Example 1 with Role
use of com.adja.evchargerappserver.api.role.Role in project iet-hf-2022-k-k-k-k-k-k by BME-MIT-IET.
the class TokenController method post.
@ApiOperation("AuthChecking")
@PostMapping("/hasRightForPage")
public ResponseEntity<PageAuthorizationResponse> post(@RequestHeader HttpHeaders headers, @RequestBody PageAuthorizationRequest body) {
String authHeader = headers.getFirst(HttpHeaders.AUTHORIZATION);
String route = body.getRoute();
if (PageAuthorizationChecker.noRightPages().contains(route)) {
return new ResponseEntity<>(PageAuthorizationResponse.hasRight, HttpStatus.OK);
}
if (authHeader == null) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
} else if (authHeader.startsWith("Bearer") && authHeader.length() < 7) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
}
try {
DecodedJWT jwt = JwtUtil.getDecodedJWT(authHeader);
if (jwt.getExpiresAt().before(new Date())) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
}
Collection<Role> rolesOfUser = this.personService.getByUsername(JwtUtil.getUsernameFromJwt(authHeader)).getRoles();
if (PageAuthorizationChecker.hasRightForPage(route, rolesOfUser)) {
return new ResponseEntity<>(PageAuthorizationResponse.hasRight, HttpStatus.OK);
} else {
return new ResponseEntity<>(PageAuthorizationResponse.noRight, HttpStatus.OK);
}
} catch (Exception e) {
return new ResponseEntity<>(PageAuthorizationResponse.tokenExpired, HttpStatus.OK);
}
}
Also used :
Role(com.adja.evchargerappserver.api.role.Role)
ResponseEntity(org.springframework.http.ResponseEntity)
DecodedJWT(com.auth0.jwt.interfaces.DecodedJWT)
Date(java.util.Date)
IOException(java.io.IOException)
ApiOperation(io.swagger.annotations.ApiOperation)
Example 2 with Role
use of com.adja.evchargerappserver.api.role.Role in project iet-hf-2022-k-k-k-k-k-k by BME-MIT-IET.
the class TokenController method refreshToken.
@PostMapping("/token/refresh")
public void refreshToken(HttpServletRequest request, HttpServletResponse response) throws IOException {
String authorizationHeader = request.getHeader(HttpHeaders.AUTHORIZATION);
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
try {
Person person = this.personService.getByUsername(JwtUtil.getUsernameFromJwt(authorizationHeader));
String accessToken = JwtUtil.createAccessToken(request.getRequestURL().toString(), person.getRoles().stream().map(Role::getName).collect(Collectors.toList()), request.getRequestURL().toString());
String refreshToken = authorizationHeader.substring("Bearer ".length());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
Map<String, String> tokens = new HashMap<>();
tokens.put("accessToken", accessToken);
tokens.put("refreshToken", refreshToken);
new ObjectMapper().writeValue(response.getOutputStream(), tokens);
} catch (Exception e) {
response.setHeader("error", e.getMessage());
response.setStatus(HttpStatus.FORBIDDEN.value());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
Map<String, String> error = new HashMap<>();
error.put("error_message", e.getMessage());
new ObjectMapper().writeValue(response.getOutputStream(), error);
}
} else {
throw new RuntimeException("Refresh token is missing");
}
}
Also used :
Role(com.adja.evchargerappserver.api.role.Role)
HashMap(java.util.HashMap)
Person(com.adja.evchargerappserver.api.person.Person)
HashMap(java.util.HashMap)
Map(java.util.Map)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
IOException(java.io.IOException)
Aggregations
Role (com.adja.evchargerappserver.api.role.Role)2
IOException (java.io.IOException)2
Person (com.adja.evchargerappserver.api.person.Person)1
DecodedJWT (com.auth0.jwt.interfaces.DecodedJWT)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
ApiOperation (io.swagger.annotations.ApiOperation)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
ResponseEntity (org.springframework.http.ResponseEntity)1
