feat: add new TokenProvider

Author: osahner

src/main/kotlin/osahner/config/SecurityProperties.kt

@@ -1,14 +1,14 @@
 package osahner.config
 
-import org.hibernate.validator.constraints.Length
 import org.springframework.boot.context.properties.ConfigurationProperties
 
 @ConfigurationProperties(prefix = "jwt-security")
 class SecurityProperties {
-  @Length(min = 42, message = "Minimum length for the secret is 42.")
-  var secret = ""
+  var secret = "" // Minimum length for the secret is 42.
   var expirationTime: Int = 31 // in days
-  var tokenPrefix = "Bearer "
-  var headerString = "Authorization"
   var strength = 10
+
+  // constant
+  val tokenPrefix = "Bearer "
+  val headerString = "Authorization"
 }

src/main/kotlin/osahner/config/WebConfig.kt

@@ -13,16 +13,16 @@ import org.springframework.web.cors.CorsConfigurationSource
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 import osahner.security.JWTAuthenticationFilter
 import osahner.security.JWTAuthorizationFilter
+import osahner.security.TokenProvider
 import osahner.service.AppAuthenticationManager
-import osahner.service.AppUserDetailsService
 
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 class WebConfig(
-  val userDetailsService: AppUserDetailsService,
   val securityProperties: SecurityProperties,
-  val authenticationManager: AppAuthenticationManager
+  val authenticationManager: AppAuthenticationManager,
+  val tokenProvider: TokenProvider
 ) {
   @Bean
   @Throws(Exception::class)
@@ -38,8 +38,8 @@ class WebConfig(
       .antMatchers(HttpMethod.POST, "/login").permitAll()
       .anyRequest().authenticated()
       .and()
-      .addFilter(JWTAuthenticationFilter(authenticationManager, securityProperties))
-      .addFilter(JWTAuthorizationFilter(authenticationManager, userDetailsService, securityProperties))
+      .addFilter(JWTAuthenticationFilter(authenticationManager, securityProperties, tokenProvider))
+      .addFilter(JWTAuthorizationFilter(authenticationManager, securityProperties, tokenProvider))
       .build()
   }
 

src/main/kotlin/osahner/security/JWTAuthenticationFilter.kt

@@ -2,27 +2,23 @@ package osahner.security
 
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import com.fasterxml.jackson.module.kotlin.readValue
-import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
-import io.jsonwebtoken.security.Keys
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.authentication.AuthenticationServiceException
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.AuthenticationException
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
-import osahner.add
 import osahner.config.SecurityProperties
 import java.io.IOException
-import java.util.*
 import javax.servlet.FilterChain
 import javax.servlet.ServletException
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
 
 class JWTAuthenticationFilter(
   private val authManager: AuthenticationManager,
-  private val securityProperties: SecurityProperties
+  private val securityProperties: SecurityProperties,
+  private val tokenProvider: TokenProvider
 ) : UsernamePasswordAuthenticationFilter() {
 
   @Throws(AuthenticationException::class)
@@ -53,18 +49,9 @@ class JWTAuthenticationFilter(
     req: HttpServletRequest,
     res: HttpServletResponse,
     chain: FilterChain?,
-    auth: Authentication
+    authentication: Authentication
   ) {
-    val authClaims: MutableList<String> = mutableListOf()
-    auth.authorities?.let { authorities ->
-      authorities.forEach { claim -> authClaims.add(claim.toString()) }
-    }
-    val token = Jwts.builder()
-      .setSubject(auth.principal as String)
-      .claim("auth", authClaims)
-      .setExpiration(Date().add(Calendar.DAY_OF_MONTH, securityProperties.expirationTime))
-      .signWith(Keys.hmacShaKeyFor(securityProperties.secret.toByteArray()), SignatureAlgorithm.HS512)
-      .compact()
+    val token = tokenProvider.createToken(authentication)
     res.addHeader(securityProperties.headerString, securityProperties.tokenPrefix + token)
   }
 }

src/main/kotlin/osahner/security/JWTAuthorizationFilter.kt

@@ -1,13 +1,9 @@
 package osahner.security
 
-import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.security.Keys
 import org.springframework.security.authentication.AuthenticationManager
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter
 import osahner.config.SecurityProperties
-import osahner.service.AppUserDetailsService
 import java.io.IOException
 import javax.servlet.FilterChain
 import javax.servlet.ServletException
@@ -16,8 +12,9 @@ import javax.servlet.http.HttpServletResponse
 
 class JWTAuthorizationFilter(
   authManager: AuthenticationManager,
-  private val userDetailsService: AppUserDetailsService,
-  private val securityProperties: SecurityProperties
+  private val securityProperties: SecurityProperties,
+  private val tokenProvider: TokenProvider
+
 ) : BasicAuthenticationFilter(authManager) {
 
   @Throws(IOException::class, ServletException::class)
@@ -31,22 +28,9 @@ class JWTAuthorizationFilter(
       chain.doFilter(req, res)
       return
     }
-    getAuthentication(header)?.also {
-      SecurityContextHolder.getContext().authentication = it
+    tokenProvider.getAuthentication(header)?.also { authentication ->
+      SecurityContextHolder.getContext().authentication = authentication
     }
     chain.doFilter(req, res)
   }
-
-  private fun getAuthentication(token: String): UsernamePasswordAuthenticationToken? {
-    return try {
-      val claims = Jwts.parserBuilder()
-        .setSigningKey(Keys.hmacShaKeyFor(securityProperties.secret.toByteArray()))
-        .build()
-        .parseClaimsJws(token.replace(securityProperties.tokenPrefix, ""))
-      val userDetail = userDetailsService.loadUserByUsername(claims.body.subject)
-      UsernamePasswordAuthenticationToken(claims.body.subject, null, userDetail.authorities)
-    } catch (e: Exception) {
-      return null
-    }
-  }
 }

src/main/kotlin/osahner/security/TokenProvider.kt

@@ -0,0 +1,58 @@
+package osahner.security
+
+import io.jsonwebtoken.Jwts
+import io.jsonwebtoken.SignatureAlgorithm
+import io.jsonwebtoken.security.Keys
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.core.Authentication
+import org.springframework.security.core.userdetails.User
+import org.springframework.stereotype.Component
+import osahner.add
+import osahner.config.SecurityProperties
+import osahner.service.AppUserDetailsService
+import java.security.Key
+import java.util.*
+import javax.annotation.PostConstruct
+
+@Component
+class TokenProvider(
+  private val securityProperties: SecurityProperties,
+  private val userDetailsService: AppUserDetailsService,
+) {
+  private var key: Key? = null
+  private var tokenValidity: Date? = null
+
+  @PostConstruct
+  fun init() {
+    key = Keys.hmacShaKeyFor(securityProperties.secret.toByteArray())
+    tokenValidity = Date().add(Calendar.DAY_OF_MONTH, securityProperties.expirationTime)
+  }
+
+  fun createToken(authentication: Authentication): String {
+    val authClaims: MutableList<String> = mutableListOf()
+    authentication.authorities?.let { authorities ->
+      authorities.forEach { claim -> authClaims.add(claim.toString()) }
+    }
+
+    return Jwts.builder()
+      .setSubject(authentication.name)
+      .claim("auth", authClaims)
+      .setExpiration(tokenValidity)
+      .signWith(key, SignatureAlgorithm.HS512)
+      .compact()
+  }
+
+  fun getAuthentication(token: String): Authentication? {
+    return try {
+      val claims = Jwts.parserBuilder()
+        .setSigningKey(key)
+        .build()
+        .parseClaimsJws(token.replace(securityProperties.tokenPrefix, ""))
+      val userDetail = userDetailsService.loadUserByUsername(claims.body.subject)
+      val principal = User(userDetail.username, "", userDetail.authorities)
+      UsernamePasswordAuthenticationToken(principal, token, userDetail.authorities)
+    } catch (e: Exception) {
+      return null
+    }
+  }
+}