Rohan Sircar
5 years ago
11 changed files with 295 additions and 73 deletions
-
31chatto/src/main/java/org/ros/chatto/BeanConfigurations.java
-
31chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
-
47chatto/src/main/java/org/ros/chatto/config/CacheConfig.java
-
10chatto/src/main/java/org/ros/chatto/config/EhCacheConfig.java
-
31chatto/src/main/java/org/ros/chatto/model/UserToken.java
-
19chatto/src/main/java/org/ros/chatto/repository/TokenRepository.java
-
66chatto/src/main/java/org/ros/chatto/security/CustomBasicAuthenticationFilter.java
-
8chatto/src/main/java/org/ros/chatto/security/MyUserDetailsService.java
-
88chatto/src/main/java/org/ros/chatto/security/TokenAuthenticationFilter.java
-
33chatto/src/main/java/org/ros/chatto/service/UserTokenService.java
-
4chatto/src/main/resources/ehcache.xml
@ -1,47 +0,0 @@ |
|||
package org.ros.chatto.config; |
|||
|
|||
|
|||
import org.ros.chatto.security.MyUserDetailsService; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.cache.Cache; |
|||
import org.springframework.cache.CacheManager; |
|||
import org.springframework.cache.annotation.Cacheable; |
|||
import org.springframework.cache.annotation.EnableCaching; |
|||
import org.springframework.context.annotation.Bean; |
|||
import org.springframework.context.annotation.Configuration; |
|||
import org.springframework.security.core.userdetails.UserCache; |
|||
import org.springframework.security.core.userdetails.cache.SpringCacheBasedUserCache; |
|||
|
|||
@EnableCaching |
|||
@Configuration |
|||
public class CacheConfig { |
|||
|
|||
@Autowired |
|||
private CacheManager cacheManager; |
|||
|
|||
|
|||
@Bean |
|||
public UserCache userCache() throws Exception { |
|||
// return new EhCacheBasedUserCache(); |
|||
// Cache cache = (Cache) cacheManager().getCache("userCache"); |
|||
Cache cache = cacheManager.getCache("chatUser"); |
|||
return new SpringCacheBasedUserCache(cache); |
|||
} |
|||
|
|||
// private net.sf.ehcache.CacheManager cacheManager; |
|||
|
|||
// @PreDestroy |
|||
// public void destroy() { |
|||
// cacheManager.shutdown(); |
|||
// } |
|||
// |
|||
// @Bean |
|||
// public CacheManager cacheManager() { |
|||
//// log.debug("Starting Ehcache"); |
|||
// cacheManager = net.sf.ehcache.CacheManager.create(); |
|||
// cacheManager.getConfiguration().setMaxBytesLocalHeap("16M"); |
|||
// EhCacheCacheManager ehCacheManager = new EhCacheCacheManager(); |
|||
// ehCacheManager.setCacheManager(cacheManager); |
|||
// return ehCacheManager; |
|||
// } |
|||
} |
@ -0,0 +1,10 @@ |
|||
package org.ros.chatto.config; |
|||
|
|||
|
|||
import org.springframework.cache.annotation.EnableCaching; |
|||
import org.springframework.context.annotation.Configuration; |
|||
|
|||
@EnableCaching |
|||
@Configuration |
|||
public class EhCacheConfig { |
|||
} |
@ -0,0 +1,31 @@ |
|||
package org.ros.chatto.model; |
|||
|
|||
import java.io.Serializable; |
|||
|
|||
import javax.persistence.Column; |
|||
import javax.persistence.Entity; |
|||
import javax.persistence.GeneratedValue; |
|||
import javax.persistence.GenerationType; |
|||
import javax.persistence.Id; |
|||
import javax.persistence.JoinColumn; |
|||
import javax.persistence.OneToOne; |
|||
import javax.persistence.Table; |
|||
|
|||
import lombok.Data; |
|||
|
|||
@Data |
|||
@Entity |
|||
@Table(name="tokens") |
|||
public class UserToken implements Serializable { |
|||
/** |
|||
* |
|||
*/ |
|||
private static final long serialVersionUID = -201675581183933341L; |
|||
@Id |
|||
@GeneratedValue(strategy = GenerationType.IDENTITY) |
|||
@Column(name = "token_id") |
|||
private long tokenID; |
|||
private String userName; |
|||
private String tokenContent; |
|||
private String role; |
|||
} |
@ -0,0 +1,19 @@ |
|||
package org.ros.chatto.repository; |
|||
|
|||
import org.ros.chatto.model.UserToken; |
|||
import org.springframework.cache.annotation.CacheConfig; |
|||
import org.springframework.cache.annotation.Cacheable; |
|||
import org.springframework.data.jpa.repository.JpaRepository; |
|||
import org.springframework.data.jpa.repository.Query; |
|||
import org.springframework.stereotype.Repository; |
|||
|
|||
@Repository |
|||
@CacheConfig(cacheNames = "userTokenCache") |
|||
public interface TokenRepository extends JpaRepository<UserToken, Long> { |
|||
@Cacheable(value = "userTokenCache", key = "#token") |
|||
@Query("select t from UserToken t where t.tokenContent = ?1") |
|||
public UserToken findByToken(String token); |
|||
@Cacheable(value = "userTokenCache", key = "#userName") |
|||
@Query("select t from UserToken t where t.userName = ?1") |
|||
public UserToken findByUserName(String userName); |
|||
} |
@ -0,0 +1,66 @@ |
|||
package org.ros.chatto.security; |
|||
|
|||
import org.ros.chatto.model.UserToken; |
|||
import org.ros.chatto.repository.UserRepository; |
|||
import org.ros.chatto.service.UserService; |
|||
import org.ros.chatto.service.UserTokenService; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.security.authentication.AuthenticationManager; |
|||
import org.springframework.security.core.Authentication; |
|||
import org.springframework.security.core.token.Token; |
|||
import org.springframework.security.core.token.TokenService; |
|||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; |
|||
import org.springframework.stereotype.Component; |
|||
|
|||
@Component |
|||
public class CustomBasicAuthenticationFilter extends BasicAuthenticationFilter { |
|||
|
|||
@Autowired |
|||
private UserService userService; |
|||
@Autowired |
|||
private TokenService tokenService; |
|||
@Autowired |
|||
private UserTokenService userTokenService; |
|||
@Autowired |
|||
private UserRepository userRepository; |
|||
|
|||
@Autowired |
|||
public CustomBasicAuthenticationFilter(final AuthenticationManager authenticationManager) { |
|||
super(authenticationManager); |
|||
} |
|||
|
|||
@Override |
|||
protected void onSuccessfulAuthentication(final javax.servlet.http.HttpServletRequest request, |
|||
final javax.servlet.http.HttpServletResponse response, final Authentication authResult) { |
|||
// Generate Token |
|||
// Save the token for the logged in user |
|||
// send token in the response |
|||
// String tokenString = UUID.randomUUID().toString(); |
|||
|
|||
// System.out.println("Role = " + authResult.getAuthorities().iterator().next().getAuthority()); |
|||
|
|||
UserToken userToken = userTokenService.getToken(authResult.getName()); |
|||
Token token; |
|||
if (userToken == null) { |
|||
token = tokenService.allocateToken(""); |
|||
userToken = new UserToken(); |
|||
System.out.println("srwrrrrrrrrrrrr = " + authResult.getName()); |
|||
// ChatUser user = userService.findByUserName(authResult.getName()); |
|||
// ChatUser user = userRepository.findByUserName("hmm"); |
|||
userToken.setTokenContent(token.getKey()); |
|||
// userToken.setTokenContent(tokenString); |
|||
userToken.setUserName(authResult.getName()); |
|||
userToken.setRole(authResult.getAuthorities().iterator().next().getAuthority()); |
|||
userTokenService.saveToken(userToken); |
|||
response.setHeader("X-AUTH-TOKEN", token.getKey()); |
|||
} |
|||
else { |
|||
token = tokenService.verifyToken(userToken.getTokenContent()); |
|||
if(token!=null) { |
|||
response.setHeader("X-AUTH-TOKEN", token.getKey()); |
|||
} |
|||
} |
|||
|
|||
} |
|||
|
|||
} |
@ -0,0 +1,88 @@ |
|||
package org.ros.chatto.security; |
|||
|
|||
import java.io.IOException; |
|||
import java.util.ArrayList; |
|||
import java.util.List; |
|||
|
|||
import javax.servlet.FilterChain; |
|||
import javax.servlet.ServletException; |
|||
import javax.servlet.ServletRequest; |
|||
import javax.servlet.ServletResponse; |
|||
import javax.servlet.http.HttpServletRequest; |
|||
|
|||
import org.ros.chatto.model.UserToken; |
|||
import org.ros.chatto.repository.TokenRepository; |
|||
import org.ros.chatto.repository.UserRoleRepository; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
|||
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|||
import org.springframework.security.core.context.SecurityContextHolder; |
|||
import org.springframework.security.core.token.Token; |
|||
import org.springframework.security.core.token.TokenService; |
|||
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|||
import org.springframework.stereotype.Component; |
|||
import org.springframework.web.filter.GenericFilterBean; |
|||
|
|||
|
|||
@Component |
|||
public class TokenAuthenticationFilter extends GenericFilterBean { |
|||
|
|||
@Autowired |
|||
UserRoleRepository userRoleRepository; |
|||
|
|||
@Autowired |
|||
TokenRepository tokenRepository; |
|||
|
|||
@Autowired |
|||
TokenService tokenService; |
|||
|
|||
@Override |
|||
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) |
|||
throws IOException, ServletException { |
|||
final HttpServletRequest httpRequest = (HttpServletRequest) request; |
|||
|
|||
// extract token from header |
|||
final String accessToken = httpRequest.getHeader("X-AUTH-TOKEN"); |
|||
if (null != accessToken) { |
|||
// get and check whether token is valid ( from DB or file wherever you are |
|||
// storing the token) |
|||
UserToken userToken = tokenRepository.findByToken(accessToken); |
|||
|
|||
if (userToken == null) { |
|||
throw new UsernameNotFoundException("Token not associated with any user"); |
|||
} |
|||
Token token = tokenService.verifyToken(userToken.getTokenContent()); |
|||
|
|||
if (token == null) { |
|||
throw new UsernameNotFoundException("Token not issued by us"); |
|||
} |
|||
|
|||
String userName = userToken.getUserName(); |
|||
if (userName == null) { |
|||
throw new UsernameNotFoundException("User not found"); |
|||
} |
|||
|
|||
// List<UserRole> userRoles = userRoleRepository.findByUser(chatUser.getUserName()); |
|||
// // Populate SecurityContextHolder by fetching relevant information using token |
|||
// final UserDetails userPrincipal = User.withUsername(chatUser.getUserName()).password(chatUser.getPassword()) |
|||
// .roles(userRoles.stream().map(userRole -> { |
|||
//// System.out.println("role = " + userRole.getRole().getName()); |
|||
// return userRole.getRole().getName(); |
|||
// }).toArray(size -> new String[size])).build(); |
|||
// final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( |
|||
// userPrincipal, null, userPrincipal.getAuthorities()); |
|||
SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(userToken.getRole()); |
|||
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); |
|||
updatedAuthorities.add(simpleGrantedAuthority); |
|||
|
|||
|
|||
|
|||
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userName, token.getKey(), updatedAuthorities); |
|||
SecurityContextHolder.getContext().setAuthentication(authentication); |
|||
|
|||
} |
|||
|
|||
chain.doFilter(request, response); |
|||
} |
|||
|
|||
} |
@ -0,0 +1,33 @@ |
|||
package org.ros.chatto.service; |
|||
|
|||
import javax.transaction.Transactional; |
|||
|
|||
import org.ros.chatto.model.UserToken; |
|||
import org.ros.chatto.repository.TokenRepository; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.stereotype.Service; |
|||
|
|||
@Service |
|||
|
|||
public class UserTokenService { |
|||
@Autowired |
|||
private TokenRepository tokenRepository; |
|||
|
|||
|
|||
// @Cacheable |
|||
public UserToken getToken(String userName) |
|||
{ |
|||
return tokenRepository.findByUserName(userName); |
|||
} |
|||
|
|||
@Transactional |
|||
public void saveToken(UserToken userToken) |
|||
{ |
|||
UserToken userToken2 = tokenRepository.findByToken(userToken.getTokenContent()); |
|||
if(userToken2!=null) { |
|||
System.out.println("Found valid token"); |
|||
return; |
|||
} |
|||
tokenRepository.save(userToken); |
|||
} |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue