PaulK/Hangry
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Funktionierende SecurityConfig

Browse Source
This commit is contained in:
PaulK 2025-03-18 15:52:06 +01:00
parent be982193e4
commit 9d9d6d8a60
4 changed files with 85 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/main/java/com/example/hangry/security/JwtAuthenticationFilter.java Normal file
View File

@ -0,0 +1,52 @@
package com.example.hangry.security;
import com.example.hangry.User;
import com.example.hangry.UserRepository;
import com.example.hangry.services.JwtService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.util.ArrayList;
@Component
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final JwtService jwtService;
private final UserRepository userRepository;
public JwtAuthenticationFilter(JwtService jwtService, UserRepository userRepository) {
this.jwtService = jwtService;
this.userRepository = userRepository;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
String authHeader = request.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Bearer ")) {
String token = authHeader.substring(7);
String email = jwtService.extractEmail(token);
if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
User user = userRepository.findByEmail(email);
if (user != null && jwtService.validateToken(token, user)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
filterChain.doFilter(request, response);
}
}

42
src/main/java/com/example/hangry/security/JwtUtil.java
View File

@ -1,42 +0,0 @@
package com.example.hangry.security;
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import org.springframework.stereotype.Component;
import java.security.Key;
import java.util.Date;
@Component
public class JwtUtil {
private final String SECRET_KEY = "geheimeschluesselgeheimeschluessel"; // Sollte mind. 256 Bit lang sein
private final long EXPIRATION_TIME = 1000 * 60 * 60; // 1 Stunde gültig
private final Key key = Keys.hmacShaKeyFor(SECRET_KEY.getBytes());
//Token generieren
public String generateToken(String username) {
return Jwts.builder()
.setSubject(username) // Benutzername in das Token schreiben
.setIssuedAt(new Date()) // Zeitpunkt der Erstellung
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME)) // Ablaufzeit setzen
.signWith(key, SignatureAlgorithm.HS256) // Signieren mit geheimer Schlüssel
.compact();
}
//Token validieren
public boolean validateToken(String token) {
try {
Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);
return true;
} catch (JwtException | IllegalArgumentException e) {
return false;
}
}
//Benutzername aus Token extrahieren
public String extractUsername(String token) {
return Jwts.parserBuilder().setSigningKey(key).build()
.parseClaimsJws(token).getBody().getSubject();
}
}

4
src/main/java/com/example/hangry/security/SecurityConfig.java
View File

@ -7,14 +7,16 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration @Configuration
@EnableWebSecurity // Aktiviert Spring Security @EnableWebSecurity // Aktiviert Spring Security
public class SecurityConfig { public class SecurityConfig {
@Bean @Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthenticationFilter jwtAuthenticationFilter) throws Exception {
http http
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.csrf(AbstractHttpConfigurer::disable) // Neue Syntax für CSRF-Disable .csrf(AbstractHttpConfigurer::disable) // Neue Syntax für CSRF-Disable
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers("/api/auth/register", "/api/auth/login").permitAll() // Registrierung & Login erlauben .requestMatchers("/api/auth/register", "/api/auth/login").permitAll() // Registrierung & Login erlauben

32
src/main/java/com/example/hangry/services/JwtService.java
View File

@ -1,17 +1,20 @@
package com.example.hangry.services; package com.example.hangry.services;
import com.example.hangry.User; import com.example.hangry.User;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm; import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.security.Keys; import io.jsonwebtoken.security.Keys;
import org.springframework.cglib.core.internal.Function;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.security.Key; import java.security.Key;
import java.util.Date; import java.util.Date;
@Service @Service
public class JwtService { public class JwtService {
private static final Key SECRET_KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256); private static final String SECRET_KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256).toString();
private static final long EXPIRATION_TIME = 1000 * 60 * 60 * 24; // 24 Stunden private static final long EXPIRATION_TIME = 1000 * 60 * 60 * 24; // 24 Stunden
public String generateToken(User user) { public String generateToken(User user) {
@ -19,7 +22,32 @@ public class JwtService {
.setSubject(user.getEmail()) .setSubject(user.getEmail())
.setIssuedAt(new Date()) .setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME)) .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME))
.signWith(SECRET_KEY) .signWith(getSigningKey(), SignatureAlgorithm.HS256)
.compact(); .compact();
} }
public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
final Claims claims = extractAllClaims(token);
return claimsResolver.apply(claims);
}
private Claims extractAllClaims(String token) {
return Jwts.parserBuilder().setSigningKey(getSigningKey()).build().parseClaimsJws(token).getBody();
}
private Key getSigningKey() {
return Keys.hmacShaKeyFor(SECRET_KEY.getBytes());
}
public String extractEmail(String token) {
return extractClaim(token, Claims::getSubject); // Subject = E-Mail
}
public boolean validateToken(String token, User user) {
final String email = extractEmail(token);
return email.equals(user.getEmail()) && !isTokenExpired(token);
}
private boolean isTokenExpired(String token) {
return extractClaim(token, Claims::getExpiration).before(new Date());
}
} }