Se maneja la seguridad de apis

b7e2a867 · Joel Andres Molina Velez · a022f174 · b7e2a867 · b7e2a867
Commit b7e2a867 authored Aug 27, 2023 by Joel Andres Molina Velez
Showing with 20 additions and 13 deletions

JwtAuthenticationFilter.java ...vilidad/MovilidadWS/Security/JwtAuthenticationFilter.java +18 -12

SecurityConfig.java ...u/espe/movilidad/MovilidadWS/Security/SecurityConfig.java +2 -1

No files found.
--- a/src/main/java/ec/edu/espe/movilidad/MovilidadWS/Security/JwtAuthenticationFilter.java
+++ b/src/main/java/ec/edu/espe/movilidad/MovilidadWS/Security/JwtAuthenticationFilter.java
@@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.springframework.web.filter.OncePerRequestFilter;

@@ -34,23 +35,29 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
        loggerAuth.info("Token válido obtenido en el backend:  {}", Token);

        if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-            // Autenticar al usuario por correo electrónico
-            UserDetails userDetails = jwtUserDetailsService.loadUserByUsername(email);
-            if (userDetails != null) {
-                UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-                        userDetails, null, userDetails.getAuthorities());
-                authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-                SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-
+            try {
+                // Autenticar al usuario por correo electrónico
+                UserDetails userDetails = jwtUserDetailsService.loadUserByUsername(email);
+                if (userDetails != null) {
+                    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
+                            userDetails, null, userDetails.getAuthorities());
+                    authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+                }
+            } catch (UsernameNotFoundException ex) {
+                // Manejar la excepción y enviar una respuesta adecuada
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.getWriter().write("El usuario no es correcto");
+                response.getWriter().flush();
+                return;
            }
        }

        if (request.getRequestURI().equals("/api/v1.0/usuarioLogeado")) {

-            String username = SecurityContextHolder.getContext().getAuthentication().getName(); //Se obtiene el nombre del uuario autenticado
-
+            String username = SecurityContextHolder.getContext().getAuthentication().getName(); //Se obtiene el nombre del usuario autenticado
            DtoUserLogeado userInfo = jwtUserDetailsService.getUserInfoByUsername(username);
-          //Se devuelve los datos en formato JSON
+            //Se devuelve los datos en formato JSON
            ObjectMapper objectMapper = new ObjectMapper();
            String jsonResponse = objectMapper.writeValueAsString(userInfo);
            response.setContentType("application/json");
@@ -61,4 +68,3 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
        filterChain.doFilter(request, response);
    }
 }
-
--- a/src/main/java/ec/edu/espe/movilidad/MovilidadWS/Security/SecurityConfig.java
+++ b/src/main/java/ec/edu/espe/movilidad/MovilidadWS/Security/SecurityConfig.java
@@ -3,6 +3,7 @@ package ec.edu.espe.movilidad.MovilidadWS.Security;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;

@@ -34,9 +35,9 @@ public class SecurityConfig {
                .httpBasic().authenticationEntryPoint(jwtEntryPoint)
                .and()
                .authorizeRequests()
+                .antMatchers(HttpMethod.DELETE, "/api/v1.0/**").hasRole("Administrador del Sistema")
                .antMatchers("/api/v1.0/**").authenticated()
                //.antMatchers("/api/v1.0/**").permitAll()
-               // .antMatchers("/api/v1.0/**").hasRole("Administrador del Sistema") // Asignar API a rol ADMIN
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);