Update

Author: melardev

.gitignore

@@ -1,6 +1,7 @@
 HELP.md
 /target/
 database/
+not_ready/
 !.mvn/wrapper/maven-wrapper.jar
 
 ### STS ###

pom.xml

@@ -15,7 +15,7 @@
     <description>Spring Boot Jpa Crud</description>
 
     <properties>
-        <java.version>11</java.version>
+        <java.version>1.8</java.version>
     </properties>
 
     <dependencies>
@@ -51,11 +51,7 @@
             <artifactId>h2</artifactId>
             <scope>runtime</scope>
         </dependency>
-        <dependency>
-            <groupId>mysql</groupId>
-            <artifactId>mysql-connector-java</artifactId>
-            <scope>runtime</scope>
-        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>

src/main/java/com/melardev/spring/securejpacrud/config/JwtAuthEntryPoint.java

@@ -1,7 +1,14 @@
 package com.melardev.spring.securejpacrud.config;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.melardev.spring.securejpacrud.dtos.responses.ErrorResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.server.ServletServerHttpResponse;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
@@ -14,16 +21,24 @@
 @Component
 public class JwtAuthEntryPoint implements AuthenticationEntryPoint {
 
+    @Autowired
+    ObjectMapper mapper;
+
     private static final Logger logger = LoggerFactory.getLogger(JwtAuthEntryPoint.class);
 
     @Override
     public void commence(HttpServletRequest request,
                          HttpServletResponse response,
                          AuthenticationException e)
             throws IOException, ServletException {
+
         // Called when the user tries to access an endpoint which requires to be authenticated
-        // we just return unauthorizaed
+        // we just return unauthorized, basically when we should send a 401 status code response.
         logger.error("Unauthorized error. Message - {}", e.getMessage());
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Error -> Unauthorized");
+
+        ServletServerHttpResponse res = new ServletServerHttpResponse(response);
+        res.setStatusCode(HttpStatus.UNAUTHORIZED);
+        res.getServletResponse().setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
+        res.getBody().write(mapper.writeValueAsString(new ErrorResponse("You must authenticated")).getBytes());
     }
 }

src/main/java/com/melardev/spring/securejpacrud/config/JwtProvider.java

@@ -66,6 +66,10 @@ public String getUserNameFromJwtToken(String token) {
                 .getBody().getSubject();
     }
 
+    public String getSubjectFromToken(String token) {
+        return getClaimFromToken(token, Claims::getSubject);
+    }
+
     public Date getExpirationDateFromToken(String token) {
         return getClaimFromToken(token, Claims::getExpiration);
     }
@@ -75,6 +79,7 @@ public <T> T getClaimFromToken(String token, Function<Claims, T> claimsResolver)
         return claimsResolver.apply(claims);
     }
 
+    // To retrieve specific field you can getAllClaimsFromToken().get("username", String.class)
     private Claims getAllClaimsFromToken(String token) {
         return Jwts.parser()
                 .setSigningKey(jwtSecret)

src/main/java/com/melardev/spring/securejpacrud/config/SecurityConfig.java

@@ -15,10 +15,9 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
-import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 
 import javax.sql.DataSource;
 
@@ -64,7 +63,8 @@ protected void configure(HttpSecurity http) throws Exception {
                 // .antMatchers("/api/auth**", "/api/login**", "**").permitAll()
                 .anyRequest().permitAll()
                 .and()
-                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
+                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
+                .and()
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 
 
@@ -74,13 +74,14 @@ protected void configure(HttpSecurity http) throws Exception {
         http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
     }
 
+    /*
     @Bean
     public PersistentTokenRepository persistentTokenRepository() {
         JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl();
         db.setDataSource(dataSource);
         return db;
     }
-
+*/
 
     @Bean
     public JwtAuthTokenFilter authenticationJwtTokenFilter() {
@@ -96,8 +97,8 @@ public DaoAuthenticationProvider authenticationProvider() {
     }
 
     @Bean
-    public BCryptPasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
+    public PasswordEncoder passwordEncoder() {
+        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
     }
 
 }

src/main/java/com/melardev/spring/securejpacrud/dtos/responses/TodoDetailsResponse.java

@@ -2,7 +2,6 @@
 
 import com.melardev.spring.securejpacrud.entities.Todo;
 
-import java.time.LocalDateTime;
 import java.time.ZonedDateTime;
 
 public class TodoDetailsResponse extends SuccessResponse {

src/main/java/com/melardev/spring/securejpacrud/filters/MyCorsFilter.java renamed to src/main/java/com/melardev/spring/securejpacrud/filters/AppCorsFilter.java

@@ -7,24 +7,17 @@
 import java.io.IOException;
 
 @Component
-public class MyCorsFilter implements Filter {
+public class AppCorsFilter implements Filter {
 
     public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
-        System.out.println("Filtering on...........................................................");
         HttpServletResponse response = (HttpServletResponse) res;
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Credentials", "true");
         response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
         response.setHeader("Access-Control-Max-Age", "3600");
-        response.setHeader("X-Frame-Options", "sameorigin");
         response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers");
 
         chain.doFilter(req, res);
     }
 
-    public void init(FilterConfig filterConfig) {
-    }
-
-    public void destroy() {
-    }
 }

src/main/java/com/melardev/spring/securejpacrud/services/UserService.java

@@ -29,7 +29,7 @@ public UserService(UsersRepository userRepository) {
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         Optional<User> user = userRepository.findByUsername(username);
-        if (user.isEmpty()) {
+        if (!user.isPresent()) {
             throw new UsernameNotFoundException("Invalid username or password.");
         }
         // User exists, we have to return an Implementation of UserDetails, let's use the default