a143mk-Software Programming: JSON

How to receive a JWT-based access token from the client, verify the token, and push data using the client's URL?

java 8 , JSON , JWT Token , OAuth2 Security , Rest API No comments :

JWT OAuth2 Integration and JSON Payload Handling in Java: JWT (JSON Web Token) is a token format used in OAuth2.

A JWT is:

Stateless
Digitally signed
Self-contained

Integrating with client APIs using APIs and JSON-based payloads involves an end-to-end process that includes making API calls with JSON payloads and pushing master/other data to REST API endpoints.

Step 1: Obtain the authentication details/Requirements from the client as shown in the example below.

############_MK_TOKEN_CLIENT_SECRET_####################

TOKEN_URL=https://a143mk-uat.client.com/api/v1/client/authentication/generate_token CLIENT_ID=AA143Mkbolgs

CLIENT_SECRET=testa143mk

####Example of Configure URL #############

CUST_URL=https://a143mk-uat.client.com/api/master/push_customer

CUST_USER_PASS_AUTH=useradmin:password //if it is required or not

Step 2: Making an API call with an Json payload and pushing master data to the location.

A REST API Controller is responsible for handling HTTP requests (such as GET, POST, PUT, DELETE) from clients and routing them to the appropriate service methods. It acts as the entry point for external clients to interact with the backend application.
Purpose: The main role of the controller is to manage incoming HTTP requests, map them to specific methods (often called endpoints), and return appropriate responses to the client.
Responsibilities: Handle HTTP requests (e.g., GET, POST, PUT, DELETE). Map the incoming requests to service methods. Return HTTP responses, often in JSON or Json format. Perform basic request validation or authentication. Act as the "interface" between the client and the service layer. In a Spring Boot application, for example, the controller is typically annotated with @RestController and the request mappings are handled using annotations like @GetMapping, @PostMapping, etc.

Example "ClientApiController.java" of a REST Controller in Spring Boot with handlined Json Payload :

package a143mk.a143mkCustMasterMaster.SystemClientcontroller;
import java.net.URL;
import java.text.Format;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import a143mk.a143mkCustMasterMaster.FromBean.APIResponseEntityBean;
import a143mk.a143mkCustMasterMaster.SystemClientServices.CustMastSysteCliService;
import org.apache.log4j.PropertyConfigurator;

@RestController
@RequestMapping("/CUST_T_API")
public class ClientApiController {
	private static final Logger logger = LoggerFactory.getLogger(CustomerMasterCoSysteCli.class);
	 @Autowired
	 private CustMastSysteCliService custMasteServ;
	
	 @RequestMapping(method = RequestMethod.POST, value="/cust") 
	 public ResponseEntity<APIResponseEntityBean> getCustMasterSysteCli() {
		 APIResponseEntityBean responseEntityBean = null;
		 Object retunResult=null;
		 try {
		 /*Log4je Config*/
	        ClassLoader loader = Thread.currentThread().getContextClassLoader();
			 URL url = loader.getResource("application.properties");
			 PropertyConfigurator.configure(url);
		     /* End Log4je Config*/
			 logger.info("Push A143mk Customer TO SysteCli  Method is getCustMasterSysteCli()"); 
			 retunResult=custMasteServ.CustMastSystemNameService();
		     responseEntityBean = new APIResponseEntityBean("SUCCESS", "Please check Log file For Success or not!", dtFormater.format(new Date()), retunResult);
		     
		 } catch (Exception e) {
		 // TODO: handle exception
		 responseEntityBean = new APIResponseEntityBean("ERROR", e.getMessage(),dtFormater.format(new Date()), retunResult);
		 logger.error(e.getMessage());
		 //e.printStackTrace();
		 }
		 return new ResponseEntity<APIResponseEntityBean>(responseEntityBean, HttpStatus.OK);

}	
}

The Service class is a part of the business logic layer of your application. It contains methods that implement the core functionality of the application (e.g., creating, reading, updating, deleting data). The service class is called by the controller to perform operations that are not directly related to the web request itself.

Purpose: The service layer acts as a mediator between the controller and the data layer (such as a repository or database). It focuses on business logic and operations.
Responsibilities: Perform the core business logic of the application. Interact with the database (via repositories or DAOs). Provide methods for the controller to use (i.e., encapsulate business operations). Handle any necessary validation or transformation before sending data back to the controller. In a Spring Boot application, service classes are typically annotated with @Service, and they are injected into the controller using @Autowired (or constructor injection).

Example "CustMastSystemNameService.java" of a Service Class in Spring Boot:

Method Internal Working ->geta143mkCustMasterFOrSYS() ->pusha143mkCustToSystemNameSystem().

package a143mk.a143mkCustMaster.SYSServices;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import a143mk.a143mkCustMaster.Entity.a143mkCustAddressMaster;
import a143mk.a143mkCustMaster.Entity.a143mkCustMaster;
import a143mk.a143mkCustMaster.Repository.a143mkCustAddressMasterRepository;
import a143mk.a143mkCustMaster.Repository.a143mkCustMasterRepository;
import a143mk.a143mkCustMaster.SYSConfig.SSLStopGetToken;
import org.springframework.http.*;
import org.springframework.web.client.RestTemplate;

@SuppressWarnings("serial")
@Service
public class CustMastSystemNameService implements Serializable {
	private static final Logger logger = LoggerFactory.getLogger(CustMastSystemNameService.class);
	@Autowired
	private a143mkCustMasterRepository customerMastRepositM1Table;
	@Autowired
	private a143mkCustAddressMasterRepository custAdderssMastRepoM2Table;
	
	public List<Map<String, Object>> geta143mkCustMasterFOrSYS() {
	    List<Map<String, Object>> pusha143mkCustSystemNameList = new ArrayList<>();
	    try {
	        logger.info("Start a143mkCust_push");
	        List<a143mkCustMaster> getMasterV = customerMastRepositM1Table.mdmCustDetailsSystemName();        
	        if (getMasterV != null) {
	            for (a143mkCustMaster getCust : getMasterV) {
	                // Use a Map instead of JSONObject
	                Map<String, Object> customerMap = new HashMap<>();
	                customerMap.put("name", getCust.geta143mkCustName());
	                customerMap.put("type", "Business");
	                customerMap.put("sub_type", "a143mkCust");
	                customerMap.put("phone", Optional.ofNullable(getCust.getPhoneNo()).map(String::trim).filter(p->p.length()>10).orElse("no"));
	                customerMap.put("email", Optional.ofNullable(getCust.getEmailId()).orElse("no"));
	                customerMap.put("code", Optional.ofNullable(getCust.getWhDepotStoreNo()).map(String::trim).filter(p->p.length()>5).orElse("no"));
	                customerMap.put("user_id", "AA143Mkbolgs"); //Pass the client_id value or pass the value according to your client.
	                pusha143mkCustSystemNameList.add(customerMap);
	                // Address logic
	                List<a143mkCustAddressMaster> cutoAddressSystemName = 
	                        custAdderssMastRepoM2Table.geta143mkCustAddressTableList(getCust.getLegacyCustNo());
	                
	                List<Map<String, Object>> pushAddressList = new ArrayList<>();
	                if (cutoAddressSystemName != null) {
	                    for (a143mkCustAddressMaster custAdde : cutoAddressSystemName) {
	                        Map<String, Object> address = new HashMap<>();
	                        address.put("address_1", custAdde.getAddress1());
				            address.put("address_2", Optional.ofNullable(custAdde.getAddress2()).orElse(""));
				            address.put("address_3", Optional.ofNullable(custAdde.getAddress3()).orElse(""));
				            address.put("city", Optional.ofNullable(custAdde.getCityName()).orElse("no"));
				            address.put("state", Optional.ofNullable(custAdde.getStateCode()).orElse(""));
				            address.put("pincode", Optional.ofNullable(custAdde.getPincode()).orElse("") );
				            address.put("state_code", custAdde.getStateCode());
				          
	                        pushAddressList.add(address);
	                    }
	                } 
	                // Add the address list to the customer map
	                customerMap.put("address_details", pushAddressList);
	              
	            }
	            ResponseEntity<String>  returnto=pusha143mkCustToSystemNameSystem(pusha143mkCustSystemNameList);
	            if(returnto!=null) {
	            	 logger.info("Success:" +returnto);
	            }else {
	            	logger.error("Error to Push customer to SystemName", returnto);
	            }
	        }
	        
	    } catch (Exception e) {
	        logger.error("Error in geta143mkCustMasterFOrSYS", e);
	    }
	    
	    return pusha143mkCustSystemNameList;
	}
	
	private  ResponseEntity<String>  pusha143mkCustToSystemNameSystem(List<Map<String, Object>> pusha143mkCustSystemNameList) {
	    RestTemplate restTemplate = new RestTemplate();

try {
	        // 1. Get token
	        String getTokenTms = new SSLStopGetToken().GetToken();
	        if (getTokenTms == null) {
	            throw new RuntimeException("Failed to get SystemName token");
	        }
             // 2. Set headers
	        HttpHeaders headers = new HttpHeaders();
	        headers.set("Authorization", "Bearer " + getTokenTms);
	   
	        // 3. Build the request entity
	        HttpEntity<List<Map<String, Object>>> request = new HttpEntity<>(pusha143mkCustSystemNameList, headers);

// 4. This is the Client Master API URL through which client master data can be sent. This is a test URL; you can modify it according to your client's requirements.
	        String url = "https://a143mk-uat.client.com/api/master/push_customer";
	        ResponseEntity<String> response = restTemplate.postForEntity(url, request, String.class);
	        // 5. Get response body
	       /* responseObject = response.getBody();
	        System.out.println("Response: " + responseObject);
	        logger.info("statuse for  in geta143mkCustMasterFOrSYS: ", responseObject);*/
	        return response;
	    } catch (Exception e) {
	        logger.error("Error pushing customer to SystemName", e);
	        return null;
	    }  
	}
}

Step 3: The authorization server issues an access token in JWT format The client sends this token in requests using Authorization: Bearer<Token>
The API validates the JWT by checking its signature, expiration, issuer, and audience See the example below for how to obtain an access token for the client: Use this for server-to-server authentication.

Method Internal Working ->geta143mkCustMasterFOrSYS() ->pusha143mkCustToSystemNameSystem().

package a143mk.MdmCustomerMaster.SYSConfig;
import javax.net.ssl.*;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.X509Certificate;
import org.json.JSONObject;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
public class SSLStopGetToken {
	public String GetToken() {
		try {
            disableSSL(); 
			// Only disable the SSL certificate if it is absolutely necessary 
		   //when using this method; otherwise, do not.
		   
            String apiUrl = "https://a143mk-uat.client.com/api/v1/client/authentication/generate_token";
            URL url = new URL(apiUrl);
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Content-Type", "application/json");
            conn.setRequestProperty("Accept", "application/json");
            conn.setDoOutput(true);
            String jsonInput = "{"
                    + "\"client_id\":\"AA143Mkbolgs\","
                    + "\"client_secret\":\"testa143mk\""
                    + "}";
	//The client_id and client_secret values are examples
   // please ask the client for these as they are confidential 
  //information and should be changed.
            try (OutputStream os = conn.getOutputStream()) {
                os.write(jsonInput.getBytes("UTF-8"));
            }
            BufferedReader br;
            if (conn.getResponseCode() >= 200 && conn.getResponseCode() < 300) {
                br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
            } else {
                br = new BufferedReader(new InputStreamReader(conn.getErrorStream()));
            }
			
            StringBuilder response = new StringBuilder();
            String line;
            while ((line = br.readLine()) != null) {
                response.append(line);
            }
            ObjectMapper mapper = new ObjectMapper();
            JsonNode jsonNode = mapper.readTree(response.toString());
            System.out.println(jsonNode.get("access_token").asText());
            conn.disconnect();
            return jsonNode.get("access_token").asText();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
		}
	    
		// SSL bypass (TESTING ONLY)
	    private static void disableSSL() throws Exception {
	        TrustManager[] trustAll = new TrustManager[]{
	            new X509TrustManager() {
	                public X509Certificate[] getAcceptedIssuers() { return null; }
	                public void checkClientTrusted(X509Certificate[] c, String a) {}
	                public void checkServerTrusted(X509Certificate[] c, String a) {}
	            }
	        };
	        SSLContext sc = SSLContext.getInstance("TLS");
	        sc.init(null, trustAll, new java.security.SecureRandom());
	        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
	        HttpsURLConnection.setDefaultHostnameVerifier((h, s) -> true);
	    }
}

JWT-based access tokens are secure, stateless, and scalable, making them ideal for modern authentication and authorization systems.

Subscribe to: Comments ( Atom )

How to receive a JWT-based access token from the client, verify the token, and push data using the client's URL?

Pageviews

LABELS

OUR TECH-PROJECTS

Development Accessories

DOWNLOAD ANY ONLINE VIDEOS

POPULAR POSTS