Implement token blacklist for JWT logout support

- TokenBlacklistService tracks invalidated tokens using Caffeine cache. - AuthController adds tokens to blacklist on logout. - JwtAuthenticationFilter blocks blacklisted tokens during authentication.
2025-07-03 02:57:29 +05:30
parent dd52421392
commit 218ccb720f
3 changed files with 56 additions and 4 deletions
@@ -4,6 +4,9 @@ import com.skycrate.backend.skycrateBackend.dto.LoginRequest;
 import com.skycrate.backend.skycrateBackend.security.JwtService;
 import com.skycrate.backend.skycrateBackend.entity.User;
 import com.skycrate.backend.skycrateBackend.repository.UserRepository;
 import com.skycrate.backend.skycrateBackend.security.TokenBlacklistService;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -48,9 +51,19 @@ public class AuthController {
        return ResponseEntity.ok().body(token);
    }
    @Autowired
    private TokenBlacklistService tokenBlacklistService;
    @PostMapping("/logout")
-    public ResponseEntity<?> logout() {
+    public ResponseEntity<?> logout(HttpServletRequest request) {
-        // Client-side token deletion (or implement blacklist)
+        String authHeader = request.getHeader("Authorization");
-        return ResponseEntity.ok("Logged out (client should delete token)");
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
            return ResponseEntity.badRequest().body("Missing or invalid Authorization header");
        }
        String token = authHeader.substring(7);
        tokenBlacklistService.blacklistToken(token);
        return ResponseEntity.ok("Logged out successfully");
    }
 }
@@ -20,10 +20,14 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
    private final JwtService jwtService;
    private final UserRepository userRepository;
    private final TokenBlacklistService tokenBlacklistService;
-    public JwtAuthenticationFilter(JwtService jwtService, UserRepository userRepository) {
+    public JwtAuthenticationFilter(JwtService jwtService,
                                   UserRepository userRepository,
                                   TokenBlacklistService tokenBlacklistService) {
        this.jwtService = jwtService;
        this.userRepository = userRepository;
        this.tokenBlacklistService = tokenBlacklistService;
    }
    @Override
@@ -42,6 +46,14 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
        }
        jwt = authHeader.substring(7);
        // Check if token is blacklisted
        if (tokenBlacklistService.isTokenBlacklisted(jwt)) {
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            response.getWriter().write("Token has been blacklisted");
            return;
        }
        try {
            userEmail = jwtService.extractUsername(jwt);
        } catch (Exception e) {
@@ -0,0 +1,27 @@
 package com.skycrate.backend.skycrateBackend.security;
 import com.github.benmanes.caffeine.cache.Cache;
 import com.github.benmanes.caffeine.cache.Caffeine;
 import org.springframework.stereotype.Service;
 import java.util.concurrent.TimeUnit;
@Service
 public class TokenBlacklistService {
    private final Cache<String, Boolean> blacklistCache;
    public TokenBlacklistService() {
        this.blacklistCache = Caffeine.newBuilder()
                .expireAfterWrite(1, TimeUnit.HOURS)
                .build();
    }
    public void blacklistToken(String token) {
        blacklistCache.put(token, true);
    }
    public boolean isTokenBlacklisted(String token) {
        return blacklistCache.getIfPresent(token) != null;
    }
 }