diff --git a/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java b/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java index 29b41939..c0695515 100644 --- a/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java +++ b/wise-api/src/main/java/com/wisemapping/filter/JwtAuthenticationFilter.java @@ -34,9 +34,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { @Override protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException { - - final Optional token = getJwtTokenFromRequest(request); + + if (token.isPresent() && SecurityContextHolder.getContext().getAuthentication() == null) { // Extract email from token ... final Optional email = extractEmailFromToken(token.get()); @@ -65,6 +65,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { // Handle token extraction/validation errors logger.debug("Error extracting email from token: " + e.getMessage()); } + logger.trace("JWT token email:" + result); return result; } @@ -74,7 +75,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { final String authorizationHeader = request.getHeader("Authorization"); if (authorizationHeader != null) { if (authorizationHeader.startsWith(BEARER_TOKEN_PREFIX)) { - logger.trace("JWT Bearer token found"); + logger.trace("JWT Bearer token found."); final String token = authorizationHeader.substring(BEARER_TOKEN_PREFIX.length()); result = Optional.of(token); } diff --git a/wise-api/src/main/java/com/wisemapping/rest/AccountController.java b/wise-api/src/main/java/com/wisemapping/rest/AccountController.java index 5435c9c3..355c8c9a 100644 --- a/wise-api/src/main/java/com/wisemapping/rest/AccountController.java +++ b/wise-api/src/main/java/com/wisemapping/rest/AccountController.java @@ -39,7 +39,7 @@ import org.springframework.web.bind.annotation.*; import java.util.List; @RestController -@RequestMapping("/api/restful/account/") +@RequestMapping("/api/restful/account") @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") public class AccountController extends BaseController { @Qualifier("userService") @@ -54,7 +54,7 @@ public class AccountController extends BaseController { @Autowired private LabelService labelService; - @RequestMapping(method = RequestMethod.PUT, value = "password", consumes = {"text/plain"}) + @RequestMapping(method = RequestMethod.PUT, value = "/password", consumes = {"text/plain"}) @ResponseStatus(value = HttpStatus.NO_CONTENT) public void changePassword(@RequestBody String password) throws PasswordTooLongException { if (password == null) { @@ -76,7 +76,7 @@ public class AccountController extends BaseController { return new RestUser(user); } - @RequestMapping(method = RequestMethod.PUT, value = "firstname", consumes = {"text/plain"}) + @RequestMapping(method = RequestMethod.PUT, value = "/firstname", consumes = {"text/plain"}) @ResponseStatus(value = HttpStatus.NO_CONTENT) public void changeFirstname(@RequestBody String firstname) { if (firstname == null) { @@ -88,7 +88,7 @@ public class AccountController extends BaseController { userService.updateUser(user); } - @RequestMapping(method = RequestMethod.PUT, value = "lastname", consumes = {"text/plain"}) + @RequestMapping(method = RequestMethod.PUT, value = "/lastname", consumes = {"text/plain"}) @ResponseStatus(value = HttpStatus.NO_CONTENT) public void changeLastName(@RequestBody String lastname) { if (lastname == null) { @@ -100,7 +100,7 @@ public class AccountController extends BaseController { userService.updateUser(user); } - @RequestMapping(method = RequestMethod.PUT, value = "locale", consumes = {"text/plain"}) + @RequestMapping(method = RequestMethod.PUT, value = "/locale", consumes = {"text/plain"}) @ResponseStatus(value = HttpStatus.NO_CONTENT) public void changeLanguage(@RequestBody String language) { if (language == null) { diff --git a/wise-api/src/main/java/com/wisemapping/rest/UserController.java b/wise-api/src/main/java/com/wisemapping/rest/UserController.java index a8ca2c2b..8e04eb4c 100644 --- a/wise-api/src/main/java/com/wisemapping/rest/UserController.java +++ b/wise-api/src/main/java/com/wisemapping/rest/UserController.java @@ -49,7 +49,6 @@ import java.util.List; @RestController @RequestMapping("/api/restful/users") -@CrossOrigin public class UserController extends BaseController { @Qualifier("userService") diff --git a/wise-api/src/main/java/com/wisemapping/security/JwtTokenUtil.java b/wise-api/src/main/java/com/wisemapping/security/JwtTokenUtil.java index 3d751907..c33b7472 100644 --- a/wise-api/src/main/java/com/wisemapping/security/JwtTokenUtil.java +++ b/wise-api/src/main/java/com/wisemapping/security/JwtTokenUtil.java @@ -6,6 +6,7 @@ import io.jsonwebtoken.security.Keys; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; @@ -37,15 +38,18 @@ public class JwtTokenUtil implements Serializable { return Keys.hmacShaKeyFor(Decoders.BASE64.decode(jwtSecret)); } + + @Nullable public String extractFromJwtToken(String token) { return Jwts.parserBuilder().setSigningKey(key()).build() .parseClaimsJws(token).getBody().getSubject(); } public boolean validateJwtToken(@NotNull String authToken) { + boolean result = false; try { Jwts.parserBuilder().setSigningKey(key()).build().parse(authToken); - return true; + result = true; } catch (MalformedJwtException e) { logger.error("Invalid JWT token: {}", e.getMessage()); } catch (ExpiredJwtException e) { @@ -56,6 +60,7 @@ public class JwtTokenUtil implements Serializable { logger.error("JWT claims string is empty: {}", e.getMessage()); } - return false; + logger.trace("Is JWT token valid:" + result); + return result; } } \ No newline at end of file