DEV Community: MINDLUNNY The latest articles on DEV Community by MINDLUNNY (@mindlunny). https://dev.to/mindlunny https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1153751%2Fe543ee5c-2761-40cf-af5f-671a8bffcfe1.png DEV Community: MINDLUNNY https://dev.to/mindlunny en Implementing authorization and authentication no @RestController. MINDLUNNY Mon, 09 Oct 2023 23:30:52 +0000 https://dev.to/mindlunny/implementing-authorization-and-authentication-no-restcontroller-1a77 https://dev.to/mindlunny/implementing-authorization-and-authentication-no-restcontroller-1a77 <p>A reference below all this.</p> <p><u>STEPS</u></p> <p><strong>1.</strong> Add dependencies to your pom.xml:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-web<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-webmvc<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>6.0.12<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.projectlombok<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>lombok<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;optional&gt;</span>true<span class="nt">&lt;/optional&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!--Template--&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-mustache<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!--********--&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-data-jpa<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>3.1.2<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.postgresql<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>postgresql<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>42.6.0<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-starter-security<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>3.1.2<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="c">&lt;!--Devtools automatically reload the server when saving a change or press 'Ctrl+s'--&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>org.springframework.boot<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>spring-boot-devtools<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>3.1.2<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.jsonwebtoken<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>jjwt-jackson<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>0.11.5<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;scope&gt;</span>runtime<span class="nt">&lt;/scope&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.jsonwebtoken<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>jjwt-impl<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>0.11.5<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;scope&gt;</span>runtime<span class="nt">&lt;/scope&gt;</span> <span class="nt">&lt;/dependency&gt;</span> <span class="nt">&lt;dependency&gt;</span> <span class="nt">&lt;groupId&gt;</span>io.jsonwebtoken<span class="nt">&lt;/groupId&gt;</span> <span class="nt">&lt;artifactId&gt;</span>jjwt-api<span class="nt">&lt;/artifactId&gt;</span> <span class="nt">&lt;version&gt;</span>0.11.5<span class="nt">&lt;/version&gt;</span> <span class="nt">&lt;/dependency&gt;</span> </code></pre> </div> <p><strong>2.</strong> Create the User model:<br><br> Note: 'USER_TABLE' is just an example, you can rename it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Entity</span> <span class="nd">@ToString</span> <span class="nd">@Table</span><span class="o">(</span><span class="n">name</span><span class="o">=</span><span class="s">"USER_TABLE"</span><span class="o">,</span> <span class="n">schema</span> <span class="o">=</span> <span class="s">"public"</span><span class="o">)</span> <span class="nd">@Getter</span> <span class="nd">@Setter</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">implements</span> <span class="nc">UserDetails</span> <span class="o">{</span> <span class="nd">@Id</span> <span class="nd">@GeneratedValue</span><span class="o">(</span><span class="n">strategy</span> <span class="o">=</span> <span class="nc">GenerationType</span><span class="o">.</span><span class="na">IDENTITY</span><span class="o">)</span> <span class="nc">Long</span> <span class="n">user_id</span><span class="o">;</span> <span class="nc">String</span> <span class="n">email</span><span class="o">;</span> <span class="nc">String</span> <span class="n">username</span><span class="o">;</span> <span class="nc">String</span> <span class="n">password</span><span class="o">;</span> <span class="nc">LocalDateTime</span> <span class="n">createdAt</span><span class="o">;</span> <span class="nc">LocalDateTime</span> <span class="n">updatedAt</span><span class="o">;</span> <span class="nd">@Enumerated</span><span class="o">(</span><span class="nc">EnumType</span><span class="o">.</span><span class="na">STRING</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">Role</span> <span class="n">user_role</span><span class="o">;</span> <span class="kd">public</span> <span class="nf">User</span><span class="o">(){}</span> <span class="kd">public</span> <span class="nf">User</span> <span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nc">String</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span> <span class="k">this</span><span class="o">.</span><span class="na">username</span> <span class="o">=</span> <span class="n">username</span><span class="o">;</span> <span class="k">this</span><span class="o">.</span><span class="na">password</span> <span class="o">=</span> <span class="n">password</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Override</span> <span class="kd">public</span> <span class="nc">Collection</span><span class="o">&lt;?</span> <span class="kd">extends</span> <span class="nc">GrantedAuthority</span><span class="o">&gt;</span> <span class="nf">getAuthorities</span><span class="o">()</span> <span class="o">{</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">GrantedAuthority</span><span class="o">&gt;</span> <span class="n">authorities</span> <span class="o">=</span> <span class="n">user_role</span><span class="o">.</span><span class="na">getPermissions</span><span class="o">().</span><span class="na">stream</span><span class="o">()</span> <span class="o">.</span><span class="na">map</span><span class="o">(</span><span class="n">permissionEnum</span> <span class="o">-&gt;</span> <span class="k">new</span> <span class="nc">SimpleGrantedAuthority</span><span class="o">(</span><span class="n">permissionEnum</span><span class="o">.</span><span class="na">name</span><span class="o">()))</span> <span class="o">.</span><span class="na">collect</span><span class="o">(</span><span class="nc">Collectors</span><span class="o">.</span><span class="na">toList</span><span class="o">());</span> <span class="k">return</span> <span class="n">authorities</span><span class="o">;</span> <span class="cm">/* Down, others methods implemented of UserDetails */</span> <span class="o">}</span> </code></pre> </div> <p><strong>3.</strong> Create the UserRepository for sourcing the User by username:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">interface</span> <span class="nc">UserRepository</span> <span class="kd">extends</span> <span class="nc">JpaRepository</span><span class="o">&lt;</span><span class="nc">User</span><span class="o">,</span> <span class="nc">Long</span><span class="o">&gt;{</span> <span class="c1">//User, Password</span> <span class="nc">Optional</span><span class="o">&lt;</span><span class="nc">User</span><span class="o">&gt;</span> <span class="nf">findByUsername</span><span class="o">(</span><span class="nc">String</span> <span class="n">username</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p><strong>4.</strong> Create two 'Enum': Permission and Role.</p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">enum</span> <span class="nc">Permission</span> <span class="o">{</span><span class="no">READ_OVERVIEW</span><span class="o">;}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@AllArgsConstructor</span> <span class="kd">public</span> <span class="kd">enum</span> <span class="nc">Role</span> <span class="o">{</span> <span class="no">ADMIN</span><span class="o">(</span><span class="nc">Arrays</span><span class="o">.</span><span class="na">asList</span><span class="o">(</span><span class="nc">Permission</span><span class="o">.</span><span class="na">READ_OVERVIEW</span><span class="o">));</span> <span class="nd">@Getter</span> <span class="nd">@Setter</span> <span class="kd">private</span> <span class="nc">List</span><span class="o">&lt;</span><span class="nc">Permission</span><span class="o">&gt;</span> <span class="n">permissions</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <p><strong>5.</strong> Before We generate the JWT We have to create an <strong>AuthenticationResponse</strong> class to store the token.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@AllArgsConstructor</span> <span class="nd">@Getter</span> <span class="nd">@Setter</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthenticationResponse</span> <span class="o">{</span><span class="kd">private</span> <span class="nc">String</span> <span class="no">JWT</span><span class="o">;}</span> </code></pre> </div> <p><strong>6.</strong> At this point, We define the <strong>JWTService</strong> class, which is responsible for generating JSON Web Token (JWT). It are essential for the authentication and authorization process in our application. The class encapsulates the logic to create a JWT model, including the construction of the token's header, payload, and signature.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">JWTService</span> <span class="o">{</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${security.jwt.expiration-minutes}"</span><span class="o">)</span> <span class="kd">private</span> <span class="kt">long</span> <span class="no">EXPIRATION_MINUTES</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${security.jwt.secret-key}"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="no">SECRET_KEY</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">generateToken</span> <span class="o">(</span><span class="nc">User</span> <span class="n">user</span><span class="o">,</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">Object</span><span class="o">&gt;</span> <span class="n">extraClaims</span><span class="o">)</span> <span class="o">{</span> <span class="nc">LocalDateTime</span> <span class="n">emitedTime</span> <span class="o">=</span> <span class="nc">LocalDateTime</span><span class="o">.</span><span class="na">now</span><span class="o">();</span> <span class="nc">LocalDateTime</span> <span class="n">expirationTime</span> <span class="o">=</span> <span class="n">emitedTime</span><span class="o">.</span><span class="na">plusMinutes</span><span class="o">(</span><span class="no">EXPIRATION_MINUTES</span><span class="o">);</span> <span class="nc">Date</span> <span class="n">issuedAt</span> <span class="o">=</span> <span class="nc">Date</span><span class="o">.</span><span class="na">from</span><span class="o">(</span><span class="n">emitedTime</span><span class="o">.</span><span class="na">atZone</span><span class="o">(</span><span class="nc">ZoneId</span><span class="o">.</span><span class="na">systemDefault</span><span class="o">()).</span><span class="na">toInstant</span><span class="o">());</span> <span class="nc">Date</span> <span class="n">expiration</span> <span class="o">=</span> <span class="nc">Date</span><span class="o">.</span><span class="na">from</span><span class="o">(</span><span class="n">expirationTime</span><span class="o">.</span><span class="na">atZone</span><span class="o">(</span><span class="nc">ZoneId</span><span class="o">.</span><span class="na">systemDefault</span><span class="o">()).</span><span class="na">toInstant</span><span class="o">());</span> <span class="k">return</span> <span class="nc">Jwts</span><span class="o">.</span><span class="na">builder</span><span class="o">()</span> <span class="o">.</span><span class="na">setClaims</span><span class="o">(</span><span class="n">extraClaims</span><span class="o">)</span> <span class="o">.</span><span class="na">setSubject</span><span class="o">(</span><span class="n">user</span><span class="o">.</span><span class="na">getUsername</span><span class="o">())</span> <span class="o">.</span><span class="na">setIssuedAt</span><span class="o">(</span><span class="n">issuedAt</span><span class="o">)</span> <span class="o">.</span><span class="na">setExpiration</span><span class="o">(</span><span class="n">expiration</span><span class="o">)</span> <span class="o">.</span><span class="na">setHeaderParam</span><span class="o">(</span><span class="nc">Header</span><span class="o">.</span><span class="na">TYPE</span><span class="o">,</span> <span class="nc">Header</span><span class="o">.</span><span class="na">JWT_TYPE</span><span class="o">)</span> <span class="c1">//Building the JWT's header.</span> <span class="o">.</span><span class="na">signWith</span><span class="o">(</span><span class="n">generateKey</span><span class="o">(),</span> <span class="nc">SignatureAlgorithm</span><span class="o">.</span><span class="na">HS256</span><span class="o">)</span> <span class="c1">//Building the JWT's signature.</span> <span class="o">.</span><span class="na">compact</span><span class="o">();</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">Key</span> <span class="nf">generateKey</span> <span class="o">()</span> <span class="o">{</span> <span class="kt">byte</span><span class="o">[]</span> <span class="n">secretAsBytes</span> <span class="o">=</span> <span class="nc">Decoders</span><span class="o">.</span><span class="na">BASE64</span><span class="o">.</span><span class="na">decode</span><span class="o">(</span><span class="no">SECRET_KEY</span><span class="o">);</span> <span class="k">return</span> <span class="nc">Keys</span><span class="o">.</span><span class="na">hmacShaKeyFor</span><span class="o">(</span><span class="n">secretAsBytes</span><span class="o">);</span> <span class="o">}</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">extractUsername</span> <span class="o">(</span><span class="nc">String</span> <span class="n">jwt</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nf">extractAllClaims</span><span class="o">(</span><span class="n">jwt</span><span class="o">).</span><span class="na">getSubject</span><span class="o">();</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">Claims</span> <span class="nf">extractAllClaims</span><span class="o">(</span><span class="nc">String</span> <span class="n">jwt</span><span class="o">)</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">Jwts</span><span class="o">.</span><span class="na">parserBuilder</span><span class="o">().</span><span class="na">setSigningKey</span><span class="o">(</span><span class="n">generateKey</span><span class="o">()).</span><span class="na">build</span><span class="o">()</span> <span class="o">.</span><span class="na">parseClaimsJws</span><span class="o">(</span><span class="n">jwt</span><span class="o">).</span><span class="na">getBody</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Note: To customize the expiration time and secret key you can modify the 'application.properties' file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>//Add these lines into the 'application.properties' file security.jwt.expiration-minutes=30 security.jwt.secret-key=bWluaW5ldC1zZXJ2aWNlX21pbmRsdW5ueV9waW5lYmVycnljb2Rl </code></pre> </div> <p>The <strong>security.jwt.expiration-minutes</strong> property sets the token expiration time in minutes, while <strong>security.jwt.secret-key</strong> holds the encrypted secret key. You can use this <a href="https://www.base64decode.org/es/">link</a> to encrypt your secret key remember make it before setting it in the configuration file.</p> <p><strong>7.</strong> We introduce the <strong>AuthenticationService</strong> class, responsible for authenticating user credentials and enhancing the JWT payload with specific attributes. The <em>login</em> method verifies the provided username and password, authenticates the user, and generates a JWT token. Moreover, it includes custom claims such as the user's role and permissions in the JWT payload.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Service</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthenticationService</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">AuthenticationManager</span> <span class="n">authenticationManager</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">UserRepository</span> <span class="n">userRepository</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">JWTService</span> <span class="n">jwtService</span><span class="o">;</span> <span class="kd">public</span> <span class="nc">AuthenticationResponse</span> <span class="nf">login</span> <span class="o">(</span><span class="nc">User</span> <span class="n">user</span><span class="o">)</span> <span class="o">{</span> <span class="nc">User</span> <span class="n">sourceUser</span> <span class="o">=</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findByUsername</span><span class="o">(</span><span class="n">user</span><span class="o">.</span><span class="na">getUsername</span><span class="o">()).</span><span class="na">get</span><span class="o">();</span> <span class="nc">UsernamePasswordAuthenticationToken</span> <span class="n">authToken</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UsernamePasswordAuthenticationToken</span><span class="o">(</span> <span class="n">user</span><span class="o">.</span><span class="na">getUsername</span><span class="o">(),</span> <span class="n">user</span><span class="o">.</span><span class="na">getPassword</span><span class="o">()</span> <span class="o">);</span> <span class="c1">//Authenticate just username and password.</span> <span class="n">authenticationManager</span><span class="o">.</span><span class="na">authenticate</span><span class="o">(</span><span class="n">authToken</span><span class="o">);</span> <span class="nc">SecurityContextHolder</span><span class="o">.</span><span class="na">getContext</span><span class="o">().</span><span class="na">setAuthentication</span><span class="o">(</span><span class="n">authToken</span><span class="o">);</span> <span class="nc">String</span> <span class="n">jwt</span> <span class="o">=</span> <span class="n">jwtService</span><span class="o">.</span><span class="na">generateToken</span><span class="o">(</span><span class="n">sourceUser</span><span class="o">,</span> <span class="n">generateExtraClaims</span><span class="o">(</span><span class="n">sourceUser</span><span class="o">));</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">AuthenticationResponse</span><span class="o">(</span><span class="n">jwt</span><span class="o">);</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">Object</span><span class="o">&gt;</span> <span class="nf">generateExtraClaims</span> <span class="o">(</span><span class="nc">User</span> <span class="n">user</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Map</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">Object</span><span class="o">&gt;</span> <span class="n">extraClaims</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HashMap</span><span class="o">&lt;&gt;();</span> <span class="n">extraClaims</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="s">"user_role"</span><span class="o">,</span> <span class="n">user</span><span class="o">.</span><span class="na">getUser_role</span><span class="o">().</span><span class="na">name</span><span class="o">());</span> <span class="n">extraClaims</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="s">"permissions"</span><span class="o">,</span> <span class="n">user</span><span class="o">.</span><span class="na">getAuthorities</span><span class="o">());</span> <span class="k">return</span> <span class="n">extraClaims</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p><strong>8.</strong> Create two controllers for the "testing". Each of the <strong>'returns'</strong> to the endpoint is just an example.</p> <p>The purpose of this file is to authenticate the User. Additionally, If you can appreciate the <strong>login</strong> method there is a cookie named <em>token</em>. This cookie is used to store the JWT on the client side, allowing communication between the client and server. So How can we send the token to the client's storage? For that, We support ourselves with <strong>HttpServletResponse</strong>. Once the JWT is generated through the <strong>AuthenticationService</strong> class, the token is stored in a cookie and sent to the client. Subsequently, redirects the <strong>'overview'</strong> template.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Controller</span> <span class="nd">@RequestMapping</span><span class="o">(</span><span class="s">"/restricted"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">LoginController</span> <span class="o">{</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"${security.jwt.expiration-minutes}"</span><span class="o">)</span> <span class="kd">private</span> <span class="kt">int</span> <span class="no">EXPIRATION_MINUTES</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">AuthenticationService</span> <span class="n">authenticationService</span><span class="o">;</span> <span class="kd">private</span> <span class="nc">AuthenticationResponse</span> <span class="n">jwt</span><span class="o">;</span> <span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/admin"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">login</span> <span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="s">"login"</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="s">"/admin/login"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">login</span> <span class="o">(</span> <span class="nd">@RequestParam</span><span class="o">(</span><span class="s">"username"</span><span class="o">)</span> <span class="nc">String</span> <span class="n">username</span><span class="o">,</span> <span class="nd">@RequestParam</span><span class="o">(</span><span class="s">"password"</span><span class="o">)</span> <span class="nc">String</span> <span class="n">password</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">response</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">IOException</span><span class="o">,</span> <span class="nc">InterruptedException</span> <span class="o">{</span> <span class="n">jwt</span> <span class="o">=</span> <span class="n">authenticationService</span><span class="o">.</span><span class="na">login</span><span class="o">(</span><span class="k">new</span> <span class="nc">AuthenticationRequest</span><span class="o">(</span><span class="n">username</span><span class="o">,</span> <span class="n">password</span><span class="o">));</span> <span class="nc">Cookie</span> <span class="n">jwtCookie</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Cookie</span><span class="o">(</span><span class="s">"token"</span><span class="o">,</span> <span class="n">jwt</span><span class="o">.</span><span class="na">getJWT</span><span class="o">());</span> <span class="n">jwtCookie</span><span class="o">.</span><span class="na">setMaxAge</span><span class="o">(</span><span class="no">EXPIRATION_MINUTES</span><span class="o">*</span><span class="mi">60</span><span class="o">);</span> <span class="n">response</span><span class="o">.</span><span class="na">addCookie</span><span class="o">(</span><span class="n">jwtCookie</span><span class="o">);</span> <span class="k">return</span> <span class="s">"redirect:/restricted/admin/overview"</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>For adding, the value of the variable <em>EXPIRATION_MINUTES</em> is estimated in seconds you can remove and add it directly in the <strong>setMaxAge</strong> function.</p> <p>Reference about the <strong>storage</strong> section.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ws6lrLpM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gl0qeprhxtec63x3hb9v.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ws6lrLpM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/gl0qeprhxtec63x3hb9v.jpg" alt="Image Storage-Inspect" width="800" height="276"></a></p> <p>The <strong>OverviewController</strong> contains a crucial method called <em>logout</em>. Its finality is to capture the token for then remove it. Setting the <strong>setMaxAge</strong> to 0, the cookie is effectively deleted. Within this method, the server identifies the cookie's name, resets its age to 0, and specifies the path. This ensures the removal of the token once the user prefers to log out.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Controller</span> <span class="nd">@RequestMapping</span><span class="o">(</span><span class="s">"/restricted/admin"</span><span class="o">)</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">OverviewController</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="nc">HttpServletRequest</span> <span class="n">request</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="nc">HttpServletResponse</span> <span class="n">response</span><span class="o">;</span> <span class="nd">@GetMapping</span><span class="o">(</span><span class="s">"/overview"</span><span class="o">)</span> <span class="nd">@PreAuthorize</span><span class="o">(</span><span class="s">"hasAuthority('READ_OVERVIEW')"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">overview</span> <span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="nc">Render</span><span class="o">.</span><span class="na">OVERVIEW</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@PostMapping</span><span class="o">(</span><span class="s">"/overview/logout"</span><span class="o">)</span> <span class="kd">public</span> <span class="nc">String</span> <span class="nf">logout</span> <span class="o">()</span> <span class="o">{</span> <span class="nc">Cookie</span><span class="o">[]</span> <span class="n">cookies</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="na">getCookies</span><span class="o">();</span> <span class="k">if</span> <span class="o">(</span><span class="n">cookies</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Cookie</span> <span class="n">cookie</span> <span class="o">:</span> <span class="n">cookies</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="s">"token"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">cookie</span><span class="o">.</span><span class="na">getName</span><span class="o">()))</span> <span class="o">{</span> <span class="n">cookie</span><span class="o">.</span><span class="na">setMaxAge</span><span class="o">(</span><span class="mi">0</span><span class="o">);</span> <span class="n">cookie</span><span class="o">.</span><span class="na">setPath</span><span class="o">(</span><span class="s">"/restricted/admin"</span><span class="o">);</span> <span class="n">response</span><span class="o">.</span><span class="na">addCookie</span><span class="o">(</span><span class="n">cookie</span><span class="o">);</span> <span class="k">break</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="k">return</span> <span class="s">"redirect:/restricted/admin"</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p><strong>9. **We have three classes called **HttpSecurityConfig</strong>, <strong>SecurityBeansInjector</strong>, and <strong>JWTAuthenticationFilter</strong>.</p> <p>The class mentioned is responsible for verifying authorization after receiving the token sent by the client. It checks the received token from the client's cookie and authenticates the user based on the extracted username. If the token is valid and contains a username, the user is authenticated and allowed to proceed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">JWTAuthenticationFilter</span> <span class="kd">extends</span> <span class="nc">OncePerRequestFilter</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">JWTService</span> <span class="n">jwtService</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">UserRepository</span> <span class="n">userRepository</span><span class="o">;</span> <span class="nd">@Override</span> <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">doFilterInternal</span><span class="o">(</span><span class="nc">HttpServletRequest</span> <span class="n">request</span><span class="o">,</span> <span class="nc">HttpServletResponse</span> <span class="n">response</span><span class="o">,</span> <span class="nc">FilterChain</span> <span class="n">filterChain</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">ServletException</span><span class="o">,</span> <span class="nc">IOException</span> <span class="o">{</span> <span class="c1">//Save me</span> <span class="nc">Cookie</span><span class="o">[]</span> <span class="n">cookies</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="na">getCookies</span><span class="o">();</span> <span class="nc">String</span> <span class="n">token</span> <span class="o">=</span> <span class="kc">null</span><span class="o">;</span> <span class="k">if</span> <span class="o">(</span><span class="n">cookies</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">)</span> <span class="o">{</span> <span class="k">for</span> <span class="o">(</span><span class="nc">Cookie</span> <span class="n">cookie</span> <span class="o">:</span> <span class="n">cookies</span><span class="o">)</span> <span class="o">{</span> <span class="k">if</span> <span class="o">(</span><span class="s">"token"</span><span class="o">.</span><span class="na">equals</span><span class="o">(</span><span class="n">cookie</span><span class="o">.</span><span class="na">getName</span><span class="o">()))</span> <span class="o">{</span> <span class="n">token</span> <span class="o">=</span> <span class="n">cookie</span><span class="o">.</span><span class="na">getValue</span><span class="o">();</span> <span class="nc">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="s">"Cookie: "</span><span class="o">+</span><span class="n">token</span><span class="o">.</span><span class="na">toString</span><span class="o">());</span> <span class="k">break</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="k">if</span> <span class="o">(</span><span class="n">token</span> <span class="o">==</span> <span class="kc">null</span> <span class="o">||</span> <span class="n">token</span><span class="o">.</span><span class="na">isEmpty</span><span class="o">())</span> <span class="o">{</span> <span class="n">filterChain</span><span class="o">.</span><span class="na">doFilter</span><span class="o">(</span><span class="n">request</span><span class="o">,</span> <span class="n">response</span><span class="o">);</span> <span class="k">return</span><span class="o">;</span> <span class="o">}</span> <span class="nc">String</span> <span class="n">username</span> <span class="o">=</span> <span class="n">jwtService</span><span class="o">.</span><span class="na">extractUsername</span><span class="o">(</span><span class="n">token</span><span class="o">);</span> <span class="nc">User</span> <span class="n">user</span> <span class="o">=</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findByUsername</span><span class="o">(</span><span class="n">username</span><span class="o">).</span><span class="na">get</span><span class="o">();</span> <span class="nc">UsernamePasswordAuthenticationToken</span> <span class="n">authToken</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UsernamePasswordAuthenticationToken</span><span class="o">(</span> <span class="n">username</span><span class="o">,</span> <span class="kc">null</span><span class="o">,</span> <span class="n">user</span><span class="o">.</span><span class="na">getAuthorities</span><span class="o">()</span> <span class="o">);</span> <span class="nc">SecurityContextHolder</span><span class="o">.</span><span class="na">getContext</span><span class="o">().</span><span class="na">setAuthentication</span><span class="o">(</span><span class="n">authToken</span><span class="o">);</span> <span class="n">filterChain</span><span class="o">.</span><span class="na">doFilter</span><span class="o">(</span><span class="n">request</span><span class="o">,</span> <span class="n">response</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p><strong>SecurityBeansInjector</strong> checks whether a user exists or not. then It is utilized by the AuthenticationManager component, which, in turn, leverages the "authenticate" function in the AuthenticationService class. This class is responsible for configuring crucial security components, namely <strong>AuthenticationProvider</strong> and <strong>AuthenticationManager</strong>. Besides, it interacts with the <strong>UserRepository</strong> to access the database and retrieve user information.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecurityBeansInjector</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">UserRepository</span> <span class="n">userRepository</span><span class="o">;</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">AuthenticationManager</span> <span class="nf">authenticationManager</span> <span class="o">(</span><span class="nc">AuthenticationConfiguration</span> <span class="n">authenticationConfiguration</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="k">return</span> <span class="n">authenticationConfiguration</span><span class="o">.</span><span class="na">getAuthenticationManager</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">AuthenticationProvider</span> <span class="nf">authenticationProvider</span> <span class="o">()</span> <span class="o">{</span> <span class="nc">DaoAuthenticationProvider</span> <span class="n">provider</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">DaoAuthenticationProvider</span><span class="o">();</span> <span class="n">provider</span><span class="o">.</span><span class="na">setUserDetailsService</span><span class="o">(</span><span class="n">userDetailsService</span><span class="o">());</span> <span class="n">provider</span><span class="o">.</span><span class="na">setPasswordEncoder</span><span class="o">(</span><span class="n">passwordEncoder</span><span class="o">());</span> <span class="k">return</span> <span class="n">provider</span><span class="o">;</span> <span class="o">}</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">PasswordEncoder</span> <span class="nf">passwordEncoder</span> <span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">BCryptPasswordEncoder</span><span class="o">();</span> <span class="o">}</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">UserDetailsService</span> <span class="nf">userDetailsService</span> <span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">username</span> <span class="o">-&gt;</span> <span class="o">{</span> <span class="k">return</span> <span class="n">userRepository</span><span class="o">.</span><span class="na">findByUsername</span><span class="o">(</span><span class="n">username</span><span class="o">)</span> <span class="o">.</span><span class="na">orElseThrow</span><span class="o">(()</span> <span class="o">-&gt;</span> <span class="k">new</span> <span class="nc">RuntimeException</span><span class="o">(</span><span class="s">"User not found."</span><span class="o">));</span> <span class="o">};</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>In this class, We configured the endpoints that require specific permissions. Only two endpoints necessitate permissions. Additionally, We have disabled the Spring Security <strong>CSRF</strong> protection.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="nd">@Component</span> <span class="nd">@EnableWebSecurity</span> <span class="nd">@EnableMethodSecurity</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">HttpSecurityConfig</span> <span class="o">{</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">AuthenticationProvider</span> <span class="n">authenticationProvider</span><span class="o">;</span> <span class="nd">@Autowired</span> <span class="kd">private</span> <span class="nc">JWTAuthenticationFilter</span> <span class="n">authenticationFilter</span><span class="o">;</span> <span class="nd">@Bean</span> <span class="kd">public</span> <span class="nc">SecurityFilterChain</span> <span class="nf">securityFilterChain</span> <span class="o">(</span><span class="nc">HttpSecurity</span> <span class="n">httpSecurity</span><span class="o">)</span> <span class="kd">throws</span> <span class="nc">Exception</span> <span class="o">{</span> <span class="n">httpSecurity</span> <span class="o">.</span><span class="na">csrf</span><span class="o">(</span><span class="n">csrfConfig</span> <span class="o">-&gt;</span> <span class="n">csrfConfig</span><span class="o">.</span><span class="na">disable</span><span class="o">())</span> <span class="o">.</span><span class="na">sessionManagement</span><span class="o">(</span><span class="n">sessionManagementConfig</span> <span class="o">-&gt;</span> <span class="n">sessionManagementConfig</span><span class="o">.</span><span class="na">sessionCreationPolicy</span><span class="o">(</span><span class="nc">SessionCreationPolicy</span><span class="o">.</span><span class="na">STATELESS</span><span class="o">))</span> <span class="o">.</span><span class="na">authenticationProvider</span><span class="o">(</span><span class="n">authenticationProvider</span><span class="o">)</span> <span class="o">.</span><span class="na">addFilterBefore</span><span class="o">(</span><span class="n">authenticationFilter</span><span class="o">,</span> <span class="nc">UsernamePasswordAuthenticationFilter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span> <span class="o">.</span><span class="na">authorizeHttpRequests</span><span class="o">(</span><span class="n">builderRequestMatchers</span><span class="o">());</span> <span class="k">return</span> <span class="n">httpSecurity</span><span class="o">.</span><span class="na">build</span><span class="o">();</span> <span class="o">}</span> <span class="kd">private</span> <span class="kd">static</span> <span class="nc">Customizer</span><span class="o">&lt;</span><span class="nc">AuthorizeHttpRequestsConfigurer</span><span class="o">&lt;</span><span class="nc">HttpSecurity</span><span class="o">&gt;.</span><span class="na">AuthorizationManagerRequestMatcherRegistry</span><span class="o">&gt;</span> <span class="nf">builderRequestMatchers</span> <span class="o">()</span> <span class="o">{</span> <span class="k">return</span> <span class="n">authConfig</span> <span class="o">-&gt;</span> <span class="o">{</span> <span class="n">authConfig</span><span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="nc">HttpMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="s">"/restricted/admin/login"</span><span class="o">).</span><span class="na">permitAll</span><span class="o">();</span> <span class="n">authConfig</span><span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="nc">HttpMethod</span><span class="o">.</span><span class="na">GET</span><span class="o">,</span> <span class="s">"/restricted/admin/overview"</span><span class="o">).</span><span class="na">hasAuthority</span><span class="o">(</span><span class="nc">Permission</span><span class="o">.</span><span class="na">READ_OVERVIEW</span><span class="o">.</span><span class="na">name</span><span class="o">());</span> <span class="n">authConfig</span><span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="nc">HttpMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="s">"/restricted/admin/overview/logout"</span><span class="o">).</span><span class="na">hasAuthority</span><span class="o">(</span><span class="nc">Permission</span><span class="o">.</span><span class="na">READ_OVERVIEW</span><span class="o">.</span><span class="na">name</span><span class="o">());</span> <span class="n">authConfig</span><span class="o">.</span><span class="na">requestMatchers</span><span class="o">(</span><span class="s">"/error"</span><span class="o">).</span><span class="na">permitAll</span><span class="o">();</span> <span class="n">authConfig</span><span class="o">.</span><span class="na">anyRequest</span><span class="o">().</span><span class="na">denyAll</span><span class="o">();</span> <span class="o">};</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>Note: AuthenticationProvider is particularly a Spring Security class.</p> <p>To make the long story short You can find guidance in this <a href="https://github.com/PineberryCode/MINI-NETSERVICE">Github repository</a></p> java programming webdev springsecurity