package com.liumapp.demo.security.controller; import com.liumapp.demo.security.auth.request.JwtAuthenticationRequest; import com.liumapp.demo.security.auth.response.JwtAuthenticationResponse; import com.liumapp.demo.security.auth.service.MultyUserDetailsService; import com.liumapp.demo.security.auth.user.JwtUser; import com.liumapp.demo.security.auth.util.JwtTokenUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.ResponseEntity; import org.springframework.mobile.device.Device; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; /** * Created by liumapp on 2/2/18. * E-mail:[email protected] * home-page:http://www.liumapp.com */ @RestController public class AuthenticationController { @Value("${jwt.header}") private String tokenHeader; @Autowired private AuthenticationManager authenticationManager; @Autowired private JwtTokenUtil jwtTokenUtil; @Autowired private MultyUserDetailsService userDetailsService; @RequestMapping("${jwt.route.authentication.path}/hello") public ResponseEntity<?> hello (@RequestBody JwtAuthenticationRequest authenticationRequest , Device device) { return ResponseEntity.ok("hello"); } @RequestMapping(value = "${jwt.route.authentication.path}/company", method = RequestMethod.POST) public ResponseEntity<?> createCompanyAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException { authenticationRequest.setUsername(authenticationRequest.getEmail()); // Perform the security Authentication authentication = null; try { authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( authenticationRequest.getUsername(), authenticationRequest.getPassword() ) ); } catch (AuthenticationException e) { System.out.println(e.getMessage()); } SecurityContextHolder.getContext().setAuthentication(authentication); // Reload password post-security so we can generate token final UserDetails userDetails = userDetailsService.loadUserByEmail(authenticationRequest.getEmail()); final String token = jwtTokenUtil.generateToken(userDetails, device); // Return the token return ResponseEntity.ok(new JwtAuthenticationResponse(token)); } @RequestMapping(value = "${jwt.route.authentication.path}/personal", method = RequestMethod.POST) public ResponseEntity<?> createPersonalAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException { authenticationRequest.setUsername(authenticationRequest.getPhone()); // Perform the security Authentication authentication = null; try { authentication = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( authenticationRequest.getUsername(), authenticationRequest.getPassword() ) ); } catch (AuthenticationException e) { System.out.println(e.getMessage()); } SecurityContextHolder.getContext().setAuthentication(authentication); // Reload password post-security so we can generate token final UserDetails userDetails = userDetailsService.loadUserByPhone(authenticationRequest.getPhone()); final String token = jwtTokenUtil.generateToken(userDetails, device); // Return the token return ResponseEntity.ok(new JwtAuthenticationResponse(token)); } @RequestMapping(value = "${jwt.route.authentication.refresh}/company", method = RequestMethod.GET) public ResponseEntity<?> refreshAndGetCompanyAuthenticationToken(HttpServletRequest request) { String authToken = request.getHeader(tokenHeader); final String token = authToken.substring(7); String email = jwtTokenUtil.getUsernameFromToken(token); JwtUser user = (JwtUser) userDetailsService.loadUserByEmail(email); if (jwtTokenUtil.canTokenBeRefreshed(token)) { String refreshedToken = jwtTokenUtil.refreshToken(token); return ResponseEntity.ok(new JwtAuthenticationResponse(refreshedToken)); } else { return ResponseEntity.badRequest().body(null); } } @RequestMapping(value = "${jwt.route.authentication.refresh}/personal", method = RequestMethod.GET) public ResponseEntity<?> refreshAndGetPersonalAuthenticationToken(HttpServletRequest request) { String authToken = request.getHeader(tokenHeader); final String token = authToken.substring(7); String phone = jwtTokenUtil.getPhoneFromToken(token); JwtUser user = (JwtUser) userDetailsService.loadUserByUsername(phone); if (jwtTokenUtil.canTokenBeRefreshed(token)) { String refreshedToken = jwtTokenUtil.refreshToken(token); return ResponseEntity.ok(new JwtAuthenticationResponse(refreshedToken)); } else { return ResponseEntity.badRequest().body(null); } } }