Skip to content

ricardobaumann/jwt-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
gradle/wrapper
gradle/wrapper
 
 
src/main/java/com/github/ricardobaumann/jwtauth
src/main/java/com/github/ricardobaumann/jwtauth
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Jwt auth library

This library intends to enable custom authentication and authorization support on http services.

Usage

Token services

For token issue services, since there is no need to configure routes, the library exposes a class JwtTokenService that can injected and used to generate tokens.

So, include the @EnableCustomJwt on your configuration or main class

    @EnableCustomJwt
    public class MyServiceConfiguration {

    }

Then, on your service class, inject and use the CreateTokenUseCase managed object.

    public class SecurityService {
        
        private final JwtTokenService jwtTokenService; //Autowired or constructor injecting
    }

And do not forget the jwt configurations

    jwt:
      secretKey: "<somelongsecretkey>"
      validityInMillis: 60000

Resource Services

For resource services, include the @EnableCustomJwt on your configuration or main class, just like on the previous example:

    @EnableCustomJwt
    public class MyServiceConfiguration {

    }

Then, on your routes security config, you need to include the AuthFilterConfigurer configuration object. For example:

    @Configuration
    @EnableCustomJwt
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
        private final JwtFilterConfigurer jwtFilterConfigurer;
    
        public SecurityConfig(JwtFilterConfigurer jwtFilterConfigurer) {
            this.jwtFilterConfigurer = jwtFilterConfigurer;
        }
    
        @Bean
        @Override
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.httpBasic().disable()
                    .csrf().disable()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                    .authorizeRequests()
                    .antMatchers("/auth").permitAll() //in case you have an open route for auth
                    .anyRequest().authenticated()
                    .and().apply(jwtFilterConfigurer);
        }
    }

Alternatively, if all routes on your resource service need to be secured, you can just annotate your configuration or main class with @EnableCakeDefaultSecurity:

    @EnableCakeDefaultSecurity
    public class MyServiceConfiguration {

    }

This way, you have all routes secured by default. And again, do not forget the jwt settings

    jwt:
      secretKey: "<somelongsecretkey>>"
      validityInMillis: 60000

To inject the authenticated user on your controllers with all the custom information:

    @GetMapping("/test")
    public String test(@AuthenticationPrincipal CakeUserDetails userDetails) {
        return userDetails.getId();
    }

About

Spring boot library for jwt handling

Topics

spring-boot jwt-token

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages