feat: security utils and setting userid on jwt

[OAllanFernando]

this makes possible recover the current user id by the jwt, its useful and can save requests

[CLAassistant]

All committers have signed the CLA.

[OAllanFernando]

Avoid this behavior

@GetMapping("/bank-accounts/{id}")
@Timed
public ResponseEntity<BankAccountDTO> getBankAccount(@PathVariable Long id) {
    log.debug("REST request to get BankAccount : {}", id);
    Optional<BankAccountDTO> bankAccountDTO = bankAccountRepository.findById(id)
        .map(bankAccountMapper::toDto);

    // Return 404 if the entity is not owned by the connected user
    Optional<String> userLogin = SecurityUtils.getCurrentUserLogin();
    if (bankAccountDTO.isPresent() &&
        userLogin.isPresent() &&
        userLogin.get().equals(bankAccountDTO.get().getUserLogin())) {
        return ResponseUtil.wrapOrNotFound(bankAccountDTO);
    } else {
        return ResponseEntity.notFound().build();
    }
}

setting this as solution

@GetMapping("/bank-accounts/{login:" + Constants.LOGIN_REGEX + "}")
@Timed
public ResponseEntity<BankAccountDTO> getBankAccount(@PathVariable String login) {
    log.debug("REST request to get BankAccount of : {}", login);
    
    // We can also validate login. Double security
   Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if(!Objects.equals(login, authentication){
         return ResponseEntity.notFound().build();
    };

    Long userId = SecurityUtils.getCurrentUserId();
    if (userId == null) {
        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
    }

    return bankAccountRepository.findById(userId)
        .map(bankAccountMapper::toDto)
        .map(ResponseEntity::ok)
        .orElseGet(() -> ResponseEntity.notFound().build());
}
}

This aproch can mitigate data transfer, clowd does not need to be our associates, rigth ?

The previos code can be used to force the server, if the data is in a different server