obtain logged in user id from principal

src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/JWTAuthorizationFilter.java

@@ -2,8 +2,11 @@
 
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUser;
+import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUserRepository;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
@@ -20,8 +23,11 @@
 
 public class JWTAuthorizationFilter extends BasicAuthenticationFilter {
 
-    public JWTAuthorizationFilter(AuthenticationManager authManager) {
+    private final ApplicationUserRepository applicationUserRepository;
+
+    public JWTAuthorizationFilter(AuthenticationManager authManager, ApplicationUserRepository applicationUserRepository) {
         super(authManager);
+        this.applicationUserRepository = applicationUserRepository;
     }
 
     @Override
@@ -35,13 +41,15 @@ protected void doFilterInternal(HttpServletRequest req,
             return;
         }
 
-        UsernamePasswordAuthenticationToken authentication = getAuthentication(req);
+        String username = getUsername(req);
+        ApplicationUser applicationUser = applicationUserRepository.findByUsername(username);
+        Authentication authentication = new UsernamePasswordAuthenticationToken(applicationUser, null, new ArrayList<>());
 
         SecurityContextHolder.getContext().setAuthentication(authentication);
         chain.doFilter(req, res);
     }
 
-    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
+    private String getUsername(HttpServletRequest request) {
         String token = request.getHeader(HEADER_STRING);
         if (token != null) {
             // parse the token.
@@ -50,10 +58,7 @@ private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest
                     .verify(token.replace(TOKEN_PREFIX, ""))
                     .getSubject();
 
-            if (user != null) {
-                return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
-            }
-            return null;
+            return user;
         }
         return null;
     }

src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/WebSecurity.java

@@ -6,6 +6,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUserRepository;
 import com.auth0.samples.authapi.springbootauthupdated.user.UserDetailsServiceImpl;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.cors.CorsConfiguration;
@@ -19,10 +20,13 @@
 public class WebSecurity extends WebSecurityConfigurerAdapter {
     private UserDetailsServiceImpl userDetailsService;
     private BCryptPasswordEncoder bCryptPasswordEncoder;
+    private ApplicationUserRepository applicationUserRepository;
 
-    public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
+    public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder,
+        ApplicationUserRepository applicationUserRepository) {
         this.userDetailsService = userDetailsService;
         this.bCryptPasswordEncoder = bCryptPasswordEncoder;
+        this.applicationUserRepository = applicationUserRepository;
     }
 
     @Override
@@ -32,7 +36,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .anyRequest().authenticated()
                 .and()
                 .addFilter(new JWTAuthenticationFilter(authenticationManager()))
-                .addFilter(new JWTAuthorizationFilter(authenticationManager()))
+                .addFilter(new JWTAuthorizationFilter(authenticationManager(), applicationUserRepository))
                 // this disables session creation on Spring Security
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
     }

src/main/java/com/auth0/samples/authapi/springbootauthupdated/task/TaskController.java

@@ -1,5 +1,7 @@
 package com.auth0.samples.authapi.springbootauthupdated.task;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -9,7 +11,7 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-
+import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUser;
 import java.util.List;
 
 @RestController
@@ -29,6 +31,10 @@ public void addTask(@RequestBody Task task) {
 
     @GetMapping
     public List<Task> getTasks() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        ApplicationUser principal = (ApplicationUser) authentication.getPrincipal();
+        System.out.println(principal.getId());
+
         return taskRepository.findAll();
     }