Add JWT authentication filter to auth service

yassinsws · waleedbaroudi · commit a48e34f26d92 · 2025-07-19T01:10:55.000+02:00
- Created JwtAuthenticationFilter for auth service
- Updated SecurityConfig to include JWT filter in chain
- Enables proper JWT token validation for authenticated endpoints like /api/auth/me
diff --git a/server/auth-service/src/main/kotlin/de/tum/cit/aet/auth/config/JwtAuthenticationFilter.kt b/server/auth-service/src/main/kotlin/de/tum/cit/aet/auth/config/JwtAuthenticationFilter.kt
@@ -0,0 +1,76 @@
+package de.tum.cit.aet.auth.config
+
+import de.tum.cit.aet.auth.service.JwtService
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.slf4j.LoggerFactory
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
+import org.springframework.stereotype.Component
+import org.springframework.web.filter.OncePerRequestFilter
+
+@Component
+class JwtAuthenticationFilter(
+    private val jwtService: JwtService,
+    private val userDetailsService: UserDetailsService
+) : OncePerRequestFilter() {
+    
+    private val logger = LoggerFactory.getLogger(JwtAuthenticationFilter::class.java)
+    
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain
+    ) {
+        logger.debug("JwtAuthenticationFilter: Processing request for URI: ${request.requestURI}")
+        
+        // Skip JWT authentication for public endpoints
+        if (isPublicEndpoint(request.requestURI)) {
+            logger.debug("JwtAuthenticationFilter: Skipping JWT authentication for public endpoint: ${request.requestURI}")
+            filterChain.doFilter(request, response)
+            return
+        }
+        
+        try {
+            val token = extractTokenFromRequest(request)
+            if (token != null && SecurityContextHolder.getContext().authentication == null) {
+                val username = jwtService.extractUsername(token)
+                val userDetails = userDetailsService.loadUserByUsername(username)
+                
+                if (jwtService.isTokenValid(token, userDetails)) {
+                    val authentication = UsernamePasswordAuthenticationToken(
+                        userDetails, null, userDetails.authorities
+                    )
+                    authentication.details = WebAuthenticationDetailsSource().buildDetails(request)
+                    SecurityContextHolder.getContext().authentication = authentication
+                    
+                    logger.debug("JwtAuthenticationFilter: Successfully authenticated user: $username")
+                }
+            }
+        } catch (e: Exception) {
+            logger.error("JWT authentication error: ${e.message}")
+        }
+        
+        filterChain.doFilter(request, response)
+    }
+    
+    private fun extractTokenFromRequest(request: HttpServletRequest): String? {
+        val authHeader = request.getHeader("Authorization")
+        return if (authHeader != null && authHeader.startsWith("Bearer ")) {
+            authHeader.substring(7)
+        } else null
+    }
+    
+    private fun isPublicEndpoint(uri: String): Boolean {
+        val publicEndpoints = listOf(
+            "/api/auth/register",
+            "/api/auth/login", 
+            "/api/auth/refresh",
+            "/actuator"
+        )
+        return publicEndpoints.any { uri.startsWith(it) }
+    }
+} 
diff --git a/server/auth-service/src/main/kotlin/de/tum/cit/aet/auth/config/SecurityConfig.kt b/server/auth-service/src/main/kotlin/de/tum/cit/aet/auth/config/SecurityConfig.kt
@@ -16,14 +16,17 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
 import org.springframework.security.crypto.password.PasswordEncoder
 import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 import org.springframework.web.cors.CorsConfiguration
 import org.springframework.web.cors.CorsConfigurationSource
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity
-class SecurityConfig {
+class SecurityConfig(
+    private val jwtAuthenticationFilter: JwtAuthenticationFilter
+) {
     
     @Bean
     fun securityFilterChain(http: HttpSecurity, authenticationProvider: AuthenticationProvider): SecurityFilterChain {
@@ -39,6 +42,7 @@ class SecurityConfig {
                 session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
             }
             .authenticationProvider(authenticationProvider)
+            .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter::class.java)
         
         return http.build()
     }
