@Componentpublic class JwtAuthenticationProvider extends AbstractUserDetailsAut

1. @Component
2. public class JwtAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
3.  
4. @Autowired
5. private JwtValidator jwtValidator;
6. @Override
7. protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
8.  
9. }
10.  
11. @Override
12. protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
13. JwtAuthenticationToken jwtAuthenticationToken = (JwtAuthenticationToken)authentication;
14. String token = jwtAuthenticationToken.getToken();
15. JwtUser jwtUser = jwtValidator.validate(token);
16. if (jwtUser == null) {
17. throw new RuntimeException("JWT Token not correct");
18. }
19. List<GrantedAuthority> grantedAuthorities = AuthorityUtils.commaSeparatedStringToAuthorityList(jwtUser.getRole());
20. return new JwtUserDetails(jwtUser.getUserName(), jwtUser.getId(), grantedAuthorities, token);
21. }
22.  
23. @Override
24. public boolean supports(Class<?> authentication) {
25. return JwtAuthenticationToken.class.isAssignableFrom(authentication);
26. }
27. }
28.  
29. public class JwtAuthenticationTokenFilter extends AbstractAuthenticationProcessingFilter {
30. public JwtAuthenticationTokenFilter() {
31. super("/rest/**");
32. }
33.  
34. @Override
35. public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
36. String header = request.getHeader("Authorization");
37. if (header == null || !header.startsWith("Token ")) {
38. throw new RuntimeException("JWT Token is missing");
39. }
40. String authenticationToken = header.substring(6);
41. JwtAuthenticationToken token = new JwtAuthenticationToken(authenticationToken);
42. return this.getAuthenticationManager().authenticate(token);
43. }
44.  
45. public void setAuthenticationManager(AuthenticationManager authenticationManager) {
46. super.setAuthenticationManager(authenticationManager);
47. }
48.  
49.  
50.  
51. public void setAuthenticationSuccessHandler(JwtSuccessHandler jwtSuccessHandler) {
52. }
53.  
54. @Override
55. protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
56. super.successfulAuthentication(request, response, chain, authResult);
57. chain.doFilter(request, response);
58. }
59.  
60. }
61.  
62. @Configuration
63. @EnableWebSecurity
64. @EnableGlobalMethodSecurity(prePostEnabled = true)
65. public class JwtSecurityConfig extends WebSecurityConfigurerAdapter {
66.  
67. @Autowired
68. private JwtAuthenticationProvider authenticationProvider;
69. @Autowired
70. private JwtAuthenticationEntryPoint entryPoint;
71.  
72. @Bean
73. public AuthenticationManager authenticationManager() {
74. return new ProviderManager(Collections.singletonList(authenticationProvider));
75. }
76.  
77. @Bean
78. public JwtAuthenticationTokenFilter authenticationTokenFilter(){
79. JwtAuthenticationTokenFilter filter = new JwtAuthenticationTokenFilter();
80. filter.setAuthenticationManager(authenticationManager());
81. filter.setAuthenticationSuccessHandler(new JwtSuccessHandler());
82. return filter;
83. }
84.  
85. @Override
86. protected void configure(HttpSecurity http) throws Exception {
87. http.csrf().disable().authorizeRequests().antMatchers("/rest/**").authenticated().and().exceptionHandling().authenticationEntryPoint(entryPoint)
88. .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
89.  
90. http.addFilterBefore(authenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
91.  
92. http.headers().cacheControl();
93. }
94. }