web:framework:spring:jwt

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision		 Révision précédente
web:framework:spring:jwt [2025/03/14 08:14] jcheronweb:framework:spring:jwt [2025/08/12 02:35] (Version actuelle) – modification externe 127.0.0.1
Ligne 7: Ligne 7:
             <artifactId>spring-boot-starter-security</artifactId>             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>         </dependency>
 +
 +        <dependency>
 +            <groupId>org.springframework.boot</groupId>
 +            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
 +        </dependency>        
 </sxh> </sxh>
  
Ligne 100: Ligne 105:
         val source = UrlBasedCorsConfigurationSource()         val source = UrlBasedCorsConfigurationSource()
         val config = CorsConfiguration()         val config = CorsConfiguration()
-        if (activeProfile == "dev") { +        config.allowedOrigins = allowedOrigins.split(","
-            config.allowedOrigins = allowedOrigins.split(","+        config.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"
-            config.allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"+        config.allowedHeaders = listOf("*"
-            config.allowedHeaders = listOf("*"+        config.allowCredentials = true 
-            config.allowCredentials = true +        source.registerCorsConfiguration("/api/**", config)
-            source.registerCorsConfiguration("/api/**", config) +
-        }+
         return source         return source
     }     }
Ligne 118: Ligne 121:
 </sxh> </sxh>
  
 +===== RSA config =====
 +<sxh kotlin>
 +@ConfigurationProperties(prefix = "rsa")
 +@JvmRecord
 +data class RsaKeyConfigProperties(val publicKey: RSAPublicKey, val privateKey: RSAPrivateKey)
 +</sxh>
 +
 +
 +==== Génération des clés RSA ====
 +Avec git bash :
 +<sxh bash;gutter:false>
 +genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
 +</sxh>
 +
 +<sxh bash;gutter:false>
 +openssl rsa -in private.pem -pubout -out public.pem
 +</sxh>
 +==== AuthUser ====
 +<sxh kotlin>
 +class AuthUser(val user: User) : UserDetails {
 +
 +    override fun getAuthorities(): MutableCollection<out GrantedAuthority> {
 +        return mutableListOf(SimpleGrantedAuthority("ROLE_${user.role.name}"))
 +    }
 +
 +    override fun getPassword(): String? = user.password
 +
 +    override fun getUsername(): String? = user.username
 +
 +    override fun isAccountNonExpired(): Boolean = true
 +
 +    override fun isAccountNonLocked(): Boolean = true
 +
 +    override fun isCredentialsNonExpired(): Boolean = true
 +
 +    override fun isEnabled(): Boolean = user.enabled
 +}
 +</sxh>
 +
 +===== Services =====
 +
 +<sxh kotlin>
 +@Service
 +class JpaUserDetailsService(
 +    val userRepository: UserRepository,
 +    val logEventRepository: LogEventRepository,
 +) : UserDetailsService {
 +
 +
 +    @Throws(UsernameNotFoundException::class)
 +    @Transactional
 +    override fun loadUserByUsername(usernameOrEmail: String): UserDetails {
 +        val user: User = userRepository
 +            .findByUsernameOrEmail(usernameOrEmail, usernameOrEmail)
 +            .orElseThrow { UsernameNotFoundException("User name or email not found: $usernameOrEmail") }
 +        return AuthUser(user)
 +    }
 +}
 +</sxh>
 +
 +<sxh kotlin>
 +@Service
 +class AuthService {
 +
 +    @Autowired
 +    lateinit var jwtEncoder: JwtEncoder
 +
 +    @Autowired
 +    lateinit var JwtDecoder: JwtDecoder
 +
 +    @Autowired
 +    lateinit var passwordEncoder: PasswordEncoder
 +
 +    @Autowired
 +    lateinit var userRepository: UserRepository
 +
 +    fun generateToken(authentication: Authentication): String {
 +        val now = Instant.now()
 +
 +        val scope: String = authentication.getAuthorities()
 +            .stream()
 +            .map { obj: GrantedAuthority -> obj.authority }
 +            .collect(Collectors.joining(" "))
 +        val user = (authentication.principal as AuthUser).user
 +        val claims = JwtClaimsSet.builder()
 +            .issuer("self")
 +            .issuedAt(now)
 +            .expiresAt(now.plus(10, ChronoUnit.HOURS))
 +            .subject(authentication.getName())
 +            .claim("scope", scope)
 +            .claim("sub", user.id)
 +            .claim("role", user.role.name)
 +            .claim("username", user.username)
 +            .build()
 +
 +        return jwtEncoder.encode(JwtEncoderParameters.from(claims)).tokenValue
 +    }
 +
 +    fun getActiveUser(token: String): User {
 +        val claims = JwtDecoder.decode(token).claims
 +        val userId = claims["sub"] as UUID
 +        return userRepository.findById(userId).orElseThrow { RuntimeException("User not found") }
 +    }
 +
 +    fun hashPassword(password: String): String {
 +        if (!isBCryptHash(password)) {
 +            return passwordEncoder.encode(password)
 +        }
 +        return password
 +    }
 +
 +    fun isBCryptHash(password: String): Boolean {
 +        return password.matches(Regex("^\\$2[aby]\\$\\d{2}\\$[./A-Za-z0-9]{53}$"))
 +    }
 +
 +}
 +</sxh>
  • web/framework/spring/jwt.1741936445.txt.gz
  • Dernière modification : il y a 8 semaines
  • (modification externe)