Home > other >  Do I need a separate JWT Filter for Multiple Logins?
Do I need a separate JWT Filter for Multiple Logins?

Time:10-26

The User login is working well but I want to add a Customer Module to the project. I know that I need to write a custom UserDetails class to get the customer Username but I want to ask if I need to write another Custom JWT filter for the Customer Login validation. Presently this is the Filter class that I have for User Login. I have added a username and password field to the Customer entity.


@Component
public class JwtRequestFilter extends OncePerRequestFilter {

    

    @Autowired
    private JwtTokenUtil jwtTokenUtil;
    
    @Autowired
    private UserAccountService myUserDetailsService;
    
    
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {

        final String requestTokenHeader = request.getHeader("Authorization");

        String username = null;
        String jwtToken = null;
        
        if (requestTokenHeader != null) {
            jwtToken = requestTokenHeader.substring(7);
            try {
                username = jwtTokenUtil.getUsernameFromToken(jwtToken);
            } catch (IllegalArgumentException e) {
                System.out.println("Unable to get JWT Token");
            } catch (ExpiredJwtException e) {
                System.out.println("JWT Token has expired");
            }
        } 

        
        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
      
            UserDetails userDetails = this.myUserDetailsService.loadUserByUsername(username);
        if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
            
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
                        userDetails, null, userDetails.getAuthorities());
                
            String authorities = userDetails.getAuthorities().stream().map(GrantedAuthority::getAuthority)
                    .collect(Collectors.joining());
             System.out.println("Authorities granted : "   authorities);
                    
                usernamePasswordAuthenticationToken
                        .setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                
                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            }
            else {
                System.out.println("Not Valid Token");
            }

        }
        chain.doFilter(request, response);
    }


}

As you can see the Filter is using the custom UserDetails to verify the username . How do I add the Customer userdetails service to the filter ? This is my first multiple login project please be lenient with me.

CodePudding user response:

it looks to me like you already did.

@Autowired
private UserAccountService myUserDetailsService;

But I would suggest using a Constructor instead of @Autowired. Spring will fill in the constructor parameters just the same. This could be very slim when you use the lombok library as well. Using a constructor also makes mocking this a bit easier for testing.

@RequiredArgsConstructor
@Component
public class JwtRequestFilter extends OncePerRequestFilter {

    private final JwtTokenUtil jwtTokenUtil;
    
    private final UserAccountService myUserDetailsService;
...

CodePudding user response:

Differentiate between user and customer while logging. Accordingly, call the different service to get user details. More can be found here. Spring Security user authentication against customers and employee

Page link:https//www.codepudding.com/other/167171.html

Prev:Why doesn't React update my state correctly?
Next:Thymleaf how to take an input and then redirect to another page
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding