Minor improvements

b9f23663 · Julian Horner · 66dbcc9d · b9f23663 · b9f23663 · b9f23663
Commit b9f23663 authored Jan 3, 2020 by Julian Horner
--- a/src/main/java/de/rtuni/ms/apig/config/JwtConfiguration.java
+++ b/src/main/java/de/rtuni/ms/apig/config/JwtConfiguration.java
@@ -13,13 +13,17 @@ import org.springframework.beans.factory.annotation.Value;
 * @author Julian
 *
 */
-public class JwtConfiguration {
+public class JWTConfiguration {
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
    /** Get the URI where the credentials needs to be send. */
    @Value("${security.jwt.uri:/auth/**}")
    private String Uri;
+    /** Get the header authorization type. */
+    @Value("${security.jwt.header:Authorization}")
+    private String header;
    /** Get the prefix of the token message. */
    @Value("${security.jwt.prefix:Bearer}")
    private String prefix;
@@ -32,7 +36,7 @@ public class JwtConfiguration {
    @Value("${security.jwt.secret:JwtSecretKey}")
    private String secret;
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
    /**
     * Get the URI where the credentials needs to be send.
@@ -41,26 +45,33 @@ public class JwtConfiguration {
     */
    public String getUri() { return Uri; }
+    /**
+     * Get the header authorization type.
+     * 
+     * @return The stated header
+     */
+    public String getHeader() { return header; }
    /**
     * Get the prefix of the token message.
     * 
-     * @return The prefix
+     * @return The stated prefix
     */
    public String getPrefix() { return prefix; }
    /**
     * Get the expiration of the token in seconds.
     * 
-     * @return The expiration
+     * @return The stated expiration
     */
    public int getExpiration() { return expiration; }
    /**
     * Get the the key for encryption and decryption.
     * 
-     * @return The secret
+     * @return The stated secret
     */
    public String getSecret() { return secret; }
-    //----------------------------------------------------------------------------------------------
+    //---------------------------------------------------------------------------------------------
 }
--- a/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
+++ b/src/main/java/de/rtuni/ms/apig/config/SecurityConfiguration.java
@@ -26,7 +26,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    /** The <code>JwtConfiguration</code>. */
    @Autowired
-    private JwtConfiguration jwtConfiguration;
+    private JWTConfiguration jwtConfiguration;
    //---------------------------------------------------------------------------------------------
@@ -36,16 +36,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     * @return The stated JWT configuration
     */
    @Bean
-    public JwtConfiguration jwtConfig() {
+    public JWTConfiguration jwtConfig() { return new JWTConfiguration(); }
-        return new JwtConfiguration();
-    }
    //---------------------------------------------------------------------------------------------
    /**
     * Configure custom security configurations.
-     * <p>
-     * {@inheritDoc}
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {

--- a/src/main/java/de/rtuni/ms/apig/filter/JWTAuthenticationFilter.java
+++ b/src/main/java/de/rtuni/ms/apig/filter/JWTAuthenticationFilter.java
@@ -19,12 +19,12 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
-import de.rtuni.ms.apig.config.JwtConfiguration;
+import de.rtuni.ms.apig.config.JWTConfiguration;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 /**
- * Filter class for authentication of the JWT.
+ * Filter class for authentication of the user via the JWT.
 * 
 * @author Julian
 */
@@ -32,7 +32,7 @@ public class JWTAuthenticationFilter extends OncePerRequestFilter {
    //---------------------------------------------------------------------------------------------
    /** The <code>JwtConfiguration</code>. */
-    private JwtConfiguration jwtConfig;
+    private JWTConfiguration jwtConfiguration;
    //---------------------------------------------------------------------------------------------
@@ -41,7 +41,7 @@ public class JWTAuthenticationFilter extends OncePerRequestFilter {
     * 
     * @param config The stated configuration
     */
-    public JWTAuthenticationFilter(final JwtConfiguration config) { jwtConfig = config; }
+    public JWTAuthenticationFilter(final JWTConfiguration config) { jwtConfiguration = config; }
    //---------------------------------------------------------------------------------------------
@@ -50,8 +50,6 @@ public class JWTAuthenticationFilter extends OncePerRequestFilter {
     * currently authenticated user. That includes the authorities which were granted to the
     * user by the auth service. If there is no supplied token the next filter will be
     * executed.
-     * <p>
-     * {@inheritDoc}
     */
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
@@ -59,19 +57,19 @@ public class JWTAuthenticationFilter extends OncePerRequestFilter {
        // Gets the access_token parameter.
        String bearerToken = request.getParameter("access_token");
        // Validate the header and check the prefix.
-        if (bearerToken == null || !bearerToken.startsWith(jwtConfig.getPrefix())) {
+        if (bearerToken == null || !bearerToken.startsWith(jwtConfiguration.getPrefix())) {
            // If there's no token the user isn't authenticated and we execute the next filter. 
            chain.doFilter(request, response); // If not valid, go to the next filter.
            return;
        }
        // Removes the bearer substring from the authentication header.
-        String token = bearerToken.replace(jwtConfig.getPrefix(), "");
+        String token = bearerToken.replace(jwtConfiguration.getPrefix(), "");
        // Exceptions can be triggered when creating claims, e.g if the token has expired.
        try { 
            // Sets secret and decrypts the token.
-            Claims claims = Jwts.parser().setSigningKey(jwtConfig.getSecret().getBytes())
+            Claims claims = Jwts.parser().setSigningKey(jwtConfiguration.getSecret().getBytes())
                    .parseClaimsJws(token).getBody();
            String username = claims.getSubject();

--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -56,7 +56,7 @@
                      document.loginForm.submit();
                  } else if (httpRequest.status === 401) {
-                      alert("You are not authorized to see the page.");
+                      alert("Authorization failed, either user or password was incorrect.");
                  } else {
                      alert("Something went wrong try again.");
                  }