diff --git a/.gitignore b/.gitignore
index 2af7cef..222281c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,4 +21,5 @@ build/
nbbuild/
dist/
nbdist/
-.nb-gradle/
\ No newline at end of file
+.nb-gradle/
+.vscode/settings.json
diff --git a/pom.xml b/pom.xml
index 984bd4a..76465a5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -13,6 +13,7 @@
UTF-8
UTF-8
1.8
+ murraco.JwtAuthServiceApp
@@ -55,6 +56,12 @@
mysql
mysql-connector-java
+
+ com.h2database
+ h2
+ runtime
+
+
io.springfox
diff --git a/src/main/java/murraco/security/JwtTokenFilter.java b/src/main/java/murraco/security/JwtTokenFilter.java
index 3fb5b66..abcf974 100644
--- a/src/main/java/murraco/security/JwtTokenFilter.java
+++ b/src/main/java/murraco/security/JwtTokenFilter.java
@@ -7,11 +7,14 @@
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.GenericFilterBean;
+import murraco.exception.CustomException;
+
public class JwtTokenFilter extends GenericFilterBean {
private JwtTokenProvider jwtTokenProvider;
@@ -23,12 +26,19 @@ public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
throws IOException, ServletException {
-
+
String token = jwtTokenProvider.resolveToken((HttpServletRequest) req);
- if (token != null && jwtTokenProvider.validateToken(token)) {
- Authentication auth = token != null ? jwtTokenProvider.getAuthentication(token) : null;
- SecurityContextHolder.getContext().setAuthentication(auth);
+ try {
+ if (token != null && jwtTokenProvider.validateToken(token)) {
+ Authentication auth = token != null ? jwtTokenProvider.getAuthentication(token) : null;
+ SecurityContextHolder.getContext().setAuthentication(auth);
+ }
+ } catch (CustomException ex) {
+ HttpServletResponse response = (HttpServletResponse) res;
+ response.sendError(ex.getHttpStatus().value(), ex.getMessage());
+ return;
}
+
filterChain.doFilter(req, res);
}
diff --git a/src/main/java/murraco/security/WebSecurityConfig.java b/src/main/java/murraco/security/WebSecurityConfig.java
index c1dc1fa..a7f0838 100644
--- a/src/main/java/murraco/security/WebSecurityConfig.java
+++ b/src/main/java/murraco/security/WebSecurityConfig.java
@@ -31,6 +31,7 @@ protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()//
.antMatchers("/users/signin").permitAll()//
.antMatchers("/users/signup").permitAll()//
+ .antMatchers("/h2-console/**/**").permitAll()
// Disallow everything else..
.anyRequest().authenticated();
@@ -52,7 +53,12 @@ public void configure(WebSecurity web) throws Exception {
.antMatchers("/swagger-ui.html")//
.antMatchers("/configuration/**")//
.antMatchers("/webjars/**")//
- .antMatchers("/public");
+ .antMatchers("/public")
+
+ // Un-secure H2 Database (for testing purposes, H2 console shouldn't be unprotected in production)
+ .and()
+ .ignoring()
+ .antMatchers("/h2-console/**/**");;
}
@Bean
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 7dcaade..3a48db9 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,7 +1,7 @@
spring:
datasource:
- url: jdbc:mysql://localhost:3306/user_db
- username: root
+ url: jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+ username: sa
password: null
tomcat:
max-wait: 20000
@@ -13,7 +13,7 @@ spring:
ddl-auto: create-drop
properties:
hibernate:
- dialect: org.hibernate.dialect.MySQLDialect
+ dialect: org.hibernate.dialect.H2Dialect
format_sql: true
id:
new_generator_mappings: false