Configurado a autenticacao via token, utilizando spring configuration

Author: jonatassantoszup

testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/AutenticacaoViaTokenFilter.java

@@ -0,0 +1,55 @@
+package br.com.testesantanderway.config.security;
+
+import br.com.testesantanderway.modelo.Cliente;
+import br.com.testesantanderway.modelo.Perfil;
+import br.com.testesantanderway.repository.ClienteRepository;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.token.TokenService;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public class AutenticacaoViaTokenFilter extends OncePerRequestFilter {
+    private ServicoDeToken tokenService;
+    private ClienteRepository repository;
+
+    public AutenticacaoViaTokenFilter(ServicoDeToken tokenService, ClienteRepository repository) {
+        this.tokenService = tokenService;
+        this.repository = repository;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+        String token = recuperarToken(request);
+        boolean valido = tokenService.isTokenValido(token);
+        if (valido){
+            autenticarCliente(token);
+        }
+
+
+        filterChain.doFilter(request, response);
+    }
+
+    private void autenticarCliente(String token) {
+        String idCliente = tokenService.getIdCliente(token);
+        Cliente cliente = repository.findById(idCliente).get();
+        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(cliente,
+                null, cliente.getAuthorities());
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+    }
+
+    private String recuperarToken(HttpServletRequest request) {
+        String token = request.getHeader("Authorization");
+        if (token == null || token.isEmpty() || !token.startsWith("Bearer ")){
+            return null;
+        }
+
+        return token.substring(7, token.length());
+    }
+}

testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/ConfigSeguranca.java

@@ -1,5 +1,6 @@
 package br.com.testesantanderway.config.security;
 
+import br.com.testesantanderway.repository.ClienteRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -12,12 +13,18 @@
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @EnableWebSecurity
 @Configuration
 public class ConfigSeguranca extends WebSecurityConfigurerAdapter {
     @Autowired
     private AutenticacaoService autenticacaoService;
+    @Autowired
+    private ServicoDeToken tokenService;
+    @Autowired
+    private ClienteRepository clienteRepository;
+
 
     @Override
     @Bean
@@ -44,7 +51,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 .permitAll()
                 .anyRequest().authenticated()
                 .and().csrf().disable()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and().addFilterBefore(new AutenticacaoViaTokenFilter(tokenService, clienteRepository), UsernamePasswordAuthenticationFilter.class);
     }
 
     //Recursos estáticos(js, css, img, etc.)

testeSantanderWay/src/main/java/br/com/testesantanderway/config/security/ServicoDeToken.java

@@ -1,6 +1,7 @@
 package br.com.testesantanderway.config.security;
 
 import br.com.testesantanderway.modelo.Cliente;
+import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.beans.factory.annotation.Value;
@@ -28,4 +29,19 @@ public String gerarToken(Authentication authentication) {
                 .setExpiration(dataExpiracao)
                 .signWith(SignatureAlgorithm.HS256, secret).compact();
     }
+
+    public boolean isTokenValido(String token){
+        try {
+            Jwts.parser().setSigningKey(this.secret).parseClaimsJws(token);
+
+            return true;
+        } catch (Exception e){
+            return false;
+        }
+    }
+
+    public String getIdCliente(String token){
+        Claims claims = Jwts.parser().setSigningKey(this.secret).parseClaimsJws(token).getBody();
+        return claims.getSubject();
+    }
 }

testeSantanderWay/src/main/java/br/com/testesantanderway/controller/AuthController.java

@@ -2,20 +2,18 @@
 
 import br.com.testesantanderway.config.security.ServicoDeToken;
 import br.com.testesantanderway.controller.form.AuthForm;
+import br.com.testesantanderway.dto.TokenDTO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.token.TokenService;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.validation.Valid;
-
 @RestController
 @RequestMapping("/auth")
 public class AuthController {
@@ -25,16 +23,14 @@ public class AuthController {
     private ServicoDeToken servicoDeToken;
 
     @PostMapping
-    public ResponseEntity<?> login(@RequestBody AuthForm form){
+    public ResponseEntity<TokenDTO> login(@RequestBody AuthForm form){
         UsernamePasswordAuthenticationToken dadosLogin = form.converter();
         try {
             Authentication authentication = authManager.authenticate(dadosLogin);
             String token = servicoDeToken.gerarToken(authentication);
-            System.out.println(token);
-            return ResponseEntity.ok().build();
+            return ResponseEntity.ok(new TokenDTO(token, "Bearer"));
         } catch (AuthenticationException e){
             return ResponseEntity.badRequest().build();
         }
-
     }
 }

testeSantanderWay/src/main/java/br/com/testesantanderway/dto/TokenDTO.java

@@ -0,0 +1,27 @@
+package br.com.testesantanderway.dto;
+
+public class TokenDTO {
+    private String token;
+    private String tipo;
+
+    public TokenDTO(String token, String tipo) {
+        this.token = token;
+        this.tipo = tipo;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public String getTipo() {
+        return tipo;
+    }
+
+    public void setTipo(String tipo) {
+        this.tipo = tipo;
+    }
+}