cmatheny
commented
7 years ago @tjkemper please review this.
Open Fayeredd opened 7 years ago
cmatheny
commented
7 years ago @tjkemper please review this.
tjkemper
commented
7 years ago This is a lot in one PR.
/swagger-ui.html should load without a JWT in the requestdog
Fayeredd
commented
7 years ago Claims have a secret: mySecret (see application.yml and JwtTokenUtil) This secret is validated through the JwtAuthenticationFilter. The password/token generation is handled by JwtTokenUtil, a test class placed in the structure to test the rest of it. It can be replaced later with an external generator.
Fayeredd
commented
7 years ago Build fails for non-existent dependency (JwtAuthenticationFilter [8,37])
The dependency is a local second project. The dependency is in the POM and the directory is in the classpath. Any ideas as to why it can't find this dependency would be appreciated.
POM:
<dependency>
<groupId>com.revature</groupId>
<artifactId>RevatureSecurityLogin</artifactId>
<version>1.0-SNAPSHOT</version>
<scope>compile</scope>
</dependency>Classpath:
<classpathentry kind="var" path="M2_REPO/com/revature/RevatureSecurityLogin/1.0-SNAPSHOT/RevatureSecurityLogin-1.0-SNAPSHOT.jar"/>
octocat-jedi
commented
7 years ago SonarQube analysis reported 18 issues
15 major
3 minorWatch the comments in this conversation to review them.
Security compatibility using JWT.
Temporary token generator/validator is JwtTokenUtil.
Security classes (by package): com.revature.config: WebSecurityConfig
com.revature.repositories: UserRepository
com.revature.model.security: Authority, AuthorityName, User
com.revature.security: JwtAuthenticationEntryPoint, JwtAuthenticationFilter, JwtAuthenticationRequest, JwtAuthenticationSuccessHandler, JwtTokenUtil (TEMP), JwtUser, JwtUserFactory
com.revature.security.controllers: AuthenticationRestController, UserRestController
com.revature.security.exceptions: JwtTokenMissingException
com.revature.security.service: JwtAuthenticationResponse, JwtUserDetailsServiceImpl