dev en cours

bin/main/application.properties

@@ -19,3 +19,5 @@ server.servlet.context-path=/demovote-api/v1
 #logging.logback.rollingpolicy.total-size-cap=10MB
 #logging.logback.rollingpolicy.max-history=5
 
+jwttoken.secret=alchimie!!!
+jwttoken.expiration=3600000 

build.gradle

@@ -1,7 +1,7 @@
 plugins {
 	id 'java'
 	id 'war'
-	id 'org.springframework.boot' version '3.4.3'
+	id 'org.springframework.boot' version '3.4.4'
 	id 'io.spring.dependency-management' version '1.1.7'
 }
 
@@ -27,7 +27,10 @@ dependencies {
   implementation 'com.twelvemonkeys.imageio:imageio-core:3.12.0'
   implementation 'net.coobird:thumbnailator:0.4.20'
 	implementation 'org.json:json:20250107'
+	implementation 'io.jsonwebtoken:jjwt-api:0.12.6'
 	
+	runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.6'
+  runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.6'
   runtimeOnly 'org.postgresql:postgresql'
 
   providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'

src/main/java/fr/triplea/demovote/CreateDefaultValues.java

@@ -9,12 +9,12 @@ import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dao.RoleRepository;
-import fr.triplea.demovote.persistence.dao.VariableRepository;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Role;
-import fr.triplea.demovote.persistence.model.Variable;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.dao.RoleRepository;
+import fr.triplea.demovote.dao.VariableRepository;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Role;
+import fr.triplea.demovote.model.Variable;
 
 @Component
 public class CreateDefaultValues implements ApplicationListener<ContextRefreshedEvent>

src/main/java/fr/triplea/demovote/DemovoteApplication.java

@@ -2,14 +2,16 @@ package fr.triplea.demovote;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
-@SpringBootApplication( /*exclude = {
-    org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration.class,
-    org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration.class}*/
-    )
+import jakarta.annotation.PostConstruct;
+
+@SpringBootApplication
 public class DemovoteApplication 
 {
 
 	public static void main(String[] args) { SpringApplication.run(DemovoteApplication.class, args); }
 
+	@PostConstruct
+	public void init() { SecurityContextHolder.clearContext(); }
 }

src/main/java/fr/triplea/demovote/persistence/dao/BulletinRepository.java → src/main/java/fr/triplea/demovote/dao/BulletinRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,7 +6,7 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Bulletin;
+import fr.triplea.demovote.model.Bulletin;
 
 public interface BulletinRepository extends JpaRepository<Bulletin, Integer> 
 {

src/main/java/fr/triplea/demovote/persistence/dao/CategorieRepository.java → src/main/java/fr/triplea/demovote/dao/CategorieRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,7 +6,7 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Categorie;
+import fr.triplea.demovote.model.Categorie;
 
 public interface CategorieRepository extends JpaRepository<Categorie, Integer> 
 {

src/main/java/fr/triplea/demovote/persistence/dao/MessageRepository.java → src/main/java/fr/triplea/demovote/dao/MessageRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,7 +6,7 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Message;
+import fr.triplea.demovote.model.Message;
 
 public interface MessageRepository extends JpaRepository<Message, Integer> 
 {

src/main/java/fr/triplea/demovote/persistence/dao/ParticipantRepository.java → src/main/java/fr/triplea/demovote/dao/ParticipantRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,11 +6,11 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.dto.ParticipantList;
-import fr.triplea.demovote.persistence.dto.ParticipantOptionList;
-import fr.triplea.demovote.persistence.dto.ParticipantTransfer;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Role;
+import fr.triplea.demovote.dto.ParticipantList;
+import fr.triplea.demovote.dto.ParticipantOptionList;
+import fr.triplea.demovote.dto.ParticipantTransfer;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Role;
 
 public interface ParticipantRepository extends JpaRepository<Participant, Integer> 
 {

src/main/java/fr/triplea/demovote/persistence/dao/PreferenceRepository.java → src/main/java/fr/triplea/demovote/dao/PreferenceRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,8 +6,8 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Preference;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Preference;
 
 public interface PreferenceRepository extends JpaRepository<Preference, Integer> 
 {

src/main/java/fr/triplea/demovote/persistence/dao/PresentationRepository.java → src/main/java/fr/triplea/demovote/dao/PresentationRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,8 +6,8 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Categorie;
-import fr.triplea.demovote.persistence.model.Presentation;
+import fr.triplea.demovote.model.Categorie;
+import fr.triplea.demovote.model.Presentation;
 
 public interface PresentationRepository extends JpaRepository<Presentation, Integer> 
 {

src/main/java/fr/triplea/demovote/persistence/dao/ProductionRepository.java → src/main/java/fr/triplea/demovote/dao/ProductionRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,10 +6,10 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.dto.ProductionFile;
-import fr.triplea.demovote.persistence.dto.ProductionShort;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Production;
+import fr.triplea.demovote.dto.ProductionFile;
+import fr.triplea.demovote.dto.ProductionShort;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Production;
 
 
 public interface ProductionRepository extends JpaRepository<Production, Integer> 

src/main/java/fr/triplea/demovote/persistence/dao/RoleRepository.java → src/main/java/fr/triplea/demovote/dao/RoleRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,7 +6,7 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.model.Role;
+import fr.triplea.demovote.model.Role;
 
 
 public interface RoleRepository extends JpaRepository<Role, Integer> 

src/main/java/fr/triplea/demovote/persistence/dao/VariableRepository.java → src/main/java/fr/triplea/demovote/dao/VariableRepository.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dao;
+package fr.triplea.demovote.dao;
 
 import java.util.List;
 
@@ -6,8 +6,8 @@ import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.jpa.repository.NativeQuery;
 import org.springframework.data.repository.query.Param;
 
-import fr.triplea.demovote.persistence.dto.VariableTypeOptionList;
-import fr.triplea.demovote.persistence.model.Variable;
+import fr.triplea.demovote.dto.VariableTypeOptionList;
+import fr.triplea.demovote.model.Variable;
 
 
 public interface VariableRepository extends JpaRepository<Variable, Integer> 

src/main/java/fr/triplea/demovote/persistence/dto/MessagesTransfer.java → src/main/java/fr/triplea/demovote/dto/MessagesTransfer.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public class MessagesTransfer
 {

src/main/java/fr/triplea/demovote/persistence/dto/ParticipantList.java → src/main/java/fr/triplea/demovote/dto/ParticipantList.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public record ParticipantList
 (

src/main/java/fr/triplea/demovote/persistence/dto/ParticipantOptionList.java → src/main/java/fr/triplea/demovote/dto/ParticipantOptionList.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public record ParticipantOptionList
 (

src/main/java/fr/triplea/demovote/persistence/dto/ParticipantTransfer.java → src/main/java/fr/triplea/demovote/dto/ParticipantTransfer.java

@@ -1,10 +1,10 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 import java.math.BigDecimal;
 
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.ParticipantModePaiement;
-import fr.triplea.demovote.persistence.model.ParticipantStatut;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.ParticipantModePaiement;
+import fr.triplea.demovote.model.ParticipantStatut;
 
 public record ParticipantTransfer
 (

src/main/java/fr/triplea/demovote/persistence/dto/ProductionFile.java → src/main/java/fr/triplea/demovote/dto/ProductionFile.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public record ProductionFile
 (

src/main/java/fr/triplea/demovote/persistence/dto/ProductionShort.java → src/main/java/fr/triplea/demovote/dto/ProductionShort.java

@@ -1,7 +1,7 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
-import fr.triplea.demovote.persistence.model.Production;
-import fr.triplea.demovote.persistence.model.ProductionType;
+import fr.triplea.demovote.model.Production;
+import fr.triplea.demovote.model.ProductionType;
 
 public record ProductionShort
 (

src/main/java/fr/triplea/demovote/persistence/dto/ProductionTransfer.java → src/main/java/fr/triplea/demovote/dto/ProductionTransfer.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public record ProductionTransfer
 (

src/main/java/fr/triplea/demovote/persistence/dto/ProductionUpdate.java → src/main/java/fr/triplea/demovote/dto/ProductionUpdate.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public record ProductionUpdate
 (

src/main/java/fr/triplea/demovote/persistence/dto/UserCredentials.java → src/main/java/fr/triplea/demovote/dto/UserCredentials.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 import org.json.JSONObject;
 

src/main/java/fr/triplea/demovote/persistence/dto/VariableTypeOptionList.java → src/main/java/fr/triplea/demovote/dto/VariableTypeOptionList.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.dto;
+package fr.triplea.demovote.dto;
 
 public record VariableTypeOptionList
 (

src/main/java/fr/triplea/demovote/model/AuthResponse.java

@@ -0,0 +1,18 @@
+package fr.triplea.demovote.model;
+
+import java.util.List;
+
+public class AuthResponse 
+{
+
+  private String token;
+  
+  private List<String> roles;
+
+  public String getToken() { return token; }
+  public void setToken(String token) { this.token = token; }
+
+  public List<String> getRoles() { return roles; }
+  public void setRoles(List<String> roles) { this.roles = roles; }
+  
+}

src/main/java/fr/triplea/demovote/persistence/model/Bulletin.java → src/main/java/fr/triplea/demovote/model/Bulletin.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;

src/main/java/fr/triplea/demovote/persistence/model/Categorie.java → src/main/java/fr/triplea/demovote/model/Categorie.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;

src/main/java/fr/triplea/demovote/persistence/model/Message.java → src/main/java/fr/triplea/demovote/model/Message.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;

src/main/java/fr/triplea/demovote/model/MyUserDetails.java

@@ -0,0 +1,69 @@
+package fr.triplea.demovote.model;
+
+import java.util.Collection;
+import java.util.Set;
+import java.util.stream.Collectors;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+public class MyUserDetails implements UserDetails 
+{
+
+  private static final long serialVersionUID = -2662964904357800987L;
+  
+  private Integer id; 
+  
+  private String userName; 
+    
+  @JsonIgnore
+  private String password;
+  
+  private Collection<? extends GrantedAuthority> authorities;
+  
+  MyUserDetails(Integer id, String userName, String password, Collection<? extends GrantedAuthority> authorities)
+  {
+    this.id = id;
+    this.userName = userName;
+    this.password = password;
+    this.authorities = authorities;
+  }
+  
+  public static MyUserDetails createInstance(Participant participant) 
+  {
+    Set<GrantedAuthority> authorities = participant.getRoles().stream().map((role) -> new SimpleGrantedAuthority(role.getLibelle())).collect(Collectors.toSet());
+
+    return new MyUserDetails(participant.getNumeroParticipant(), participant.getPseudonyme(), participant.getMotDePasse(), authorities);
+  }
+  
+  @Override
+  public Collection<? extends GrantedAuthority> getAuthorities() { return authorities; }
+
+  @Override
+  public String getPassword() { return password; }
+
+  @Override
+  public String getUsername() { return userName; }
+
+  public Integer getId() { return id; }
+
+  @Override
+  public boolean isAccountNonExpired() { return true; }
+
+  @Override
+  public boolean isAccountNonLocked() { return true; }
+
+  @Override
+  public boolean isCredentialsNonExpired() { return true; }
+
+  @Override
+  public boolean isEnabled() { return true; }
+  
+  @Override
+  public boolean equals(Object rhs) { if (rhs instanceof MyUserDetails) { return userName.equals(((MyUserDetails) rhs).userName); } return false; }
+
+  @Override
+  public int hashCode() { return userName.hashCode(); }
+
+}

src/main/java/fr/triplea/demovote/persistence/model/Participant.java → src/main/java/fr/triplea/demovote/model/Participant.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.math.BigDecimal;
 import java.time.LocalDateTime;

src/main/java/fr/triplea/demovote/persistence/model/ParticipantModePaiement.java → src/main/java/fr/triplea/demovote/model/ParticipantModePaiement.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 public enum ParticipantModePaiement 
 {

src/main/java/fr/triplea/demovote/persistence/model/ParticipantStatut.java → src/main/java/fr/triplea/demovote/model/ParticipantStatut.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 public enum ParticipantStatut 
 {

src/main/java/fr/triplea/demovote/persistence/model/Preference.java → src/main/java/fr/triplea/demovote/model/Preference.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;

src/main/java/fr/triplea/demovote/persistence/model/Presentation.java → src/main/java/fr/triplea/demovote/model/Presentation.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;

src/main/java/fr/triplea/demovote/persistence/model/Production.java → src/main/java/fr/triplea/demovote/model/Production.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.awt.image.BufferedImage;
 import java.io.ByteArrayInputStream;

src/main/java/fr/triplea/demovote/persistence/model/ProductionType.java → src/main/java/fr/triplea/demovote/model/ProductionType.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 public enum ProductionType 
 { 

src/main/java/fr/triplea/demovote/persistence/model/Role.java → src/main/java/fr/triplea/demovote/model/Role.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;

src/main/java/fr/triplea/demovote/persistence/model/Variable.java → src/main/java/fr/triplea/demovote/model/Variable.java

@@ -1,4 +1,4 @@
-package fr.triplea.demovote.persistence.model;
+package fr.triplea.demovote.model;
 
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;

src/main/java/fr/triplea/demovote/security/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,26 @@
+package fr.triplea.demovote.security;
+
+import java.io.IOException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint 
+{
+  @SuppressWarnings("unused") 
+  private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationEntryPoint.class);
+  
+  public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException 
+  {
+    //logger.error("Unauthorized access error : " + authException.getMessage());
+    
+    response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized Access");
+  }
+}

src/main/java/fr/triplea/demovote/security/JwtTokenFilter.java

@@ -0,0 +1,65 @@
+package fr.triplea.demovote.security;
+
+import java.io.IOException;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import fr.triplea.demovote.model.MyUserDetails;
+
+import org.springframework.util.StringUtils;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+
+public class JwtTokenFilter extends OncePerRequestFilter
+{
+  
+  @Autowired
+  private JwtTokenUtil jwtTokenUtil;
+
+  @Autowired
+  private MyUserDetailsService userDetailsService;
+  
+  @Override
+  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException 
+  {
+    try 
+    {
+      String token = getTokenFromRequest(request);
+      
+      if (token != null && jwtTokenUtil.validateJwtToken(token)) 
+      {
+        String username = jwtTokenUtil.getUserNameFromJwtToken(token);
+        
+        MyUserDetails userDetails = userDetailsService.loadUserByUsername(username);
+        
+        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+        
+        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+      }
+    } catch (Exception e) { throw new RuntimeException("Cannot set user authentication" + e.getMessage()); }
+    
+    filterChain.doFilter(request, response);
+  }
+  
+  private String getTokenFromRequest(HttpServletRequest request) 
+  {
+    String token = request.getHeader("Authorization");
+    
+    if (StringUtils.hasText(token) && token.startsWith("Bearer ")) 
+    {
+      return token.substring(7, token.length()); // remove "Bearer "
+    }
+    
+    return null;
+  }
+}

src/main/java/fr/triplea/demovote/security/JwtTokenUtil.java

@@ -0,0 +1,70 @@
+package fr.triplea.demovote.security;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Date;
+
+import javax.crypto.spec.SecretKeySpec;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import fr.triplea.demovote.model.MyUserDetails;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.MalformedJwtException;
+import io.jsonwebtoken.UnsupportedJwtException;
+
+@Component
+public class JwtTokenUtil 
+{
+  @Value("${jwttoken.secret}")
+  private String jwtTokenSecret;
+ 
+  @Value("${jwttoken.expiration}")
+  private long jwtTokenExpiration;
+
+  private SecretKeySpec secret_key = null;
+  
+  private void setSecretKey() { if (secret_key == null) { try { secret_key = new SecretKeySpec(jwtTokenSecret.getBytes("UTF-8"), "HmacSHA256"); } catch (UnsupportedEncodingException e) { } } }
+  
+  public String generateJwtToken(Authentication authentication) 
+  {
+    setSecretKey();
+    
+    MyUserDetails userPrincipal = (MyUserDetails)authentication.getPrincipal();
+        
+    return Jwts.builder()
+           .subject(userPrincipal.getUsername())
+           .issuedAt(new Date(System.currentTimeMillis()))
+           .expiration(new Date(System.currentTimeMillis() + jwtTokenExpiration))
+           .signWith(secret_key)
+           .compact();
+  }
+  
+  public boolean validateJwtToken(String token) 
+  {
+    setSecretKey();
+
+    try 
+    {
+      Jwts.parser().verifyWith(secret_key).build().parseSignedClaims(token);
+     
+      return true;
+    }
+    catch(UnsupportedJwtException exp) { System.out.println("claimsJws argument does not represent Claims JWS" + exp.getMessage()); }
+    catch(MalformedJwtException exp) { System.out.println("claimsJws string is not a valid JWS" + exp.getMessage()); }
+    catch(ExpiredJwtException exp) { System.out.println("Claims has an expiration time before the method is invoked" + exp.getMessage()); }
+    catch(IllegalArgumentException exp) { System.out.println("claimsJws string is null or empty or only whitespace" + exp.getMessage()); }
+    
+    return false;
+  }
+  
+  public String getUserNameFromJwtToken(String token) 
+  {
+    Claims claims = Jwts.parser().verifyWith(secret_key).build().parseSignedClaims(token).getPayload();
+    
+    return claims.getSubject();
+  }
+}

src/main/java/fr/triplea/demovote/security/MyUserDetailsService.java

@@ -1,19 +1,15 @@
 package fr.triplea.demovote.security;
 
-import java.util.Set;
-import java.util.stream.Collectors;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.model.Participant;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.model.MyUserDetails;
+import fr.triplea.demovote.model.Participant;
 
 @Service("userDetailsService")
 @Transactional
@@ -28,7 +24,7 @@ public class MyUserDetailsService implements UserDetailsService
 
   
   @Override
-  public UserDetails loadUserByUsername(final String pseudonyme) throws UsernameNotFoundException 
+  public MyUserDetails loadUserByUsername(final String pseudonyme) throws UsernameNotFoundException 
   {
     try 
     {
@@ -36,9 +32,7 @@ public class MyUserDetailsService implements UserDetailsService
       
       if (participant == null) { throw new UsernameNotFoundException("Pseudonyme non trouvé : " + pseudonyme); }
 
-      Set<GrantedAuthority> authorities = participant.getRoles().stream().map((role) -> new SimpleGrantedAuthority(role.getLibelle())).collect(Collectors.toSet());
-
-      return new org.springframework.security.core.userdetails.User(participant.getPseudonyme(), participant.getMotDePasse(), authorities);
+      return MyUserDetails.createInstance(participant);
     } 
     catch (final Exception e) { throw new RuntimeException(e); }
    }

src/main/java/fr/triplea/demovote/security/SecurityConfig.java

@@ -8,21 +8,23 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.core.session.SessionRegistryImpl;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.context.SecurityContextRepository;
+import org.springframework.security.web.context.DelegatingSecurityContextRepository;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
 
 @Configuration
-@EnableWebSecurity
 @EnableMethodSecurity
 public class SecurityConfig
 {
  
-  // TODO: CSRF-TOKEN, filtrage anti-XSS, filtrage anti-SQL-injection, Header FrameOptions, etc
+  // TODO: JWT, CSRF-TOKEN, filtrage anti-XSS, filtrage anti-SQL-injection, Header FrameOptions, etc
   
   @Autowired
   private MyUserDetailsService myUserDetailsService;
@@ -44,13 +46,24 @@ public class SecurityConfig
     return authProvider;
   }
   
+  @Bean
+  public SecurityContextRepository securityContextRepository() 
+  {
+    return new DelegatingSecurityContextRepository(new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository());
+  }
+
   @Bean
   public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }
 
   @Bean
-  SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception 
+  public JwtTokenFilter jwtTokenFilter() { return new JwtTokenFilter(); }
+  
+  Class<? extends UsernamePasswordAuthenticationFilter> clazz = UsernamePasswordAuthenticationFilter.class;
+
+  @Bean
+  SecurityFilterChain securityFilterChain(HttpSecurity http, SecurityContextRepository securityContextRepository) throws Exception 
   {
-    http.csrf((csrf) -> csrf.disable())
+    http.csrf(csrf -> csrf.disable())
         .authenticationProvider(authenticationProvider())
         .authorizeHttpRequests((authorizeHttpRequests) -> authorizeHttpRequests
           .requestMatchers("/divers/**", "/sign/**").permitAll()
@@ -59,11 +72,12 @@ public class SecurityConfig
           .requestMatchers("/participant/**").permitAll() //.hasRole("ORGA")
           .anyRequest().authenticated()
           )
-        .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.ALWAYS).maximumSessions(1).sessionRegistry(sessionRegistry())
+        .addFilterBefore(jwtTokenFilter(), clazz)
+        .securityContext(securityContext -> securityContext.securityContextRepository(securityContextRepository).requireExplicitSave(false))
+        .headers(headers -> headers.frameOptions(customize -> customize.disable()))
+        .sessionManagement(session -> session.maximumSessions(2).sessionRegistry(sessionRegistry())
         );
-
-    //http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class); // TODO: JWT token
-    
+        
     return http.build();
   }
 

src/main/java/fr/triplea/demovote/web/controller/AccountController.java

@@ -5,7 +5,6 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -14,9 +13,9 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dto.ParticipantTransfer;
-import fr.triplea.demovote.persistence.model.Participant;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.dto.ParticipantTransfer;
+import fr.triplea.demovote.model.Participant;
 
 
 @CrossOrigin(origins = "http://localhost:4200")
@@ -25,7 +24,7 @@ import fr.triplea.demovote.persistence.model.Participant;
 public class AccountController 
 {
   @SuppressWarnings("unused") 
-  private static final Logger logger = LoggerFactory.getLogger(AccountController.class);
+  private static final Logger LOG = LoggerFactory.getLogger(AccountController.class);
 
   @Autowired
   private ParticipantRepository participantRepository;
@@ -33,12 +32,10 @@ public class AccountController
   @Autowired
   private PasswordEncoder passwordEncoder;
 
-
+  
   @GetMapping(value = "/form")
-  public ResponseEntity<ParticipantTransfer> getForm() 
-  { 
-    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-    
+  public ResponseEntity<ParticipantTransfer> getForm(final Authentication authentication) 
+  {         
     if (authentication != null)
     {
       ParticipantTransfer found = participantRepository.searchByPseudonyme(authentication.getName());
@@ -50,10 +47,8 @@ public class AccountController
   }
  
   @PutMapping(value = "/update")
-  public ResponseEntity<Object> update(@RequestBody(required = true) ParticipantTransfer participant) 
+  public ResponseEntity<Object> update(@RequestBody(required = true) ParticipantTransfer participant, final Authentication authentication) 
   { 
-    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-    
     if (authentication != null)
     {
       Participant found = participantRepository.findByPseudonyme(authentication.getName());

src/main/java/fr/triplea/demovote/web/controller/AuthController.java

@@ -1,26 +1,35 @@
 package fr.triplea.demovote.web.controller;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dto.UserCredentials;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Role;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.dto.UserCredentials;
+import fr.triplea.demovote.model.MyUserDetails;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Role;
+import fr.triplea.demovote.security.JwtTokenUtil;
 import fr.triplea.demovote.security.MyUserDetailsService;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 
 
 @CrossOrigin(origins = "http://localhost:4200")
@@ -29,17 +38,23 @@ import fr.triplea.demovote.security.MyUserDetailsService;
 public class AuthController 
 {
   @SuppressWarnings("unused") 
-  private static final Logger logger = LoggerFactory.getLogger(AuthController.class);
-  
+  private static final Logger LOG = LoggerFactory.getLogger(AuthController.class);
+
   @Autowired
   private MyUserDetailsService myUserDetailsService;
+  
+  @Autowired
+  private AuthenticationManager authenticationManager;
+  
+  @Autowired
+  private JwtTokenUtil jwtTokenUtil;
 
   @Autowired
   private ParticipantRepository participantRepository;
 
-
+  
   @PostMapping(value = "/in")
-  public ResponseEntity<UserCredentials> signIn(@RequestBody UserCredentials uc)
+  public ResponseEntity<UserCredentials> signIn(@RequestBody UserCredentials uc, HttpServletRequest request, HttpServletResponse response)
   {
     String usrn = uc.getUsername(); if (usrn == null) { usrn = ""; } else { usrn = usrn.trim(); }
     String pass = uc.getPassword(); if (pass == null) { pass = ""; } else { pass = pass.trim(); }
@@ -52,10 +67,25 @@ public class AuthController
     { 
       UserDetails userDetails = myUserDetailsService.loadUserByUsername(usrn);
 
-      Authentication authentication= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities()) ; 
+      Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities())); 
+      
+      SecurityContextHolder.getContext().setAuthentication(authentication);
+    
+      String token = jwtTokenUtil.generateJwtToken(authentication);
+  
+      MyUserDetails userBean = (MyUserDetails) authentication.getPrincipal();    
+    
+      /*
+      List<String> roles = userBean.getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.toList());
+   
+      AuthResponse authResponse = new AuthResponse();
+      authResponse.setToken(token);
+      authResponse.setRoles(roles);
+      return ResponseEntity.ok(authResponse);
+      */
+      
+      // TODO: add jwtoken in user credentials for frontend
       
-      SecurityContextHolder.getContext().setAuthentication(authentication); // TODO : à fixer, le security-context ne converse pas l'authentification
-                  
       uc = new UserCredentials();
       
       uc.setUsername(usrn);

src/main/java/fr/triplea/demovote/web/controller/BulletinController.java

@@ -14,14 +14,14 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.BulletinRepository;
-import fr.triplea.demovote.persistence.dao.CategorieRepository;
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dao.ProductionRepository;
-import fr.triplea.demovote.persistence.model.Bulletin;
-import fr.triplea.demovote.persistence.model.Categorie;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Production;
+import fr.triplea.demovote.dao.BulletinRepository;
+import fr.triplea.demovote.dao.CategorieRepository;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.dao.ProductionRepository;
+import fr.triplea.demovote.model.Bulletin;
+import fr.triplea.demovote.model.Categorie;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Production;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/java/fr/triplea/demovote/web/controller/CategorieController.java

@@ -16,8 +16,8 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.CategorieRepository;
-import fr.triplea.demovote.persistence.model.Categorie;
+import fr.triplea.demovote.dao.CategorieRepository;
+import fr.triplea.demovote.model.Categorie;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/java/fr/triplea/demovote/web/controller/DiversController.java

@@ -8,8 +8,8 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.VariableRepository;
-import fr.triplea.demovote.persistence.dto.MessagesTransfer;
+import fr.triplea.demovote.dao.VariableRepository;
+import fr.triplea.demovote.dto.MessagesTransfer;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/java/fr/triplea/demovote/web/controller/MessageController.java

@@ -9,8 +9,8 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.MessageRepository;
-import fr.triplea.demovote.persistence.model.Message;
+import fr.triplea.demovote.dao.MessageRepository;
+import fr.triplea.demovote.model.Message;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/java/fr/triplea/demovote/web/controller/ParticipantController.java

@@ -20,13 +20,13 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dto.ParticipantList;
-import fr.triplea.demovote.persistence.dto.ParticipantOptionList;
-import fr.triplea.demovote.persistence.dto.ParticipantTransfer;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.ParticipantModePaiement;
-import fr.triplea.demovote.persistence.model.ParticipantStatut;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.dto.ParticipantList;
+import fr.triplea.demovote.dto.ParticipantOptionList;
+import fr.triplea.demovote.dto.ParticipantTransfer;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.ParticipantModePaiement;
+import fr.triplea.demovote.model.ParticipantStatut;
 
 
 @CrossOrigin(origins = "http://localhost:4200")

src/main/java/fr/triplea/demovote/web/controller/PreferenceController.java

@@ -13,9 +13,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.PreferenceRepository;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Preference;
+import fr.triplea.demovote.dao.PreferenceRepository;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Preference;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/java/fr/triplea/demovote/web/controller/PresentationController.java

@@ -9,8 +9,8 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.PresentationRepository;
-import fr.triplea.demovote.persistence.model.Presentation;
+import fr.triplea.demovote.dao.PresentationRepository;
+import fr.triplea.demovote.model.Presentation;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/java/fr/triplea/demovote/web/controller/ProductionController.java

@@ -23,15 +23,15 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.ParticipantRepository;
-import fr.triplea.demovote.persistence.dao.ProductionRepository;
-import fr.triplea.demovote.persistence.dto.ProductionTransfer;
-import fr.triplea.demovote.persistence.dto.ProductionFile;
-import fr.triplea.demovote.persistence.dto.ProductionShort;
-import fr.triplea.demovote.persistence.dto.ProductionUpdate;
-import fr.triplea.demovote.persistence.model.Participant;
-import fr.triplea.demovote.persistence.model.Production;
-import fr.triplea.demovote.persistence.model.ProductionType;
+import fr.triplea.demovote.dao.ParticipantRepository;
+import fr.triplea.demovote.dao.ProductionRepository;
+import fr.triplea.demovote.dto.ProductionFile;
+import fr.triplea.demovote.dto.ProductionShort;
+import fr.triplea.demovote.dto.ProductionTransfer;
+import fr.triplea.demovote.dto.ProductionUpdate;
+import fr.triplea.demovote.model.Participant;
+import fr.triplea.demovote.model.Production;
+import fr.triplea.demovote.model.ProductionType;
 import io.hypersistence.utils.hibernate.type.basic.Inet;
 import jakarta.servlet.http.HttpServletRequest;
 

src/main/java/fr/triplea/demovote/web/controller/VariableController.java

@@ -18,9 +18,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import fr.triplea.demovote.persistence.dao.VariableRepository;
-import fr.triplea.demovote.persistence.dto.VariableTypeOptionList;
-import fr.triplea.demovote.persistence.model.Variable;
+import fr.triplea.demovote.dao.VariableRepository;
+import fr.triplea.demovote.dto.VariableTypeOptionList;
+import fr.triplea.demovote.model.Variable;
 
 @CrossOrigin(origins = "http://localhost:4200")
 @RestController

src/main/resources/application.properties

@@ -19,3 +19,5 @@ server.servlet.context-path=/demovote-api/v1
 #logging.logback.rollingpolicy.total-size-cap=10MB
 #logging.logback.rollingpolicy.max-history=5
 
+jwttoken.secret=alchimie!!!
+jwttoken.expiration=3600000