@Configuration
@EnableWebSecurity
public class SecurityConfigurations {
@Autowired
private SecurityFilter securityFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return
http.csrf(csrf -> csrf.disable())
.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(req -> {
req.requestMatchers("/login").permitAll();
req.anyRequest().authenticated();
})
.addFilterBefore(securityFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception{
return configuration.getAuthenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
@Service
public class TokenService {
@Value("${api.security.token.secret}")
private String secret;
public String generationToken(User user){
try {
var algoritmo = Algorithm.HMAC256(secret);
return JWT.create()
.withIssuer("API SpringBoot meu")
.withSubject(user.getLogin())
.withClaim("ID", user.getId())
.withExpiresAt(dataExpiracao())
.sign(algoritmo);
} catch (JWTCreationException exception){
throw new RuntimeException("Error ao gerar o token jwt", exception);
}
}
public String getSubject(String tokenJWT){
try {
var algoritmo = Algorithm.HMAC256(secret);
return JWT.require(algoritmo)
.withIssuer("API SpringBoot meu")
.build()
.verify(tokenJWT)
.getSubject();
} catch (JWTVerificationException exception){
throw new RuntimeException("Token invalido ou expirado");
}
}
private Instant dataExpiracao() {
return LocalDateTime.now().plusHours(5).toInstant(ZoneOffset.of("-03:00"));
}
}
@Component
public class SecurityFilter extends OncePerRequestFilter {
@Autowired
private TokenService tokenService;
@Autowired
private UserRepository userRepository;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
System.out.println("Disparo de requetoion");
var tokenJWT = recuperarToken(request);
System.out.println(tokenJWT);
if(tokenJWT != null){
var subject = tokenService.getSubject(tokenJWT);
System.out.println(subject);
System.out.println(tokenJWT);
var userLogin = userRepository.findByLogin(subject);
var autheticationa = new UsernamePasswordAuthenticationToken(userLogin, null, userLogin.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(autheticationa);
System.out.println("testeeeee if do token");
}
filterChain.doFilter(request, response);
}
private String recuperarToken(HttpServletRequest request) {
var authorizationHeader = request.getHeader("Authorization");
if(authorizationHeader != null){
return authorizationHeader.replace("Bearer ", "").trim();
}
throw new RuntimeException("Token não enviado no cabeçario Authorization");
}
}
2024-04-05T19:17:08.679-03:00 INFO 20312 --- [nio-8081-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 1 ms
Disparo de requetoion
2024-04-05T19:17:08.698-03:00 ERROR 20312 --- [nio-8081-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.RuntimeException: Token não enviado no cabeçario Authorization
at projeto.crud.joao.com.apicrud.infra.security.SecurityFilter.recuperarToken(SecurityFilter.java:51) ~[classes/:na]
at projeto.crud.joao.com.apicrud.infra.security.SecurityFilter.doFilterInternal(SecurityFilter.java:29) ~[classes/:na]
Não era para aparecer esse erro visto que estou tentando fazer login com a rota http://localhost:8081/login