JWT and OAuth2

Amulya Reddy Konda

Jul 11, 2020·1 min read

Spring Security with JWT

Add below in dependencies (pom.xml)

<dependency>   
<groupId>org.springframework.boot</groupId>   
<artifactId>spring-boot-starter-security</artifactId>  
</dependency><dependency>      
<groupId>io.jsonwebtoken</groupId>      <artifactId>jjwt</artifactId>      
<version>0.9.1</version>  
</dependency>  <dependency>      
<groupId>javax.xml.bind</groupId>      
<artifactId>jaxb-api</artifactId>  
</dependency>

Add below in Repositories (pom.xml)

<repositories>
    <repository>
        <id>spring-releases</id>
        <name>Spring Releases</name>
        <url>https://repo.spring.io/libs-release</url>
    </repository>
</repositories>
<pluginRepositories>
    <pluginRepository>
        <id>spring-releases</id>
        <name>Spring Releases</name>
        <url>https://repo.spring.io/libs-release</url>
    </pluginRepository>
</pluginRepositories>

Method 1: InMemory

@EnableWebSecuritypublic 
class ClinicSecurity extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
          auth.inMemoryAuthentication()
              .withUser("user")
              .password("password")
              .roles("USER")
              .and()
              .withUser("admin")
              .password("password")
              .roles("ADMIN")
              .and();
    }    @Override protected void configure(HttpSecurity http) throws Exception {  
        http.authorizeRequests()
         .antMatchers("/admin","static/css","static/js").permitAll()
         .antMatchers("/user").hasAnyRole("USER","ADMIN")
         .antMatchers("/").hasAnyRole()   .and().formLogin(); 
   }   @Bean 
   public PasswordEncoder getPasswordEncoder() {  
       return NoOpPasswordEncoder.getInstance(); 
   }
}

Method 2: jdbcAuthentication

@EnableWebSecuritypublic
public class ClinicSecurity extends WebSecurityConfigurerAdapter {
    @Autowired DataSource dataSource;
    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
          auth.jdbcAuthentication()   
              .dataSource(dataSource)  
              .usersByUsernameQuery("select username,password,enabled from users where username=?")   .authoritiesByUsernameQuery("select username,authority from authorities where username=?");@Override protected void configure(HttpSecurity http) throws Exception {  
        http.authorizeRequests()
         .antMatchers("/admin","static/css","static/js").permitAll()
         .antMatchers("/user").hasAnyRole("USER","ADMIN")
         .antMatchers("/").hasAnyRole()   .and().formLogin(); 
   }@Bean 
   public PasswordEncoder getPasswordEncoder() {  
       return NoOpPasswordEncoder.getInstance(); 
   }
}

To create JWT,

STEP 1: Generate JWT on /authenticate endpoint

STEP 2: Using jwt for validating pages

Follow this code snippet for STEP 1:

Follow this code snippet for STEP 2:

OAuth2

Import statement

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;

Decorator

@EnableOAuth2Sso

Add below in application.yml file for facebook OAuth2 sevice

security:
   oauth2:
     client:
       clientId: clientID
       clientSecret: clientSecret
       accessTokenUri: https://graph.facebook.com/oauth/access_token
       user-authorization-uri: https://www.facebook.com/dialog/oauth
       tokenName: oauth_token
       authenticationScheme: query
       clientAuthenticationScheme: form
     resource:
       userInfoUri: https://graph.facebook.com/me