Added logging mechanism for user actions.
This commit is contained in:
piyushkag
@@ -0,0 +1,26 @@
|
||||
package net.gepafin.tendermanagement.config;
|
||||
|
||||
import jakarta.servlet.Filter;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.ServletRequest;
|
||||
import jakarta.servlet.ServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@Component
|
||||
public class CachedBodyFilter implements Filter {
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
|
||||
|
||||
if (request instanceof HttpServletRequest httpServletRequest) {
|
||||
CachedBodyHttpServletRequest cachedRequest = new CachedBodyHttpServletRequest(httpServletRequest);
|
||||
chain.doFilter(cachedRequest, response);
|
||||
} else {
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,76 @@
|
||||
package net.gepafin.tendermanagement.config;
|
||||
|
||||
import jakarta.servlet.ReadListener;
|
||||
import jakarta.servlet.ServletInputStream;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequestWrapper;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
|
||||
public class CachedBodyHttpServletRequest extends HttpServletRequestWrapper {
|
||||
|
||||
private final byte[] cachedBody;
|
||||
|
||||
public CachedBodyHttpServletRequest(HttpServletRequest request) throws IOException {
|
||||
|
||||
super(request);
|
||||
InputStream requestInputStream = request.getInputStream();
|
||||
this.cachedBody = requestInputStream.readAllBytes();
|
||||
}
|
||||
|
||||
@Override
|
||||
public ServletInputStream getInputStream() {
|
||||
|
||||
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cachedBody);
|
||||
return new ServletInputStreamWrapper(byteArrayInputStream);
|
||||
}
|
||||
|
||||
@Override
|
||||
public BufferedReader getReader() throws IOException {
|
||||
|
||||
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cachedBody);
|
||||
return new BufferedReader(new InputStreamReader(byteArrayInputStream));
|
||||
}
|
||||
|
||||
public String getCachedBodyAsString() {
|
||||
|
||||
return new String(cachedBody);
|
||||
}
|
||||
|
||||
private static class ServletInputStreamWrapper extends ServletInputStream {
|
||||
|
||||
private final ByteArrayInputStream byteArrayInputStream;
|
||||
|
||||
public ServletInputStreamWrapper(ByteArrayInputStream byteArrayInputStream) {
|
||||
|
||||
this.byteArrayInputStream = byteArrayInputStream;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int read() throws IOException {
|
||||
|
||||
return byteArrayInputStream.read();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isFinished() {
|
||||
|
||||
return byteArrayInputStream.available() == 0;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isReady() {
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setReadListener(ReadListener readListener) {
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
package net.gepafin.tendermanagement.config;
|
||||
|
||||
import jakarta.servlet.Filter;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.ServletRequest;
|
||||
import jakarta.servlet.ServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@Component
|
||||
public class RequestCachingFilter implements Filter {
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
|
||||
if (request instanceof HttpServletRequest) {
|
||||
HttpServletRequest cachedRequest = new CachedBodyHttpServletRequest((HttpServletRequest) request);
|
||||
chain.doFilter(cachedRequest, response);
|
||||
} else {
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
package net.gepafin.tendermanagement.config;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import jakarta.servlet.http.HttpSession;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.servlet.HandlerInterceptor;
|
||||
|
||||
@Component
|
||||
public class UniqueSessionInterceptor implements HandlerInterceptor {
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||
|
||||
request.getSession(true);
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
|
||||
|
||||
if ("/v1/user/logout".equals(request.getRequestURI())) {
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session != null) {
|
||||
session.invalidate();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -6,6 +6,7 @@ import io.jsonwebtoken.SignatureAlgorithm;
|
||||
import io.jsonwebtoken.security.Keys;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import net.gepafin.tendermanagement.config.Translator;
|
||||
import net.gepafin.tendermanagement.constants.GepafinConstant;
|
||||
import net.gepafin.tendermanagement.entities.UserEntity;
|
||||
@@ -15,6 +16,7 @@ import net.gepafin.tendermanagement.web.rest.api.errors.Status;
|
||||
import net.gepafin.tendermanagement.web.rest.api.errors.UnauthorizedAccessException;
|
||||
import org.apache.commons.lang3.ArrayUtils;
|
||||
import org.apache.commons.lang3.time.DateUtils;
|
||||
import org.apache.http.HttpResponse;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -23,6 +25,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.stereotype.Component;
|
||||
@@ -49,9 +52,11 @@ public class TokenProvider {
|
||||
@Autowired
|
||||
private UserRepository userRepository;
|
||||
|
||||
@Autowired
|
||||
HttpServletResponse response;
|
||||
|
||||
private SecretKey key;
|
||||
|
||||
private static final String AUTHORITIES_KEY = "auth";
|
||||
private static final String MERCHANTID="merchantId";
|
||||
|
||||
static final String AUTH_SECRET = "X-Api-Secret";
|
||||
@@ -82,11 +87,11 @@ public class TokenProvider {
|
||||
log.info("JWT Secret Key initialized.");
|
||||
}
|
||||
|
||||
public String createToken(Boolean rememberMe, UserEntity user) {
|
||||
// String authorities = authentication.getAuthorities().stream()
|
||||
// .map(GrantedAuthority::getAuthority)
|
||||
// .collect(Collectors.joining(","));
|
||||
String authorities = user.getRoleEntity().getRoleType();
|
||||
public String createToken(Boolean rememberMe, UserEntity user, Long loginAttemptId) {
|
||||
// String authorities = authentication.getAuthorities().stream()
|
||||
// .map(GrantedAuthority::getAuthority)
|
||||
// .collect(Collectors.joining(","));
|
||||
String authorities = user.getRoleEntity().getRoleType();
|
||||
Long now;
|
||||
Date validity;
|
||||
|
||||
@@ -103,19 +108,19 @@ public class TokenProvider {
|
||||
String payload = user.getEmail();
|
||||
if(user != null) {
|
||||
payload += ":"+user.getId();
|
||||
}
|
||||
|
||||
if(user != null) {
|
||||
payload += ":"+user.getHub().getId();
|
||||
}
|
||||
|
||||
String token = Jwts.builder()
|
||||
.setSubject(payload)
|
||||
.claim("auth", authorities)
|
||||
.claim(GepafinConstant.LOGIN_ATTEMPT_ID, loginAttemptId)
|
||||
.claim(GepafinConstant.USER_ID, user.getId() != null ? user.getId() : null)
|
||||
.claim(GepafinConstant.AUTH, authorities)
|
||||
.signWith(key, SignatureAlgorithm.HS512)
|
||||
.setExpiration(validity)
|
||||
.compact();
|
||||
|
||||
response.setHeader("Authorization", "Bearer " + token);
|
||||
log.debug("Generated token: {}", token);
|
||||
return token;
|
||||
}
|
||||
@@ -249,4 +254,26 @@ public class TokenProvider {
|
||||
return null; // Return null if token is not found or not in Bearer format
|
||||
}
|
||||
|
||||
public Claims getClaimsFromToken(String token) {
|
||||
|
||||
return Jwts.parser().setSigningKey(key).parseClaimsJws(token).getBody();
|
||||
}
|
||||
|
||||
public String getCurrentActiveUserEmail() {
|
||||
|
||||
var authentication = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (authentication != null && authentication.isAuthenticated()) {
|
||||
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
|
||||
String email = userDetails.getUsername();
|
||||
int lastColonIndex = email.lastIndexOf(":");
|
||||
int secondLastColonIndex = email.lastIndexOf(":", lastColonIndex - 1);
|
||||
|
||||
if (secondLastColonIndex != -1) {
|
||||
return email.substring(0, secondLastColonIndex);
|
||||
} else {
|
||||
return email;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user