SUPPORT-8956: fix auth

2025-03-02 15:05:52 +03:00 · 2025-03-02 15:05:52 +03:00 · f9fdbfbe14
commit f9fdbfbe14
parent 587223ee78
5 changed files with 81 additions and 57 deletions
--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/context/SecurityContext.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/context/SecurityContext.java
@ -5,5 +5,9 @@ import ru.micord.ervu.account_applications.security.model.jwt.UserSession;

 public interface SecurityContext {
  String getDomainId();
+
+  String getUserId();
+
  UserSession getUserSession();
+
 }
--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/context/SecurityContextImpl.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/context/SecurityContextImpl.java
@ -15,6 +15,12 @@ public class SecurityContextImpl
    return auth != null ? auth.getUserSession().domainId() : null;
    }

+  @Override
+  public String getUserId() {
+    JwtTokenAuthentication auth = (JwtTokenAuthentication) SecurityContextHolder.getContext().getAuthentication();
+    return auth != null ? auth.getUserSession().userId() : null;
+  }
+
  @Override
  public UserSession getUserSession() {
    JwtTokenAuthentication auth = (JwtTokenAuthentication) SecurityContextHolder.getContext().getAuthentication();
--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/exception/JwtProcessingException.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/exception/JwtProcessingException.java
@ -1,9 +1,11 @@
 package ru.micord.ervu.account_applications.security.exception;

+import org.springframework.security.core.AuthenticationException;
+
 /**
 * @author Adel Kalimullin
 */
-public class JwtProcessingException extends RuntimeException {
+public class JwtProcessingException extends AuthenticationException {

  public JwtProcessingException(String message) {
    super(message);
@ -12,8 +14,4 @@ public class JwtProcessingException extends RuntimeException {
  public JwtProcessingException(String message, Throwable cause) {
    super(message, cause);
  }
-
-  public JwtProcessingException(Throwable cause) {
-    super(cause);
-  }
 }
--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/filter/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/filter/JwtAuthenticationFilter.java
@ -1,6 +1,7 @@
 package ru.micord.ervu.account_applications.security.filter;

 import java.io.IOException;
+import java.lang.invoke.MethodHandles;
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.util.Optional;
@ -9,8 +10,9 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.CredentialsExpiredException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
@ -21,6 +23,8 @@ import ru.micord.ervu.account_applications.security.model.jwt.authentication.Jwt

@Component
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
+  private static final Logger LOGGER = LoggerFactory.getLogger(
+      MethodHandles.lookup().lookupClass());

  private final AuthenticationManager authenticationManager;

@ -29,31 +33,31 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
  }

  @Override
-  protected void doFilterInternal(
-      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain
-  ) throws ServletException, IOException {
-    Authentication authentication = attemptAuthentication(request, response);
-    SecurityContextHolder.getContext().setAuthentication(authentication);
+  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+      FilterChain filterChain) throws ServletException, IOException {
+    try {
+      Authentication authentication = attemptAuthentication(request);
+      if (authentication != null) {
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+      }
+    }
+    catch (AuthenticationException e) {
+      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+      LOGGER.warn(e.getMessage());
+      return;
+    }
+
    filterChain.doFilter(request, response);
  }

-  protected Authentication attemptAuthentication(
-      HttpServletRequest request, HttpServletResponse response
-  ) throws AuthenticationException {
+  protected Authentication attemptAuthentication(HttpServletRequest request)
+      throws AuthenticationException {
    String token = extractAuthTokenFromRequest(request);
-
    if (token == null) {
      return null;
    }
-
    Authentication authentication = new JwtTokenDummy(token);
-    try {
-      authentication = authenticationManager.authenticate(authentication);
-    }
-    catch (CredentialsExpiredException e) {
-      response.setStatus(401);
-      //LOGGER.warn(e.getMessage());
-    }
+    authentication = authenticationManager.authenticate(authentication);
    return authentication;
  }

--- a/backend/src/main/java/ru/micord/ervu/account_applications/security/service/ErvuJwtTokenService.java
+++ b/backend/src/main/java/ru/micord/ervu/account_applications/security/service/ErvuJwtTokenService.java
@ -10,6 +10,7 @@ import java.util.Set;
 import java.util.stream.Collectors;

 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.JwtParser;
 import io.jsonwebtoken.Jwts;
 import org.springframework.beans.factory.annotation.Value;
@ -41,20 +42,53 @@ public class ErvuJwtTokenService implements JwtTokenService {
  }

  protected UserSession unsafeParseToken(String token) {
-    token = token.substring(0, token.lastIndexOf(".") + 1);
-    JwtParser parser = Jwts.parser();
-    Claims claims = parser
-        .parseClaimsJwt(token).getBody();
+    try {
+      token = token.substring(0, token.lastIndexOf(".") + 1);
+      JwtParser parser = Jwts.parser();
+      Claims claims = parser
+          .parseClaimsJwt(token).getBody();

-    return UserSession.builder()
-        .withUserId(claims.getSubject())
-        .withName(claims.get("name", String.class))
-        .withRealm(claims.get("realm", String.class))
-        .withDomainId(claims.get("domain_id", String.class))
-        .withRoles(getRoles((List<String>) claims.get("roles", ArrayList.class)))
-        .build();
+      return UserSession.builder()
+          .withUserId(claims.getSubject())
+          .withName(claims.get("name", String.class))
+          .withRealm(claims.get("realm", String.class))
+          .withDomainId(claims.get("domain_id", String.class))
+          .withRoles(getRoles((List<String>) claims.get("roles", ArrayList.class)))
+          .build();
+    }
+    catch (JwtException e) {
+      throw new JwtProcessingException(e.getMessage());
+    }
  }

+
+
+ protected UserSession parseToken(String token) {
+    JwtParser parser = Jwts.parser();
+    try {
+      if (issuer != null && !issuer.isEmpty()) {
+        parser = parser.requireIssuer(issuer);
+      }
+
+      if (publicKey != null) {
+        parser = parser.setSigningKey(publicKey);
+      }
+
+      Claims claims = parser.parseClaimsJws(token).getBody();
+
+      return UserSession.builder()
+          .withUserId(claims.getSubject())
+          .withName(claims.get("name", String.class))
+          .withRealm(claims.get("realm", String.class))
+          .withDomainId(claims.get("domain_id", String.class))
+          .withRoles((getRoles((List<String>) claims.get("roles", ArrayList.class))))
+          .build();
+    }
+    catch (JwtException e){
+      throw new JwtProcessingException(e.getMessage());
+    }
+ }
+
  protected Set<ErvuRoleAuthority> getRoles(List<String> roles) {
    return roles
        .stream()
@ -62,28 +96,6 @@ public class ErvuJwtTokenService implements JwtTokenService {
        .collect(Collectors.toSet());
  }

- protected UserSession parseToken(String token) {
-    JwtParser parser = Jwts.parser();
-
-    if (issuer != null && !issuer.isEmpty()) {
-      parser = parser.requireIssuer(issuer);
-    }
-
-    if (publicKey != null) {
-      parser = parser.setSigningKey(publicKey);
-    }
-
-    Claims claims = parser.parseClaimsJws(token).getBody();
-
-    return UserSession.builder()
-        .withUserId(claims.getSubject())
-        .withName(claims.get("name", String.class))
-        .withRealm(claims.get("realm", String.class))
-        .withDomainId(claims.get("domain_id", String.class))
-        .withRoles((getRoles((List<String>) claims.get("roles", ArrayList.class))))
-        .build();
- }
-
  private PublicKey extractPublicKey(String publicKeyStr) {
    try {
      byte[] decodedPublicKey = Base64.getDecoder().decode(publicKeyStr);
@ -92,7 +104,7 @@ public class ErvuJwtTokenService implements JwtTokenService {
      return keyFactory.generatePublic(x509EncodedKeySpec);
    }
    catch (Exception e) {
-      throw new JwtProcessingException(e);
+      throw new RuntimeException(e);
    }
  }
 }