handle token expired exception (#2)

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

src/main/java/com/danielbohry/authservice/service/auth/JwtAuthenticationFilter.java

@@ -35,6 +35,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             return;
         }
         jwt = authHeader.substring(7);
+
+        if (jwtService.isTokenExpired(jwt)) {
+            response.sendError(HttpServletResponse.SC_FORBIDDEN, "JWT token is expired");
+            return;
+        }
+
         username = jwtService.extractUsername(jwt);
         if (StringUtils.isNotEmpty(username) && SecurityContextHolder.getContext().getAuthentication() == null) {
             UserDetails userDetails = userService.userDetailsService().loadUserByUsername(username);

src/main/java/com/danielbohry/authservice/service/auth/JwtService.java

@@ -1,8 +1,10 @@
 package com.danielbohry.authservice.service.auth;
 
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -13,8 +15,10 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.function.Function;
 
+import static java.lang.System.currentTimeMillis;
 import static java.util.stream.Collectors.toSet;
 
+@Slf4j
 @Service
 public class JwtService {
 
@@ -49,11 +53,15 @@ public class JwtService {
         return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
     }
 
+    public Boolean isTokenExpired(String token) {
+        return extractExpiration(token).before(new Date());
+    }
+
     private Authentication generateToken(Map<String, Object> claims, UserDetails userDetails) {
-        Date expirationDate = new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 48);
+        Date expirationDate = new Date(currentTimeMillis() + 1000 * 60 * 60 * 48);
         String token = Jwts.builder().setClaims(claims)
             .setSubject(userDetails.getUsername())
-            .setIssuedAt(new Date(System.currentTimeMillis()))
+            .setIssuedAt(new Date(currentTimeMillis()))
             .setExpiration(expirationDate)
             .signWith(SignatureAlgorithm.HS256, secret).compact();
 
@@ -65,11 +73,15 @@ public class JwtService {
     }
 
     private Claims extractAllClaims(String token) {
-        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
-    }
-
-    private Boolean isTokenExpired(String token) {
-        return extractExpiration(token).before(new Date());
+        try {
+            return Jwts.parser()
+                .setSigningKey(secret)
+                .parseClaimsJws(token)
+                .getBody();
+        } catch (ExpiredJwtException e) {
+            log.warn("Expired JWT token [{}]", e.getClaims());
+            return e.getClaims();
+        }
     }
 
 }