package com.bvrit.vtp.config; import com.bvrit.vtp.dao.BlacklistedTokenRepo; import com.bvrit.vtp.service.JwtService; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter; import java.io.IOException; import java.util.Collections; @Component public class JwtFilter extends OncePerRequestFilter { @Autowired private JwtService service; @Autowired private BlacklistedTokenRepo blacklistedTokenRepo; @Override protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) throws ServletException, IOException, java.io.IOException { String header = req.getHeader("Authorization"); if (header != null && header.startsWith("Bearer ")) { String token = header.substring(7); if (blacklistedTokenRepo.findByToken(token).isPresent()) { res.setStatus(HttpServletResponse.SC_UNAUTHORIZED); res.getWriter().write("Token is blacklisted"); return; } if (service.validateToken(token)) { String email = service.getEmail(token); UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(email, null, Collections.emptyList()); authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(req)); SecurityContextHolder.getContext().setAuthentication(authToken); } } chain.doFilter(req, res); } }