Merge pull request #5 from alwinsimon/v1-dev-auth

V1 dev auth - Completed Auth Configurations.

Author: alwinsimon

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/ApplicationConfig.java

@@ -8,11 +8,14 @@
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 
+import java.security.Principal;
+
 @Configuration
 @RequiredArgsConstructor
 public class ApplicationConfig {
@@ -54,4 +57,9 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration a
 
     }
 
+    @Bean
+    public Principal principal() throws Exception {
+        return () -> SecurityContextHolder.getContext().getAuthentication().getName();
+    }
+
 }

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/AuthenticationRequest.java

@@ -0,0 +1,18 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationRequest {
+
+    private String email;
+
+    private String password;
+
+}

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/AuthenticationResponse.java

@@ -0,0 +1,16 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationResponse {
+
+    private String token;
+
+}

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/CorsConfig.java

@@ -0,0 +1,28 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.lang.Nullable;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.Collections;
+
+@Configuration
+public class CorsConfig implements CorsConfigurationSource {
+
+    @Override
+    @Nullable
+    public CorsConfiguration getCorsConfiguration(HttpServletRequest arg0) {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Collections.singletonList("*"));
+        config.setAllowedMethods(Collections.singletonList("*"));
+        config.setAllowCredentials(true);
+        config.setAllowedHeaders(Collections.singletonList("*"));
+        config.setExposedHeaders(Arrays.asList("Authorization"));
+        config.setMaxAge(3600L);
+
+        return config;
+    }
+}

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/RegisterRequest.java

@@ -0,0 +1,22 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class RegisterRequest {
+
+    private String name;
+
+    private String gender;
+
+    private String email;
+
+    private String password;
+
+}

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/SecurityConfig.java

@@ -1,8 +1,9 @@
 package com.alwinsimon.UserManagementJavaSpringBoot.Config;
 
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.CorsConfig;
 import com.alwinsimon.UserManagementJavaSpringBoot.Config.Filter.JwtAuthenticationFilter;
-import jakarta.servlet.Filter;
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationProvider;
@@ -20,18 +21,22 @@ public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final AuthenticationProvider authenticationProvider;
 
+    @Autowired
+    private CorsConfig corsConfig;
+
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
         http
                 .csrf((csrf) -> csrf.disable())
-                .authorizeHttpRequests(authorize ->authorize
-                        .requestMatchers("/health/","/api/v1/auth/**")
+                .cors(cors -> cors.configurationSource(corsConfig))
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/health/", "/api/v1/auth/**")
                         .permitAll()
                         .anyRequest()
                         .authenticated()
                 )
-                .sessionManagement((session)->session
+                .sessionManagement((session) -> session
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                 )
                 .authenticationProvider(authenticationProvider)

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Controller/AuthenticationController.java

@@ -0,0 +1,39 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Controller;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.AuthenticationRequest;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.AuthenticationResponse;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.RegisterRequest;
+import com.alwinsimon.UserManagementJavaSpringBoot.Service.AuthenticationService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/auth")
+@RequiredArgsConstructor
+public class AuthenticationController {
+
+    private final AuthenticationService authenticationService;
+
+    @PostMapping("/register")
+    public ResponseEntity<AuthenticationResponse> register(
+            @RequestBody RegisterRequest request
+    ) {
+
+        return ResponseEntity.ok(authenticationService.register(request));
+
+    }
+
+    @PostMapping("/authenticate")
+    public ResponseEntity<AuthenticationResponse> authenticate(
+            @RequestBody AuthenticationRequest request
+    ) {
+
+        return ResponseEntity.ok(authenticationService.authenticate(request));
+
+    }
+
+}

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Controller/UserController.java

@@ -1,15 +1,26 @@
 package com.alwinsimon.UserManagementJavaSpringBoot.Controller;
 
-import org.springframework.web.bind.annotation.*;
-//import com.alwinsimon.UserManagementJavaSpringBoot.Model.User;
+import com.alwinsimon.UserManagementJavaSpringBoot.Model.User;
+import com.alwinsimon.UserManagementJavaSpringBoot.Service.UserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 @RequestMapping("/api/v1/user")
+@RequiredArgsConstructor
 @CrossOrigin("*")
 public class UserController {
-    @PostMapping("/register")
-    public String addUser(@RequestBody String requestBody){
-        System.out.println("Received request body: " + requestBody);
-        return requestBody;
+
+    private final UserService userService;
+
+    @GetMapping("/current-user")
+    public User getCurrentUser() {
+
+        // API Endpoint to get the LoggedIn User Details using Token received in the Request Header.
+        return userService.currentUserDetails();
+        
     }
 }

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Model/User.java

@@ -1,6 +1,7 @@
 package com.alwinsimon.UserManagementJavaSpringBoot.Model;
 
 import jakarta.persistence.*;
+import lombok.Builder;
 import lombok.Data;
 import lombok.AllArgsConstructor;
 import lombok.NoArgsConstructor;
@@ -12,6 +13,7 @@
 import java.util.List;
 
 @Data
+@Builder
 @AllArgsConstructor
 @NoArgsConstructor
 @Entity

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Service/AuthenticationService.java

@@ -0,0 +1,75 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Service;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.AuthenticationRequest;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.AuthenticationResponse;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.RegisterRequest;
+import com.alwinsimon.UserManagementJavaSpringBoot.Model.Role;
+import com.alwinsimon.UserManagementJavaSpringBoot.Model.User;
+import com.alwinsimon.UserManagementJavaSpringBoot.Repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class AuthenticationService {
+
+    private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+    private final JwtService jwtService;
+    private final AuthenticationManager authenticationManager;
+
+    public AuthenticationResponse register(RegisterRequest request) {
+
+        // Build a user using builder in user model.
+        var user = User.builder()
+                .name(request.getName())
+                .gender(request.getGender())
+                .email(request.getEmail())
+                .password(passwordEncoder.encode(request.getPassword()))
+                .role(Role.USER)
+                .build();
+
+        // Save User to DB using UserRepository
+        userRepository.save(user);
+
+        // Generate a JWT Token to return along with Response.
+        var jwtToken = jwtService.generateJwtToken(user);
+
+        return AuthenticationResponse.builder()
+                .token(jwtToken)
+                .build();
+
+    }
+
+    public AuthenticationResponse authenticate(AuthenticationRequest request) {
+
+        // Try Authenticating user with Authentication Manager
+        authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(
+                        request.getEmail(),
+                        request.getPassword()
+                )
+        );
+
+        /**
+         * If the authentication manager authenticated user without throwing any exception
+         * Find user and generate auth token
+         * Send auth token back to user.
+         */
+
+        var user = userRepository.findByEmail(request.getEmail())
+                .orElseThrow(() -> new UsernameNotFoundException("User not found."));
+
+        // Generate a JWT Token to return along with Response.
+        var jwtToken = jwtService.generateJwtToken(user);
+
+        return AuthenticationResponse.builder()
+                .token(jwtToken)
+                .build();
+
+    }
+}

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Service/JwtService.java

@@ -42,7 +42,7 @@ private Claims extractAllClaimsFromJwtToken(String jwtToken) {
                 .parserBuilder()
                 .setSigningKey(getJwtSigningKey())
                 .build()
-                .parseClaimsJwt(jwtToken)
+                .parseClaimsJws(jwtToken)
                 .getBody();
 
     }

src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Service/UserService.java

@@ -0,0 +1,21 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Service;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Model.User;
+import com.alwinsimon.UserManagementJavaSpringBoot.Repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.security.Principal;
+
+@Service
+@RequiredArgsConstructor
+public class UserService {
+
+    private final UserRepository userRepository;
+    private final Principal principal;
+
+    public User currentUserDetails() {
+        String email = principal.getName();
+        return userRepository.findByEmail(email).orElse(null);
+    }
+}