Package com.espacogeek.geek.config

Class JwtConfig

java.lang.Object
com.espacogeek.geek.config.JwtConfig
@Component public class JwtConfig extends Object
JWT configuration and helper methods for token generation and validation.

  • Constructor Details

    • JwtConfig

      public JwtConfig()

  • Method Details

    • generateAccessToken

      public String generateAccessToken(UserModel user)
      Generate a short-lived access token (15 min by default) for the given user. The token carries type=access and is intended to be returned in the JSON payload.
      Parameters:
      user - the authenticated user
      Returns:
      compact JWT string

    • generateRefreshToken

      public String generateRefreshToken(UserModel user)
      Generate a long-lived refresh token (7 days by default) for the given user. The token carries type=refresh and is stored in the database; it is delivered to the client via an HttpOnly cookie named refreshToken.
      Parameters:
      user - the authenticated user
      Returns:
      compact JWT string

    • generateToken

      public String generateToken(UserModel user)
      Generate a signed JWT access token for the given user. Delegates to generateAccessToken(UserModel). Retained for backward compatibility with test code that calls this method directly.
      Parameters:
      user - the authenticated user
      Returns:
      compact JWT string

    • validate

      public io.jsonwebtoken.Claims validate(String token)
      Validate a token and return its claims if valid.
      Parameters:
      token - JWT string
      Returns:
      claims or null if invalid

    • isValid

      public boolean isValid(String token)
      Checks if a token is valid.

    • refreshTokenCookieName

      public String refreshTokenCookieName()
      Get the name of the refresh token HttpOnly cookie.

    • buildRefreshTokenCookie

      public org.springframework.http.ResponseCookie buildRefreshTokenCookie(String token, jakarta.servlet.http.HttpServletRequest request)
      Build the HttpOnly refreshToken Set-Cookie using the request for SameSite/Secure detection. The cookie is scoped to Path=/ so it is sent to the server on every request, but since only the refreshToken mutation reads it, it is safe.

    • clearRefreshTokenCookie

      public org.springframework.http.ResponseCookie clearRefreshTokenCookie(jakarta.servlet.http.HttpServletRequest request)
      Clear the HttpOnly refreshToken cookie.

    • buildRefreshTokenCookie

      public org.springframework.http.ResponseCookie buildRefreshTokenCookie(String token, String originHeader, URI serverUri)
      Build the HttpOnly refreshToken Set-Cookie using Origin/server URI for SameSite/Secure detection. Used by GraphQlCookieInterceptor which has access to the WebGraphQlRequest headers and URI but not to the raw HttpServletRequest.

    • clearRefreshTokenCookie

      public org.springframework.http.ResponseCookie clearRefreshTokenCookie(String originHeader, URI serverUri)
      Clear the HttpOnly refreshToken cookie using Origin/server URI for SameSite/Secure detection.