AndriDiki/smartproc-be
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix authentication

Browse Source
This commit is contained in:
dirgantarasiahaan 2023-05-25 14:54:43 +07:00
parent d50b2a8eef
commit c833f09200
8 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/iconplus/smartproc/configuration/JwtRequestFilter.java
View File

@ -54,7 +54,7 @@ public class JwtRequestFilter extends OncePerRequestFilter {
private void isValidToken(HttpServletRequest request, String jwtToken) {
String requestUrl = request.getRequestURI();
String refreshTokenUrl = "/authentication-service/authentication/v1/refresh-token";
String refreshTokenUrl = "/api/authentication/refresh-token";
if (!refreshTokenUrl.equals(requestUrl)) {
var isValid = isValidAuthenticateToken(jwtToken);
if (!isValid) {

1
src/main/java/com/iconplus/smartproc/configuration/WebSecurityConfig.java
View File

@ -34,6 +34,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
.csrf().disable();
httpSecurity.authorizeRequests()
.antMatchers("/api*/**").permitAll()
.antMatchers("/api/authentication/*").permitAll()
.antMatchers("/actuator/health").permitAll()
.antMatchers("/swagger*/**").permitAll()
.antMatchers("/v2*/**").permitAll()

6
src/main/java/com/iconplus/smartproc/model/entity/TokenManagement.java
View File

@ -31,12 +31,10 @@ public class TokenManagement extends BaseEntity {
@Column(name = "user_id")
private Long userId;
@Lob
@Column(name = "access_token")
@Column(name = "access_token", length = 2500)
private String accessToken;
@Lob
@Column(name = "refresh_token")
@Column(name = "refresh_token", length = 2500)
private String refreshToken;
@Column(name = "issued_time")

8
src/main/java/com/iconplus/smartproc/model/projection/TokenManagementView.java
View File

@ -7,10 +7,10 @@ public interface TokenManagementView {
String getId();
void setId(String id);
String getUserId();
void setUserId(String userId);
Long getUserId();
void setUserId(Long userId);
Clob getAccessToken();
void setAccessToken(Clob accessToken);
String getAccessToken();
void setAccessToken(String accessToken);
}

6
src/main/java/com/iconplus/smartproc/repository/TokenManagementRepository.java
View File

@ -14,9 +14,9 @@ public interface TokenManagementRepository extends JpaRepository<TokenManagement
@Query(value = "SELECT access_token as accessToken FROM token_management " +
"WHERE user_id = :userId " +
"AND isDelete = false " +
"AND expired_time >= SYSDATE", nativeQuery = true)
List<TokenManagementView> findAccessTokenByUserIdAndDeletedFalse(String userId);
"AND is_delete = 0 " +
"AND expired_time >= CURRENT_TIMESTAMP", nativeQuery = true)
List<TokenManagementView> findAccessTokenByUserIdAndDeletedFalse(Long userId);
@Query(value = "SELECT tm from TokenManagement tm " +
"WHERE tm.refreshToken = :refreshToken " +

3
src/main/java/com/iconplus/smartproc/service/authentication/LoginService.java
View File

@ -18,6 +18,7 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@Service
@ -65,7 +66,7 @@ public class LoginService implements BaseService<LoginRequest, LoginResponse> {
.username(userRoleView.getUsername())
.nama(userRoleView.getNama())
.role(userRoleView.getRole())
.accessMenu(null)
.accessMenu(new HashSet<>())
.build();
Map<String, Object> claims = new HashMap<>();

4
src/main/java/com/iconplus/smartproc/service/authentication/PostCheckAccessTokenService.java
View File

@ -27,7 +27,7 @@ public class PostCheckAccessTokenService implements BaseService<PostAccessTokenR
public PostAccessTokenResponse execute(PostAccessTokenRequest input) {
var decodeToken = TokenUtils.decodeToken(input.getAccessToken());
String userId = decodeToken.get("user_id");
Long userId = Long.valueOf(decodeToken.get("user_id"));
List<TokenManagementView> tokenManagementViews = tokenManagementRepository.findAccessTokenByUserIdAndDeletedFalse(userId);
if (tokenManagementViews.isEmpty()) {
@ -38,7 +38,7 @@ public class PostCheckAccessTokenService implements BaseService<PostAccessTokenR
}
List<String> userTokenList = tokenManagementViews.stream()
.map(c-> CommonUtil.clobToString(c.getAccessToken()))
.map(TokenManagementView::getAccessToken)
.collect(Collectors.toList());
boolean isMatch = userTokenList.stream().anyMatch(s -> s.equals(input.getAccessToken()));

3
src/main/java/com/iconplus/smartproc/service/authentication/TokenManagementService.java
View File

@ -17,6 +17,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.HashSet;
import java.util.Objects;
@Service
@ -72,7 +73,7 @@ public class TokenManagementService implements BaseService<RefreshTokenRequest,
.username(userRoleView.getUsername())
.nama(userRoleView.getNama())
.role(userRoleView.getRole())
.accessMenu(null)
.accessMenu(new HashSet<>())
.build();
final String accessToken = jwtTokenUtil.generateToken(String.valueOf(userRoleView.getId()), tokenContent, accessTokenExp * 60000);