alwinsimon
diff --git a/‎pom.xml
Lines changed: 37 additions & 2 deletions b/‎pom.xml
Lines changed: 37 additions & 2 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/ApplicationConfig.java
Lines changed: 65 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/ApplicationConfig.java
Lines changed: 65 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/AuthenticationRequest.java
Lines changed: 18 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/AuthenticationRequest.java
Lines changed: 18 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/AuthenticationResponse.java
Lines changed: 16 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/AuthenticationResponse.java
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/CorsConfig.java
Lines changed: 28 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/CorsConfig.java
Lines changed: 28 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/RegisterRequest.java
Lines changed: 22 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Auth/RegisterRequest.java
Lines changed: 22 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Filter/JwtAuthenticationFilter.java
Lines changed: 80 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/Filter/JwtAuthenticationFilter.java
Lines changed: 80 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/SecurityConfig.java
Lines changed: 47 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Config/SecurityConfig.java
Lines changed: 47 additions & 0 deletions
diff --git a/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Controller/AuthenticationController.java
Lines changed: 39 additions & 0 deletions b/‎src/main/java/com/alwinsimon/UserManagementJavaSpringBoot/Controller/AuthenticationController.java
Lines changed: 39 additions & 0 deletions
@@ -24,8 +24,7 @@
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-test</artifactId>
-			<scope>test</scope>
+			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 
 		<dependency>
@@ -38,6 +37,42 @@
 			<artifactId>postgresql</artifactId>
 			<scope>runtime</scope>
 		</dependency>
+
+		<dependency>
+			<groupId>org.projectlombok</groupId>
+			<artifactId>lombok</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+		
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<build>
 
@@ -0,0 +1,65 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Repository.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import java.security.Principal;
+
+@Configuration
+@RequiredArgsConstructor
+public class ApplicationConfig {
+
+    private final UserRepository userRepository;
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+
+        return username -> userRepository.findByEmail(username)
+                .orElseThrow(() -> new UsernameNotFoundException("User not found."));
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+
+        return new BCryptPasswordEncoder();
+
+    }
+
+    @Bean
+    public AuthenticationProvider authenticationProvider() {
+
+        // Creating an authentication provider with Data Access Object Authentication Provider
+        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
+
+        // Configuring authProvider
+        authProvider.setUserDetailsService(userDetailsService());
+        authProvider.setPasswordEncoder(passwordEncoder());
+
+        return authProvider;
+
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+
+        return authenticationConfiguration.getAuthenticationManager();
+
+    }
+
+    @Bean
+    public Principal principal() throws Exception {
+        return () -> SecurityContextHolder.getContext().getAuthentication().getName();
+    }
+
+}
@@ -0,0 +1,18 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationRequest {
+
+    private String email;
+
+    private String password;
+
+}
@@ -0,0 +1,16 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class AuthenticationResponse {
+
+    private String token;
+
+}
@@ -0,0 +1,28 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.lang.Nullable;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+
+import java.util.Arrays;
+import java.util.Collections;
+
+@Configuration
+public class CorsConfig implements CorsConfigurationSource {
+
+    @Override
+    @Nullable
+    public CorsConfiguration getCorsConfiguration(HttpServletRequest arg0) {
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowedOrigins(Collections.singletonList("*"));
+        config.setAllowedMethods(Collections.singletonList("*"));
+        config.setAllowCredentials(true);
+        config.setAllowedHeaders(Collections.singletonList("*"));
+        config.setExposedHeaders(Arrays.asList("Authorization"));
+        config.setMaxAge(3600L);
+
+        return config;
+    }
+}
@@ -0,0 +1,22 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class RegisterRequest {
+
+    private String name;
+
+    private String gender;
+
+    private String email;
+
+    private String password;
+
+}
@@ -0,0 +1,80 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config.Filter;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Service.JwtService;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.lang.NonNull;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    private final JwtService jwtService;
+    private final UserDetailsService userDetailsService;
+
+    @Override
+    protected void doFilterInternal(
+            @NonNull HttpServletRequest request,
+            @NonNull HttpServletResponse response,
+            @NonNull FilterChain filterChain
+    ) throws ServletException, IOException {
+
+        final String jwtFromRequest;
+        final String authHeaderFromRequest;
+        final String userEmail;
+
+        // Try to parse JWT from the request header if it exists.
+        authHeaderFromRequest = request.getHeader("Authorization");
+
+        // Return early if there is no valid authorization header.
+        if (authHeaderFromRequest == null || !authHeaderFromRequest.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        // Parse and store JWT Token received from Authorisation Header.
+        jwtFromRequest = authHeaderFromRequest.substring(7);
+
+        // Decrypt Token and find user email from token claims
+        userEmail = jwtService.extractUsername(jwtFromRequest);
+
+        if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) {
+            // Fetch user details from DB using userDetailsService.
+            UserDetails userDetails = this.userDetailsService.loadUserByUsername(userEmail);
+
+            if (jwtService.isTokenValid(jwtFromRequest, userDetails)) {
+                // Authenticate user as the Token is Valid
+
+                UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
+                        userDetails,
+                        null,
+                        userDetails.getAuthorities()
+                );
+
+                authToken.setDetails(
+                        new WebAuthenticationDetailsSource().buildDetails(request)
+                );
+
+                // Update Security Context Holder with authToken
+                SecurityContextHolder.getContext().setAuthentication(authToken);
+
+            }
+        }
+
+        // Passing the control to next filters for continuation of execution.
+        filterChain.doFilter(request, response);
+
+    }
+}
@@ -0,0 +1,47 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Config;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.CorsConfig;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Filter.JwtAuthenticationFilter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final AuthenticationProvider authenticationProvider;
+
+    @Autowired
+    private CorsConfig corsConfig;
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+
+        http
+                .csrf((csrf) -> csrf.disable())
+                .cors(cors -> cors.configurationSource(corsConfig))
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/health/", "/api/v1/auth/**")
+                        .permitAll()
+                        .anyRequest()
+                        .authenticated()
+                )
+                .sessionManagement((session) -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                )
+                .authenticationProvider(authenticationProvider)
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+}
@@ -0,0 +1,39 @@
+package com.alwinsimon.UserManagementJavaSpringBoot.Controller;
+
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.AuthenticationRequest;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.AuthenticationResponse;
+import com.alwinsimon.UserManagementJavaSpringBoot.Config.Auth.RegisterRequest;
+import com.alwinsimon.UserManagementJavaSpringBoot.Service.AuthenticationService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@RequestMapping("/api/v1/auth")
+@RequiredArgsConstructor
+public class AuthenticationController {
+
+    private final AuthenticationService authenticationService;
+
+    @PostMapping("/register")
+    public ResponseEntity<AuthenticationResponse> register(
+            @RequestBody RegisterRequest request
+    ) {
+
+        return ResponseEntity.ok(authenticationService.register(request));
+
+    }
+
+    @PostMapping("/authenticate")
+    public ResponseEntity<AuthenticationResponse> authenticate(
+            @RequestBody AuthenticationRequest request
+    ) {
+
+        return ResponseEntity.ok(authenticationService.authenticate(request));
+
+    }
+
+}