Scribd
Upload
6 views

codee

Uploaded by

Sunil
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

codee

Uploaded by

Sunil
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

11/28/24, 5:13 PM UserDto.

java

Chapter-
08\superheroes\src\main\java\com\example\springbootsuperheroes\superheroes\user\entity\UserDto.java

1 package com.example.springbootsuperheroe­s.superheroes.user.entity;
2
3 import lombok.AllArgsConstructor;
4 import lombok.Data;
5 import lombok.NoArgsConstructor;
6
7 import javax.persistence.*;
8 import java.util.UUID;
9
10 @Entity
11 @Data
12 @AllArgsConstructor
13 @NoArgsConstructor
14 public class UserEntity {
15
16 @Id
17 @GeneratedValue(strategy = GenerationType.AUTO, generator = "UUID")
18 @Column(nullable = false, updatable = false)
19 private UUID id;
20
21 @Column(unique = true)
22 private String email;
23
24 private String mobileNumber;
25 private byte[] storedHash;
26 private byte[] storedSalt;
27
28 public UserEntity(String email, String mobileNumber) {
29 this.email = email;
30 this.mobileNumber = mobileNumber;
31 }
32 }
33
34
35
36 //
37
38 package com.example.springbootsuperheroe­s.superheroes.user.data;
39
40 import lombok.AllArgsConstructor;
41 import lombok.Data;
42 import lombok.NoArgsConstructor;
43
44 import java.util.UUID;
45
46 @Data
47 @AllArgsConstructor
48 @NoArgsConstructor
49 public class UserDto {
50
51 private UUID id;
52
53 private String email;
54 private String mobileNumber;

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 1/8
11/28/24, 5:13 PM UserDto.java
55 private String password;
56 }
57
58 //
59
60 package com.example.springbootsuperheroe­s.superheroes.user.repository;
61
62 import com.example.springbootsuperheroe­s.superheroes.user.entity.UserEntity;
63 import org.springframework.data.jpa.repository.JpaRepository;
64 import org.springframework.data.jpa.repository.Query;
65 import org.springframework.stereotype.Repository;
66
67 import java.util.UUID;
68
69 @Repository
70 public interface UserRepository extends JpaRepository<UserEntity, UUID> {
71 @Query(
72 "" +
73 "SELECT CASE WHEN COUNT(u) > 0 THEN " +
74 "TRUE ELSE FALSE END " +
75 "FROM UserEntity u " +
76 "WHERE u.email = ?1"
77 )
78 Boolean selectExistsEmail(String email);
79
80 // @Column(unique = true) is needed in entity
81 UserEntity findByEmail(String email);
82 }
83
84 //
85
86
87 package com.example.springbootsuperheroe­s.superheroes.user.controller;
88
89 import com.example.springbootsuperheroe­s.superheroes.user.data.UserDto;
90 import com.example.springbootsuperheroe­s.superheroes.user.service.UserService;
91 import lombok.AllArgsConstructor;
92 import lombok.extern.log4j.Log4j2;
93 import org.springframework.http.HttpStatus;
94 import org.springframework.security.access.prepost.PreAuthorize;
95 import org.springframework.web.bind.annotation.*;
96
97 import javax.validation.Valid;
98 import java.security.NoSuchAlgorithmExcep­tion;
99 import java.util.UUID;
100
101 @Log4j2
102 @AllArgsConstructor
103 @RestController
104 public class UserController {
105
106 private final UserService userService;
107
108 @GetMapping("/api/v1/users")
109 public Iterable<UserDto> getUsers() {
110 return userService.findAllUsers();
111 }

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 2/8
11/28/24, 5:13 PM UserDto.java
112
113 @GetMapping("/api/v1/users/{id}")
114 public UserDto getUserById(@PathVariable("id") UUID id) {
115 return userService.findUserById(id);
116 }
117
118 @DeleteMapping("/api/v1/users/{id}")
119 @ResponseStatus(HttpStatus.NO_CONTENT)
120 public void deleteUserById(@PathVariable("id") UUID id) {
121 userService.removeUserById(id);
122 }
123
124 @PostMapping("/register")
125 @ResponseStatus(HttpStatus.CREATED)
126 public UserDto postUser(@Valid @RequestBody UserDto userDto)
127 throws NoSuchAlgorithmExcep­tion {
128 return userService.createUser(userDto, userDto.getPassword());
129 }
130
131 @PutMapping("/api/v1/users/{id}")
132 public void putUser(
133 @PathVariable("id") UUID id,
134 @Valid @RequestBody UserDto userDto
135 ) throws NoSuchAlgorithmExcep­tion {
136 userService.updateUser(id, userDto, userDto.getPassword());
137 }
138 }
139
140 // jwt
141 // FILTER
142 package com.example.springbootsuperheroe­s.superheroes.jwt.controllers;
143
144 import com.example.springbootsuperheroe­s.superheroes.jwt.models.AuthenticationReques­t;
145 import com.example.springbootsuperheroe­s.superheroes.jwt.models.AuthenticationRespon­se;
146 import com.example.springbootsuperheroe­s.superheroes.jwt.services.ApplicationUserDetai­lsService;
147 import com.example.springbootsuperheroe­s.superheroes.jwt.util.JwtUtil;
148 import com.example.springbootsuperheroe­s.superheroes.user.entity.UserEntity;
149 import lombok.AllArgsConstructor;
150 import org.springframework.http.HttpStatus;
151 import org.springframework.security.authentication.AuthenticationManage­r;
152 import org.springframework.security.authentication.BadCredentialsExcept­ion;
153 import org.springframework.web.bind.annotation.RequestBody;
154 import org.springframework.web.bind.annotation.RequestMapping;
155 import org.springframework.web.bind.annotation.ResponseStatus;
156 import org.springframework.web.bind.annotation.RestController;
157
158 @RestController
159 @AllArgsConstructor
160 class AuthenticateControll­er {
161
162 private final AuthenticationManage­r authenticationManage­r;
163 private final JwtUtil jwtTokenUtil;
164 private final ApplicationUserDetai­lsService userDetailsService;
165
166 @RequestMapping(value = "/authenticate")
167 @ResponseStatus(HttpStatus.CREATED)
168 public AuthenticationRespon­se authenticate(

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 3/8
11/28/24, 5:13 PM UserDto.java
169 @RequestBody AuthenticationReques­t req
170 ) throws Exception {
171 UserEntity user;
172
173 try {
174 user = userDetailsService.authenticate(req.getEmail(), req.getPassword());
175 } catch (BadCredentialsExcept­ion e) {
176 throw new Exception("Incorrect username or password", e);
177 }
178
179 var userDetails = userDetailsService.loadUserByUsername(user.getEmail());
180
181 System.out.println(userDetails);
182 var jwt = jwtTokenUtil.generateToken(userDetails);
183
184 return new AuthenticationRespon­se(jwt);
185 }
186 }
187 // models
188
189 package com.example.springbootsuperheroe­s.superheroes.jwt.models;
190
191 import lombok.AllArgsConstructor;
192 import lombok.Data;
193 import lombok.NoArgsConstructor;
194
195 import java.io.Serializable;
196
197 @Data
198 @NoArgsConstructor
199 @AllArgsConstructor
200 public class AuthenticationReques­t implements Serializable {
201
202 private String email;
203 private String password;
204 }
205
206 //
207 package com.example.springbootsuperheroe­s.superheroes.jwt.models;
208
209 import lombok.AllArgsConstructor;
210 import lombok.Data;
211 import lombok.NoArgsConstructor;
212
213 import java.io.Serializable;
214
215 @Data
216 @NoArgsConstructor
217 @AllArgsConstructor
218 public class AuthenticationRespon­se implements Serializable {
219
220 private String token;
221 }
222 // --
223 package com.example.springbootsuperheroe­s.superheroes.jwt.models;
224
225 import com.example.springbootsuperheroe­s.superheroes.user.entity.UserEntity;

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 4/8
11/28/24, 5:14 PM UserDto.java
226 import lombok.AllArgsConstructor;
227 import org.springframework.security.core.GrantedAuthority;
228 import org.springframework.security.core.userdetails.UserDetails;
229
230 import java.util.Collection;
231
232 @AllArgsConstructor
233 public class UserPrincipal implements UserDetails {
234
235 private final UserEntity userEntity;
236
237 @Override
238 public Collection<? extends GrantedAuthority> getAuthorities() {
239 return null;
240 }
241
242 @Override
243 public String getPassword() {
244 return null;
245 }
246
247 @Override
248 public String getUsername() {
249 return this.userEntity.getEmail();
250 }
251
252 @Override
253 public boolean isAccountNonExpired() {
254 return false;
255 }
256
257 @Override
258 public boolean isAccountNonLocked() {
259 return false;
260 }
261
262 @Override
263 public boolean isCredentialsNonExpi­red() {
264 return false;
265 }
266
267 @Override
268 public boolean isEnabled() {
269 return false;
270 }
271 }
272 // services
273
274 package com.example.springbootsuperheroe­s.superheroes.jwt.services;
275
276 import com.example.springbootsuperheroe­s.superheroes.jwt.models.UserPrincipal;
277 import com.example.springbootsuperheroe­s.superheroes.user.entity.UserEntity;
278 import com.example.springbootsuperheroe­s.superheroes.user.service.UserService;
279 import lombok.AllArgsConstructor;
280 import org.springframework.security.authentication.BadCredentialsExcept­ion;
281 import org.springframework.security.core.userdetails.UserDetails;
282 import org.springframework.security.core.userdetails.UserDetailsService;

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 5/8
11/28/24, 5:14 PM UserDto.java
283 import org.springframework.security.core.userdetails.UsernameNotFoundExce­ption;
284 import org.springframework.stereotype.Service;
285
286 import java.nio.charset.StandardCharsets;
287 import java.security.MessageDigest;
288 import java.security.NoSuchAlgorithmExcep­tion;
289
290 @Service
291 @AllArgsConstructor
292 public class ApplicationUserDetai­lsService implements UserDetailsService {
293
294 private final UserService userService;
295
296 @Override
297 public UserDetails loadUserByUsername(String email)
298 throws UsernameNotFoundExce­ption {
299 return new UserPrincipal(userService.searchByEmail(email));
300 }
301
302 public UserEntity authenticate(String email, String password)
303 throws NoSuchAlgorithmExcep­tion {
304 if (
305 email.isEmpty() || password.isEmpty()
306 ) throw new BadCredentialsExcept­ion("Unauthorized");
307
308 var userEntity = userService.searchByEmail(email);
309
310 if (userEntity == null) throw new BadCredentialsExcept­ion("Unauthorized");
311
312 var verified = verifyPasswordHash(
313 password,
314 userEntity.getStoredHash(),
315 userEntity.getStoredSalt()
316 );
317
318 if (!verified) throw new BadCredentialsExcept­ion("Unauthorized");
319
320 return userEntity;
321 }
322
323 private Boolean verifyPasswordHash(
324 String password,
325 byte[] storedHash,
326 byte[] storedSalt
327 ) throws NoSuchAlgorithmExcep­tion {
328 if (
329 password.isBlank() || password.isEmpty()
330 ) throw new IllegalArgumentExcep­tion(
331 "Password cannot be empty or whitespace only string."
332 );
333
334 if (storedHash.length != 64) throw new IllegalArgumentExcep­tion(
335 "Invalid length of password hash (64 bytes expected)"
336 );
337
338 if (storedSalt.length != 128) throw new IllegalArgumentExcep­tion(
339 "Invalid length of password salt (64 bytes expected)."

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 6/8
11/28/24, 5:14 PM UserDto.java
340 );
341
342 var md = MessageDigest.getInstance("SHA-512");
343 md.update(storedSalt);
344
345 var computedHash = md.digest(password.getBytes(StandardCharsets.UTF_8));
346
347 for (int i = 0; i < computedHash.length; i++) {
348 if (computedHash[i] != storedHash[i]) return false;
349 }
350
351 // The above for loop is the same as below
352
353 return MessageDigest.isEqual(computedHash, storedHash);
354 }
355 }
356
357 //
358
359 package com.example.springbootsuperheroe­s.superheroes.jwt.util;
360
361 import io.jsonwebtoken.Claims;
362 import io.jsonwebtoken.Jwts;
363 import io.jsonwebtoken.SignatureAlgorithm;
364 import org.springframework.beans.factory.annotation.Value;
365 import org.springframework.security.core.userdetails.UserDetails;
366 import org.springframework.stereotype.Service;
367
368 import java.util.Date;
369 import java.util.HashMap;
370 import java.util.Map;
371 import java.util.function.Function;
372
373 @Service
374 public class JwtUtil {
375
376 @Value("${jwt.secret}")
377 private String SECRET_KEY;
378
379 public String extractUsername(String token) {
380 return extractClaim(token, Claims::getSubject);
381 }
382
383 public Date extractExpiration(String token) {
384 return extractClaim(token, Claims::getExpiration);
385 }
386
387 public <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
388 final Claims claims = extractAllClaims(token);
389 return claimsResolver.apply(claims);
390 }
391
392 private Claims extractAllClaims(String token) {
393 return Jwts
394 .parserBuilder()
395 .setSigningKey(SECRET_KEY).build()
396 .parseClaimsJws(token)

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 7/8
11/28/24, 5:14 PM UserDto.java
397 .getBody();
398 }
399
400 private Boolean isTokenExpired(String token) {
401 return extractExpiration(token).before(new Date());
402 }
403
404 public String generateToken(UserDetails userDetails) {
405 Map<String, Object> claims = new HashMap<>();
406 return createToken(claims, userDetails.getUsername());
407 }
408
409 private String createToken(Map<String, Object> claims, String subject) {
410 return Jwts
411 .builder()
412 .setClaims(claims)
413 .setSubject(subject)
414 .setIssuedAt(new Date(System.currentTimeMillis()))
415 .setExpiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 10))
416 .signWith(SignatureAlgorithm.HS256, SECRET_KEY)
417 .compact();
418 }
419
420 public Boolean validateToken(String token, UserDetails userDetails) {
421 final String username = extractUsername(token);
422 return (
423 username.equals(userDetails.getUsername()) && !isTokenExpired(token)
424 );
425 }
426 }
427

localhost:55664/42040e10-cb0b-422d-980e-3513e26e037e/ 8/8

You might also like