Implement jwt in session

ClientApplication/src/main/java/com/champix/clientchampix/controller/AuthentificationController.java

@@ -1,6 +1,7 @@
 package com.champix.clientchampix.controller;
 
 import com.champix.clientchampix.domains.UtilisateurEntity;
+import com.champix.clientchampix.jwt.JWTManager;
 import com.champix.clientchampix.repository.UtilisateurEntityRepository;
 import com.champix.clientchampix.security.MD5;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -43,6 +44,10 @@ public ModelAndView login(HttpServletRequest request, HttpServletResponse respon
                 if (unUtilisateur.getMdp().equals(mdp)) {
                     HttpSession session = request.getSession();
                     session.setAttribute("id", unUtilisateur.getIdClient());
+                    session.setAttribute("jwt", new JWTManager.Builder()
+                            .setId(unUtilisateur.getIdClient().toString())
+                            .setExpiredAfterMillis(3600000L)
+                            .build());
                     destinationPage = "/index";
                 } else {
                     message = "mot de passe erroné";

ClientApplication/src/main/java/com/champix/clientchampix/controller/ReservationController.java

@@ -1,6 +1,7 @@
 package com.champix.clientchampix.controller;
 
 import com.champix.clientchampix.jms.JmsService;
+import com.champix.clientchampix.jwt.JWTManager;
 import com.champix.dto.ReservationDTO;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -34,7 +35,9 @@ public class ReservationController {
     @RequestMapping(method = RequestMethod.GET, value = "/reservation")
     public ModelAndView getReservation(HttpServletRequest request,
                                      HttpServletResponse response) throws Exception {
-
+        if (!checkJWTSession(request))
+            return new ModelAndView("/index");
+
         String destinationPage="";
         try {
             request.setAttribute("idVehicule", request.getParameter("idVehicule"));
@@ -49,6 +52,8 @@ public ModelAndView getReservation(HttpServletRequest request,
         @RequestMapping(method = RequestMethod.POST, value = "/envoiReservation")
     public ModelAndView envoiReservation(HttpServletRequest request,
                                      HttpServletResponse response) throws Exception {
+        if (!checkJWTSession(request))
+            return new ModelAndView("/index");
 
         String destinationPage="";
         try {
@@ -76,4 +81,15 @@ public ModelAndView envoiReservation(HttpServletRequest request,
         }
         return new ModelAndView(destinationPage);
     }
+
+    private boolean checkJWTSession(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        if (!JWTManager.verify((String) session.getAttribute("jwt"))) {
+            session.setAttribute("id", null);
+            session.setAttribute("jwt", null);
+            request.setAttribute("error", "Session expired");
+            return false;
+        }
+        return true;
+    }
 }

ClientApplication/src/main/java/com/champix/clientchampix/jwt/JWTManager.java

@@ -1,13 +1,12 @@
 package com.champix.clientchampix.jwt;
 
-import javax.crypto.spec.SecretKeySpec;
-import javax.xml.bind.DatatypeConverter;
-
 import io.jsonwebtoken.*;
-import sun.reflect.generics.reflectiveObjects.NotImplementedException;
 
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
 import java.security.Key;
 import java.util.Date;
+import java.util.UUID;
 
 /**
  * Class containing static methods to manage JSON Web Tokens for the application.
@@ -16,6 +15,49 @@
  */
 public class JWTManager {
 
+	// TODO See https://tools.ietf.org/html/rfc7519#section-4.1
+
+	public static final String JWT_ATTRIBUTE = "jwt";
+	public static final String ISSUER = "ChampixExpress";
+
+	public static class Builder {
+		private String id;
+		private String issuer;
+		private String subject;
+		private long expiredAfterMillis;
+
+		public Builder() {
+			id = UUID.randomUUID().toString();
+			issuer = JWTManager.ISSUER;
+			subject = "";
+			expiredAfterMillis = -1;
+		}
+
+		public Builder setId(String id) {
+			this.id = id;
+			return this;
+		}
+
+		public Builder setIssuer(String issuer) {
+			this.issuer = issuer;
+			return this;
+		}
+
+		public Builder setSubject(String subject) {
+			this.subject = subject;
+			return this;
+		}
+
+		public Builder setExpiredAfterMillis(long expiredAfterMillis) {
+			this.expiredAfterMillis = expiredAfterMillis;
+			return this;
+		}
+
+		public String build() {
+			return JWTManager.create(id, issuer, subject, expiredAfterMillis);
+		}
+	}
+
 	/**
 	 * Generate a JSON Web Token.
 	 * @param id The user's id
@@ -101,11 +143,18 @@ public static Claims decode(String jwt) {
 	 * @return Return {@code true} if the JSON Web Token is valid, {@code false} otherwise.
 	 */
 	public static boolean verify(String jwt) {
-		// TODO: Implement the verify function
+		if (jwt == null)
+			return false;
+
 		Claims claims;
 		try {
 			claims = decode(jwt);
-		} catch (MalformedJwtException ignored) {
+
+			// If the JWT has expired, return false.
+			Date now = new Date();
+			if (claims.getExpiration().before(now))
+				return false;
+		} catch (NullPointerException | MalformedJwtException | ExpiredJwtException ignored) {
 			return false;
 		}
 

ClientApplication/src/main/webapp/WEB-INF/jsp/views/error.jsp

@@ -6,12 +6,18 @@
 <div class="col-md-12 well well-md">
     <center><h1>Gestion des erreurs </h1></center>
 </div>
-<c:if test="${erreur != null }">
+<c:if test="${erreur != null}">
     <div class="alert-danger" role="alert">
         <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
         <c:out value="${erreur}" />
     </div>
 </c:if>
+<c:if test="${error != null}">
+    <div class="alert-danger" role="alert">
+        <span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
+        <c:out value="${error}" />
+    </div>
+</c:if>
 
 <div class="form-group">
     <div class="col-md-6 col-md-offset-3">

ClientApplication/src/test/java/com/champix/clientchampix/jwt/JWTManagerTest.java

@@ -41,7 +41,20 @@ public void test1_create() {
 	}
 
 	@Test
-	public void test2_decode() {
+	public void test2_create() {
+		nowMillis = System.currentTimeMillis();
+		jwt = new JWTManager.Builder()
+				.setId(id)
+				.setIssuer(issuer)
+				.setSubject(subject)
+				.setExpiredAfterMillis(expiredAfterMillis)
+				.build();
+		System.out.println("jwt = " + jwt);
+		assertNotEquals("", jwt);
+	}
+
+	@Test
+	public void test3_decode() {
 		claims = JWTManager.decode(jwt);
 		System.out.println("claims type = " + claims.getClass().getSimpleName());
 		System.out.println("claims.id = " + claims.getId());
@@ -66,13 +79,13 @@ public void test2_decode() {
 	}
 
 	@Test
-	public void test3_verify() {
+	public void test4_verify() {
 		assertTrue(JWTManager.verify(jwt));
 		assertFalse(JWTManager.verify("123"));
 	}
 
 	@Test
-	public void test4_getJWTSecretKey() {
+	public void test5_getJWTSecretKey() {
 		assertTrue(JWTManager.getJWTSecretKey().length() >= 5);
 	}
 }