From a4757ade762651ad7b79a9c38e5898ce8d76a15b Mon Sep 17 00:00:00 2001 From: Lauro Correia Silveira Date: Wed, 7 Feb 2024 21:16:19 +0100 Subject: [PATCH] Changed time of Token JWT and Changed secret of JWT - Changed the duration of time of JWT Token - Changed the Secret of JWT --- .../infraestructure/security/SecurityConfigurations.java | 5 +++-- .../infraestructure/security/SecurityFilter.java | 1 + .../aluraflixapi/infraestructure/security/TokenService.java | 4 ++-- .../infraestructure/security/TokenServiceTest.java | 2 ++ src/test/resources/application-test.yml | 2 ++ 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java index 390feed..ca9d08e 100644 --- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java +++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java @@ -21,6 +21,7 @@ */ @Configuration +//Enable Custom configuration spring boot @EnableWebSecurity //enable @Secure("Role_XX") @EnableMethodSecurity(securedEnabled = true) @@ -31,9 +32,9 @@ public class SecurityConfigurations { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - //disable cross site request forgery + //disable Cross Site Request Forgery return http.csrf(csrf -> csrf.ignoringRequestMatchers("/login/**") ) - //Disable Spring control and allow all endpoints + //Configure to be stateless .sessionManagement(managementConfigurer -> managementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(httpRequest -> httpRequest diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java index e82f01b..a6b29a5 100644 --- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java +++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityFilter.java @@ -53,6 +53,7 @@ protected void doFilterInternal(final HttpServletRequest request, SecurityContextHolder.getContext().setAuthentication(authentication); log.info("{} User authenticated: {}", PREFIX_LOGGING, authentication.getPrincipal()); } + //continue the flow filterChain.doFilter(request, response); } diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java index 7ac0640..3e710b5 100644 --- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java +++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/TokenService.java @@ -59,9 +59,9 @@ public String getSubject(String tokenJWT) { } } - //Create expire date of token, in this case is the current hour plus 2 hours + //Create expire date of token, in this case is the current hour plus 10 minutes private Instant getExpireDate() { - return LocalDateTime.now().plusHours(2).toInstant(ZoneOffset.UTC); + return LocalDateTime.now().plusMinutes(10).toInstant(ZoneOffset.of("Europe/Madrid")); } } diff --git a/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java b/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java index 90971da..280289d 100644 --- a/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java +++ b/src/test/java/com/alura/aluraflixapi/infraestructure/security/TokenServiceTest.java @@ -10,6 +10,7 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.boot.test.mock.mockito.SpyBean; +import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.junit.jupiter.SpringExtension; import java.util.Set; @@ -18,6 +19,7 @@ import static org.assertj.core.api.Assertions.assertThat; @ExtendWith(SpringExtension.class) +@ActiveProfiles("test") class TokenServiceTest { @SpyBean diff --git a/src/test/resources/application-test.yml b/src/test/resources/application-test.yml index 6a6c4a6..13e4ab3 100644 --- a/src/test/resources/application-test.yml +++ b/src/test/resources/application-test.yml @@ -2,6 +2,8 @@ server: port: 8080 spring: + profiles: + active: "test" application: name: alura-flix-api data: