diff --git a/src/main/java/dev/nmarulo/depensaapp/security/JwtAuthenticationEntryPoint.java b/src/main/java/dev/nmarulo/depensaapp/security/JwtAuthenticationEntryPoint.java new file mode 100644 index 0000000..b59e708 --- /dev/null +++ b/src/main/java/dev/nmarulo/depensaapp/security/JwtAuthenticationEntryPoint.java @@ -0,0 +1,49 @@ +package dev.nmarulo.depensaapp.security; + +import com.fasterxml.jackson.databind.ObjectMapper; +import dev.nmarulo.depensaapp.commons.dtos.ErrorRes; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import org.springframework.http.HttpStatus; +import org.springframework.http.ProblemDetail; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.oauth2.jwt.JwtException; +import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException; +import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationEntryPoint; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.net.URI; + +@Component +@RequiredArgsConstructor +public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint { + + private final AuthenticationEntryPoint delegate = new BearerTokenAuthenticationEntryPoint(); + + private final ObjectMapper mapper; + + @Override + public void commence(HttpServletRequest request, + HttpServletResponse response, + AuthenticationException authException) throws IOException, ServletException { + + this.delegate.commence(request, response, authException); + + if (authException instanceof InvalidBearerTokenException bearerTokenException) { + var problemDetail = ProblemDetail.forStatus(HttpStatus.UNAUTHORIZED); + + problemDetail.setInstance(URI.create(request.getRequestURI())); + problemDetail.setProperty("description", bearerTokenException.getMessage()); + problemDetail.setTitle("Invalid Token"); + + response.setContentType("application/json"); + + mapper.writeValue(response.getWriter(), new ErrorRes(problemDetail)); + } + } + +} diff --git a/src/main/java/dev/nmarulo/depensaapp/configuration/WebSecurityConfig.java b/src/main/java/dev/nmarulo/depensaapp/security/WebSecurityConfig.java similarity index 93% rename from src/main/java/dev/nmarulo/depensaapp/configuration/WebSecurityConfig.java rename to src/main/java/dev/nmarulo/depensaapp/security/WebSecurityConfig.java index f145f47..10fadb2 100644 --- a/src/main/java/dev/nmarulo/depensaapp/configuration/WebSecurityConfig.java +++ b/src/main/java/dev/nmarulo/depensaapp/security/WebSecurityConfig.java @@ -1,4 +1,4 @@ -package dev.nmarulo.depensaapp.configuration; +package dev.nmarulo.depensaapp.security; import com.nimbusds.jose.KeyLengthException; import com.nimbusds.jose.crypto.MACSigner; @@ -8,6 +8,7 @@ import dev.nmarulo.depensaapp.app.users.UserRepository; import dev.nmarulo.depensaapp.commons.component.LocalMessage; import dev.nmarulo.depensaapp.commons.converter.CustomJwtAuthenticationConverter; +import dev.nmarulo.depensaapp.configuration.AppProperties; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.ArrayUtils; import org.springframework.context.annotation.Bean; @@ -43,6 +44,8 @@ public class WebSecurityConfig { private final LocalMessage localeMessage; + private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; + @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.securityMatcher(appProperties.getPathPrefix() + "/**") @@ -105,7 +108,8 @@ public JwtDecoder jwtDecoder() throws KeyLengthException { private Customizer> configOAuth2() { final var converter = new CustomJwtAuthenticationConverter(this.userRepository, this.localeMessage); - return oauth -> oauth.jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(converter)); + return oauth -> oauth.authenticationEntryPoint(jwtAuthenticationEntryPoint) + .jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(converter)); } }