Package com.alpaca.security.manager

Class JJwtManager

java.lang.Object
com.alpaca.security.manager.JJwtManager
@Component public class JJwtManager extends Object
JJwtManager is a Spring component responsible for managing JSON Web Tokens (JWT) using asymmetric RSA key pairs for signing and verification.

This class provides methods to:

  • Generate signed JWT tokens from UserPrincipal instances.
  • Validate and parse tokens using the configured RSA public key.
  • Extract claims and build authentication objects compatible with Spring Security.

Security is enforced using the RS512 algorithm (SignatureAlgorithm) which leverages RSA with SHA-512 hashing. Keys are injected via application properties and decoded using the KeyFactory standard mechanism.

Configuration properties required:

  • app.jwtPrivateKey: Base64-encoded RSA private key in PKCS#8 format.
  • app.jwtPublicKey: Base64-encoded RSA public key in X.509 format.
  • app.jwtUserGenerator: Identifier of the issuer of tokens.
  • app.jwtTimeExpiration: Token expiration time in milliseconds.
See Also:

  • Field Details

    • alg

      private final io.jsonwebtoken.security.SignatureAlgorithm alg
      The signature algorithm used for JWT creation: RS512 (RSA + SHA-512).

    • privateKey

      private final RSAPrivateKey privateKey
      RSA private key used to sign tokens.

    • publicKey

      private final RSAPublicKey publicKey
      RSA public key used to verify tokens.

    • jwtUserGenerator

      private final String jwtUserGenerator
      The issuer (generator) identifier included in the token payload.

    • jwtTimeExpiration

      private final String jwtTimeExpiration
      Token expiration time (in milliseconds), configured via properties.

  • Constructor Details

    • JJwtManager

      public JJwtManager(@Value("${app.jwtPrivateKey}") @NotNull @NotNull String jwtPrivateKey, @Value("${app.jwtPublicKey}") @NotNull @NotNull String jwtPublicKey, @Value("${app.jwtUserGenerator}") @NotNull @NotNull String jwtUSerGenerator, @Value("${app.jwtTimeExpiration}") @NotNull @NotNull String jwtTimeExpiration) throws Exception
      Constructs a JJwtManager with the necessary RSA keys and configuration.
      Parameters:
      jwtPrivateKey - Base64-encoded RSA private key (PKCS#8 format)
      jwtPublicKey - Base64-encoded RSA public key (X.509 format)
      jwtUSerGenerator - Issuer name to include in JWT tokens
      jwtTimeExpiration - Expiration time in milliseconds for tokens
      Throws:
      Exception - if the provided keys cannot be parsed or decoded

  • Method Details

    • createToken

      public String createToken(UserPrincipal user)
      Creates a new signed JWT token containing information about a UserPrincipal.
      Parameters:
      user - the authenticated user
      Returns:
      a signed JWT as a String

    • validateToken

      public io.jsonwebtoken.Jws<io.jsonwebtoken.Claims> validateToken(String token)
      Validates and parses a JWT token using the public key.
      Parameters:
      token - the token to validate
      Returns:
      a Jws containing the claims if valid
      Throws:
      UnauthorizedException - if the token is invalid or expired

    • manageAuthentication

      public org.springframework.security.authentication.UsernamePasswordAuthenticationToken manageAuthentication(String token)
      Builds a Spring Security authentication object from a JWT token.
      Parameters:
      token - the JWT token
      Returns:
      a populated UsernamePasswordAuthenticationToken

    • createAuthentication

      public org.springframework.security.authentication.UsernamePasswordAuthenticationToken createAuthentication(io.jsonwebtoken.Claims claims)
      Creates an authentication object if the claims represent a valid token.
      Parameters:
      claims - the JWT claims
      Returns:
      a UsernamePasswordAuthenticationToken or null if invalid

    • isValidToken

      public boolean isValidToken(io.jsonwebtoken.Claims claims)
      Verifies whether the claims represent a valid token.
      Parameters:
      claims - the token claims
      Returns:
      true if valid, otherwise false

    • getUsername

      public String getUsername(io.jsonwebtoken.Claims claims)
      Returns:
      the username (JWT subject).

    • getAuthorities

      public String getAuthorities(io.jsonwebtoken.Claims claims)
      Returns:
      the raw authorities string (comma-separated).

    • getAuthoritiesList

      public List<? extends org.springframework.security.core.GrantedAuthority> getAuthoritiesList(io.jsonwebtoken.Claims claims)
      Returns:
      the authorities as a List of Spring Security GrantedAuthority.

    • getUserId

      public String getUserId(io.jsonwebtoken.Claims claims)
      Returns:
      the userId claim as a String.

    • getProfileId

      public String getProfileId(io.jsonwebtoken.Claims claims)
      Returns:
      the profileId claim as a String.

    • getAdvertiserId

      public String getAdvertiserId(io.jsonwebtoken.Claims claims)
      Returns:
      the advertiserId claim as a String.

    • getUUIDFromClaim

      public UUID getUUIDFromClaim(String claim)
      Converts a claim string to a UUID.
      Parameters:
      claim - the string claim value
      Returns:
      a UUID or null if blank

    • existString

      public boolean existString(String string)
      Checks whether a string is non-null and non-blank.
      Parameters:
      string - the string to check
      Returns:
      true if non-empty, otherwise false

    • getUserPrincipal

      public UserPrincipal getUserPrincipal(io.jsonwebtoken.Claims claims)
      Builds a UserPrincipal from JWT claims.
      Parameters:
      claims - the token claims
      Returns:
      a UserPrincipal populated with claim values

    • getSpecificClaim

      public <T> T getSpecificClaim(io.jsonwebtoken.Claims claims, String claimName, Class<T> t)
      Retrieves a specific claim from JWT claims.
      Parameters:
      claims - the claims object
      claimName - the name of the claim
      t - the type to cast the claim value
      Returns:
      the claim value cast to type T

    • getAllClaims

      public io.jsonwebtoken.Claims getAllClaims(io.jsonwebtoken.Jws<io.jsonwebtoken.Claims> claims)
      Extracts the payload (claims) from a signed JWS token.
      Parameters:
      claims - the signed claims wrapper
      Returns:
      the Claims payload

    • authoritiesToString

      public String authoritiesToString(Collection<? extends org.springframework.security.core.GrantedAuthority> grantedAuthorities)
      Converts a collection of GrantedAuthority objects into a comma-separated string.
      Parameters:
      grantedAuthorities - the authorities collection
      Returns:
      a string representation of authorities