jwt api implementation

Author: Indrani Bandyopadhyay

pom.xml

@@ -278,6 +278,26 @@
 			<artifactId>spring-web</artifactId>
 			<version>6.1.12</version>
 		</dependency>
+		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api -->
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.5</version>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-impl -->
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.5</version>
+			<scope>runtime</scope>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-jackson -->
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.11.5</version>
+			<scope>runtime</scope>
+		</dependency>
 	</dependencies>
 
 

src/main/environment/common_ci.properties

@@ -86,6 +86,7 @@ prescription=TMPrescription SMS
 
 ### Redis IP
 spring.redis.host=localhost
+jwt.secret=<Enter_Your_Secret_Key>
 
 
 

src/main/environment/common_dev.properties

@@ -86,6 +86,7 @@ prescription=TMPrescription SMS
 
 ### Redis IP
 spring.redis.host=localhost
+jwt.secret=<Enter_Your_Secret_Key>
 
 
 

src/main/environment/common_example.properties

@@ -86,6 +86,7 @@ prescription=TMPrescription SMS
 
 ### Redis IP
 spring.redis.host=localhost
+jwt.secret=<Enter_Your_Secret_Key>
 
 
 

src/main/environment/common_prod.properties

@@ -88,6 +88,7 @@ prescription=TMPrescription SMS
 
 ### Redis IP
 spring.redis.host=localhost
+jwt.secret=<Enter_Your_Secret_Key>
 
 
 

src/main/environment/common_test.properties

@@ -90,6 +90,7 @@ prescription=TMPrescription SMS
 
 ### Redis IP
 spring.redis.host=localhost
+jwt.secret=<Enter_Your_Secret_Key>
 
 
 

src/main/environment/common_uat.properties

@@ -90,6 +90,7 @@ prescription=TMPrescription SMS
 
 ### Redis IP
 spring.redis.host=localhost
+jwt.secret=<Enter_Your_Secret_Key>
 
 
 

src/main/java/com/iemr/hwc/utils/CookieUtil.java

@@ -0,0 +1,45 @@
+package com.iemr.hwc.utils;
+
+import java.util.Arrays;
+import java.util.Optional;
+
+import org.springframework.stereotype.Service;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Service
+public class CookieUtil {
+
+    public Optional<String> getCookieValue(HttpServletRequest request, String cookieName) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if (cookieName.equals(cookie.getName())) {
+                    return Optional.of(cookie.getValue());
+                }
+            }
+        }
+        return Optional.empty();
+    }
+
+    public void addJwtTokenToCookie(String Jwttoken, HttpServletResponse response) {
+        // Create a new cookie with the JWT token
+        Cookie cookie = new Cookie("Jwttoken", Jwttoken);
+        cookie.setHttpOnly(true); // Prevent JavaScript access for security
+        cookie.setSecure(true);   // Ensure the cookie is sent only over HTTPS
+        cookie.setMaxAge(60 * 60 * 24); // 1 day expiration time
+        cookie.setPath("/");      // Make the cookie available for the entire application
+        response.addCookie(cookie); // Add the cookie to the response
+    }
+
+    public String getJwtTokenFromCookie(HttpServletRequest request) {
+        return Arrays.stream(request.getCookies())
+                     .filter(cookie -> "Jwttoken".equals(cookie.getName()))
+                     .map(Cookie::getValue)
+                     .findFirst()
+                     .orElse(null);
+    }
+}
+

src/main/java/com/iemr/hwc/utils/JwtAuthenticationUtil.java

@@ -0,0 +1,91 @@
+package com.iemr.hwc.utils;
+
+import java.util.Optional;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Component;
+
+import com.iemr.hwc.data.login.Users;
+import com.iemr.hwc.repo.login.UserLoginRepo;
+import com.iemr.hwc.utils.exception.IEMRException;
+
+import io.jsonwebtoken.Claims;
+import jakarta.servlet.http.HttpServletRequest;
+
+@Component
+public class JwtAuthenticationUtil {
+
+    @Autowired
+    private final CookieUtil cookieUtil;
+    @Autowired
+    private final JwtUtil jwtUtil;
+    @Autowired
+    private UserLoginRepo userLoginRepo;
+    private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
+
+
+    public JwtAuthenticationUtil(CookieUtil cookieUtil, JwtUtil jwtUtil) {
+        this.cookieUtil = cookieUtil;
+        this.jwtUtil = jwtUtil;
+    }
+
+    public ResponseEntity<String> validateJwtToken(HttpServletRequest request) {
+        Optional<String> jwtTokenOpt = cookieUtil.getCookieValue(request, "Jwttoken");
+
+        if (jwtTokenOpt.isEmpty()) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                    .body("Error 401: Unauthorized - JWT Token is not set!");
+        }
+
+        String jwtToken = jwtTokenOpt.get();
+
+        // Validate the token
+        Claims claims = jwtUtil.validateToken(jwtToken);
+        if (claims == null) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Error 401: Unauthorized - Invalid JWT Token!");
+        }
+
+        // Extract username from token
+        String usernameFromToken = claims.getSubject();
+        if (usernameFromToken == null || usernameFromToken.isEmpty()) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Error 401: Unauthorized - Username is missing!");
+        }
+
+        // Return the username if valid
+        return ResponseEntity.ok(usernameFromToken);
+    }
+
+    public boolean validateUserIdAndJwtToken(String jwtToken) throws IEMRException {
+        try {
+            // Validate JWT token and extract claims
+            Claims claims = jwtUtil.validateToken(jwtToken);
+
+            if (claims == null) {
+                throw new IEMRException("Invalid JWT token.");
+            }
+
+            String userId = claims.get("userId", String.class);
+            String tokenUsername = jwtUtil.extractUsername(jwtToken);
+
+            // Fetch user based on userId from the database or cache
+            Users user = userLoginRepo.getUserByUserID(Long.parseLong(userId));
+            if (user == null) {
+                throw new IEMRException("Invalid User ID.");
+            }
+
+            // Check if the token's username matches the user retrieved by userId
+            if (!user.getUserName().equalsIgnoreCase(tokenUsername)) {
+                throw new IEMRException("JWT token and User ID mismatch.");
+            }
+
+            return true; // Valid userId and JWT token
+        } catch (Exception e) {
+            logger.error("Validation failed: " + e.getMessage(), e);
+            throw new IEMRException("Validation error: " + e.getMessage(), e);
+        }
+    }
+}

src/main/java/com/iemr/hwc/utils/JwtUserIdValidationFilter.java

@@ -0,0 +1,111 @@
+package com.iemr.hwc.utils;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Component
+public class JwtUserIdValidationFilter implements Filter {
+
+    private final JwtAuthenticationUtil jwtAuthenticationUtil;
+    private final Logger logger = LoggerFactory.getLogger(this.getClass().getName());
+
+    public JwtUserIdValidationFilter(JwtAuthenticationUtil jwtAuthenticationUtil) {
+        this.jwtAuthenticationUtil = jwtAuthenticationUtil;
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+            throws IOException, ServletException {
+        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
+
+        String path = request.getRequestURI();
+        String contextPath = request.getContextPath();
+        logger.info("JwtUserIdValidationFilter invoked for path: " + path);
+
+        // Log cookies for debugging
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if ("userId".equals(cookie.getName())) {
+                    logger.warn("userId found in cookies! Clearing it...");
+                    clearUserIdCookie(response);  // Explicitly remove userId cookie
+                }
+            }
+        } else {
+            logger.info("No cookies found in the request");
+        }
+
+
+        // Log headers for debugging
+        String jwtTokenFromHeader = request.getHeader("Jwttoken");
+        logger.info("JWT token from header: " + jwtTokenFromHeader);
+
+        // Skip login and public endpoints
+        if (path.equals(contextPath + "/user/userAuthenticate") || 
+            path.equalsIgnoreCase(contextPath + "/user/logOutUserFromConcurrentSession") || 
+            path.startsWith(contextPath + "/public")) {
+            logger.info("Skipping filter for path: " + path);
+            filterChain.doFilter(servletRequest, servletResponse);
+            return;
+        }
+
+        try {
+            // Retrieve JWT token from cookies
+            String jwtTokenFromCookie = getJwtTokenFromCookies(request);
+            logger.info("JWT token from cookie: " + jwtTokenFromCookie);
+
+            // Determine which token (cookie or header) to validate
+            String jwtToken = jwtTokenFromCookie != null ? jwtTokenFromCookie : jwtTokenFromHeader;
+            if (jwtToken == null) {
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "JWT token not found in cookies or headers");
+                return;
+            }
+
+            // Validate JWT token and userId
+            boolean isValid = jwtAuthenticationUtil.validateUserIdAndJwtToken(jwtToken);
+            
+            if (isValid) {
+                // If token is valid, allow the request to proceed
+                filterChain.doFilter(servletRequest, servletResponse);
+            } else {
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid JWT token");
+            }
+        } catch (Exception e) {
+            logger.error("Authorization error: ", e);
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Authorization error: " + e.getMessage());
+        }
+    }
+
+    private String getJwtTokenFromCookies(HttpServletRequest request) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if (cookie.getName().equals("Jwttoken")) {
+                    return cookie.getValue();
+                }
+            }
+        }
+        return null;
+    }
+    
+    private void clearUserIdCookie(HttpServletResponse response) {
+        Cookie cookie = new Cookie("userId", null);
+        cookie.setPath("/");
+        cookie.setMaxAge(0);  // Invalidate the cookie
+        response.addCookie(cookie);
+    }
+}