Validate Endpoints

aconnect/src/main/java/com/mfsys/aconnect/security/constant/SecurityURI.java

@@ -3,4 +3,5 @@ package com.mfsys.aconnect.security.constant;
 public interface SecurityURI {
   String AUTHENTICATION = "/authentication";
   String LOGIN = "/login";
+  String REGISTER = "/signup";
 }

aconnect/src/main/java/com/mfsys/aconnect/security/controller/AuthenticationController.java

@@ -4,6 +4,9 @@ import com.mfsys.aconnect.security.constant.SecurityURI;
 import com.mfsys.aconnect.security.dto.LoginRequest;
 import com.mfsys.aconnect.security.dto.LoginResponse;
 import com.mfsys.aconnect.security.service.AuthenticationService;
+import com.mfsys.aconnect.usermanagement.constant.UserManagementURI;
+import com.mfsys.aconnect.usermanagement.dto.UserDTOs;
+import com.mfsys.aconnect.usermanagement.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -17,10 +20,12 @@ import org.springframework.web.bind.annotation.RestController;
 public class AuthenticationController {
 
   private final AuthenticationService authenticationService;
+  private final UserService  userService;
 
   @Autowired
-  public AuthenticationController(AuthenticationService authenticationService) {
+  public AuthenticationController(AuthenticationService authenticationService, UserService  userService) {
     this.authenticationService = authenticationService;
+    this.userService = userService;
   }
 
   @PostMapping(SecurityURI.LOGIN)
@@ -32,4 +37,12 @@ public class AuthenticationController {
       return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
     }
   }
+
+
+  @PostMapping(SecurityURI.REGISTER)
+  public ResponseEntity<UserDTOs.UserResponse> signupUser(@RequestBody UserDTOs.UserRequest request) {
+    UserDTOs.UserResponse response = userService.createUser(request);
+    return new ResponseEntity<>(response, HttpStatus.CREATED);
+  }
+
 }

common/src/main/java/com/mfsys/common/configuration/constant/TokenBypassURI.java

@@ -7,12 +7,8 @@ import java.util.List;
 public interface TokenBypassURI {
   List<String> URIs = new ArrayList<String>(Arrays.asList(
           "/aconnect/authentication/login",
+          "/aconnect/authentication/signup",
           "/aconnect/signin",
-          "/aconnect/user/createUser",
-          "/aconnect/user/getAllUsers",
-          "/aconnect/user/getUser",
-          "/aconnect/user/updateUser",
-          "/aconnect/user/deleteUser"   ,
 
           "/aconnect/transactions/accounttogl",
           "/aconnect/account/miscDetails",

common/src/main/java/com/mfsys/common/configuration/filter/TokenAuthenticationFilter.java

@@ -1,9 +1,7 @@
 package com.mfsys.common.configuration.filter;
 
 import java.io.IOException;
-import java.util.Objects;
 
-import com.mfsys.common.configuration.constant.PropertyConstant;
 import com.mfsys.common.configuration.constant.TokenBypassURI;
 import com.mfsys.common.configuration.service.JwtService;
 import jakarta.servlet.FilterChain;
@@ -23,7 +21,7 @@ import com.mfsys.common.configuration.constant.FilterPriority;
 @Order(FilterPriority.AUTHENTICATION)
 public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
-  private JwtService jwtService;
+  private final JwtService jwtService;
 
   @Autowired
   public TokenAuthenticationFilter(JwtService jwtService) {
@@ -31,40 +29,58 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
   }
 
   @Override
-  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+  protected void doFilterInternal(HttpServletRequest request,
-    throws ServletException, IOException {
+                                  HttpServletResponse response,
-    // TODO: For porOrga-change we Will removed it later
+                                  FilterChain filterChain)
-    if (!(request.getMethod().equals("OPTIONS"))) {
+          throws ServletException, IOException {
-
-      System.out.println(">> " + request.getRequestURI() + " <<");
-//		TODO:
-      // important add all mconnect url in tokenbypass uri and remove this if
-      // condition or implement jwt in mconnect module
-      System.out.println(request.getHeaderNames());
-      if (!(TokenBypassURI.URIs.contains(request.getRequestURI()) || request.getRequestURI().startsWith("/MCONNECT/actuator"))) {
-        String token = parseJwt(request);
-        if (Objects.isNull(token)) {
-          response.setStatus(403);
-          return;
-        } else {
-          // String porOrgacode = request.getHeader(FormPropertyConst.POR_ORGACODE);
-          String userSubject = request.getHeader("userSubject");
-          if (!jwtService.validateToken(token,userSubject)) {
-            return;
-          }
-        }
-      }
 
+    // 1. Always allow OPTIONS (CORS preflight)
+    if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
       filterChain.doFilter(request, response);
+      return;
     }
+
+    String requestUri = request.getRequestURI();
+
+    // 2. Skip authentication for bypass URIs
+    if (TokenBypassURI.URIs.contains(requestUri)
+            || requestUri.startsWith("/MCONNECT/actuator")) {
+      filterChain.doFilter(request, response);
+      return;
+    }
+
+    // 3. Extract JWT
+    String token = parseJwt(request);
+    if (!StringUtils.hasText(token)) {
+      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+      return;
+    }
+
+    // 4. Extract required headers
+    String userSubject = request.getHeader("userId");
+    String porOrgaCode = request.getHeader("POR_ORGACODE");
+
+    // 5. Validate header presence
+    if (!StringUtils.hasText(userSubject) || !StringUtils.hasText(porOrgaCode)) {
+      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+      return;
+    }
+
+    // 6. Validate token against headers
+    if (!jwtService.validateToken(token, userSubject, porOrgaCode)) {
+      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+      return;
+    }
+
+    // 7. Continue request
+    filterChain.doFilter(request, response);
   }
 
   private String parseJwt(HttpServletRequest request) {
     String headerAuth = request.getHeader("Authorization");
     if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) {
-      return headerAuth.substring(7, headerAuth.length());
+      return headerAuth.substring(7);
     }
     return null;
   }
-
 }

common/src/main/java/com/mfsys/common/configuration/service/JwtService.java

@@ -78,7 +78,7 @@ public class JwtService {
       .compact();
   }
 
-  public Boolean validateToken(String token, String subject) {
+  public Boolean validateToken(String token, String subject, String porOrgacode) {
     final String username = extractUsername(token);
     return (username.equals(subject) && !isTokenExpired(token));
   }