Skip to content

Rubén Ramírez / MangAffinity

Go to a project
Commit 26d5dd22 by Rubén Ramírez
Options

fix: [*]: Corregido problema con la contraseña volatil

parent 44b36fff
Inline Side-by-side
Showing with 22 additions and 17 deletions
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtFilter.java
...@@ -26,35 +26,28 @@ public class JwtFilter extends OncePerRequestFilter { ...@@ -26,35 +26,28 @@ public class JwtFilter extends OncePerRequestFilter {
@Override @Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException { throws ServletException, IOException {
String token = request.getHeader("Authorization"); String token = request.getHeader("Authorization");
if (token == null || !token.startsWith("Bearer ")) { if (token == null || !token.startsWith("Bearer ")) {
chain.doFilter(request, response); // Continúa sin forzar autenticación chain.doFilter(request, response); // Permitir acceso a rutas públicas
return; return;
} }
token = token.substring(7); // Removemos "Bearer " token = token.substring(7);
try { try {
Claims claims = jwtUtil.decodeJWT(token); Claims claims = jwtUtil.decodeJWT(token);
request.setAttribute("claims", claims); request.setAttribute("claims", claims);
// Crear objeto de autenticación en Spring Security
User userDetails = new User(claims.getSubject(), "", Collections.emptyList()); User userDetails = new User(claims.getSubject(), "", Collections.emptyList());
UsernamePasswordAuthenticationToken authentication = UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()); new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
// Establecer autenticación en el contexto de seguridad
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (TokenExpirado e) { } catch (TokenExpirado | TokenInvalido e) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("El token ha expirado.");
return;
} catch (TokenInvalido e) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Token inválido."); response.getWriter().write("Token inválido o expirado.");
return; return;
} }
......
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtUtil.java
...@@ -4,7 +4,11 @@ import com.ujaen.tfg.mangaffinity.excepciones.TokenExpirado; ...@@ -4,7 +4,11 @@ import com.ujaen.tfg.mangaffinity.excepciones.TokenExpirado;
import com.ujaen.tfg.mangaffinity.excepciones.TokenInvalido; import com.ujaen.tfg.mangaffinity.excepciones.TokenInvalido;
import io.jsonwebtoken.*; import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys; import io.jsonwebtoken.security.Keys;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.nio.charset.StandardCharsets;
import java.util.Date; import java.util.Date;
import java.util.Map; import java.util.Map;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
...@@ -13,7 +17,12 @@ import javax.crypto.SecretKey; ...@@ -13,7 +17,12 @@ import javax.crypto.SecretKey;
public class JwtUtil { public class JwtUtil {
private static final SecretKey SECRET_KEY = Keys.secretKeyFor(SignatureAlgorithm.HS256); private final SecretKey secretKey;
public JwtUtil(@Value("${jwt.secret}") String secret) {
this.secretKey = Keys.hmacShaKeyFor(secret.getBytes(StandardCharsets.UTF_8));
}
private static final long EXPIRATION_TIME = 86400000; // 1 día en milisegundos private static final long EXPIRATION_TIME = 86400000; // 1 día en milisegundos
...@@ -24,7 +33,7 @@ public class JwtUtil { ...@@ -24,7 +33,7 @@ public class JwtUtil {
.setSubject(subject) .setSubject(subject)
.setIssuedAt(new Date()) // Fecha de emisión .setIssuedAt(new Date()) // Fecha de emisión
.setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME)) // Expiración del token .setExpiration(new Date(System.currentTimeMillis() + EXPIRATION_TIME)) // Expiración del token
.signWith(SECRET_KEY) // Firmar el token con la misma clave .signWith(secretKey) // Firmar el token con la misma clave
.compact(); .compact();
} }
...@@ -32,7 +41,7 @@ public class JwtUtil { ...@@ -32,7 +41,7 @@ public class JwtUtil {
public Claims decodeJWT(String token) { public Claims decodeJWT(String token) {
try { try {
return Jwts.parserBuilder() return Jwts.parserBuilder()
.setSigningKey(SECRET_KEY) .setSigningKey(secretKey)
.build() .build()
.parseClaimsJws(token) .parseClaimsJws(token)
.getBody(); .getBody();
...@@ -71,7 +80,7 @@ public class JwtUtil { ...@@ -71,7 +80,7 @@ public class JwtUtil {
private Claims extractAllClaims(String token) { private Claims extractAllClaims(String token) {
return Jwts.parserBuilder() return Jwts.parserBuilder()
.setSigningKey(SECRET_KEY) // Usamos la misma clave para extraer los claims .setSigningKey(secretKey) // Usamos la misma clave para extraer los claims
.build() .build()
.parseClaimsJws(token) .parseClaimsJws(token)
.getBody(); .getBody();
......
src/main/java/com/ujaen/tfg/mangaffinity/servicios/ServicioUsuarios.java
...@@ -76,7 +76,8 @@ public class ServicioUsuarios { ...@@ -76,7 +76,8 @@ public class ServicioUsuarios {
// Generamos el token JWT // Generamos el token JWT
String token = jwtUtil.generateToken(claims, usuario.get().getEmail()); String token = jwtUtil.generateToken(claims, usuario.get().getEmail());
return new DTOLoginRespuesta(token, usuario.get().getEmail(), usuario.get().getContrasenia()); return new DTOLoginRespuesta(token, usuario.get().getEmail(), usuario.get().getNombreUsuario());
} }
......
src/main/resources/application.properties
spring.application.name=MangAfginity spring.application.name=MangAfginity
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
jwt.secret=V9++ZyZHKcKKzVvAWKU5EL8/QDTDVOf/LTv+r8dUbQg=
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment