fix: write just one time response

Author: Throyer

.docker/.env.example

@@ -28,4 +28,6 @@ SMTP_USERNAME=user@gmail
 SMTP_PASSWORD=secret
 
 # swagger
-SWAGGER_URL=/docs
+SWAGGER_URL=/docs
+SWAGGER_USERNAME=
+SWAGGER_PASSWORD=

.docker/docker-compose.dev.yml

@@ -62,6 +62,8 @@ services:
 
       # swagger
       SWAGGER_URL: ${SWAGGER_URL}
+      SWAGGER_USERNAME: ${SWAGGER_USERNAME}
+      SWAGGER_PASSWORD: ${SWAGGER_PASSWORD}
     volumes:
       - ../api:/app
       - ./.volumes/maven:/root/.m2

api/src/main/java/com/github/throyer/common/springboot/configurations/SpringSecurityConfiguration.java

@@ -13,18 +13,13 @@
 import static com.github.throyer.common.springboot.constants.SECURITY.TOKEN_SECRET;
 import static com.github.throyer.common.springboot.constants.SECURITY.USERNAME_PARAMETER;
 import static com.github.throyer.common.springboot.utils.Responses.forbidden;
-import static java.util.Optional.ofNullable;
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.HttpMethod.POST;
 import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
 
 import java.util.List;
-import java.util.Optional;
 import java.util.stream.Stream;
 
-import com.github.throyer.common.springboot.domain.session.service.SessionService;
-import com.github.throyer.common.springboot.middlewares.AuthorizationMiddleware;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -39,10 +34,12 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-import org.springframework.stereotype.Component;
 import org.springframework.web.cors.CorsConfiguration;
 
-@Component
+import com.github.throyer.common.springboot.domain.session.service.SessionService;
+import com.github.throyer.common.springboot.middlewares.AuthorizationMiddleware;
+import com.github.throyer.common.springboot.utils.Strings;
+
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
@@ -51,132 +48,130 @@ public class SpringSecurityConfiguration {
     private final SessionService sessionService;
     private final AuthorizationMiddleware filter;
 
-    public static String SWAGGER_USERNAME;
-    public static String SWAGGER_PASSWORD;
+    public static String SWAGGER_USERNAME = null;
+    public static String SWAGGER_PASSWORD = null;
 
     @Autowired
     public SpringSecurityConfiguration(
         SessionService sessionService,
-        AuthorizationMiddleware filter
+        AuthorizationMiddleware filter,
+        @Value("${swagger.username}") String username,
+        @Value("${swagger.password}") String password
     ) {
-        this.sessionService = sessionService;
-        this.filter = filter;
+      this.sessionService = sessionService;
+      this.filter = filter;
+      
+      SpringSecurityConfiguration.SWAGGER_USERNAME = username;
+      SpringSecurityConfiguration.SWAGGER_PASSWORD = password;
     }
 
     @Autowired
-    protected void globalConfiguration(
-        AuthenticationManagerBuilder authentication,
-        @Value("${swagger.username}") String username,
-        @Value("${swagger.password}") String password
-    ) throws Exception {
-        SpringSecurityConfiguration.SWAGGER_USERNAME = username;
-        SpringSecurityConfiguration.SWAGGER_PASSWORD = password;
-
+    protected void globalConfiguration(AuthenticationManagerBuilder authentication) throws Exception {
         if (Stream
-            .of(ofNullable(SWAGGER_PASSWORD), ofNullable(SWAGGER_USERNAME))
-                .allMatch(Optional::isPresent)) {
-
-            authentication
-                .inMemoryAuthentication()
-                    .passwordEncoder(ENCODER)
-                    .withUser(username)
-                    .password(ENCODER.encode(password))
-                    .authorities(List.of());
+          .of(SWAGGER_PASSWORD, SWAGGER_USERNAME)
+              .allMatch(Strings::notNullOrBlank)) {
+
+          authentication
+            .inMemoryAuthentication()
+              .passwordEncoder(ENCODER)
+              .withUser(SWAGGER_USERNAME)
+              .password(ENCODER.encode(SWAGGER_PASSWORD))
+              .authorities(List.of());
         }
 
 
         authentication
-            .userDetailsService(sessionService)
-            .passwordEncoder(ENCODER);
+          .userDetailsService(sessionService)
+          .passwordEncoder(ENCODER);
     }
 
     @Bean
     public AuthenticationManager authenticationManager(
         AuthenticationConfiguration configuration
     ) throws Exception {
-        return configuration.getAuthenticationManager();
+      return configuration.getAuthenticationManager();
     }
 
     @Bean
     @Order(1)
     public SecurityFilterChain api(HttpSecurity http) throws Exception {
-        PUBLICS.injectOn(http);
-
-        http
-            .antMatcher("/api/**")
-                .authorizeRequests()
-                    .anyRequest()
-                        .authenticated()
-            .and()
-                .csrf()
-                .disable()
-                    .exceptionHandling()
-                        .authenticationEntryPoint((request, response, exception) -> forbidden(response))
-            .and()                
-                .sessionManagement()
-                .sessionCreationPolicy(STATELESS)
-            .and()
-                .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class)
-            .cors()
-                .configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
-
-        return http.build();
+      PUBLICS.injectOn(http);
+
+      http
+        .antMatcher("/api/**")
+          .authorizeRequests()
+            .anyRequest()
+              .authenticated()
+        .and()
+            .csrf()
+            .disable()
+              .exceptionHandling()
+                .authenticationEntryPoint((request, response, exception) -> forbidden(response))
+        .and()                
+          .sessionManagement()
+          .sessionCreationPolicy(STATELESS)
+        .and()
+          .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class)
+        .cors()
+          .configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
+
+      return http.build();
     }
 
     @Bean
     @Order(2)
     public SecurityFilterChain app(HttpSecurity http) throws Exception {
-        http
-            .antMatcher("/app/**")
-                .authorizeRequests()
-                    .antMatchers(GET, LOGIN_URL, "/app", "/app/register", "/app/recovery/**")
-                        .permitAll()
-                    .antMatchers(POST, "/app/register", "/app/recovery/**")
-                        .permitAll()
-                    .anyRequest()
-                        .hasAuthority("USER")
-            .and()
-                .csrf()
-                    .disable()                    
-                        .formLogin()
-                            .loginPage(LOGIN_URL)
-                                .failureUrl(LOGIN_ERROR_URL)
-                                .defaultSuccessUrl(HOME_URL)
-                            .usernameParameter(USERNAME_PARAMETER)
-                            .passwordParameter(PASSWORD_PARAMETER)
-            .and()
-                .rememberMe()                    
-                    .key(TOKEN_SECRET)
-                        .tokenValiditySeconds(DAY_MILLISECONDS)
-            .and()
-                .logout()
-                    .deleteCookies(SESSION_COOKIE_NAME)
-                        .logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL))
-                        .logoutSuccessUrl(LOGIN_URL)
-            .and()
-                .exceptionHandling()
-                    .accessDeniedPage(ACESSO_NEGADO_URL);
-
-        return http.build();
+      http
+        .antMatcher("/app/**")
+          .authorizeRequests()
+            .antMatchers(GET, LOGIN_URL, "/app", "/app/register", "/app/recovery/**")
+              .permitAll()
+            .antMatchers(POST, "/app/register", "/app/recovery/**")
+              .permitAll()
+            .anyRequest()
+              .hasAuthority("USER")              
+        .and()
+          .csrf()
+            .disable()                    
+              .formLogin()
+                .loginPage(LOGIN_URL)
+                  .failureUrl(LOGIN_ERROR_URL)
+                  .defaultSuccessUrl(HOME_URL)
+                .usernameParameter(USERNAME_PARAMETER)
+                .passwordParameter(PASSWORD_PARAMETER)
+        .and()
+          .rememberMe()                    
+            .key(TOKEN_SECRET)
+              .tokenValiditySeconds(DAY_MILLISECONDS)
+        .and()
+          .logout()
+            .deleteCookies(SESSION_COOKIE_NAME)
+              .logoutRequestMatcher(new AntPathRequestMatcher(LOGOUT_URL))
+              .logoutSuccessUrl(LOGIN_URL)
+        .and()
+          .exceptionHandling()
+            .accessDeniedPage(ACESSO_NEGADO_URL);
+
+      return http.build();
     }
 
     @Bean
     @Order(4)
     public SecurityFilterChain swagger(HttpSecurity http) throws Exception {
-        if (Stream
-                .of(ofNullable(SWAGGER_PASSWORD), ofNullable(SWAGGER_USERNAME))
-                    .allMatch(Optional::isPresent)) {
+      if (Stream
+        .of(SWAGGER_PASSWORD, SWAGGER_USERNAME)
+            .allMatch(Strings::notNullOrBlank)) {
 
             http
-                .antMatcher("/swagger-ui/**")
-                    .authorizeRequests()
-                        .anyRequest()
-                            .authenticated()
-                .and()
-                    .sessionManagement()
-                            .sessionCreationPolicy(STATELESS)
-                .and()
-                    .httpBasic();
+              .antMatcher("/swagger-ui/**")
+                .authorizeRequests()
+                  .anyRequest()
+                    .authenticated()
+              .and()
+                .sessionManagement()
+                  .sessionCreationPolicy(STATELESS)
+              .and()
+                .httpBasic();
         }
 
         return http.build();

api/src/main/java/com/github/throyer/common/springboot/domain/session/service/SessionService.java

@@ -25,64 +25,62 @@
 @Service
 public class SessionService implements UserDetailsService {
 
-    private final UserRepository repository;
+  private final UserRepository repository;
 
-    public SessionService(UserRepository repository) {
-        this.repository = repository;
-    }
+  public SessionService(UserRepository repository) {
+    this.repository = repository;
+  }
 
-    @Override
-    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
-        var user = repository.findByEmail(email)
-                .orElseThrow(() -> new UsernameNotFoundException(message(INVALID_USERNAME)));
-        
-        return new Authorized(user);
-    }
+  @Override
+  public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
+    var user = repository.findByEmail(email)
+        .orElseThrow(() -> new UsernameNotFoundException(message(INVALID_USERNAME)));
 
-    public static void authorize(
-            HttpServletRequest request,
-            HttpServletResponse response
-    ) {
-        if (PUBLICS.anyMatch(request)) {
-            return;
-        }
+    return new Authorized(user);
+  }
 
-        var token = Authorization.extract(request);
+  public static void authorize(
+      HttpServletRequest request,
+      HttpServletResponse response) {
+    if (PUBLICS.anyMatch(request)) {
+      return;
+    }
 
-        if (isNull(token)) {
-            return;
-        }
+    var token = Authorization.extract(request);
 
-        try {
-            var authorized = JWT.decode(token, TOKEN_SECRET);
-            SecurityContextHolder
-                    .getContext()
-                    .setAuthentication(authorized.getAuthentication());
-        } catch (Exception exception) {
-            expired(response);
-        }
+    if (isNull(token)) {
+      return;
     }
 
-    public static Optional<Authorized> authorized() {
-        try {
-            var principal = getPrincipal();
+    try {
+      var authorized = JWT.decode(token, TOKEN_SECRET);
+      SecurityContextHolder
+        .getContext()
+          .setAuthentication(authorized.getAuthentication());
+    } catch (Exception exception) {
+      expired(response);
+    }
+  }
 
-            if (nonNull(principal) && principal instanceof Authorized authorized) {
-                return of(authorized);
-            }
-            return empty();
-        } catch (Exception exception) {
-            return empty();
-        }
+  public static Optional<Authorized> authorized() {
+    try {
+      var principal = getPrincipal();
 
+      if (nonNull(principal) && principal instanceof Authorized authorized) {
+        return of(authorized);
+      }
+      return empty();
+    } catch (Exception exception) {
+      return empty();
     }
+  }
 
-    private static Object getPrincipal() {
-        var authentication = SecurityContextHolder.getContext()
-                .getAuthentication();
-        if (nonNull(authentication)) {
-            return authentication.getPrincipal();
-        }
-        return null;
+  private static Object getPrincipal() {
+    var authentication = SecurityContextHolder.getContext()
+      .getAuthentication();
+    if (nonNull(authentication)) {
+      return authentication.getPrincipal();
     }
+    return null;
+  }
 }