Force logout

src/main/java/com/iemr/common/constant/Constants.java

@@ -11,5 +11,6 @@ public class Constants {
 	public static final String HOLD = "Hold";
 	public static final String NOT_READY = "Not Ready";
 	public static final String AUX = "Aux";
+	public static final String JWT_TOKEN = "Jwttoken";
 
 }

src/main/java/com/iemr/common/controller/users/IEMRAdminController.java

@@ -34,6 +34,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -44,6 +45,7 @@
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.iemr.common.config.encryption.SecurePassword;
+import com.iemr.common.constant.Constants;
 import com.iemr.common.data.users.LoginSecurityQuestions;
 import com.iemr.common.data.users.M_Role;
 import com.iemr.common.data.users.ServiceRoleScreenMapping;
@@ -56,6 +58,7 @@
 import com.iemr.common.service.users.IEMRAdminUserService;
 import com.iemr.common.utils.CookieUtil;
 import com.iemr.common.utils.JwtUtil;
+import com.iemr.common.utils.TokenBlacklist;
 import com.iemr.common.utils.encryption.AESUtil;
 import com.iemr.common.utils.exception.IEMRException;
 import com.iemr.common.utils.mapper.InputMapper;
@@ -83,6 +86,8 @@
 	private CookieUtil cookieUtil;
 	@Autowired
 	private RedisTemplate<String, Object> redisTemplate;
+	@Value("${jwt.blacklist.expiration}")
+	private static long BLACK_LIST_EXPIRATION_TIME;
 
 	private AESUtil aesUtil;
 
@@ -933,9 +938,14 @@
 	    try {
 	        // Perform the force logout logic
 	        iemrAdminUserServiceImpl.forceLogout(request);
-
+	        String token = null;
+	        token = getJwtTokenFromCookies(httpRequest);
+	        if(null == token) {
+	        	token = httpRequest.getHeader(Constants.JWT_TOKEN);
+	        }
+	        TokenBlacklist.blacklistToken(token,BLACK_LIST_EXPIRATION_TIME);
 	        // Extract and invalidate JWT token cookie dynamically from the request
-	        invalidateJwtCookie(httpRequest, response);
+	       // invalidateJwtCookie(httpRequest, response);
 
 	        // Set the response message
 	        outputResponse.setResponse("Success");
@@ -944,7 +954,17 @@
 	    }
 	    return outputResponse.toString();
 	}
-
+	private String getJwtTokenFromCookies(HttpServletRequest request) {
+		Cookie[] cookies = request.getCookies();
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				if (cookie.getName().equalsIgnoreCase("Jwttoken")) {
+					return cookie.getValue();
+				}
+			}
+		}
+		return null;
+	}
 	private void invalidateJwtCookie(HttpServletRequest request, HttpServletResponse response) {
 	    // Get the cookies from the incoming request
 	    Cookie[] cookies = request.getCookies();

src/main/java/com/iemr/common/utils/JwtUtil.java

@@ -57,12 +57,11 @@ private String buildToken(String username, String userId, String tokenType, long
 	}
 
 	public Claims validateToken(String token) {
+		if (TokenBlacklist.isTokenBlacklisted(token)) {
+			return null;
+		}
 		try {
-			return Jwts.parser()
-                    .verifyWith(getSigningKey())
-                    .build()
-                    .parseSignedClaims(token)
-					.getPayload();
+			return Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(token).getPayload();
 
 		} catch (ExpiredJwtException ex) {
 			// Handle expired token specifically if needed

src/main/java/com/iemr/common/utils/TokenBlacklist.java

@@ -0,0 +1,42 @@
+package com.iemr.common.utils;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.springframework.beans.factory.annotation.Value;
+
+public class TokenBlacklist {
+
+
+	// Store blacklisted tokens (in-memory)
+	private static final Map<String, Long> blacklistedTokens = new ConcurrentHashMap<>();
+
+
+    // Add a token to the blacklist
+    public static void blacklistToken(String token ,Long blackListExpirationTime) {
+    	if(token == null || token.trim().isEmpty()) {
+    		return;
+    	}
+    	blacklistedTokens.put(token, System.currentTimeMillis()+ blackListExpirationTime);
+    }
+
+    // Check if a token is blacklisted
+
+    public static boolean isTokenBlacklisted(String token) {
+    	if(token == null || token.trim().isEmpty()) {
+    		return false;
+    	}
+        Long expiry = blacklistedTokens.get(token);
+        if (expiry == null) return false;
+        // If token is expired, remove it from blacklist and treat as not blacklisted
+        if (System.currentTimeMillis() > expiry) {
+            blacklistedTokens.remove(token);
+            return false;
+        }
+        return true;
+    }
+
+}