completed logout API. JWT token was expired.

Author: cevheri

src/main/java/com/cevheri/blog/domain/User.java

@@ -2,7 +2,9 @@
 
 import com.cevheri.blog.config.Constants;
 import com.cevheri.blog.domain.audit.AbstractEntityAuditEvent;
+import com.cevheri.blog.domain.enumeration.UserLoginStatus;
 import com.fasterxml.jackson.annotation.JsonIgnore;
+
 import java.io.Serializable;
 import java.time.Instant;
 import java.util.HashSet;
@@ -13,6 +15,7 @@
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
+
 import org.apache.commons.lang3.StringUtils;
 import org.hibernate.annotations.BatchSize;
 import org.hibernate.annotations.Cache;
@@ -88,13 +91,25 @@ public class User
     @ManyToMany
     @JoinTable(
         name = "jhi_user_authority",
-        joinColumns = { @JoinColumn(name = "user_id", referencedColumnName = "id") },
-        inverseJoinColumns = { @JoinColumn(name = "authority_name", referencedColumnName = "name") }
+        joinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "id")},
+        inverseJoinColumns = {@JoinColumn(name = "authority_name", referencedColumnName = "name")}
     )
     @Cache(usage = CacheConcurrencyStrategy.NONSTRICT_READ_WRITE)
     @BatchSize(size = 20)
     private Set<Authority> authorities = new HashSet<>();
 
+    @Enumerated(EnumType.STRING)
+    @Column(name = "login_status")
+    private UserLoginStatus loginStatus;
+
+    public UserLoginStatus getLoginStatus() {
+        return loginStatus;
+    }
+
+    public void setLoginStatus(UserLoginStatus loginStatus) {
+        this.loginStatus = loginStatus;
+    }
+
     public Long getId() {
         return id;
     }

src/main/java/com/cevheri/blog/domain/AbstractAuditingEntity.java renamed to src/main/java/com/cevheri/blog/domain/audit/AbstractCRUDEntity.java

@@ -1,4 +1,4 @@
-package com.cevheri.blog.domain;
+package com.cevheri.blog.domain.audit;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import java.io.Serializable;
@@ -18,7 +18,7 @@
  */
 @MappedSuperclass
 @EntityListeners(AuditingEntityListener.class)
-public abstract class AbstractAuditingEntity implements Serializable {
+public abstract class AbstractCRUDEntity implements Serializable {
 
     private static final long serialVersionUID = 1L;
 

src/main/java/com/cevheri/blog/domain/enumeration/UserLoginStatus.java

@@ -0,0 +1,6 @@
+package com.cevheri.blog.domain.enumeration;
+
+public enum UserLoginStatus {
+    LOGOUT,
+    LOGIN
+}

src/main/java/com/cevheri/blog/security/UserLogoutFilter.java

@@ -0,0 +1,52 @@
+package com.cevheri.blog.security;
+
+import com.cevheri.blog.domain.User;
+import com.cevheri.blog.domain.enumeration.UserLoginStatus;
+import com.cevheri.blog.service.UserService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.filter.GenericFilterBean;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.util.Optional;
+
+@Configuration
+public class UserLogoutFilter extends GenericFilterBean {
+
+    private final Logger log = LoggerFactory.getLogger(UserLogoutFilter.class);
+    private final UserService userService;
+
+    public UserLogoutFilter(UserService userService) {
+        this.userService = userService;
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+        throws IOException, ServletException {
+        String url = "";
+        try {
+            url = ((HttpServletRequest) servletRequest).getRequestURL().toString();
+        } catch (Exception e) {
+            log.error("UserLogoutFilter url convert error.");
+        }
+        log.trace(url);
+        if (!url.contains("authenticate")) {
+            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
+            Optional<User> currentUser = userService.getCurrentUser();
+            log.trace("UserLogoutFilter, user: {}", SecurityUtils.getCurrentUserLogin());
+            currentUser.ifPresent(t -> {
+                if (UserLoginStatus.LOGOUT.equals(t.getLoginStatus())) {
+                    log.error("User token expired!. User: {}", t);
+                    throw new UserTokenExpiredException("User access token was expired!", "user", "userTokenExpired");
+                }
+            });
+        }
+        filterChain.doFilter(servletRequest, servletResponse);
+    }
+}

src/main/java/com/cevheri/blog/security/UserTokenExpiredException.java

@@ -0,0 +1,42 @@
+package com.cevheri.blog.security;
+
+import org.zalando.problem.AbstractThrowableProblem;
+import org.zalando.problem.Status;
+
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+
+public class UserTokenExpiredException extends AbstractThrowableProblem {
+
+    private static final long serialVersionUID = 1L;
+
+    private final String entityName;
+
+    private final String errorKey;
+
+    public UserTokenExpiredException(String defaultMessage, String entityName, String errorKey) {
+        this(URI.create("https://www.cevheri-blog.herokuapp.com/user-token-expired-exception"), defaultMessage, entityName, errorKey);
+    }
+
+    public UserTokenExpiredException(URI type, String defaultMessage, String entityName, String errorKey) {
+        super(type, defaultMessage, Status.UNAUTHORIZED, null, null, null, getAlertParameters(entityName, errorKey));
+        this.entityName = entityName;
+        this.errorKey = errorKey;
+    }
+
+    public String getEntityName() {
+        return entityName;
+    }
+
+    public String getErrorKey() {
+        return errorKey;
+    }
+
+    private static Map<String, Object> getAlertParameters(String entityName, String errorKey) {
+        Map<String, Object> parameters = new HashMap<>();
+        parameters.put("message", "error." + errorKey);
+        parameters.put("params", entityName);
+        return parameters;
+    }
+}

src/main/java/com/cevheri/blog/service/UserService.java

@@ -290,7 +290,10 @@ public Optional<User> getUserWithAuthoritiesByLogin(String login) {
     public Optional<User> getUserWithAuthorities() {
         return SecurityUtils.getCurrentUserLogin().flatMap(userRepository::findOneWithAuthoritiesByLogin);
     }
-
+    @Transactional(readOnly = true)
+    public Optional<User> getCurrentUser() {
+        return SecurityUtils.getCurrentUserLogin().flatMap(userRepository::findOneByLogin);
+    }
     /**
      * Not activated users should be automatically deleted after 3 days.
      * <p>

src/main/java/com/cevheri/blog/web/rest/UserJWTController.java

@@ -1,10 +1,15 @@
 package com.cevheri.blog.web.rest;
 
+import com.cevheri.blog.domain.enumeration.UserLoginStatus;
+import com.cevheri.blog.repository.UserRepository;
+import com.cevheri.blog.security.SecurityUtils;
 import com.cevheri.blog.security.jwt.JWTFilter;
 import com.cevheri.blog.security.jwt.TokenProvider;
 import com.cevheri.blog.web.rest.vm.LoginVM;
 import com.fasterxml.jackson.annotation.JsonProperty;
+
 import javax.validation.Valid;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -22,12 +27,16 @@
 public class UserJWTController {
 
     private final TokenProvider tokenProvider;
-
     private final AuthenticationManagerBuilder authenticationManagerBuilder;
+    private final UserRepository userRepository;
 
-    public UserJWTController(TokenProvider tokenProvider, AuthenticationManagerBuilder authenticationManagerBuilder) {
+    public UserJWTController(TokenProvider tokenProvider,
+                             AuthenticationManagerBuilder authenticationManagerBuilder,
+                             UserRepository userRepository) {
         this.tokenProvider = tokenProvider;
         this.authenticationManagerBuilder = authenticationManagerBuilder;
+
+        this.userRepository = userRepository;
     }
 
     @PostMapping("/authenticate")
@@ -42,9 +51,26 @@ public ResponseEntity<JWTToken> authorize(@Valid @RequestBody LoginVM loginVM) {
         String jwt = tokenProvider.createToken(authentication, loginVM.isRememberMe());
         HttpHeaders httpHeaders = new HttpHeaders();
         httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
+        updateLoginStatus(UserLoginStatus.LOGIN);
         return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
     }
 
+    @PostMapping("/logout")
+    public ResponseEntity<String> logout() {
+        updateLoginStatus(UserLoginStatus.LOGOUT);
+        return new ResponseEntity<>("TokenExpired", HttpStatus.OK);
+    }
+
+    private void updateLoginStatus(UserLoginStatus status) {
+        SecurityUtils
+            .getCurrentUserLogin()
+            .flatMap(userRepository::findOneByLogin)
+            .ifPresent(user -> {
+                user.setLoginStatus(status);
+                userRepository.save(user);
+            });
+    }
+
     /**
      * Object to return as body in JWT Authentication.
      */

src/main/java/com/cevheri/blog/web/rest/errors/ErrorConstants.java

@@ -6,7 +6,7 @@ public final class ErrorConstants {
 
     public static final String ERR_CONCURRENCY_FAILURE = "error.concurrencyFailure";
     public static final String ERR_VALIDATION = "error.validation";
-    public static final String PROBLEM_BASE_URL = "https://www.jhipster.tech/problem";
+    public static final String PROBLEM_BASE_URL = "https://www.cevheri-blog.herokuapp.com/problem";
     public static final URI DEFAULT_TYPE = URI.create(PROBLEM_BASE_URL + "/problem-with-message");
     public static final URI CONSTRAINT_VIOLATION_TYPE = URI.create(PROBLEM_BASE_URL + "/constraint-violation");
     public static final URI INVALID_PASSWORD_TYPE = URI.create(PROBLEM_BASE_URL + "/invalid-password");

src/main/resources/config/liquibase/changelog/00000000000000_initial_schema.xml

@@ -118,4 +118,10 @@
             <column name="local_date" type="date"/>
         </createTable>
     </changeSet>
+
+    <changeSet id="user-logout" author="cevheri">
+        <addColumn tableName="jhi_user">
+            <column name="login_status" type="varchar(50)"/>
+        </addColumn>
+    </changeSet>
 </databaseChangeLog>