DEV Community: Mayank Gupta

Implementing Multipart Upload in AWS S3 with Spring Boot

Mayank Gupta — Sat, 19 Jul 2025 04:54:09 +0000

In this tutorial we will see how to handle multi-part upload in AWS S3 with spring boot.

Simply put , multipart upload is uploading a file into chunks and finally merging it back.

Advantage of this approach is simply that we get higher throughput , we can implement pausing and resuming of uploads easily and also very large files can also be uploaded seamlessly without worrying about server load and last but not the least error recovery (i.e in case of failed upload retry that part , i know that’s awesome 😼).

Let’s get started , we will be using spring boot but you can also use any other framework or language as the flow will be same.

Workflow

There are basically 3 steps

Initiating upload

Client initiates the upload by sending the meta data of the file i.e fileName , fileType , fileSize etc.

Server now requests the S3 to initiate a MultiPartUpload and get the uploadId as response from the S3 and the server send that uploadId to the client because that uploadId and key will be required for the future steps.

Uploading Chunks

Once client gets the uploadId , it starts uploading chunks of file and for each chunk the client request the server for the presigned url and sends those uploadId and key for identification of the corresponding ongoing MultiPartUpload, and on the behalf of client with those UploadId and key server requests a presigned url from the S3 for that chunk and on getting that presigned url forward it to the client

Now client uploads that chunk to the S3 directly (No role of server for now) with the help of that presigned url authorised for that upload only.

Note : For multipart upload except the final chunk each chunk is needed to be minimum of 5MB size , and we can also request presigned urls for multiple chunks at once and upload parallely but that will add complexity and i will leave it for you to do.

Finalizing Upload

Now once all the chunks are uploaded client request for finalizing the upload and merge those chunks to our backend , now the point is how the hell S3 will ensure the correct order of chunks and data is valid . AWS S3 done this with the help of Etag map , for each upload to the chunk it sends a Etag in headers which relates to the chunk-number and for finalizing upload a Map of Key value pair ( key = part-number and value = the eTag for that chunk) is sent to the the backend which is then mapped to the PartEtag which contains two fields , which are self understandable.

private int partNumber;
private String eTag;

Now I hope the workflow must be clear to you , now it’s time for code , but one thing which is important is left , i.e creating the bucket in AWS.

Creating Bucket in AWS S3

### Login into AWS console and search For S3

### Click on create bucket

### Choose General Purpose and enter a unique name for the bucket

### Leave everything as default but Allow all public access for now (as our main concern is uploading today)

### Bucket is created , now need to create access credentials for this bucket

### Go to IAM and create a user

### Attach these policies and finalize.

### Now create Access Credentials

### Choose Application running Outside AWS

### And Get those Credentials Access Key and Access Secret and save them

Now once we have created the bucket and user we are ready for the code part

Dependencies

These are the dependencies which we will need

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>com.amazonaws</groupId>
        <artifactId>aws-java-sdk-s3</artifactId>
        <version>1.12.707</version>
    </dependency>
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.postgresql</groupId>
        <artifactId>postgresql</artifactId>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-amqp</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.amqp</groupId>
        <artifactId>spring-rabbit-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.kafka</groupId>
        <artifactId>spring-kafka</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.kafka</groupId>
        <artifactId>spring-kafka-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
    </dependency>
</dependencies>

Configuring the S3 client

We can configure our S3 client by creating the bean of AmazonS3 and we will configure the credentials inside that bean using AWSStaticCredentialsProvider and AWSCredentials

An AmazonS3 object can be created using AmazonS3ClientBuilder and will set the credentials and other configuration and region of the bucket.

package com.vsnt.asset_onboarding.config;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.Protocol;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class AWSConfig {

    String accessKeyId = Secrets.AWS_ACCESS_KEY_ID;

    String secretAccessKey = Secrets.AWS_SECRET_KEY;
 @Bean
    public AmazonS3 getS3Client() {
        AWSCredentials credentials = new BasicAWSCredentials(accessKeyId, secretAccessKey);
     ClientConfiguration config = new ClientConfiguration();
     config.setProtocol(Protocol.HTTP);
        AmazonS3 s3 = AmazonS3ClientBuilder.standard()
                .withCredentials(new AWSStaticCredentialsProvider(credentials))
                .withClientConfiguration(config)
                .withRegion(Regions.AP_SOUTH_1).build();
        return s3;
    }
}

S3Service

Create a service class which will contain methods to interact with S3 and have that AmazonS3 client autowired in that class.

package com.vsnt.asset_onboarding.services;

import com.amazonaws.HttpMethod;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.model.*;
import com.vsnt.asset_onboarding.config.Secrets;
import com.vsnt.asset_onboarding.dtos.TranscodingJob;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;

import java.net.URL;
import java.sql.Date;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

@Service

public class S3Service {
    private final AmazonS3 s3;

    public S3Service(AmazonS3 s3) {
        this.s3 = s3;
    }

    public String startMultiPartUpload(String key) {

        InitiateMultipartUploadRequest request = new InitiateMultipartUploadRequest(Secrets.AWS_BUCKET_NAME, key);
        InitiateMultipartUploadResult result = s3.initiateMultipartUpload(request);
        return result.getUploadId();
    }
    public String getPreSignedURLForMultipartUploadChunk(String uploadId,int chunkNumber,String key) {
        GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(Secrets.AWS_BUCKET_NAME, key)
                .withMethod(HttpMethod.PUT)
                .withContentType("application/octet-stream");


        request.addRequestParameter("uploadId", uploadId);
        request.addRequestParameter("partNumber", String.valueOf(chunkNumber));
        URL url = s3.generatePresignedUrl(request);
        return url.toString();
    }
    public void completeMultipartUpload(String uploadId, Map<Integer,String> etagMap, String key)
    {
        try{
            CompleteMultipartUploadRequest request  = new CompleteMultipartUploadRequest();
            request.setUploadId(uploadId);
            request.setBucketName(Secrets.AWS_BUCKET_NAME);
            request.setKey(key);
            List<PartETag> partETags = new ArrayList<>();
            for(Map.Entry<Integer,String> etag : etagMap.entrySet())
            {
                partETags.add(new PartETag(etag.getKey(), etag.getValue()));
            }
            request.setPartETags(partETags);
        var e = s3.completeMultipartUpload(request);


        }
        catch (Exception e){
            e.printStackTrace();

        }


    }
}

I will discuss each method one by one

Initiating the upload

We initate the upload with the help of InitiateMultipartUploadRequest class and finally return the upload id

public String startMultiPartUpload(String key) {
    InitiateMultipartUploadRequest request = new InitiateMultipartUploadRequest(Secrets.AWS_BUCKET_NAME, key);
    InitiateMultipartUploadResult result = s3.initiateMultipartUpload(request);
    return result.getUploadId();
}

Getting PreSignedUrl for each chunk

Now we need to generate presigned url which we can generate by GeneratePresignedUrlRequest class and passing the bucket name and key along with method and content type.

For a chunk we also need to add the upload id and part number as request parameters and finally generate the presigned url with the help of S3 client’s method which we autowired generatePresignedUrl(GeneratePresignedUrlRequest)

 public String getPreSignedURLForMultipartUploadChunk(String uploadId,int chunkNumber,String key) {
        GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(Secrets.AWS_BUCKET_NAME, key)
                .withMethod(HttpMethod.PUT)
                .withContentType("application/octet-stream");


        request.addRequestParameter("uploadId", uploadId);
        request.addRequestParameter("partNumber", String.valueOf(chunkNumber));
        URL url = s3.generatePresignedUrl(request);
        return url.toString();
    }

Finalizing upload

The completeMultipartUpload method finalizes a multipart upload to AWS S3. It takes the uploadId, a map of partNumber → ETag, and the file key. Using this data, it creates a request to tell S3 to stitch all uploaded parts into the final complete file. Without this step, the uploaded chunks stay incomplete and unused.

Inside the method, it first creates a CompleteMultipartUploadRequest, sets the bucket name, object key, and the upload ID. Then it iterates over the ETag map and creates a list of PartETag objects — these represent each chunk’s metadata that S3 needs to verify and stitch together the parts. Once the list is built, it's passed to the request and sent using the completeMultipartUpload method of the AmazonS3 client.

public void completeMultipartUpload(String uploadId, Map<Integer,String> etagMap, String key)
{
    try{
        CompleteMultipartUploadRequest request  = new CompleteMultipartUploadRequest();
        request.setUploadId(uploadId);
        request.setBucketName(Secrets.AWS_BUCKET_NAME);
        request.setKey(key);
        List<PartETag> partETags = new ArrayList<>();
        for(Map.Entry<Integer,String> etag : etagMap.entrySet())
        {
            partETags.add(new PartETag(etag.getKey(), etag.getValue()));
        }
        request.setPartETags(partETags);
    var e = s3.completeMultipartUpload(request);


    }
    catch (Exception e){
        e.printStackTrace();

    }


}

Now you can use these methods to implement it according to your use case.

That’s it for today guys , If you have any query you can ask below see you in next article soon till then bye.

Building a Seamless File Upload System: Handling Chunked Uploads And Large File Uploads

Mayank Gupta — Wed, 15 Jan 2025 14:45:15 +0000

Hello guys in this article we will be exploring how can we create a file upload system like AWS ( joking guys 😂) , but we will look how we can implement a functionality of uploading large files using chunked uploads , so let’s get started.

But before starting , why chunked uploads , why not simple file upload using ?

Uploading a large file in a single request can lead to timeout issues or increased memory usage on the client and server.
If the file is too large let’s say 1GB , then it is obviously not a good approach to send all the 1GB file data in a single request , the server will be having really bad time if we do so 🙂
If the upload fails midway (due to network issues or server errors), the entire file needs to be reuploaded, wasting bandwidth and time.
Difficult to provide meaningful feedback to users because the entire file is uploaded in one go.

So now we know why we can’t upload large files in a single request , hence what we will be doing is sending our file in parts to the server and server will keep writing the file with our chunks uploaded.

Key Concepts to Understand Before We Begin

Before going to the implementation part, we should know some concepts and don’t worry if you don’t know them , I am here 😎

1 . HTTP Streaming

HTTP Streaming refers to the process of transmitting data over HTTP as a continuous stream rather than sending it all at once in a single response or request. This technique is commonly used for scenarios like video/audio streaming, live feeds, large file uploads, or real-time data delivery.

In typical HTTP request server terminates the connection but here connection is not terminated which allows continuous data communication between server and client.

We can declare a HTTP request as stream by using some headers

Transfer-Encoding : setting this header to “chunked”
Content-length : this header is not defined in stream requests so that server can decide that the coming request is a stream request
Content-type : We also use “application/octet-stream” in Content-Type header to declare that the mime-type of coming data is not specified and it is binary data

2 . Streams in NodeJS

In Node.js, streams are a powerful way to handle data that is being read from or written to external sources like files, network connections, or standard input/output. They allow you to process large chunks of data piece by piece instead of loading the entire content into memory at once, making it more efficient for handling large amounts of data.

Types of Streams in Node.js

Node.js streams are divided into four main types, based on how the data flows:

Readable Streams

* These streams allow you to read data from a source.

* Examples: `fs.createReadStream()`, HTTP request objects, process.stdin.

* **Methods**:

    * `read()`: Reads data from the stream.

    * `on('data', callback)`: Listens for chunks of data being read.

    * `pipe()`: Pipes the stream to a writable stream.

Writable Streams

* These streams allow you to write data to a destination.

* Examples: `fs.createWriteStream()`, HTTP response objects, process.stdout.

* **Methods**:

    * `write()`: Writes data to the stream.

    * `end()`: Ends the writable stream after all data has been written.

Duplex Streams

* These streams can both read from and write to a source. They are a combination of readable and writable streams.

* Example: `net.Socket` (used in network communication).

* **Methods**:

    * `read()`, `write()`, `on('data')`, `pipe()`.

Transform Streams

* These are a special kind of duplex stream where the data that is written to the stream is transformed before it is read.

* Example: `zlib.createGzip()` (used for compression).

* **Methods**:

    * `transform()` is typically used for processing and modifying data.

For now we will only use read and write stream.

One cool thing about Streams is the piping we may not use it for now but i will tell you about it any ways

It is the feature provided by Streams API allowing us to pipe the output of one stream to the input of another stream . It’s like how pipelines are set up , basically data (water) is coming from one stream (pipe) and that incoming data (water) is streamed (piped) into another stream ( connected pipe)

And One more cool thing is that the request and response in node js are also Streams so we will be using streams to implement chunked uploads in our server

3 . Chunk Uploads

Chunked uploads involve dividing a file into smaller pieces (chunks) and sending these chunks to the server separately. Each chunk is uploaded one by one, and the server appends that chunk into the original file. This approach has several benefits:

Resumability: If an upload is interrupted (e.g., due to network failure), the upload can be resumed from the last successfully uploaded chunk, rather than starting from scratch.
Progress Tracking: Since chunks are smaller and discrete, the progress of each chunk can be tracked, providing feedback to users on the upload status.
Efficient Memory Usage: Rather than holding the entire file in memory, chunked uploads allow for memory-efficient handling of large files. The server only processes one chunk at a time, reducing the load on memory and CPU.

4 . HTTP Headers for Metadata

In chunked file uploads, HTTP headers play a key role in managing and tracking the state of the upload. Some common headers used in chunked uploads include:

chunkNumber: Identifies the current chunk being uploaded. The server can use this to order and track which chunk of the file is being uploaded at any given time.
uploadKey: A unique identifier that associates all chunks with a specific upload session. This key helps the server track which chunks belong to which file upload, especially in cases where multiple files are being uploaded concurrently.

We can also provide more headers for authentication purpose like a token for validating the session.

So now we will be discussing the flow of our application

First the client will initialize the upload by sending all the file metadata and will recieve the uploadKey and a token for the session.
As the server recieves the initialize request , it will create a upload key and the directory with the same upload key ( this will be unique) and also saves the metadata in the database.And in response the uploadKey and token is sent to the client.
Client will start sending chunks to the server. The request will be containing upload-key and chunk-number , token in it’s headers
The Server will verify the headers and will create a empty file with that metadata and will start listening the on\ event of the request. And the recieved chunks will be appended to the file created.
Now the subsequent chunks will be transferred over this connection by the client and the server will append those chunks into our file.
And after all the chunks are uploaded A url or a id pointing towards the database record of that file will be sent to the client for the file retrieval.

Now I think we are ready to code , so let’s go

Express App

// index.js
require('dotenv').config();
const express = require('express');
const routes = require('./router.js');
const connect = require('./db');
const app = express();

app.use(express.json());
app.use(express.urlencoded({ extended: true }));

connect();

app.use('/', express.static('./public'));
app.use('/files', routes);

app.listen(3343, () => {
    console.log('Server running on port 3343');
});

A function to connect to the database (I am using mongoDB)

const mongoose = require('mongoose');

const connect = async () => {
    try {
        await mongoose.connect(process.env.DB_URI);
    } catch (error) {
        console.error('Database connection error:', error);
        process.exit(1);
    }
};

module.exports = connect;

FileStorage model for mongoose

const { Schema, default: mongoose } = require("mongoose");

const schema = new Schema({
    key: {type:String},
   fileName: {type:String},
    size: {type:Number},
    path: {type:String},

    status: {type:String},
    metadata:{type:Map},
    uploadedChunks: [Number]
  })
  const FileStorage = mongoose.model("FileStorage",schema);
  module.exports = FileStorage

Routes for handling api requests

const express = require('express');
const router = express.Router();
const StorageService = require('./StorageService.js');
const path = require('path');
const FileStorage = require('./model.js');
const fs = require('fs');

// Initialize StorageService
const fileStorage = new StorageService();

// Initialize upload route
router.post('/upload/initialize', async (req, res) => {
  try {
    const { fileName, fileSize, metadata } = req.body;

    // Validate request body
    if (!fileName || !fileSize) {
      return res.status(400).json({ error: 'File name and size are required' });
    }

    const upload = await fileStorage.initializeUpload(fileName, fileSize, metadata);
    res.status(201).json({
      uploadKey: upload,
      status: 'ready_to_upload'
    });
  } catch (error) {
    res.status(500).json({ error: error.message });
  }
});

// Upload chunk route
router.post('/upload/chunk', async (req, res) => {
  try {
    const { id, chunknumber } = req.headers;

    // Validate headers
    if (!id || chunknumber === undefined) {
      return res.status(400).json({ error: 'Missing required headers' });
    }

    const fileMetadata = await FileStorage.findById(id);
    if (!fileMetadata) {
      return res.status(404).json({ error: 'Upload not initialized' });
    }

    const filePath = path.join(fileMetadata.path, fileMetadata.fileName);
    // Ensure the file exists before writing chunks
    if (!fs.existsSync(filePath)) {
      fs.writeFileSync(filePath, ''); // Create an empty file if not exists
    }

    const fileStream = fs.createWriteStream(filePath, {
      flags: 'r+',
      start: chunknumber * 1024 * 1024 // 1MB chunk size
    });

    // Write chunk data to the file
    await new Promise((resolve, reject) => {
      req.on('data', (chunk) => {
        fileStream.write(chunk, (err) => {
          if (err) reject(err);
        });
      });

      req.on('end', async () => {
        try {
          fileMetadata.uploadedChunks = fileMetadata.uploadedChunks || [];
          fileMetadata.uploadedChunks.push(parseInt(chunknumber));
          await fileMetadata.save();
          resolve();
        } catch (err) {
          reject(err);
        }
      });

      req.on('error', reject);
    });

    res.status(200).json({
      message: 'Chunk uploaded successfully',
      chunkNumber: chunknumber
    });
  } catch (error) {
    res.status(400).json({ error: error.message });
  }
});

// Finalize upload route
router.post('/upload/finalize', async (req, res) => {
  try {
    const { uploadKey } = req.body;
    if (!uploadKey) {
      return res.status(400).json({ error: 'Upload key is required' });
    }

    const finalizedUpload = await fileStorage.finalizeUpload(uploadKey);
    res.status(200).json({
      uploadKey: finalizedUpload.key,
      status: 'completed',
      fileMetadata: finalizedUpload
    });
  } catch (error) {
    res.status(400).json({ error: error.message });
  }
});
module.exports = router;

StorageService Class

const path = require('path');
const fs = require('fs');
const FileStorage = require('./model.js');
const crypto = require('crypto'); // Make sure to require crypto if using it

class StorageService {
    constructor(uploadDir = "./upload") {
        this.uploadDir = uploadDir;
    }

    async initializeUpload(fileName, fileSize, userId, metadata = {}) {
        const uniqueName = this.generateUniqueFileName(fileName);
        const filePath = path.join(this.uploadDir, uniqueName);

        // Ensure the directory exists
        if (!fs.existsSync(filePath)) {
            fs.mkdirSync(filePath, { recursive: true });
        }

        const fileMetadata = await FileStorage.create({
            key: uniqueName,
            fileName,
            size: fileSize,
            path: filePath,
            userId,
            status: 'uploading',
            metadata,
            uploadedChunks: []
        });

        return fileMetadata._id;
    }

    async finalizeUpload(id) {
        const fileMetadata = await FileStorage.findById(id);
        fileMetadata.status = 'completed';
        return await fileMetadata.save();
    }

    generateUniqueFileName(originalName) {
        const timestamp = Date.now();
        const randomString = crypto.randomUUID().toString('hex');
        const extension = path.extname(originalName);
        return `${timestamp}-${randomString}${extension}`;
    }
}

module.exports = StorageService;

Static index.html which will be our client

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Large File Upload</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            max-width: 500px;
            margin: 0 auto;
            padding: 20px;
        }
        #progress-container {
            width: 100%;
            background-color: #f0f0f0;
            border-radius: 5px;
            margin-top: 10px;
        }
        #progress-bar {
            width: 0%;
            height: 20px;
            background-color: #4CAF50;
            border-radius: 5px;
            transition: width 0.3s;
        }
    </style>
</head>
<body>
    <div>
        <input type="file" id="fileInput">
        <button id="uploadButton">Upload File</button>
        <div id="progress-container">
            <div id="progress-bar"></div>
        </div>
        <div id="status"></div>
    </div>

    <script>
        class FileUploader {
            constructor(apiBaseUrl) {
                this.apiBaseUrl = apiBaseUrl;
                this.chunkSize = 1 * 1024 * 1024; // 1MB
            }

            async uploadLargeFile(file) {
                const totalChunks = Math.ceil(file.size / this.chunkSize);
                const initResponse = await this.initializeUpload(file);
                const uploadKey = initResponse.uploadKey;

                for (let chunk = 0; chunk < totalChunks; chunk++) {
                    const start = chunk * this.chunkSize;
                    const end = Math.min(start + this.chunkSize, file.size);
                    const chunkData = file.slice(start, end);

                    await this.uploadChunk(uploadKey, chunk, chunkData);
                    this.updateProgressBar((chunk + 1) / totalChunks * 100);
                }

                await this.finalizeUpload(uploadKey);
            }

            async initializeUpload(file) {
                const response = await fetch(`${this.apiBaseUrl}/upload/initialize`, {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({
                        fileName: file.name,
                        fileSize: file.size,
                        metadata: {
                            type: file.type,
                            lastModified: file.lastModified
                        }
                    })
                });
                return response.json();
            }

            async uploadChunk(uploadKey, chunkNumber, chunkData) {

                await fetch(`${this.apiBaseUrl}/upload/chunk`, {
                    method: 'POST',
                    headers: {
                        'Content-Type': 'application/octet-stream',
                        'id': uploadKey,
                        'chunknumber': chunkNumber
                    },
                    body: chunkData
                });
            }


            async finalizeUpload(uploadKey) {
                await fetch(`${this.apiBaseUrl}/upload/finalize`, {
                    method: 'POST',
                    headers: { 'Content-Type': 'application/json' },
                    body: JSON.stringify({ uploadKey })
                });
            }

            updateProgressBar(progress) {
                const progressBar = document.getElementById('progress-bar');
                const statusDiv = document.getElementById('status');

                progressBar.style.width = `${progress}%`;
                statusDiv.textContent = `Uploading: ${Math.round(progress)}%`;
            }
        }

        document.getElementById('uploadButton').addEventListener('click', async () => {
            const fileInput = document.getElementById('fileInput');
            const file = fileInput.files[0];

            if (!file) {
                alert('Please select a file');
                return;
            }

            const uploader = new FileUploader('/files');

            try {
                await uploader.uploadLargeFile(file);
                alert('Upload Complete!');
            } catch (error) {
                console.error('Upload failed:', error);
                alert('Upload Failed');
            }
        });
    </script>
</body>
</html>

For now i have only implemented Uploading file but you can also implement file fetching using streams in similar way and you should definitely try it .

DEMO

%[https://youtu.be/lTwW2DkWNmg]

Hope you liked it if any advice , query please drop it down in the comments .

Thank you. 🙏

Understanding Spring Security and OAuth 2.0

Mayank Gupta — Tue, 14 Jan 2025 07:33:02 +0000

In this article we will explore Spring security and will build a authentication system with OAuth 2.0.

Spring Security is a powerful, highly customizable framework for implementing robust authentication and access control mechanisms in Java-based applications. It is a core component of the Spring ecosystem, widely used to secure web applications, REST APIs, and other backend services. With Spring Security, you gain a solid foundation to build and enforce secure practices in your application.

How Spring Security Works

Before diving into how Spring Security operates, it's crucial to understand the request-handling lifecycle in a Java-based web server. Spring Security seamlessly integrates into this lifecycle to secure incoming requests.

Request-Handling Lifecycle with Spring Security

The lifecycle of handling an HTTP request in a Spring-based application with Spring Security involves several stages, each playing a critical role in processing, validating, and securing the request.

1. Client Request

The lifecycle begins when a client (e.g., browser, mobile app, or API tool like Postman) sends an HTTP request to the server.

Example:

GET /api/admin/dashboard HTTP/1.1

2. Servlet Container

The servlet container (e.g., Tomcat) receives the request and delegates it to the DispatcherServlet, the front controller in a Spring application. This is where the application’s processing pipeline starts.

3. Spring Security Filter Chain

Before the DispatcherServlet processes the request, Spring Security's Filter Chain intercepts it. The filter chain is a sequence of filters, each responsible for handling specific security tasks. These filters ensure the request meets authentication and authorization requirements before it reaches the application logic.

Key Filters in the Chain:

Authentication Filters:

These filters verify if the request contains valid credentials, such as a username/password, a JWT, or session cookies.
Authorization Filters:

After authentication, these filters ensure the authenticated user has the necessary roles or permissions to access the requested resource.
Other Filters:

* **CsrfFilter**: Validates CSRF tokens to prevent Cross-Site Request Forgery attacks.

* **CorsFilter**: Manages Cross-Origin Resource Sharing (CORS) rules for secure API access from different domains.

* **ExceptionTranslationFilter**: Handles security-related exceptions (e.g., invalid credentials) and sends appropriate responses to the client.

4. Security Context

If authentication is successful, Spring Security creates an Authentication object and stores it in the SecurityContext. This object, often stored in a thread-local storage, is accessible throughout the request lifecycle.

The Authentication Object:

Principal: Represents the authenticated user (e.g., username).
Credentials: Includes authentication details like JWT tokens or passwords.
Authorities: Contains roles and permissions assigned to the user.

Example Flow in the Filter Chain:

A request passes through the authentication filters.
If the credentials are valid, the Authentication object is created and added to the SecurityContext.
If the credentials are invalid, the ExceptionTranslationFilter sends a 401 Unauthorized response to the client.

5. DispatcherServlet

Once the request successfully passes through the Spring Security Filter Chain, the DispatcherServlet takes over:

Handler Mapping:

It maps the incoming request to the appropriate controller method based on the URL and HTTP method.
Controller Invocation:

The mapped controller processes the request and returns the appropriate response, often with help from other Spring components like services and repositories.

How Spring Security Fits Into the Lifecycle

Spring Security integrates itself into this lifecycle through its filters, intercepting requests at the earliest stage. By the time a request reaches the application logic, it has already been authenticated and authorized, ensuring only legitimate traffic gets processed by the core application.

Spring Security’s design ensures that authentication, authorization, and other security measures are handled declaratively, giving developers the flexibility to customize or extend its behavior as needed. It not only enforces best practices but also simplifies the implementation of complex security requirements in modern applications.

Spring Security Components: Beyond the Filter Chain

Having explored the Filter Chain in Spring Security, let’s delve into some other key components that play a pivotal role in the authentication and authorization process.

AuthenticationManager

AuthenticationManager is an interface that defines a single method , authenticate(Authentication authentication) , which is used to verify the credentials of a user and determine if they are valid. You can think of AuthenticationManager as a coordinator where you can register multiple providers, and based on the request type, it will deliver an authentication request to the correct provider.

AuthenticationProvider

An AuthenticationProvider is an interface that defines a contract for authenticating users based on their credentials. It represents a specific authentication mechanism, such as username/password, OAuth, or LDAP. Multiple AuthenticationProvider implementations can coexist, allowing the application to support various authentication strategies.

Core Concepts:

Authentication Object:

The AuthenticationProvider processes an Authentication object, which encapsulates the user’s credentials (e.g., username and password).
authenticate Method:

Each AuthenticationProvider implements the authenticate(Authentication authentication) method, where the actual authentication logic resides. This method:

* Validates the user’s credentials.

* Returns an authenticated `Authentication` object upon success.

* Throws an `AuthenticationException` if authentication fails.

supports Method: The supports(Class<?> authentication) method indicates whether the AuthenticationProvider can handle the given type of Authentication. This allows Spring Security to determine the correct provider to handle specific authentication requests.

Example:

A database-backed AuthenticationProvider validates usernames and passwords.
An OAuth-based AuthenticationProvider validates tokens issued by an external identity provider.

UserDetailsService

UserDetailsService is described as a core interface that loads user-specific data in the Spring documentation It contains a single method loadUserByUsername which accepts username as parameter and returns the ==User== identity object . Basically we create and implementation class of UserDetailsService in which we override the loadUserByUsername method.

package com.oauth.backend.services;

import com.oauth.backend.entities.User;
import com.oauth.backend.repositories.UserRepository;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;


@Component
public class CustomUserDetailsService implements UserDetailsService {
    private final UserRepository userRepository;

    public CustomUserDetailsService(UserRepository userRepository) {
        this.userRepository = userRepository;
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        User user = userRepository.findByUsername(username);
        if(user==null){
            throw new UsernameNotFoundException(username);
        }
        return new UserDetailsImpl(user);
    }
    public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException {
        User user = userRepository.findByEmail(email);
        if(user==null){
            throw new UsernameNotFoundException(email);
        }
        return new UserDetailsImpl(user);
    }
}

Now how all these three works together is AuthenticationManager will ask AuthenticationProvider to carry on the authentication according to the type of Provider specified and the UserDetailsService implementation will help the AuthenticationProvider in proving the userdetails .

Now before moving to the configuration and all stuff here's a concise flow of Spring Security for JWT-based authentication:

1. User Request

The user sends a request to the authenticated endpoint with their credentials (username and password) or a JWT token (in the header) and the request is passed to the Authentication Filter
AuthenticationFilter (e.g., UsernamePasswordAuthenticationFilter):
- Handles user authentication based on credentials submitted (typically in the form of a username and password). This is where the UsernamePasswordAuthenticationFilter comes into play.
- It listens for the request , extracts the username and password, and passes them to the AuthenticationManager.
- But we are not passing the username and password , we are giving only the token hence there should be a filter before this AuthenticationFilter which will tell the Authentication Process that the user is authenticated and no need to check for Username and password and this is done by creating a JWTFilter

2. JWTFilter

This custom filter extends OncePerRequestFilter and is placed before the UsernamePasswordAuthenticationFilter , and what it do is it extracts the token from request and validates it.

If the token is valid it creates a UsernamePasswordAuthenticationToken and sets that token into the Security Context which tells the spring security that the request is authenticated and when this request passes to the UsernamePasswordAuthenticationFilter it just passes as it has the UsernamePasswordAuthenticationToken


@Component
public class JWTFilter extends OncePerRequestFilter {

    private final JWTService jwtService;
    private final UserDetailsService userDetailsService;
    public JWTFilter(JWTService jwtService,UserDetailsService userDetailsService) {
        this.jwtService = jwtService;
        this.userDetailsService = userDetailsService;
    }
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        final String authHeader = request.getHeader("Authorization");

        if(authHeader == null || !authHeader.startsWith("Bearer")) {
            filterChain.doFilter(request,response);
            return;
        }

        final String jwt = authHeader.substring(7);
        final String userName = jwtService.extractUserName(jwt);

        Authentication authentication
                = SecurityContextHolder.getContext().getAuthentication();

        if(userName !=null  && authentication == null) {
            //Authenticate
            UserDetails userDetails
                    = userDetailsService.loadUserByUsername(userName);

            if(jwtService.isTokenValid(jwt,userDetails)) {
                UsernamePasswordAuthenticationToken authenticationToken
                        = new UsernamePasswordAuthenticationToken(
                        userDetails,
                        null,
                        userDetails.getAuthorities()
                );

                SecurityContextHolder.getContext()
                        .setAuthentication(authenticationToken);
            }
        }

        filterChain.doFilter(request,response);
    }



}

this UsernamePasswordAuthenticationToken is generated with the help of the AuthenticationManager and AuthenticationProvider if we have passed username and password instead of the token after authenticating the username and password with the help of out UserDetails class.

3. AuthenticationManager

AuthenticationManager: This receives the authentication request and delegates it to the appropriate AuthenticationProvider which we configure.

@Bean  
public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception{  
return config.getAuthenticationManager();  
}

4. AuthenticationProvider

UserDetailsService: The AuthenticationProvider uses UserDetailsService to load user details based on the username. And we provide this with a implementation of UserDetailsService
Credential Validation: It compares the provided password with the one stored in the user details (typically using a PasswordEncoder).

@Bean  
public AuthenticationProvider authenticationProvider(){  
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();  
authenticationProvider.setUserDetailsService(userDetailsServiceImpl);  
authenticationProvider.setPasswordEncoder(passwordEncoder);  
return authenticationProvider;  
}

Now all these different filters and beans are needed to be configured so that Spring security knows what to do hence we create a configuration class where we specify all the configuration.

package com.oauth.backend.config;


import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableWebSecurity
@Configuration
public class SecurityConfig {
    private final UserDetailsService userDetailsService;
    private final JWTFilter jwtFilter;
    public SecurityConfig(UserDetailsService userDetailsService, JWTFilter jwtFilter) {
        this.userDetailsService = userDetailsService;
        this.jwtFilter = jwtFilter;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        http.cors(Customizer.withDefaults()).csrf(csrf->csrf.disable()).authorizeHttpRequests((authorize) -> authorize
                        .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                        .requestMatchers("/api/v1/auth/register","/api/v1/auth/login","/api/v1/oauth/google").permitAll()
                        .anyRequest().authenticated()
                ).sessionManagement(session -> session
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // Stateless sessions
                )
                .authenticationProvider(authenticationProvider())
                .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);

        return http.build();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
        return configuration.getAuthenticationManager();
    }
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(12);
    }

}

till now we have understand and configured our authentication with the help of spring security now it’s time to test it.

We will create a simple app with two controllers AuthController (handles login and register) and ProductController (dummy protected controller)

//AuthController.java
package com.oauth.backend.controller;

import com.oauth.backend.dto.LoginResponse;
import com.oauth.backend.dto.UserDTO;
import com.oauth.backend.entities.User;
import com.oauth.backend.services.AuthService;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;


@RestController
@CrossOrigin("*")
@RequestMapping("/api/v1/auth")
public class AuthController {
    private final AuthService authService;

    public AuthController(AuthService authService) {
        this.authService = authService;
    }

    @PostMapping("/login")
    public ResponseEntity<LoginResponse> login(@RequestBody UserDTO userDTO){
        return ResponseEntity.ok(new LoginResponse(authService.login(userDTO.username(), userDTO.password())));
    }
    @PostMapping("/register")
    public String register(@RequestBody UserDTO userDTO){
        return authService.register(userDTO);
    }
    @GetMapping("/me")
    public ResponseEntity<?> getCurrentUser(){
        return ResponseEntity.ok(authService.me());
    }
}

// AuthService.java
package com.oauth.backend.services;

import com.oauth.backend.dto.UserDTO;
import com.oauth.backend.entities.User;
import com.oauth.backend.repositories.UserRepository;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Service;

@Service

public class AuthService {
    private final UserRepository userRepository;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    private final JWTService jwtService;

    public AuthService(UserRepository userRepository, BCryptPasswordEncoder bCryptPasswordEncoder, JWTService jwtService) {
        this.userRepository = userRepository;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
        this.jwtService = jwtService;
    }

    public String register(UserDTO userDTO) {
        System.out.println(userDTO);
    User user = new User();
    user.setUsername(userDTO.username());
    user.setPassword(bCryptPasswordEncoder.encode(userDTO.password()));
    user.setEmail(userDTO.email());
    userRepository.save(user);
//        user.setPassword(bCryptPasswordEncoder.encode(user.getPassword()));
        return "User registered successfully";
    }
    public String login(String username, String password) {
        User user = userRepository.findByUsername(username);
        if (user == null) {
           throw new UsernameNotFoundException("User not found");
        }
        if (!bCryptPasswordEncoder.matches(password, user.getPassword())) {
            throw new BadCredentialsException("Bad credentials");
        }
        return jwtService.generateToken(username);
    }

    public UserDTO me(){
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();

        return new UserDTO(userDetails.getUsername(), "",userDetails.getEmail() );
    }
}

//User.java (Entity)

package com.oauth.backend.entities;

import jakarta.persistence.*;
import lombok.Data;

@Entity
@Table(name = "_user")

public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.UUID)
    private String id;
    private String username;
    private String password;
    private String email;

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }
}

//UserDetailsImpl.java

package com.oauth.backend.services;

import com.oauth.backend.entities.User;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;
import java.util.Collections;
import java.util.List;

public class UserDetailsImpl implements UserDetails {
    private User user;

    UserDetailsImpl(User user) {
        this.user = user;
    }
    @Override
    public boolean isEnabled() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public String getUsername() {
        return user.getUsername();
    }

    @Override
    public String getPassword() {
        return user.getPassword();
    }
    public String getEmail(){
        return user.getEmail();
    }
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return Collections.singleton(new SimpleGrantedAuthority("USER"));
    }
}

//JWTService

package com.oauth.backend.services;

import com.oauth.backend.entities.User;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.security.Keys;
import lombok.RequiredArgsConstructor;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

import javax.crypto.SecretKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

@Service

public class JWTService {
    private String secretKey = null;

    public String generateToken(String username) {
        Map<String, Object> claims
                = new HashMap<>();
        return Jwts
                .builder()
                .claims()
                .add(claims)
                .subject(username)
                .issuer("DCB")
                .issuedAt(new Date(System.currentTimeMillis()))
                .expiration(new Date(System.currentTimeMillis()+ 60*10*1000))
                .and()
                .signWith(generateKey())
                .compact();
    }

    private SecretKey generateKey() {
        byte[] decode
                = Decoders.BASE64.decode(getSecretKey());

        return Keys.hmacShaKeyFor(decode);
    }


    public String getSecretKey() {
        return secretKey = "RqxPOuVfHoBA8Uq40MhJvfY6qEHOOWWvg6N9W9vt23s=";
    }

    public String extractUserName(String token) {
        return extractClaims(token, Claims::getSubject);
    }

    private <T> T extractClaims(String token, Function<Claims,T> claimResolver) {
        Claims claims = extractClaims(token);
        return claimResolver.apply(claims);
    }

    private Claims extractClaims(String token) {
        return Jwts
                .parser()
                .verifyWith(generateKey())
                .build()
                .parseSignedClaims(token)
                .getPayload();
    }

    public boolean isTokenValid(String token, UserDetails userDetails) {
        final String userName = extractUserName(token);
        return (userName.equals(userDetails.getUsername()) && !isTokenExpired(token));
    }

    private boolean isTokenExpired(String token) {
        return extractExpiration(token).before(new Date());
    }

    private Date extractExpiration(String token) {
        return extractClaims(token, Claims::getExpiration);
    }
}

//Product Controller.java
package com.oauth.backend.controller;

import lombok.RequiredArgsConstructor;
import org.springframework.web.bind.annotation.*;

import java.util.ArrayList;
import java.util.List;


@RestController
@CrossOrigin("*")
@RequestMapping("/api/v1/product")
public class ProductController {
    private List<Product> products;
    ProductController(){
        products = new ArrayList<>();
    }
    private record Product(Integer productId,
                           String productName,
                           double price) {}

    @GetMapping("/view")
    public List<Product> getProducts() {
        return products;
    }
    @PostMapping("/add")
    public String addProduct(@RequestBody Product product) {
        products.add(product);
        return "Product added";
    }
}

till now we have implemented a registration , login and verification but what if i also want to add Login With Google/Github fuctionality then we can do it with the help of OAuth2.0

OAuth 2.0

OAuth 2.0 is a protocol made for authorization through which enables users to grant third party applications access to resources stored on other platforms (e.g Google Drive , Github) without sharing the credentials of those platforms.

It is mostly used in enabling social logins like “Login with google” , “Login with github ” .

Platforms like Google , Facebook , Github provides Authorization server which implements OAuth 2.0 protocol for this social sign in or authorizing access .

Key Concepts of OAuth 2.0

Resource Owner
Client
Authorization Server
Resource Server
Access Token
Scopes
Grants

Now we will look into each concept one by one

Resource Owner

Resource owner is the user who wants to authorize the third party application (Your Application).

Client

It is your (third party) application which wants to access the data or resource from the resource server.

Resource Server

It is the server where the user’s data is stored and is to be accessed by the third party application.

Authorization Server

The server that authenticates the resource owner and issues access tokens to the client (e.g., Google Accounts).

Access Token

A credential issued by the authorization server to the client, allowing it to access the resource server on behalf of the user. It is generally short lived that is expires very soon so a refresh token is also provided in order to refresh this access token so that user doesn’t need to authorize again.

Scopes

Specific permissions granted by the user, defining what the client can and cannot do with the user's data. For example for authorization we only need user info like profile , name etc. but for file access different scope is required.

Grants

It refers to the methods by which Client application can obtain the access token from the Authorization Server. A grant defines the process and conditions under which the client application is authorized to access a resource owner's protected data.

It is secure as we do not need to expose our client secret and other credentials to the browser

There are two mostly used Grant types provided by OAuth 2.0

Authorization Code Grant

It is the most used type of grant/method , most secure and is for server-side applications

In this a authorization code is given by the client to the backend and the backend gives the access token to the client.

Process:
1. The client redirects the user to the authorization server.
2. The user logs in and consents.
3. The authorization server issues an authorization code.
4. The client exchanges the authorization code with the backend for an access token.
Implicit Grant

Used by single-page apps (SPAs) or applications without a backend. In this the access token is directly generated and issued in the browser itself.

Process:
1. The client redirects the user to the authorization server.
2. The user logs in and consents.
3. The authorization server directly issues an access token.

We will implement both separately for complete understanding , but first we will implement the Authorization Code Grant for that we will need

Authorization Server

It can be either of a platform (like google , github) or you can create your own also using KeyCloak or can also build your own adhering to OAuth 2.0 standards ( we may do this in next blog 😌)
Spring Boot Application

This will be our main backend application/service which will handle all the operations like code exchange, verification , saving user details and assigning JWT tokens
React Application (Frontend)

This will be our client which will redirect the user to Authorization Server for authorization.

So in our implementation what we will be doing is the frontend(web/app) will redirect our user to google login with redirect uri to our backend endpoint which will take control further we will talki about it later and along with the redirect_url we also be passing the client id of our app all these will be sent in the query parameters.

No when the user will successfully login in the google the authrization server(google’s) will redirect our request to the backend enpoint and there what we will be doing is exchanging Authorization code with authorization server to get access token and refresh token and then we can handle the auth as we want and finally we will send a response back to our frontend which will have a cookie and redirect to our dashboard or may be a protected page.

Now we will look into the code , but make sure that you add the url of your backend endpoint in authorized redirect urls in Google console dashboard for OAuth client.

package com.oauth.backend.controller;

import com.oauth.backend.entities.User;
import com.oauth.backend.repositories.UserRepository;
import com.oauth.backend.services.CustomUserDetailsService;
import com.oauth.backend.services.JWTService;
import com.oauth.backend.services.UserDetailsImpl;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletResponse;
import org.antlr.v4.runtime.misc.MultiMap;
import org.springframework.http.*;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.view.RedirectView;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

@RestController
@CrossOrigin("*")
@RequestMapping("/api/v1/oauth")
public class OAuthController {
    private final CustomUserDetailsService customUserDetailsService;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;
    private final UserRepository userRepository;
    private final JWTService jWTService;

    public OAuthController(CustomUserDetailsService customUserDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder, UserRepository userRepository, JWTService jWTService) {
        this.customUserDetailsService = customUserDetailsService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
        this.userRepository = userRepository;
        this.jWTService = jWTService;
    }

    @GetMapping("/google")
    public void google(@RequestParam String code, HttpServletResponse response2) {
        RestTemplate restTemplate = new RestTemplate();
//        restTemplate
        try{
            String tokenEndpoint = "https://oauth2.googleapis.com/token";
            String clientId = "ANJALI_HI_SHEETAL_HAI";
            String clienSecret = "SHEETAL_HI_MUNNI_HAI";
            MultiValueMap<String,String> map = new LinkedMultiValueMap<>();
            map.add("client_id", clientId);
            map.add("client_secret", clienSecret);
            map.add("code", code);
            map.add("grant_type", "authorization_code");
            map.add("redirect_uri", "http://localhost:8080/api/v1/oauth/google");
            HttpHeaders headers = new HttpHeaders();
            headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
            HttpEntity<MultiValueMap<String,String>> request = new HttpEntity<>(map,headers);
            ResponseEntity<Map> tokenResponse = restTemplate.postForEntity(tokenEndpoint, request, Map.class);
            String token = tokenResponse.getBody().get("id_token").toString();
            String url = "https://oauth2.googleapis.com/tokeninfo?id_token=" + token;
            ResponseEntity<Map> response = restTemplate.getForEntity(url,Map.class);
            User user = null;
        if(response.getStatusCode()== HttpStatus.OK){
            UserDetails userDetails =null;
            String email = response.getBody().get("email").toString();;
            try {
                userDetails = customUserDetailsService.loadUserByEmail(email);
            }
            catch(Exception e){
                user=new User();
                user.setEmail(email);
                user.setPassword(bCryptPasswordEncoder.encode(UUID.randomUUID().toString()));
                user.setUsername(email.split("@")[0]);
                userRepository.save(user);
                userDetails=customUserDetailsService.loadUserByUsername(user.getUsername());
            }



           String jwt_token = jWTService.generateToken(userDetails.getUsername());
            Cookie cookie = new Cookie("accessToken",jwt_token);
            cookie.setPath("/");
            cookie.setMaxAge(3600);
            cookie.setSecure(true);
            response2.addCookie(cookie);
            response2.sendRedirect("http://localhost:5172/products");
        }
        }
        catch (Exception e){
            e.printStackTrace();
    throw new RuntimeException(e.getMessage());
        }

    }
}

and that’s it this will work fine and for testing you can made a simple frontend application which will nothing but having a context and yout know login and registration functions.

Thanks for reading till this long , and if you have any suggestion , please drop it in the comments

DEV Community: Mayank Gupta

Implementing Multipart Upload in AWS S3 with Spring Boot

Workflow

Initiating upload

Uploading Chunks

Finalizing Upload

Creating Bucket in AWS S3

Dependencies

Configuring the S3 client

S3Service

Initiating the upload

Getting PreSignedUrl for each chunk

Finalizing upload

Building a Seamless File Upload System: Handling Chunked Uploads And Large File Uploads

But before starting , why chunked uploads , why not simple file upload using ?

Key Concepts to Understand Before We Begin

1 . HTTP Streaming

2 . Streams in NodeJS

Types of Streams in Node.js

3 . Chunk Uploads

4 . HTTP Headers for Metadata

So now we will be discussing the flow of our application

DEMO

Understanding Spring Security and OAuth 2.0

How Spring Security Works

Request-Handling Lifecycle with Spring Security

1. Client Request

2. Servlet Container

3. Spring Security Filter Chain

Key Filters in the Chain:

4. Security Context

The Authentication Object:

Example Flow in the Filter Chain:

5. DispatcherServlet

How Spring Security Fits Into the Lifecycle

Spring Security Components: Beyond the Filter Chain

AuthenticationManager

AuthenticationProvider

Core Concepts:

Example:

UserDetailsService

Now before moving to the configuration and all stuff here's a concise flow of Spring Security for JWT-based authentication:

1. User Request

2. JWTFilter

3. AuthenticationManager

4. AuthenticationProvider

OAuth 2.0

Key Concepts of OAuth 2.0

Resource Owner

Client

Authorization Server

Resource Server

Access Token

Scopes

Grants

Resource Owner

Client

Resource Server

Authorization Server

Access Token

Scopes

Grants

Authorization Code Grant

Implicit Grant