search

DevShivmohan / Learning-everything

Learning for developer only
0 stars 1 forks source link

Login and Authorization mechanism in Spring boot #25

Open DevShivmohan opened 1 year ago

DevShivmohan commented 1 year ago

implement AuthenticationProvider interface


package com.lattice.spectrum.security;

import com.lattice.spectrum.util.PasswordUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

import com.lattice.spectrum.contants.APIConstants;
import com.lattice.spectrum.contants.SecurityConstants;
import com.lattice.spectrum.dto.UserPrincipal;
import com.lattice.spectrum.service.impl.CustomUserDetailsService;

import lombok.extern.slf4j.Slf4j;

@Slf4j
@Component
public class UserAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private CustomUserDetailsService userService;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {

        final String username = authentication.getName();
        final String password = (String) authentication.getCredentials();

        final UserPrincipal user = userService.loadUserByUsername(username);

        if (user == null) {
            throw new BadCredentialsException(SecurityConstants.BAD_CREDENTIALS);
        }

            try {
                if (password.equals(PasswordUtil.decrypt(user.getPassword(), APIConstants.SECRET))) {
                    return new UsernamePasswordAuthenticationToken(user, password, user.getAuthorities());
                } else {
                    log.warn(APIConstants.PASSWORD_IS_INCORRECT + username);
                    throw new BadCredentialsException(SecurityConstants.BAD_CREDENTIALS);
                }
            } catch (Exception e) {
                log.error("Exception At: ", e);
                throw new BadCredentialsException(SecurityConstants.BAD_CREDENTIALS);
            }
        }

    public boolean supports(Class<?> arg0) {
        return true;
    }

}

Now integrate in Authentication service

@Autowired
    private UserAuthenticationProvider userAuthenticationProvider;

                authentication = userAuthenticationProvider
                        .authenticate(new UsernamePasswordAuthenticationToken(loginUser.getEmail(), loginUser.getPassword()));
                token = tokenProvider.generateTokenForUser(authentication);
                if (token == null) {
                    responseJson.put(SecurityConstants.ERROR, SecurityConstants.SOMETHING_WENT_WRONG);
                    return new ResponseEntity<String>(responseJson.toString(), HttpStatus.INTERNAL_SERVER_ERROR);
                }
rahulbansal3005 commented 1 year ago

hi i am interested to work on this project

DevShivmohan commented 1 year ago

Hey @rahulbansal3005 can you mention your information, because I don't know who are you ?

rahulbansal3005 commented 1 year ago

hey @ExceptionGenerator we don't know each other, i just wanted to work on some project and i randomly searched and found this issue interesting to work on, that's why i asked.

DevShivmohan commented 1 year ago

@rahulbansal3005 This is not a project , it's all types of docs like POC .

DevShivmohan commented 11 months ago

Getting current request JWT tokens

Getting current request jwt token

@PostMapping
public ResponseEntity<?> updateCustomerDetails( @RequestHeader(name = "Authorization") String token) {
  System.out.println("JWT token - "+token);
}