Não consigo subir a aplicação | Kotlin e Spring: segurança e infraestrutura

Solucionado (ver solução)

Solucionado
(ver solução)

5
respostas

Referente ao curso Kotlin e Spring: segurança e infraestrutura, no capítulo Segurança com JWT e atividade Autenticação com JWT

por Francisco Orlando Berti

| 162.5k xp | 16 posts

Desenvolvedor Android/Java Junior

Em razão do curso estar numa versão muito mais antiga, muitos métodos e classes estão depreciadas, até o BasicToken consegui contornar, mas daqui pra frente não consigo seguir o curso, preciso de ajuda:

Classe SecurityConfiguration:

package br.com.architectbudgeplanner.config

import br.com.architectbudgeplanner.security.JWTAuthenticationFilter
import br.com.architectbudgeplanner.security.JWTLoginFilter
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.invoke
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter


@Configuration
@EnableWebSecurity
class SecurityConfiguration(
    val jwtUtil: JWTUtil
) {

    @Bean
    fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
        http.invoke {
            csrf { disable() } //TODO habilitar csrf para aumentar segurança
            authorizeRequests {
                authorize(HttpMethod.POST,"/login", permitAll)
                authorize(anyRequest, authenticated)
            }
            http.addFilterBefore(JWTLoginFilter(authManager = authenticationManager!!, jwtUtil = jwtUtil), UsernamePasswordAuthenticationFilter::class.java)
            http.addFilterBefore(JWTAuthenticationFilter(jwtUtil = jwtUtil), UsernamePasswordAuthenticationFilter::class.java)
            sessionManagement {
                sessionCreationPolicy = SessionCreationPolicy.STATELESS
            }
            headers { frameOptions { disable() } }
        }
        return http.build()
    }

    @Bean
    fun encoder(): PasswordEncoder = BCryptPasswordEncoder()

}

Classe JWTUtil

package br.com.architectbudgeplanner.config

import io.jsonwebtoken.Jwts
import io.jsonwebtoken.SignatureAlgorithm
import org.springframework.beans.factory.annotation.Value
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.stereotype.Component
import java.util.*
import javax.crypto.spec.SecretKeySpec

@Component
class JWTUtil (
    private val expiration: Long = 60000,
    @Value("\${jwt.secret}") private var secret: String
){

    private val key = SecretKeySpec(secret.toByteArray(), "HmacSHA512")

    fun generateToken(username: String): String? {
        return Jwts.builder()
            .subject(username)
            .expiration(Date(System.currentTimeMillis() + expiration))
            .signWith(key, SignatureAlgorithm.HS512)
            .compact()
    }

    fun isValid(jwt: String?): Boolean {
        return try {
            Jwts.parser()
                .setSigningKey(key)
                .build()
                .parseClaimsJws(jwt)
            true
        } catch (e: Exception) {
            false
        }
    }

    fun getAuthentication(jwt: String?): Authentication {
        val username = Jwts.parser()
            .setSigningKey(key)
            .build()
            .parseClaimsJws(jwt)
            .body
            .subject

        return UsernamePasswordAuthenticationToken(username, null, null)
    }

}

Classe JWTAuthenticationFilter

package br.com.architectbudgeplanner.security

import br.com.architectbudgeplanner.config.JWTUtil
import jakarta.servlet.FilterChain
import jakarta.servlet.http.HttpServletRequest
import jakarta.servlet.http.HttpServletResponse
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.web.filter.OncePerRequestFilter

class JWTAuthenticationFilter(
    private val jwtUtil: JWTUtil
) : OncePerRequestFilter() {


    override fun doFilterInternal(
        request: HttpServletRequest,
        response: HttpServletResponse,
        filterChain: FilterChain
    ) {
        val token = request.getHeader("Authorization")
        val jwt = getTokenDetail(token)
        if(jwtUtil.isValid(jwt)){
            val authentication = jwtUtil.getAuthentication(jwt)
            SecurityContextHolder.getContext().authentication = authentication
        }
        filterChain.doFilter(request, response)
    }

    private fun getTokenDetail(token: String?): String? {
        return token?.let { jwt ->
            jwt.startsWith("Bearer ")
            jwt.substring(7, jwt.length)
        }
    }

}

Continua:

5 respostas

por Rodrigo da Silva Ferreira Caneppele

| 4880.8k xp | 8502 posts

Instrutor Instrutor

13/03/2024

Oi!

Sobre o limite de caracteres de mensagens aqui no fórum, o recomendado é você mandar mensagens distintas dentro do mesmo tópico, ao invés de abrir novos tópicos.

Infelizmente esse curso é antigo e o recomendado nesses casos é sempre utilizar as mesmas versões das bibliotecas que foram utilizadas no curso, para evitar problemas de incompatibilidade com as novas versões.

Dei uma olhada na stacktrace que você mandou nos outros tópicos e não identifiquei o problema. Consegue compartilhar o seu projeto?

por Francisco Orlando Berti

| 162.5k xp | 16 posts

Desenvolvedor Android/Java Junior

13/03/2024

Oi Professor Rodrigo, Muito obrigado pelas informações e pelo retorno. Quanto ao curso ser mais antigo e o fato de muita coisa ter mudado, eu entendo e não é um problema pra mim, aliás, eu quis mesmo fazer utilizando o que é mais atual por minha conta mesmo. Caso queira, pode excluir as demais postagens relacionadas ao tema para que o forum não fique poluído.

Com relação ao acesso, como eu criei esse repositório como private, eu adicionei você como colaborador do projeto.

https://github.com/frberti/ArchitectBudgePlannerApplication

A branch que fiz as adições do jwt é a: security-jwt.

por Rodrigo da Silva Ferreira Caneppele

| 4880.8k xp | 8502 posts

Instrutor Instrutor

13/03/2024

Entendi. Precisa atualizar algumas outras coisas no projeto então:

pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>3.2.1</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>br.com.architect-budge-planner</groupId>
    <artifactId>ArchitectBudgePlanner</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>ArchitectBudgePlanner</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>17</java.version>
        <kotlin.version>1.9.21</kotlin.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-cache</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.module</groupId>
            <artifactId>jackson-module-kotlin</artifactId>
        </dependency>
        <dependency>
            <groupId>org.flywaydb</groupId>
            <artifactId>flyway-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.jetbrains.kotlin</groupId>
            <artifactId>kotlin-reflect</artifactId>
        </dependency>
        <dependency>
            <groupId>org.jetbrains.kotlin</groupId>
            <artifactId>kotlin-stdlib</artifactId>
        </dependency>
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>4.2.1</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <sourceDirectory>${project.basedir}/src/main/kotlin</sourceDirectory>
        <testSourceDirectory>${project.basedir}/src/test/kotlin</testSourceDirectory>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <configuration>
                    <excludes>
                        <exclude>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </exclude>
                    </excludes>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.jetbrains.kotlin</groupId>
                <artifactId>kotlin-maven-plugin</artifactId>
                <configuration>
                    <args>
                        <arg>-Xjsr305=strict</arg>
                    </args>
                    <compilerPlugins>
                        <plugin>spring</plugin>
                        <plugin>jpa</plugin>
                    </compilerPlugins>
                </configuration>
                <dependencies>
                    <dependency>
                        <groupId>org.jetbrains.kotlin</groupId>
                        <artifactId>kotlin-maven-allopen</artifactId>
                        <version>${kotlin.version}</version>
                    </dependency>
                    <dependency>
                        <groupId>org.jetbrains.kotlin</groupId>
                        <artifactId>kotlin-maven-noarg</artifactId>
                        <version>${kotlin.version}</version>
                    </dependency>
                </dependencies>
            </plugin>
        </plugins>
    </build>

</project>

solução!

por Rodrigo da Silva Ferreira Caneppele

| 4880.8k xp | 8502 posts

Instrutor Instrutor

13/03/2024

JWTUtil:

import com.auth0.jwt.JWT
import com.auth0.jwt.algorithms.Algorithm
import org.springframework.beans.factory.annotation.Value
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.stereotype.Component
import java.util.*

@Component
data class JWTUtil(
    private val expiration: Long = 60000
) {
    @Value("\${jwt.secret}")
    private var secret: String = "secret"
    private val key = Algorithm.HMAC256(secret.toByteArray())

    fun generateToken(username: String): String? {
        return JWT.create()
            .withSubject(username)
            .withExpiresAt(Date(System.currentTimeMillis() + expiration))
            .sign(key)
    }

    fun isValid(jwt: String?): Boolean {
        return try {
            JWT.require(key)
                .build()
                .verify(jwt)
            true
        } catch (e: Exception) {
            false
        }
    }

    fun getAuthentication(jwt: String?): Authentication {
        val username = JWT.require(key)
            .build()
            .verify(jwt)
            .subject

        return UsernamePasswordAuthenticationToken(username, null, null)
    }

}

SecurityConfigurations:

import br.com.architectbudgeplanner.security.JWTLoginFilter
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.http.SessionCreationPolicy
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

@Configuration
@EnableWebSecurity
class SecurityConfiguration(
    val jwtUtil: JWTUtil
) {

    @Bean
    fun securityFilterChain(http: HttpSecurity, config: AuthenticationConfiguration): SecurityFilterChain {
        http.csrf {
            it.disable()
        }
                .authorizeHttpRequests {
                    it.requestMatchers(HttpMethod.POST, "/login").permitAll()
                            .anyRequest().authenticated()
                }
                .sessionManagement {
                    it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                }
                .headers {
                    it.frameOptions{it.disable()}
                }
                .addFilterBefore(JWTLoginFilter(authManager = config.authenticationManager, jwtUtil = jwtUtil), UsernamePasswordAuthenticationFilter::class.java)
        return http.build()
    }

    @Bean
    fun encoder(): PasswordEncoder = BCryptPasswordEncoder()

}

por Francisco Orlando Berti

| 162.5k xp | 16 posts

Desenvolvedor Android/Java Junior

14/03/2024

Professor Rodrigo, apliquei os ajustes e a aplicação subiu! Muito obrigado pelo help! Forte abraço!

Chegou a hora de transformar