fix: [*]: Corregido problema con la expiración de tokens y tokens inválidos

44b36fff · Rubén Ramírez · 3c7dca7a · 44b36fff · 44b36fff · 44b36fff
Commit 44b36fff authored Feb 21, 2025 by Rubén Ramírez
Showing with 96 additions and 5 deletions
src/main/java/com/ujaen/tfg/mangaffinity/excepciones/TokenExpirado.java
src/main/java/com/ujaen/tfg/mangaffinity/excepciones/TokenInvalido.java
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtFilter.java
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtUtil.java
src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
--- a/src/main/java/com/ujaen/tfg/mangaffinity/excepciones/TokenExpirado.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/excepciones/TokenExpirado.java
+package com.ujaen.tfg.mangaffinity.excepciones;
+public class TokenExpirado extends RuntimeException {
+}
--- a/src/main/java/com/ujaen/tfg/mangaffinity/excepciones/TokenInvalido.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/excepciones/TokenInvalido.java
+package com.ujaen.tfg.mangaffinity.excepciones;
+public class TokenInvalido extends RuntimeException {
+}
--- a/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtFilter.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtFilter.java
+package com.ujaen.tfg.mangaffinity.seguridad;
+import com.ujaen.tfg.mangaffinity.excepciones.TokenExpirado;
+import com.ujaen.tfg.mangaffinity.excepciones.TokenInvalido;
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+import java.io.IOException;
+import java.util.Collections;
+public class JwtFilter extends OncePerRequestFilter {
+    private final JwtUtil jwtUtil;
+    public JwtFilter(JwtUtil jwtUtil) {
+        this.jwtUtil = jwtUtil;
+    }
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws ServletException, IOException {
+        String token = request.getHeader("Authorization");
+        if (token == null || !token.startsWith("Bearer ")) {
+            chain.doFilter(request, response); // Continúa sin forzar autenticación
+            return;
+        }
+        token = token.substring(7); // Removemos "Bearer "
+        try {
+            Claims claims = jwtUtil.decodeJWT(token);
+            request.setAttribute("claims", claims);
+            // Crear objeto de autenticación en Spring Security
+            User userDetails = new User(claims.getSubject(), "", Collections.emptyList());
+            UsernamePasswordAuthenticationToken authentication =
+                    new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            // Establecer autenticación en el contexto de seguridad
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        } catch (TokenExpirado e) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("El token ha expirado.");
+            return;
+        } catch (TokenInvalido e) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.getWriter().write("Token inválido.");
+            return;
+        }
+        chain.doFilter(request, response);
+    }
+}
--- a/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtUtil.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/JwtUtil.java
 package com.ujaen.tfg.mangaffinity.seguridad;
+import com.ujaen.tfg.mangaffinity.excepciones.TokenExpirado;
+import com.ujaen.tfg.mangaffinity.excepciones.TokenInvalido;
 import io.jsonwebtoken.*;
 import io.jsonwebtoken.security.Keys;
 import org.springframework.stereotype.Component;
@@ -28,13 +30,20 @@ public class JwtUtil {
    // Decodifica el JWT
    public Claims decodeJWT(String token) {
-        return Jwts.parserBuilder()
+        try {
-                .setSigningKey(SECRET_KEY)  // Usamos la misma clave para decodificar
+            return Jwts.parserBuilder()
-                .build()
+                    .setSigningKey(SECRET_KEY)
-                .parseClaimsJws(token)
+                    .build()
-                .getBody();
+                    .parseClaimsJws(token)
+                    .getBody();
+        } catch (ExpiredJwtException e) {
+            throw new TokenExpirado();
+        } catch (MalformedJwtException | SignatureException | IllegalArgumentException e) {
+            throw new TokenInvalido();
+        }
    }
    // Extrae el nombre de usuario
    public String extractUsername(String token) {
        return extractClaim(token, Claims::getSubject);

--- a/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
+++ b/src/main/java/com/ujaen/tfg/mangaffinity/seguridad/ServicioSeguridad.java
@@ -8,12 +8,19 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 @Configuration
 @EnableWebSecurity
 public class ServicioSeguridad {
+    private final JwtUtil jwtUtil;
+    public ServicioSeguridad(JwtUtil jwtUtil) {
+        this.jwtUtil = jwtUtil;
+    }
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -24,7 +31,9 @@ public class ServicioSeguridad {
                .authorizeHttpRequests(request -> request
                        .requestMatchers(HttpMethod.POST, "/usuarios/{email}").permitAll()
                        .requestMatchers(HttpMethod.POST, "/usuarios/").permitAll()
+                        .anyRequest().authenticated()
                )
+                .addFilterBefore(new JwtFilter(jwtUtil), UsernamePasswordAuthenticationFilter.class)
                .build();
    }