDetailsImpl build(User user) { 39 | List authorities = user.getRoles().stream() 40 | .map(role -> new SimpleGrantedAuthority(role.getName().name())) 41 | .collect(Collectors.toList()); 42 | 43 | return new UserDetailsImpl( 44 | user.getId(), 45 | user.getUsername(), 46 | user.getEmail(), 47 | user.getPassword(), 48 | authorities); 49 | } 50 | 51 | @Override 52 | public Collection getAuthorities() { 53 | return authorities; 54 | } 55 | 56 | public Long getId() { 57 | return id; 58 | } 59 | 60 | public String getEmail() { 61 | return email; 62 | } 63 | 64 | @Override 65 | public String getPassword() { 66 | return password; 67 | } 68 | 69 | @Override 70 | public String getUsername() { 71 | return username; 72 | } 73 | 74 | @Override 75 | public boolean isAccountNonExpired() { 76 | return true; 77 | } 78 | 79 | @Override 80 | public boolean isAccountNonLocked() { 81 | return true; 82 | } 83 | 84 | @Override 85 | public boolean isCredentialsNonExpired() { 86 | return true; 87 | } 88 | 89 | @Override 90 | public boolean isEnabled() { 91 | return true; 92 | } 93 | 94 | @Override 95 | public boolean equals(Object o) { 96 | if (this == o) 97 | return true; 98 | if (o == null || getClass() != o.getClass()) 99 | return false; 100 | UserDetailsImpl user = (UserDetailsImpl) o; 101 | return Objects.equals(id, user.id); 102 | } 103 | } 104 | -------------------------------------------------------------------------------- /src/main/java/com/bezkoder/spring/security/jwt/security/services/UserDetailsServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt.security.services; 2 | 3 | import org.springframework.beans.factory.annotation.Autowired; 4 | import org.springframework.security.core.userdetails.UserDetails; 5 | import org.springframework.security.core.userdetails.UserDetailsService; 6 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 7 | import org.springframework.stereotype.Service; 8 | import org.springframework.transaction.annotation.Transactional; 9 | 10 | import com.bezkoder.spring.security.jwt.models.User; 11 | import com.bezkoder.spring.security.jwt.repository.UserRepository; 12 | 13 | @Service 14 | public class UserDetailsServiceImpl implements UserDetailsService { 15 | @Autowired 16 | UserRepository userRepository; 17 | 18 | @Override 19 | @Transactional 20 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 21 | User user = userRepository.findByUsername(username) 22 | .orElseThrow(() -> new UsernameNotFoundException("User Not Found with username: " + username)); 23 | 24 | return UserDetailsImpl.build(user); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | spring.datasource.url= jdbc:mysql://localhost:3306/testdb_spring?useSSL=false 2 | spring.datasource.username= root 3 | spring.datasource.password= 123456 4 | 5 | spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQLDialect 6 | spring.jpa.hibernate.ddl-auto= update 7 | 8 | # App Properties 9 | bezkoder.app.jwtCookieName= bezkoder-jwt 10 | bezkoder.app.jwtRefreshCookieName= bezkoder-jwt-refresh 11 | bezkoder.app.jwtSecret= ======================BezKoder=Spring=========================== 12 | #bezkoder.app.jwtExpirationMs= 86400000 13 | #bezkoder.app.jwtRefreshExpirationMs= 86400000 14 | 15 | ## For test 16 | bezkoder.app.jwtExpirationMs= 60000 17 | bezkoder.app.jwtRefreshExpirationMs= 180000 -------------------------------------------------------------------------------- /src/test/java/com/bezkoder/spring/security/jwt/SpringSecurityRefreshTokenApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.bezkoder.spring.security.jwt; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class SpringSecurityRefreshTokenApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | --------------------------------------------------------------------------------