feat: Implementing JWT auth to API

Issue: https://github.com/GeovaniTech/InvestMe.git

Author: GeovaniTech

server-investme-api/.gitignore

@@ -42,3 +42,6 @@ nb-configuration.xml
 # Plugin directory
 /.quarkus/cli/plugins/
 application.properties
+publicKey.pem
+privateKey.pem
+rsaPrivateKey.pem

server-investme-api/pom.xml

@@ -77,6 +77,16 @@
 			<groupId>io.quarkus</groupId>
 			<artifactId>quarkus-rest-jackson</artifactId>
 		</dependency>
+
+		<dependency>
+			<groupId>io.quarkus</groupId>
+			<artifactId>quarkus-smallrye-jwt</artifactId>
+		</dependency>
+		
+		<dependency>
+			<groupId>io.quarkus</groupId>
+			<artifactId>quarkus-smallrye-jwt-build</artifactId>
+		</dependency>
     </dependencies>
 
     <build>

server-investme-api/src/main/java/br/com/devpree/investme/api/category/wsrest/WSCategory.java

@@ -5,6 +5,7 @@
 
 import br.com.devpree.investme.api.category.service.CategoryService;
 import br.com.devpree.investme.api.category.transferobject.TOCategoryRestModel;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
@@ -24,6 +25,7 @@ public class WSCategory implements Serializable {
 	@GET
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed({"User"}) 
 	@Path("/list")
 	public List<TOCategoryRestModel> list(@QueryParam("email") String email) {
 		return categoryService.list(email);

server-investme-api/src/main/java/br/com/devpree/investme/api/payments/wsrest/WSPayment.java

@@ -5,6 +5,7 @@
 
 import br.com.devpree.investme.api.payments.service.PaymentService;
 import br.com.devpree.investme.api.payments.transferobject.TOPaymentRestModel;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
@@ -24,6 +25,7 @@ public class WSPayment implements Serializable {
 	@GET
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed({"User"}) 
 	@Path("/list")
 	public List<TOPaymentRestModel> list(@QueryParam("email") String email) {
 		return paymentService.list(email);

server-investme-api/src/main/java/br/com/devpree/investme/api/transaction/wsrest/WSTransaction.java

@@ -5,6 +5,7 @@
 
 import br.com.devpree.investme.api.transaction.service.TransactionService;
 import br.com.devpree.investme.api.transaction.transferobject.TOTransactionRestModel;
+import jakarta.annotation.security.RolesAllowed;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
@@ -24,6 +25,7 @@ public class WSTransaction implements Serializable {
 	@GET
 	@Consumes(MediaType.APPLICATION_JSON)
 	@Produces(MediaType.APPLICATION_JSON)
+    @RolesAllowed({"User"}) 
 	@Path("/list")
 	public List<TOTransactionRestModel> list(@QueryParam("email") String email) { 
 		return transactionService.list(email);

server-investme-api/src/main/java/org/acme/security/jwt/GenerateToken.java

@@ -0,0 +1,24 @@
+package org.acme.security.jwt;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.HashSet;
+
+import org.eclipse.microprofile.jwt.Claims;
+
+import io.smallrye.jwt.build.Jwt;
+
+public class GenerateToken {
+    /**
+     * Generate JWT token
+     */
+    public static void main(String[] args) {
+        String token =
+           Jwt.issuer("https://www.devpree.com.br/investme/issuer") 
+             .upn("investme-api") 
+             .groups(new HashSet<>(Arrays.asList("User", "Admin"))) 
+             .claim(Claims.birthdate.name(), new Date()) 
+           .sign();
+        System.out.println(token);
+    }
+}

server-investme-api/src/main/java/org/acme/security/jwt/TokenSecuredResource.java

@@ -0,0 +1,58 @@
+package org.acme.security.jwt;
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import jakarta.annotation.security.PermitAll;
+import jakarta.annotation.security.RolesAllowed;
+import jakarta.inject.Inject;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.InternalServerErrorException;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.SecurityContext;
+
+
+@Path("/secured")
+public class TokenSecuredResource {
+
+    @Inject
+    JsonWebToken jwt; 
+
+    @GET()
+    @Path("permit-all")
+    @PermitAll 
+    @Produces(MediaType.TEXT_PLAIN)
+    public String hello(@Context SecurityContext ctx) {
+        return getResponseString(ctx); 
+    }
+    
+    @GET
+    @Path("roles-allowed") 
+    @RolesAllowed({"User"}) 
+    @Produces(MediaType.TEXT_PLAIN)
+    public String helloRolesAllowed(@Context SecurityContext ctx) {
+        return getResponseString(ctx) + ", birthdate: " + jwt.getClaim("birthdate").toString(); 
+    }
+
+    private String getResponseString(SecurityContext ctx) {
+        String name;
+        if (ctx.getUserPrincipal() == null) { 
+            name = "anonymous";
+        } else if (!ctx.getUserPrincipal().getName().equals(jwt.getName())) { 
+            throw new InternalServerErrorException("Principal and JsonWebToken names do not match");
+        } else {
+            name = ctx.getUserPrincipal().getName(); 
+        }
+        return String.format("hello + %s,"
+            + " isHttps: %s,"
+            + " authScheme: %s,"
+            + " hasJWT: %s",
+            name, ctx.isSecure(), ctx.getAuthenticationScheme(), hasJwt()); 
+    }
+
+    private boolean hasJwt() {
+        return jwt.getClaimNames() != null;
+    }
+}