From 73f05b3eb5fb936e4290c754e9a49d35896f7bdd Mon Sep 17 00:00:00 2001
From: Julian Horner <julianhorner@web.de>
Date: Wed, 1 Jan 2020 16:14:28 +0100
Subject: [PATCH] Improve comments and minor improvements

---
 ...ernameAndPasswordAuthenticationFilter.java | 51 ++++++++++---------
 .../rtuni/ms/as/UserDetailsServiceImpl.java   |  1 +
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java b/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java
index 033581f..3a8d749 100644
--- a/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java
+++ b/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java
@@ -66,23 +66,23 @@ public class JwtUsernameAndPasswordAuthenticationFilter
     //----------------------------------------------------------------------------------------------
 
     /**
-     * {@inheritDoc}
+     * Read the credentials from the given request and tries to authenticate them.
      */
     @Override
-    public Authentication attemptAuthentication(HttpServletRequest request,
-            HttpServletResponse response) throws AuthenticationException {
+    public Authentication attemptAuthentication(HttpServletRequest requ, HttpServletResponse resp)
+            throws AuthenticationException {
         try {
-            // 1. Get credentials from request
+            // Reads the credentials from the request body 
+            // and put them in a newly created UserCredentials object.
             UserCredentials credentials =
-                    new ObjectMapper().readValue(request.getInputStream(), UserCredentials.class);
+                    new ObjectMapper().readValue(requ.getInputStream(), UserCredentials.class);
             
-            // 2. Create auth object (contains credentials) which will be used by auth manager
+            // Creates an authentication token object with the credentials from the request
             UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
                     credentials.getUsername(), credentials.getPassword(), Collections.emptyList());
             
-            // 3. Authentication manager authenticate the user, and use 
-            // UserDetailsServiceImpl::loadUserByUsername() method to load the user.
-
+            // The manager tries to authenticate, it uses the loadUserByUsername() method in 
+            // UserDetailsServiceImpl to load one of the embedded user.
             return authManager.authenticate(authToken);
         } catch (IOException e) {
             throw new RuntimeException(e);
@@ -92,38 +92,43 @@ public class JwtUsernameAndPasswordAuthenticationFilter
     //----------------------------------------------------------------------------------------------
 
     /**
-     * Upon successful authentication, generate a token. The 'auth' passed to
-     * successfulAuthentication() is the current authenticated user.
-     * 
-     * {@inheritDoc}
+     * Upon successful authentication, generate a token. The given <code>Authentication<code> object
+     * is the current authenticated user.
      */
     @Override
-    protected void successfulAuthentication(HttpServletRequest request,
-            HttpServletResponse response, FilterChain chain, Authentication auth)
-            throws IOException, ServletException {
+    protected void successfulAuthentication(HttpServletRequest requ, HttpServletResponse resp,
+            FilterChain chain, Authentication auth) throws IOException, ServletException {
         Long now = System.currentTimeMillis();
+        
+        // Building of the token
         String token = Jwts.builder().setSubject(auth.getName())
-                // Convert to list of strings. This is important because it affects the way we 
-                // get them back in the Gateway.
+                
+                // Convert authorities to list of strings
+                // This is important because it affects the way we get them back in the Gateway
                 .claim("authorities",
                         auth.getAuthorities().stream().map(GrantedAuthority::getAuthority)
-                                .collect(Collectors.toList()))
+                        .collect(Collectors.toList()))
                 .setIssuedAt(new Date(now))
-                .setExpiration(new Date(now + jwtConfig.getExpiration() * 1000)) // in milliseconds
+                .setExpiration(new Date(now + jwtConfig.getExpiration() * 1000))
+                
+                // Sign the token with a hash-based message authentication code,sha256 hash function
+                // and the given secret
                 .signWith(SignatureAlgorithm.HS512, jwtConfig.getSecret().getBytes()).compact();
 
-        // Add token to header
-        response.addHeader(jwtConfig.getHeader(), jwtConfig.getPrefix() + token);
+        // Add token to the header
+        resp.addHeader(jwtConfig.getHeader(), jwtConfig.getPrefix() + token);
+        resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
     }
 
     //----------------------------------------------------------------------------------------------
 
     /**
-     * A (temporary) class just to represent the user credentials.
+     * A (temporary) class to represent the user credentials.
      * 
      * @author Julian
      *
      */
+    @SuppressWarnings("unused")
     private static class UserCredentials {
         private String username;        
         private String password;
diff --git a/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java b/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java
index be6732f..6cba832 100644
--- a/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java
+++ b/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java
@@ -78,6 +78,7 @@ public class UserDetailsServiceImpl implements UserDetailsService {
      * @author Julian
      *
      */
+    @SuppressWarnings("unused")
     private static class AppUser {
         private Integer id;
         private String username;
-- 
GitLab