diff --git a/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/JWTAuthorizationFilter.java b/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/JWTAuthorizationFilter.java index 2c3f494..0dcb252 100644 --- a/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/JWTAuthorizationFilter.java +++ b/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/JWTAuthorizationFilter.java @@ -2,8 +2,11 @@ import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUser; +import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUserRepository; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; @@ -20,8 +23,11 @@ public class JWTAuthorizationFilter extends BasicAuthenticationFilter { - public JWTAuthorizationFilter(AuthenticationManager authManager) { + private final ApplicationUserRepository applicationUserRepository; + + public JWTAuthorizationFilter(AuthenticationManager authManager, ApplicationUserRepository applicationUserRepository) { super(authManager); + this.applicationUserRepository = applicationUserRepository; } @Override @@ -35,13 +41,15 @@ protected void doFilterInternal(HttpServletRequest req, return; } - UsernamePasswordAuthenticationToken authentication = getAuthentication(req); + String username = getUsername(req); + ApplicationUser applicationUser = applicationUserRepository.findByUsername(username); + Authentication authentication = new UsernamePasswordAuthenticationToken(applicationUser, null, new ArrayList<>()); SecurityContextHolder.getContext().setAuthentication(authentication); chain.doFilter(req, res); } - private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) { + private String getUsername(HttpServletRequest request) { String token = request.getHeader(HEADER_STRING); if (token != null) { // parse the token. @@ -50,10 +58,7 @@ private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest .verify(token.replace(TOKEN_PREFIX, "")) .getSubject(); - if (user != null) { - return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>()); - } - return null; + return user; } return null; } diff --git a/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/WebSecurity.java b/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/WebSecurity.java index 333850f..f5d4a7c 100644 --- a/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/WebSecurity.java +++ b/src/main/java/com/auth0/samples/authapi/springbootauthupdated/security/WebSecurity.java @@ -6,6 +6,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; +import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUserRepository; import com.auth0.samples.authapi.springbootauthupdated.user.UserDetailsServiceImpl; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.web.cors.CorsConfiguration; @@ -19,10 +20,13 @@ public class WebSecurity extends WebSecurityConfigurerAdapter { private UserDetailsServiceImpl userDetailsService; private BCryptPasswordEncoder bCryptPasswordEncoder; + private ApplicationUserRepository applicationUserRepository; - public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) { + public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder, + ApplicationUserRepository applicationUserRepository) { this.userDetailsService = userDetailsService; this.bCryptPasswordEncoder = bCryptPasswordEncoder; + this.applicationUserRepository = applicationUserRepository; } @Override @@ -32,7 +36,7 @@ protected void configure(HttpSecurity http) throws Exception { .anyRequest().authenticated() .and() .addFilter(new JWTAuthenticationFilter(authenticationManager())) - .addFilter(new JWTAuthorizationFilter(authenticationManager())) + .addFilter(new JWTAuthorizationFilter(authenticationManager(), applicationUserRepository)) // this disables session creation on Spring Security .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); } diff --git a/src/main/java/com/auth0/samples/authapi/springbootauthupdated/task/TaskController.java b/src/main/java/com/auth0/samples/authapi/springbootauthupdated/task/TaskController.java index 28e4d5e..9de8b72 100644 --- a/src/main/java/com/auth0/samples/authapi/springbootauthupdated/task/TaskController.java +++ b/src/main/java/com/auth0/samples/authapi/springbootauthupdated/task/TaskController.java @@ -1,5 +1,7 @@ package com.auth0.samples.authapi.springbootauthupdated.task; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.Assert; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -9,7 +11,7 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; - +import com.auth0.samples.authapi.springbootauthupdated.user.ApplicationUser; import java.util.List; @RestController @@ -29,6 +31,10 @@ public void addTask(@RequestBody Task task) { @GetMapping public List getTasks() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + ApplicationUser principal = (ApplicationUser) authentication.getPrincipal(); + System.out.println(principal.getId()); + return taskRepository.findAll(); }