feat: throw on init if invalid jwt config

Author: g-otn

src/main/java/br/com/grupo63/techchallenge/common/api/controller/AbstractAPIController.java

@@ -4,6 +4,8 @@
 import br.com.grupo63.techchallenge.common.exception.GenericException;
 import br.com.grupo63.techchallenge.common.exception.NotFoundException;
 import br.com.grupo63.techchallenge.common.exception.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.MessageSource;
 import org.springframework.context.i18n.LocaleContextHolder;
@@ -21,10 +23,11 @@ public abstract class AbstractAPIController {
     @Autowired
     private MessageSource messageSource;
 
+    private static final Logger logger = LoggerFactory.getLogger(AbstractAPIController.class);
+
     @ExceptionHandler
     public ResponseEntity<DefaultResponseDTO> handleException(Exception exception) {
-
-        System.err.println("AbstractAPIController is handling expection:" + exception.getMessage());
+        logger.warn("AbstractAPIController caught exception:");
         exception.printStackTrace();
 
         DefaultResponseDTO responseDTO = new DefaultResponseDTO(

src/main/java/br/com/grupo63/techchallenge/common/config/JwtFilter.java

@@ -16,22 +16,30 @@
 public class JwtFilter implements Filter {
 
     private final JwtService jwtService;
+    private static final Logger log = LoggerFactory.getLogger(JwtFilter.class);
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
         try {
             String authHeader = ((HttpServletRequest) request).getHeader("Authorization");
+            log.debug("Auth header: {}", authHeader);
+
             if (!StringUtils.hasLength(authHeader) || !StringUtils.startsWithIgnoreCase(authHeader, "Bearer ")) {
                 throw new GeneralSecurityException("Missing or invalid authorization header");
             }
+
             String jwt = authHeader.substring(7);
             Claims claims = jwtService.getClaims(jwt);
             request.setAttribute("clientId", claims.get("sub"));
+
             filterChain.doFilter(request, response);
-        } catch (Exception e) {
-            ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-            response.getWriter().write("Unauthorized: Missing or incorrect JWT Token.");
+        } catch (GeneralSecurityException e) {
+            log.info("Unauthorized: {}", e.getMessage());
+            response.getWriter().write("Unauthorized: Missing or incorrect JWT token.");
+        } catch (RuntimeException e) {
+            e.printStackTrace();
+            ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            response.getWriter().write("Unexpected error during JWT filter");
         }
     }
-}
-
+}

src/main/java/br/com/grupo63/techchallenge/common/config/JwtService.java

@@ -1,30 +1,37 @@
 package br.com.grupo63.techchallenge.common.config;
 
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.io.Decoders;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
-import java.security.Key;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
 
 @Service
 public class JwtService {
+    private static final Logger log = LoggerFactory.getLogger(JwtService.class);
 
-    @Value("${jwt.token.key.public}")
-    private String jwtSigningKey;
+    private final JwtParser parser;
 
-    public Claims getClaims(String token) throws NoSuchAlgorithmException, InvalidKeySpecException {
-        return Jwts.parser().setSigningKey(getSigningKey()).build().parseClaimsJws(token)
-                .getBody();
+    public JwtService(@Value("${app.auth.jwt_public_key}") String jwtPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
+        log.info("Initializing JWT Service\nPublic key: {}", jwtPublicKey);
+        parser = Jwts.parser().verifyWith(getVerifyingKey(jwtPublicKey)).build();
     }
 
-    private Key getSigningKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
-        byte[] keyBytes = Decoders.BASE64.decode(jwtSigningKey);
+    public Claims getClaims(String token) {
+        return parser.parseSignedClaims(token).getPayload();
+    }
+
+    private PublicKey getVerifyingKey(String jwtPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
+        byte[] keyBytes = Decoders.BASE64.decode(jwtPublicKey);
         X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
         KeyFactory kf = KeyFactory.getInstance("RSA");
         return kf.generatePublic(spec);