Merge pull request #16 from hamzanassour/master

Code Refactoring & Redirecting User to login page if it is not authenticated

Author: lokeshgupta1981

spring-boot-vuejs-jwt-auth/Spring-Boot-API/src/main/java/com/howtodoinjava/app/security/config/SecurityConfig.java

@@ -3,14 +3,13 @@
 
 import com.howtodoinjava.app.security.filter.JwtTokenFilter;
 import com.howtodoinjava.app.security.repo.UserRepository;
-import com.howtodoinjava.app.security.utils.JwtAuthenticationEntryPoint;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import org.springframework.http.HttpMethod;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.security.authentication.AuthenticationManager;
 
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -19,48 +18,27 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
 
 @EnableWebSecurity
 @Configuration
 @RequiredArgsConstructor
 public class SecurityConfig {
 
  private final JwtTokenFilter jwtAuthenticationFilter;
- private final AuthenticationProvider authenticationProvider;
- private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
+ private final UserDetailsService userDetailsService ;
 
- @Autowired
- private UserRepository userRepository;
 
- @Bean
- UserDetailsService userDetailsService() {
- return new UserDetailsService() {
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- try {
- return userRepository.findByUsername(username)
- .orElseThrow(() -> new Exception("user Not found hahahah "));
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- }
- };
- }
 
  @Bean
  public AuthenticationProvider authenticationProvider() {
  DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
- daoAuthenticationProvider.setUserDetailsService(userDetailsService());
+ daoAuthenticationProvider.setUserDetailsService(userDetailsService);
  daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
  return daoAuthenticationProvider;
  }
@@ -78,25 +56,25 @@ AuthenticationManager authenticationManager(
 
  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
- httpSecurity.csrf().disable();
+
  httpSecurity.headers().frameOptions().disable();
+ httpSecurity.csrf().disable();
  httpSecurity
- .authorizeRequests()
- .requestMatchers(HttpMethod.POST, "/api/auth/login").permitAll()
- .requestMatchers(HttpMethod.GET, "/api/auth/logout").permitAll()
- .requestMatchers(HttpMethod.POST, "/h2-console").permitAll()
- .anyRequest().authenticated()
- .and()
- .exceptionHandling()
- .authenticationEntryPoint(jwtAuthenticationEntryPoint)
- .and()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .authenticationProvider(authenticationProvider)
- .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+ .authorizeHttpRequests()
+ .requestMatchers("/api/auth/**").permitAll()
+ .anyRequest().authenticated()
+ .and()
+ .sessionManagement()
+ .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ .and()
+ .exceptionHandling()
+ .authenticationEntryPoint(((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)))
+ .and()
+ .authenticationProvider(authenticationProvider())
+ .addFilterBefore(jwtAuthenticationFilter , UsernamePasswordAuthenticationFilter.class);
 
  return httpSecurity.build();
+
  }
 
 }

spring-boot-vuejs-jwt-auth/Spring-Boot-API/src/main/java/com/howtodoinjava/app/security/service/CustomUserDetailsService.java

@@ -0,0 +1,27 @@
+package com.howtodoinjava.app.security.service;
+
+import com.howtodoinjava.app.security.repo.UserRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+@Configuration
+public class CustomUserDetailsService implements UserDetailsService {
+
+ @Autowired
+ private UserRepository userRepository;
+
+ @Override
+ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+ try {
+ return userRepository.findByUsername(username)
+ .orElseThrow(() -> new Exception("user Not found "));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+}

spring-boot-vuejs-jwt-auth/Spring-Boot-API/src/main/java/com/howtodoinjava/app/security/utils/JwtTokenProvider.java

@@ -2,6 +2,7 @@
 
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
+import io.jsonwebtoken.security.SignatureException;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
@@ -16,54 +17,57 @@
 @Slf4j
 public class JwtTokenProvider {
 
- Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
+  Key key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
 
- public String createToken(Authentication authentication) {
- UserDetails userDetails = (UserDetails) authentication.getPrincipal();
- Date now = new Date();
- Date expiryDate = new Date(now.getTime() + 3600000);
+ public String createToken(Authentication authentication) {
+ UserDetails userDetails = (UserDetails) authentication.getPrincipal();
+ Date now = new Date();
+ Date expiryDate = new Date(now.getTime() + 3600000);
+
+ return Jwts.builder()
+ .setSubject(userDetails.getUsername())
+ .setIssuedAt(new Date())
+ .setExpiration(expiryDate)
+ .signWith(SignatureAlgorithm.HS512, key)
+ .compact();
+ }
 
- return Jwts.builder()
- .setSubject(userDetails.getUsername())
- .setIssuedAt(new Date())
- .setExpiration(expiryDate)
- .signWith(SignatureAlgorithm.HS512, key)
- .compact();
- }
 
 
- public String resolveToken(HttpServletRequest request) {
- String bearerToken = request.getHeader("Authorization");
- if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
- return bearerToken.substring(7);
+ public String resolveToken(HttpServletRequest request) {
+ String bearerToken = request.getHeader("Authorization");
+ if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
+ return bearerToken.substring(7);
+ }
+ return null;
  }
- return null;
- }
 
 
- public boolean validateToken(String token) {
- // Check if the token is valid and not expired
- try {
- Jwts.parser().setSigningKey(key).parseClaimsJws(token);
- return true;
- } catch (MalformedJwtException ex) {
- log.error("Invalid JWT token");
- } catch (ExpiredJwtException ex) {
- log.error("Expired JWT token");
- } catch (UnsupportedJwtException ex) {
- log.error("Unsupported JWT token");
- } catch (IllegalArgumentException ex) {
- log.error("JWT claims string is empty");
+ public boolean validateToken(String token) {
+ // Check if the token is valid and not expired
+ try {
+ Jwts.parser().setSigningKey(key).parseClaimsJws(token);
+ return true;
+ } catch (MalformedJwtException ex) {
+ log.error("Invalid JWT token");
+ } catch (ExpiredJwtException ex) {
+ log.error("Expired JWT token");
+ } catch (UnsupportedJwtException ex) {
+ log.error("Unsupported JWT token");
+ } catch (IllegalArgumentException ex) {
+ log.error("JWT claims string is empty");
+ }catch (SignatureException e){
+ log.error("there is an error with the signature of you token ");
+ }
+ return false;
  }
- return false;
- }
 
- public String getUsername(String token) {
- // Extract the username from the JWT token
- return Jwts.parser()
- .setSigningKey(key)
- .parseClaimsJws(token)
- .getBody()
- .getSubject();
- }
+  public String getUsername(String token) {
+  // Extract the username from the JWT token
+  return Jwts.parser()
+  .setSigningKey(key)
+  .parseClaimsJws(token)
+  .getBody()
+  .getSubject();
+  }
 }

spring-boot-vuejs-jwt-auth/Spring-Boot-API/src/main/resources/application.properties

@@ -6,3 +6,6 @@ spring.datasource.username=sa
 spring.datasource.password=password
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
 spring.h2.console.enabled=true
+
+
+spring.main.allow-circular-references=true

spring-boot-vuejs-jwt-auth/vue-app/src/utils/apiClient.ts

@@ -14,9 +14,7 @@ const token = localStorage.getItem("jwtToken");
 
 axiosInstance.interceptors.request.use(
  (config) => {
- if (config.url !== "/auth/login") {
- config.headers.Authorization = `Bearer ${token}`;
- }
+ config.headers.Authorization = `Bearer ${token}`;
  return config;
  },
  (error) => {

spring-boot-vuejs-jwt-auth/vue-app/src/views/HomeView.vue

@@ -26,9 +26,17 @@ export default defineComponent({
  setup() {
  let employees = ref<Employee[]>([]);
 
- employeeService.getAllEmployees().then((response) => {
- employees.value = response;
- });
+ employeeService
+ .getAllEmployees()
+ .then((response) => {
+ employees.value = response;
+ })
+ .catch((error) => {
+ if (error.response && error.response.status === 401) {
+ // Redirect the user to the login page
+ window.location.href = "/login";
+ }
+ });
 
  return {
  employees,