Logout feature added

Author: sksingh1993

spring-security/src/main/java/com/techsoft/springsecurity/controller/UserController.java

@@ -2,8 +2,10 @@
 
 import com.techsoft.springsecurity.entity.AuthRequest;
 import com.techsoft.springsecurity.entity.UserInfo;
+import com.techsoft.springsecurity.logout.BlackList;
 import com.techsoft.springsecurity.service.JwtService;
 import com.techsoft.springsecurity.service.UserInfoService;
+import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -24,6 +26,9 @@ public class UserController {
     @Autowired
     private JwtService jwtService;
 
+    @Autowired
+    private BlackList blackList;
+
     @GetMapping("/welcome")
     public String welcome(){
         return "Welcome to Spring Security tutorials !!";
@@ -32,7 +37,6 @@ public String welcome(){
     @PostMapping("/addUser")
     public String addUser(@RequestBody UserInfo userInfo){
         return userInfoService.addUser(userInfo);
-
     }
     @PostMapping("/login")
     public String addUser(@RequestBody AuthRequest authRequest){
@@ -43,8 +47,20 @@ public String addUser(@RequestBody AuthRequest authRequest){
             throw new UsernameNotFoundException("Invalid user request");
         }
     }
+    @PostMapping("/logout")
+    @PreAuthorize("hasAuthority('USER_ROLES') or hasAuthority('ADMIN_ROLES')")
+    public String logoutUser(HttpServletRequest request){
+        String authHeader = request.getHeader("Authorization");
+        String token= null;
+        if(authHeader !=null && authHeader.startsWith("Bearer")){
+            token = authHeader.substring(7);
+        }
+        blackList.blacKListToken(token);
+        return "You have successfully logged out !!";
+    }
+
     @GetMapping("/getUsers")
-    @PreAuthorize("hasAuthority('ADMIN_ROLES')")
+    @PreAuthorize("hasAuthority('ADMIN_ROLES') or hasAuthority('USER_ROLES')")
     public List<UserInfo> getAllUsers(){
         return userInfoService.getAllUser();
     }

spring-security/src/main/java/com/techsoft/springsecurity/logout/BlackList.java

@@ -0,0 +1,17 @@
+package com.techsoft.springsecurity.logout;
+
+import org.springframework.stereotype.Service;
+
+import java.util.HashSet;
+import java.util.Set;
+@Service
+public class BlackList {
+    private Set<String> blackListTokenSet = new HashSet<>();
+
+    public void blacKListToken(String token){
+        blackListTokenSet.add(token);
+    }
+    public boolean isBlackListed(String token){
+        return blackListTokenSet.contains(token);
+    }
+}

spring-security/src/main/java/com/techsoft/springsecurity/service/JwtService.java

@@ -1,10 +1,12 @@
 package com.techsoft.springsecurity.service;
 
+import com.techsoft.springsecurity.logout.BlackList;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
@@ -14,6 +16,8 @@
 
 @Component
 public class JwtService {
+    @Autowired
+    private BlackList blackList;
     private static final String SECERET = "!@#$FDGSDFGSGSGSGSHSHSHSSHGFFDSGSFGSSGHSDFSDFSFSFSFSDFSFSFSF";
 
     public String generateToken(String userName){
@@ -54,6 +58,6 @@ private Boolean isTokenExpired(String token){
     }
     public Boolean validateToken(String token, UserDetails userDetails){
         final String userName= extractUserName(token);
-        return (userName.equals(userDetails.getUsername()) && !isTokenExpired(token));
+        return (userName.equals(userDetails.getUsername()) && !isTokenExpired(token) && !blackList.isBlackListed(token));
     }
 }