From 73f05b3eb5fb936e4290c754e9a49d35896f7bdd Mon Sep 17 00:00:00 2001 From: Julian Horner <julianhorner@web.de> Date: Wed, 1 Jan 2020 16:14:28 +0100 Subject: [PATCH] Improve comments and minor improvements --- ...ernameAndPasswordAuthenticationFilter.java | 51 ++++++++++--------- .../rtuni/ms/as/UserDetailsServiceImpl.java | 1 + 2 files changed, 29 insertions(+), 23 deletions(-) diff --git a/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java b/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java index 033581f..3a8d749 100644 --- a/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java +++ b/src/main/java/de/rtuni/ms/as/JwtUsernameAndPasswordAuthenticationFilter.java @@ -66,23 +66,23 @@ public class JwtUsernameAndPasswordAuthenticationFilter //---------------------------------------------------------------------------------------------- /** - * {@inheritDoc} + * Read the credentials from the given request and tries to authenticate them. */ @Override - public Authentication attemptAuthentication(HttpServletRequest request, - HttpServletResponse response) throws AuthenticationException { + public Authentication attemptAuthentication(HttpServletRequest requ, HttpServletResponse resp) + throws AuthenticationException { try { - // 1. Get credentials from request + // Reads the credentials from the request body + // and put them in a newly created UserCredentials object. UserCredentials credentials = - new ObjectMapper().readValue(request.getInputStream(), UserCredentials.class); + new ObjectMapper().readValue(requ.getInputStream(), UserCredentials.class); - // 2. Create auth object (contains credentials) which will be used by auth manager + // Creates an authentication token object with the credentials from the request UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( credentials.getUsername(), credentials.getPassword(), Collections.emptyList()); - // 3. Authentication manager authenticate the user, and use - // UserDetailsServiceImpl::loadUserByUsername() method to load the user. - + // The manager tries to authenticate, it uses the loadUserByUsername() method in + // UserDetailsServiceImpl to load one of the embedded user. return authManager.authenticate(authToken); } catch (IOException e) { throw new RuntimeException(e); @@ -92,38 +92,43 @@ public class JwtUsernameAndPasswordAuthenticationFilter //---------------------------------------------------------------------------------------------- /** - * Upon successful authentication, generate a token. The 'auth' passed to - * successfulAuthentication() is the current authenticated user. - * - * {@inheritDoc} + * Upon successful authentication, generate a token. The given <code>Authentication<code> object + * is the current authenticated user. */ @Override - protected void successfulAuthentication(HttpServletRequest request, - HttpServletResponse response, FilterChain chain, Authentication auth) - throws IOException, ServletException { + protected void successfulAuthentication(HttpServletRequest requ, HttpServletResponse resp, + FilterChain chain, Authentication auth) throws IOException, ServletException { Long now = System.currentTimeMillis(); + + // Building of the token String token = Jwts.builder().setSubject(auth.getName()) - // Convert to list of strings. This is important because it affects the way we - // get them back in the Gateway. + + // Convert authorities to list of strings + // This is important because it affects the way we get them back in the Gateway .claim("authorities", auth.getAuthorities().stream().map(GrantedAuthority::getAuthority) - .collect(Collectors.toList())) + .collect(Collectors.toList())) .setIssuedAt(new Date(now)) - .setExpiration(new Date(now + jwtConfig.getExpiration() * 1000)) // in milliseconds + .setExpiration(new Date(now + jwtConfig.getExpiration() * 1000)) + + // Sign the token with a hash-based message authentication code,sha256 hash function + // and the given secret .signWith(SignatureAlgorithm.HS512, jwtConfig.getSecret().getBytes()).compact(); - // Add token to header - response.addHeader(jwtConfig.getHeader(), jwtConfig.getPrefix() + token); + // Add token to the header + resp.addHeader(jwtConfig.getHeader(), jwtConfig.getPrefix() + token); + resp.setStatus(HttpServletResponse.SC_NO_CONTENT); } //---------------------------------------------------------------------------------------------- /** - * A (temporary) class just to represent the user credentials. + * A (temporary) class to represent the user credentials. * * @author Julian * */ + @SuppressWarnings("unused") private static class UserCredentials { private String username; private String password; diff --git a/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java b/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java index be6732f..6cba832 100644 --- a/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java +++ b/src/main/java/de/rtuni/ms/as/UserDetailsServiceImpl.java @@ -78,6 +78,7 @@ public class UserDetailsServiceImpl implements UserDetailsService { * @author Julian * */ + @SuppressWarnings("unused") private static class AppUser { private Integer id; private String username; -- GitLab