Added JWT support

pom.xml

@@ -94,6 +94,21 @@
             <artifactId>spring-boot-starter-security</artifactId>
             <version>3.2.5</version>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.12.5</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>0.12.5</version>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/mate/academy/bookstore/config/SecurityConfig.java

@@ -3,8 +3,11 @@
 import static org.springframework.security.config.Customizer.withDefaults;
 
 import lombok.RequiredArgsConstructor;
+import mate.academy.bookstore.security.JwtAuthenticationFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -13,12 +16,14 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @EnableMethodSecurity
 @Configuration
 @RequiredArgsConstructor
 public class SecurityConfig {
     private final UserDetailsService userDetailsService;
+    private final JwtAuthenticationFilter jwtAuthFilter;
 
     @Bean
     public PasswordEncoder getPasswordEncoder() {
@@ -32,15 +37,30 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                 .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(
                         auth -> auth
-                                .requestMatchers("/auth/**", "/error", "/swagger-ui/**")
+                                .requestMatchers(
+                                        "/auth/**",
+                                        "/error",
+                                        "/swagger-ui/**",
+                                        "/v3/api-docs/**",
+                                        "/swagger-resources/**",
+                                        "/swagger-ui.html",
+                                        "/webjars/**")
                                 .permitAll()
                                 .anyRequest()
                                 .authenticated()
                 )
                 .httpBasic(withDefaults())
                 .sessionManagement(
                         session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
                 .userDetailsService(userDetailsService)
                 .build();
     }
+
+    @Bean
+    public AuthenticationManager authenticationManager(
+            AuthenticationConfiguration authenticationConfiguration
+    ) throws Exception {
+        return authenticationConfiguration.getAuthenticationManager();
+    }
 }

src/main/java/mate/academy/bookstore/controller/AuthenticationController.java

@@ -4,9 +4,12 @@
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
+import mate.academy.bookstore.dto.user.UserLoginRequestDto;
+import mate.academy.bookstore.dto.user.UserLoginResponseDto;
 import mate.academy.bookstore.dto.user.UserRegistrationRequestDto;
-import mate.academy.bookstore.dto.user.UserResponseDto;
+import mate.academy.bookstore.dto.user.UserRegistrationResponseDto;
 import mate.academy.bookstore.exception.RegistrationException;
+import mate.academy.bookstore.security.AuthenticationService;
 import mate.academy.bookstore.service.UserService;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -21,12 +24,18 @@
 @RequestMapping(value = "/auth")
 public class AuthenticationController {
     private final UserService userService;
+    private final AuthenticationService authenticationService;
 
     @PostMapping("/registration")
     @ResponseStatus(HttpStatus.CREATED)
     @Operation(summary = "Register new user", description = "Register new users with unique email"
-    ) public UserResponseDto register(
+    ) public UserRegistrationResponseDto register(
             @RequestBody @Valid UserRegistrationRequestDto userDto) throws RegistrationException {
         return userService.save(userDto);
     }
+
+    @PostMapping("/login")
+    public UserLoginResponseDto login(@RequestBody @Valid UserLoginRequestDto requestDto) {
+        return authenticationService.authenticate(requestDto);
+    }
 }

src/main/java/mate/academy/bookstore/dto/user/UserLoginRequestDto.java

@@ -0,0 +1,16 @@
+package mate.academy.bookstore.dto.user;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Size;
+
+public record UserLoginRequestDto(
+        @NotBlank
+        @Size(min = 8, max = 20)
+        @Email
+        String email,
+        @NotBlank
+        @Size(min = 8, max = 20, message = "Password must be at least 8 characters long")
+        String password
+) {
+}

src/main/java/mate/academy/bookstore/dto/user/UserLoginResponseDto.java

@@ -0,0 +1,4 @@
+package mate.academy.bookstore.dto.user;
+
+public record UserLoginResponseDto(String token) {
+}

src/main/java/mate/academy/bookstore/dto/user/UserResponseDto.java → src/main/java/mate/academy/bookstore/dto/user/UserRegistrationResponseDto.java

@@ -1,6 +1,6 @@
 package mate.academy.bookstore.dto.user;
 
-public record UserResponseDto(
+public record UserRegistrationResponseDto(
         Long id,
         String email,
         String firstName,

src/main/java/mate/academy/bookstore/mapper/UserMapper.java

@@ -2,14 +2,14 @@
 
 import mate.academy.bookstore.config.MapperConfig;
 import mate.academy.bookstore.dto.user.UserRegistrationRequestDto;
-import mate.academy.bookstore.dto.user.UserResponseDto;
+import mate.academy.bookstore.dto.user.UserRegistrationResponseDto;
 import mate.academy.bookstore.model.User;
 import org.mapstruct.Mapper;
 import org.mapstruct.Mapping;
 
 @Mapper(config = MapperConfig.class)
 public interface UserMapper {
-    UserResponseDto toDto(User user);
+    UserRegistrationResponseDto toDto(User user);
 
     @Mapping(target = "id", ignore = true)
     @Mapping(target = "roles", ignore = true)

src/main/java/mate/academy/bookstore/security/AuthenticationService.java

@@ -0,0 +1,25 @@
+package mate.academy.bookstore.security;
+
+import lombok.RequiredArgsConstructor;
+import mate.academy.bookstore.dto.user.UserLoginRequestDto;
+import mate.academy.bookstore.dto.user.UserLoginResponseDto;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Service;
+
+@RequiredArgsConstructor
+@Service
+public class AuthenticationService {
+    private final JwtUtil jwtUtil;
+    private final AuthenticationManager authenticationManager;
+
+    public UserLoginResponseDto authenticate(UserLoginRequestDto request) {
+        final Authentication authentication = authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(request.email(), request.password())
+        );
+
+        String token = jwtUtil.generateToken(authentication.getName());
+        return new UserLoginResponseDto(token);
+    }
+}

src/main/java/mate/academy/bookstore/security/JwtAuthenticationFilter.java

@@ -0,0 +1,51 @@
+package mate.academy.bookstore.security;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@RequiredArgsConstructor
+@Component
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+    private static final String BEARER_PREFIX = "Bearer ";
+    private static final String AUTHORIZATION = "Authorization";
+    private final UserDetailsService userDetailsService;
+    private final JwtUtil jwtUtil;
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            FilterChain filterChain
+    ) throws ServletException, IOException {
+        String token = getToken(request);
+
+        if (token != null && jwtUtil.isValidToken(token)) {
+            String username = jwtUtil.getUsername(token);
+            UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+            Authentication authentication = new UsernamePasswordAuthenticationToken(
+                    userDetails, null, userDetails.getAuthorities()
+            );
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private String getToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader(AUTHORIZATION);
+        if (bearerToken != null && bearerToken.startsWith(BEARER_PREFIX)) {
+            return bearerToken.substring(BEARER_PREFIX.length());
+        }
+        return null;
+    }
+}

src/main/java/mate/academy/bookstore/security/JwtUtil.java

@@ -0,0 +1,59 @@
+package mate.academy.bookstore.security;
+
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jws;
+import io.jsonwebtoken.JwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.security.Keys;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+import java.util.function.Function;
+import javax.crypto.SecretKey;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class JwtUtil {
+    private final SecretKey secret;
+
+    @Value("${jwt.expiration}")
+    private Long expiration;
+
+    public JwtUtil(@Value("${jwt.secret}") String secretKey) {
+        secret = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
+    }
+
+    public String generateToken(String username) {
+        return Jwts.builder()
+                    .subject(username)
+                    .issuedAt(new Date(System.currentTimeMillis()))
+                    .expiration(new Date(System.currentTimeMillis() + expiration))
+                    .signWith(secret)
+                    .compact();
+    }
+
+    public boolean isValidToken(String token) {
+        try {
+            Jws<Claims> claimsJws = Jwts.parser()
+                    .verifyWith(secret)
+                    .build()
+                    .parseSignedClaims(token);
+            return !claimsJws.getPayload().getExpiration().before(new Date());
+        } catch (JwtException | IllegalArgumentException e) {
+            throw new JwtException("Expired or invalid JWT token");
+        }
+    }
+
+    public String getUsername(String token) {
+        return getClaimsFromToken(token, Claims::getSubject);
+    }
+
+    private <T> T getClaimsFromToken(String token, Function<Claims, T> claimsResolver) {
+        final Claims claims = Jwts.parser()
+                    .verifyWith(secret)
+                    .build()
+                    .parseSignedClaims(token)
+                    .getPayload();
+        return claimsResolver.apply(claims);
+    }
+}

src/main/java/mate/academy/bookstore/service/UserService.java

@@ -1,9 +1,10 @@
 package mate.academy.bookstore.service;
 
 import mate.academy.bookstore.dto.user.UserRegistrationRequestDto;
-import mate.academy.bookstore.dto.user.UserResponseDto;
+import mate.academy.bookstore.dto.user.UserRegistrationResponseDto;
 import mate.academy.bookstore.exception.RegistrationException;
 
 public interface UserService {
-    UserResponseDto save(UserRegistrationRequestDto requestDto) throws RegistrationException;
+    UserRegistrationResponseDto save(UserRegistrationRequestDto requestDto)
+            throws RegistrationException;
 }

src/main/java/mate/academy/bookstore/service/impl/UserServiceImpl.java

@@ -3,7 +3,7 @@
 import java.util.Collections;
 import lombok.RequiredArgsConstructor;
 import mate.academy.bookstore.dto.user.UserRegistrationRequestDto;
-import mate.academy.bookstore.dto.user.UserResponseDto;
+import mate.academy.bookstore.dto.user.UserRegistrationResponseDto;
 import mate.academy.bookstore.exception.RegistrationException;
 import mate.academy.bookstore.mapper.UserMapper;
 import mate.academy.bookstore.model.RoleName;
@@ -23,7 +23,7 @@ public class UserServiceImpl implements UserService {
     private final RoleRepository roleRepository;
 
     @Override
-    public UserResponseDto save(UserRegistrationRequestDto requestDto)
+    public UserRegistrationResponseDto save(UserRegistrationRequestDto requestDto)
             throws RegistrationException {
         String email = requestDto.getEmail();
         if (userRepository.existsByEmailIgnoreCase(email)) {

src/main/resources/application.properties

@@ -9,3 +9,6 @@ spring.jpa.show-sql=true
 spring.jpa.open-in-view=false
 
 server.servlet.context-path=/api
+
+jwt.expiration=300000
+jwt.secret=${JWT_SECRET}

src/main/resources/db/changelog/changes/03-create-roles-table.yaml

@@ -17,4 +17,4 @@ databaseChangeLog:
                   type: enum('USER', 'ADMIN')
                   constraints:
                     nullable: false
-                    unique: true
+                    unique: true

src/test/resources/application.properties

@@ -3,3 +3,6 @@ spring.datasource.driverClassName=org.h2.Driver
 spring.datasource.username=sa
 spring.datasource.password=password
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
+
+jwt.expiration=300000
+jwt.secret=JustAnotherSuperSecretString1234!