Spring Security JWT Authorization Filter Implementation

This is a custom Spring Security filter that implements the Authorization mechanism using JWT (JSON Web Token).

The filter intercepts every incoming request and extracts the JWT token from the request header. If the token is missing or 'null', the filter allows the request to pass through to the next filter in the chain.

If the token is not null, the filter checks if it has expired using the JwtTokenUtil.isExpiration() method. If the token has expired, the filter returns a 403 Forbidden response to the client.

If the token is valid, the filter uses the JwtTokenUtil.getUsername() and JwtTokenUtil.getTokenRoles() methods to extract the username and roles from the token. It then creates a list of SimpleGrantedAuthority objects for each role and uses them to create a new UsernamePasswordAuthenticationToken object.

Finally, the filter sets this authentication token in the SecurityContextHolder, which makes it available to other Spring Security components.

Overall, this filter ensures that every incoming request is authorized by validating the JWT token and setting the authentication information in the Spring Security context.