Podzilla · NourAlPha · May 3, 2025 · Apr 27, 2025 · Apr 27, 2025 · Apr 27, 2025
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,9 @@ target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/
+logs/
+*.log
+secret.env
 
 ### STS ###
 .apt_generated

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,6 +1,7 @@
 services:
   backend:
     image: openjdk:25-ea-4-jdk-oraclelinux9
+    container_name: auth
     ports:
       - "8080:8080"
     env_file:
@@ -9,13 +10,15 @@ services:
       - auth_db
     environment:
       - SPRING_DATASOURCE_URL=jdbc:postgresql://auth_db:5432/authDB
+      - SPRING_DATA_REDIS_HOST=redis_cache
     volumes:
       - ./target:/app
       - ./logs:/logs
     command: [ "java", "-jar", "/app/auth-0.0.1-SNAPSHOT.jar" ]
 
   auth_db:
-    image: postgres:latest
+    image: postgres:14.17
+    container_name: auth_db
     environment:
       POSTGRES_PASSWORD: 1234
       POSTGRES_USER: postgres
@@ -24,13 +27,15 @@ services:
       - "5432:5432"
 
   loki:
-    image: grafana/loki:latest
+    image: grafana/loki:3.5.0
+    container_name: loki
     ports:
       - "3100:3100"
     command: -config.file=/etc/loki/local-config.yaml
 
   promtail:
-    image: grafana/promtail:latest
+    image: grafana/promtail:3.5.0
+    container_name: promtail
     volumes:
       - ./promtail-config.yml:/etc/promtail/promtail-config.yaml
       - ./logs:/logs
@@ -39,8 +44,23 @@ services:
       - loki
 
   grafana:
-    image: grafana/grafana:latest
+    image: grafana/grafana:11.6.1
+    container_name: grafana
     ports:
       - "3000:3000"
     depends_on:
       - loki
+
+
+  redis_cache:
+    image: redis:7.4.3
+    container_name: redisCache
+    ports:
+      - "6379:6379"
+
+  redisinsight:
+    image: redis/redisinsight:2.68
+    container_name: redisInsight
+    ports:
+      - "5540:5540"
+    restart: always
diff --git a/pom.xml b/pom.xml
@@ -96,6 +96,18 @@
 			<artifactId>jakarta.validation-api</artifactId>
 			<version>3.0.2</version>
 		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<version>5.14.2</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-junit-jupiter</artifactId>
+			<version>5.14.2</version>
+			<scope>test</scope>
+		</dependency>
 
 
 		<!-- json web token -->

diff --git a/src/main/java/com/podzilla/auth/AuthApplication.java b/src/main/java/com/podzilla/auth/AuthApplication.java
@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
 
 @SpringBootApplication
+@EnableCaching
 public class AuthApplication {
 
     public static void main(final String[] args) {

diff --git a/src/main/java/com/podzilla/auth/dto/CustomGrantedAuthority.java b/src/main/java/com/podzilla/auth/dto/CustomGrantedAuthority.java
@@ -0,0 +1,27 @@
+package com.podzilla.auth.dto;
+
+import org.springframework.security.core.GrantedAuthority;
+
+public class CustomGrantedAuthority implements GrantedAuthority {
+    private String authority;
+
+    public CustomGrantedAuthority() {
+        // No-arg constructor required by Jackson
+    }
+
+    public CustomGrantedAuthority(final String authority) {
+        this.authority = authority;
+    }
+
+    @Override
+    public String getAuthority() {
+        return authority;
+    }
+
+    @Override
+    public String toString() {
+        return "CustomGrantedAuthority{"
+                + "authority='" + authority + '\''
+                + '}';
+    }
+}
diff --git a/src/main/java/com/podzilla/auth/dto/CustomUserDetails.java b/src/main/java/com/podzilla/auth/dto/CustomUserDetails.java
@@ -0,0 +1,110 @@
+package com.podzilla.auth.dto;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import lombok.Getter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
+import java.util.Set;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class CustomUserDetails implements UserDetails {
+
+    private String username;
+
+    @JsonIgnore
+    private String password;
+
+    @JsonDeserialize(contentAs = CustomGrantedAuthority.class)
+    private Set<GrantedAuthority> authorities;
+
+    @Getter
+    private final boolean accountNonExpired;
+    @Getter
+    private final boolean accountNonLocked;
+    @Getter
+    private final boolean credentialsNonExpired;
+    @Getter
+    private final boolean enabled;
+
+    public CustomUserDetails() {
+        // No-arg constructor required by Jackson
+        this.accountNonExpired = true;
+        this.accountNonLocked = true;
+        this.credentialsNonExpired = true;
+        this.enabled = true;
+    }
+
+    public CustomUserDetails(final String username, final String password,
+                             final Set<GrantedAuthority> authorities) {
+        this.username = username;
+        this.password = password;
+        this.authorities = authorities;
+        this.accountNonExpired = true;
+        this.accountNonLocked = true;
+        this.credentialsNonExpired = true;
+        this.enabled = true;
+    }
+
+    public CustomUserDetails(final String username,
+                             final String password,
+                             final boolean enabled,
+                             final boolean accountNonExpired,
+                             final boolean accountNonLocked,
+                             final boolean credentialsNonExpired,
+                             final Set<GrantedAuthority> authorities) {
+        this.username = username;
+        this.password = password;
+        this.authorities = authorities;
+        this.accountNonExpired = accountNonExpired;
+        this.accountNonLocked = accountNonLocked;
+        this.credentialsNonExpired = credentialsNonExpired;
+        this.enabled = enabled;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    public void eraseCredentials() {
+        this.password = null;
+    }
+
+    public int hashCode() {
+        return this.username.hashCode();
+    }
+
+    public boolean equals(final Object obj) {
+        if (obj instanceof CustomUserDetails) {
+            return this.username
+                    .equals(((CustomUserDetails) obj).getUsername());
+        } else {
+            return false;
+        }
+    }
+
+    public String toString() {
+        return this.getClass().getName() + " ["
+                + "Username=" + this.username + ", "
+                + "Password=[PROTECTED], "
+                + "Enabled=" + this.enabled + ", "
+                + "AccountNonExpired=" + this.accountNonExpired + ", "
+                + "CredentialsNonExpired=" + this.credentialsNonExpired + ", "
+                + "AccountNonLocked=" + this.accountNonLocked + ", "
+                + "Granted Authorities=" + this.authorities + "]";
+    }
+}
diff --git a/src/main/java/com/podzilla/auth/exception/GlobalExceptionHandler.java b/src/main/java/com/podzilla/auth/exception/GlobalExceptionHandler.java
@@ -2,11 +2,31 @@
 
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
 @RestControllerAdvice
-public class GlobalExceptionHandler {
+public class GlobalExceptionHandler extends ResponseEntityExceptionHandler {
+
+
+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<ErrorResponse> handleAccessDeniedException(
+            final AccessDeniedException exception) {
+        return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                .body(new ErrorResponse(exception.getMessage(),
+                        HttpStatus.FORBIDDEN));
+    }
+
+    @ExceptionHandler(AuthenticationException.class)
+    public ResponseEntity<ErrorResponse> handleAuthenticationException(
+            final AuthenticationException exception) {
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
+                .body(new ErrorResponse(exception.getMessage(),
+                        HttpStatus.UNAUTHORIZED));
+    }
 
     @ExceptionHandler(NotFoundException.class)
     public ResponseEntity<ErrorResponse> handleNotFoundException(

diff --git a/src/main/java/com/podzilla/auth/model/RefreshToken.java b/src/main/java/com/podzilla/auth/model/RefreshToken.java
@@ -9,9 +9,11 @@
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Column;
 import jakarta.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Getter;
-import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.NoArgsConstructor;
 import org.springframework.data.annotation.CreatedDate;
 import org.springframework.data.jpa.domain.support.AuditingEntityListener;
 
@@ -21,8 +23,10 @@
 @Entity
 @Table(name = "refresh_tokens")
 @Getter
+@Builder
 @Setter
 @NoArgsConstructor
+@AllArgsConstructor
 @EntityListeners(AuditingEntityListener.class)
 public class RefreshToken {
 

diff --git a/src/main/java/com/podzilla/auth/redis/RedisCacheConfig.java b/src/main/java/com/podzilla/auth/redis/RedisCacheConfig.java
@@ -0,0 +1,45 @@
+package com.podzilla.auth.redis;
+
+import com.podzilla.auth.dto.CustomUserDetails;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.support.NoOpCacheManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.cache.RedisCacheConfiguration;
+import org.springframework.data.redis.cache.RedisCacheManager;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+
+import java.time.Duration;
+
+@Configuration
+public class RedisCacheConfig {
+
+    private static final int CACHE_TTL = 60 * 60;
+
+    @Bean
+    public CacheManager cacheManager(
+            final RedisConnectionFactory redisConnectionFactory,
+            @Value("${appconfig.cache.enabled}") final String cacheEnabled) {
+        if (!Boolean.parseBoolean(cacheEnabled)) {
+            return new NoOpCacheManager();
+        }
+
+        RedisCacheConfiguration defaultConfig = RedisCacheConfiguration
+                .defaultCacheConfig()
+                .entryTtl(Duration.ofMinutes(CACHE_TTL))
+                .disableCachingNullValues()
+                .serializeValuesWith(
+                        RedisSerializationContext.
+                                SerializationPair.
+                                fromSerializer(
+                                        new Jackson2JsonRedisSerializer<>(
+                                                CustomUserDetails.class)));
+
+        return RedisCacheManager.builder(redisConnectionFactory)
+                .cacheDefaults(defaultConfig)
+                .build();
+    }
+}
diff --git a/src/main/java/com/podzilla/auth/security/JWTAuthenticationFilter.java b/src/main/java/com/podzilla/auth/security/JWTAuthenticationFilter.java
@@ -47,7 +47,8 @@ protected void doFilterInternal(final HttpServletRequest request,
             String userEmail = tokenService.extractEmail();
 
             UserDetails userDetails =
-                    customUserDetailsService.loadUserByUsername(userEmail);
+                    customUserDetailsService
+                            .loadUserByUsernameCached(userEmail);
 
             UsernamePasswordAuthenticationToken authToken =
                     new UsernamePasswordAuthenticationToken(
@@ -62,7 +63,7 @@ protected void doFilterInternal(final HttpServletRequest request,
             context.setAuthentication(authToken);
             SecurityContextHolder.setContext(context);
 
-
+            LOGGER.info("User {} authenticated", userEmail);
         } catch (Exception e) {
             LOGGER.error("Invalid JWT token: {}", e.getMessage());
         }

diff --git a/src/main/java/com/podzilla/auth/security/RestAuthenticationEntryPoint.java b/src/main/java/com/podzilla/auth/security/RestAuthenticationEntryPoint.java