Examples with JWTUser com.salesmanager.shop.store.security.user.JWTUser used on opensource projects

Example 1 with JWTUser

use of com.salesmanager.shop.store.security.user.JWTUser in project shopizer by shopizer-ecommerce.

the class JWTTokenUtil method validateToken.

public Boolean validateToken(String token, UserDetails userDetails) {
    JWTUser user = (JWTUser) userDetails;
    final String username = getUsernameFromToken(token);
    final Date created = getIssuedAtDateFromToken(token);
    // final Date expiration = getExpirationDateFromToken(token);
    boolean usernameEquals = username.equals(user.getUsername());
    boolean isTokenExpired = isTokenExpired(token);
    boolean isTokenCreatedBeforeLastPasswordReset = isCreatedBeforeLastPasswordReset(created, user.getLastPasswordResetDate());
    return (usernameEquals && !isTokenExpired && !isTokenCreatedBeforeLastPasswordReset);
}

Example 2 with JWTUser

use of com.salesmanager.shop.store.security.user.JWTUser in project shopizer by shopizer-ecommerce.

the class AuthenticateCustomerApi method authenticate.

/**
 * Authenticate a customer using username & password
 * @param authenticationRequest
 * @param device
 * @return
 * @throws AuthenticationException
 */
@RequestMapping(value = "/customer/login", method = RequestMethod.POST, produces = { "application/json" })
@ApiOperation(httpMethod = "POST", value = "Authenticates a customer to the application", notes = "Customer can authenticate after registration, request is {\"username\":\"admin\",\"password\":\"password\"}", response = ResponseEntity.class)
@ResponseBody
public ResponseEntity<?> authenticate(@RequestBody @Valid AuthenticationRequest authenticationRequest) throws AuthenticationException {
    // TODO SET STORE in flow
    // Perform the security
    Authentication authentication = null;
    try {
        // to be used when username and password are set
        authentication = jwtCustomerAuthenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword()));
    } catch (BadCredentialsException unn) {
        return new ResponseEntity<>("{\"message\":\"Bad credentials\"}", HttpStatus.UNAUTHORIZED);
    } catch (Exception e) {
        return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
    }
    if (authentication == null) {
        return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
    }
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // Reload password post-security so we can generate token
    // todo create one for social
    final JWTUser userDetails = (JWTUser) jwtCustomerDetailsService.loadUserByUsername(authenticationRequest.getUsername());
    final String token = jwtTokenUtil.generateToken(userDetails);
    // Return the token
    return ResponseEntity.ok(new AuthenticationResponse(userDetails.getId(), token));
}

Example 3 with JWTUser

use of com.salesmanager.shop.store.security.user.JWTUser in project shopizer by shopizer-ecommerce.

the class AuthenticateUserApi method authenticate.

/**
 * Authenticate a user using username & password
 * @param authenticationRequest
 * @param device
 * @return
 * @throws AuthenticationException
 */
@RequestMapping(value = "/private/login", method = RequestMethod.POST)
public ResponseEntity<?> authenticate(@RequestBody @Valid AuthenticationRequest authenticationRequest) throws AuthenticationException {
    // TODO SET STORE in flow
    // Perform the security
    Authentication authentication = null;
    try {
        // to be used when username and password are set
        authentication = jwtAdminAuthenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authenticationRequest.getUsername(), authenticationRequest.getPassword()));
    } catch (Exception e) {
        if (e instanceof BadCredentialsException) {
            return new ResponseEntity<>("{\"message\":\"Bad credentials\"}", HttpStatus.UNAUTHORIZED);
        }
        LOGGER.error("Error during authentication " + e.getMessage());
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }
    if (authentication == null) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // Reload password post-security so we can generate token
    final JWTUser userDetails = (JWTUser) jwtAdminDetailsService.loadUserByUsername(authenticationRequest.getUsername());
    final String token = jwtTokenUtil.generateToken(userDetails);
    // Return the token
    return ResponseEntity.ok(new AuthenticationResponse(userDetails.getId(), token));
}

Example 4 with JWTUser

use of com.salesmanager.shop.store.security.user.JWTUser in project shopizer by shopizer-ecommerce.

the class AuthenticateUserApi method refreshAndGetAuthenticationToken.

@RequestMapping(value = "/auth/refresh", method = RequestMethod.GET)
public ResponseEntity<AuthenticationResponse> refreshAndGetAuthenticationToken(HttpServletRequest request) {
    String token = request.getHeader(tokenHeader);
    if (token != null && token.contains("Bearer")) {
        token = token.substring("Bearer ".length(), token.length());
    }
    String username = jwtTokenUtil.getUsernameFromToken(token);
    JWTUser user = (JWTUser) jwtAdminDetailsService.loadUserByUsername(username);
    if (jwtTokenUtil.canTokenBeRefreshedWithGrace(token, user.getLastPasswordResetDate())) {
        String refreshedToken = jwtTokenUtil.refreshToken(token);
        return ResponseEntity.ok(new AuthenticationResponse(user.getId(), refreshedToken));
    } else {
        return ResponseEntity.badRequest().body(null);
    }
}

Example 5 with JWTUser

use of com.salesmanager.shop.store.security.user.JWTUser in project shopizer by shopizer-ecommerce.

the class JWTAdminServicesImpl method userDetails.

private UserDetails userDetails(String userName, User user, Collection<GrantedAuthority> authorities) {
    AuditSection section = null;
    section = user.getAuditSection();
    Date lastModified = null;
    return new JWTUser(user.getId(), userName, user.getFirstName(), user.getLastName(), user.getAdminEmail(), user.getAdminPassword(), authorities, true, lastModified);
}