Skip to content

Instantly share code, notes, and snippets.

@Kwonkyu

Kwonkyu/CorsFilter.bean

Last active January 27, 2022 09:28
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Kwonkyu/626dd471c00da760cec24ff956e09ddb to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Kwonkyu/626dd471c00da760cec24ff956e09ddb to your computer and use it in GitHub Desktop.
Download ZIP
basic JWT configurations for spring boot application.
Raw
CorsFilter.bean
@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowCredentials(true);
corsConfiguration.addAllowedOriginPattern("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
source.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(source);
}
Raw
JwtAuthentication.java
import lombok.AllArgsConstructor;
import lombok.Getter;
/**
* JWT principal for JwtAuthenticationToken.
* It holds raw JWT and username of user.
*/
@Getter
@AllArgsConstructor
public class JwtAuthentication {
private final String token;
private final String username;
}
Raw
JwtAuthenticationFilter.java
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import lombok.RequiredArgsConstructor;
import org.springframework.http.HttpHeaders;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends GenericFilterBean {
private final AuthenticationManager authenticationManager;
@Override
public void doFilter(
ServletRequest request, ServletResponse response, FilterChain chain
) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String jwt = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
if (jwt != null && jwt.startsWith("Bearer ")) {
JwtAuthenticationToken token = new JwtAuthenticationToken(jwt);
Authentication authenticate = authenticationManager.authenticate(token);
SecurityContextHolder.getContext()
.setAuthentication(authenticate);
}
chain.doFilter(request, response);
}
}
Raw
JwtAuthenticationProvider.java
import com.kmongcorp.apply.order.common.util.JwtUtil;
import com.kmongcorp.apply.order.domain.user.application.port.UserJwtService;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import java.util.Collections;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
@Component
@RequiredArgsConstructor
public class JwtAuthenticationProvider implements AuthenticationProvider {
private final JwtUtil jwtUtil;
private final UserJwtService jwtRegistrationService;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
if (authentication.isAuthenticated()) {
return authentication;
}
String jwt = (String) authentication.getPrincipal();
jwt = jwt.startsWith("Bearer ") ? jwt.substring(7) : jwt;
Claims claims;
try {
claims = Jwts.parser()
.setSigningKey(jwtUtil.getJwtSecretKey())
.parseClaimsJws(jwt)
.getBody();
} catch (JwtException exception) {
return new JwtAuthenticationToken(jwt);
}
String subject = claims.getSubject();
jwtRegistrationService.validateJwt(subject, jwt);
return new JwtAuthenticationToken(
Collections.emptyList(),
new JwtAuthentication(jwt, claims.get("id", Long.class), subject)
);
}
@Override
public boolean supports(Class<?> authentication) {
return JwtAuthenticationToken.class.isAssignableFrom(authentication);
}
}
Raw
JwtAuthenticationToken.java
import java.util.Collection;
import java.util.Objects;
import lombok.Getter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
@Getter
public class JwtAuthenticationToken extends AbstractAuthenticationToken {
private final transient Object principal;
public JwtAuthenticationToken(
String principal) {
super(null);
this.principal = principal;
this.setAuthenticated(false);
}
public JwtAuthenticationToken(
Collection<? extends GrantedAuthority> authorities,
JwtAuthentication jwtAuthentication
) {
super(authorities);
this.principal = jwtAuthentication;
this.setAuthenticated(true);
}
@Override
public Object getCredentials() {
return "";
}
@Override
public Object getPrincipal() {
return principal;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
if (!super.equals(o)) {
return false;
}
JwtAuthenticationToken that = (JwtAuthenticationToken) o;
return principal.equals(that.principal);
}
@Override
public int hashCode() {
return Objects.hash(super.hashCode(), principal);
}
}
Raw
When login...
@Override
public Authentication login(String username, String rawPassword) {
return authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(username, rawPassword));
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment