Spring Security

Spring Security with JWT

<dependency>   
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>

Add below in Repositories (pom.xml)

<repositories>
<repository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</pluginRepository>
</pluginRepositories>

Method 1: InMemory

@EnableWebSecuritypublic 
class ClinicSecurity extends WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER")
.and()
.withUser("admin")
.password("password")
.roles("ADMIN")
.and();
}
@Override protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin","static/css","static/js").permitAll()
.antMatchers("/user").hasAnyRole("USER","ADMIN")
.antMatchers("/").hasAnyRole() .and().formLogin();
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}

Method 2: jdbcAuthentication

@EnableWebSecuritypublic
public class ClinicSecurity extends WebSecurityConfigurerAdapter {
@Autowired DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select username,password,enabled from users where username=?") .authoritiesByUsernameQuery("select username,authority from authorities where username=?");
@Override protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin","static/css","static/js").permitAll()
.antMatchers("/user").hasAnyRole("USER","ADMIN")
.antMatchers("/").hasAnyRole() .and().formLogin();
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}

To create JWT,

STEP 1: Generate JWT on /authenticate endpoint

STEP 2: Using jwt for validating pages

Follow this code snippet for STEP 1:

Follow this code snippet for STEP 2:

OAuth2

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;

Decorator

@EnableOAuth2Sso

Add below in application.yml file for facebook OAuth2 sevice

security:
oauth2:
client:
clientId: clientID
clientSecret: clientSecret
accessTokenUri: https://graph.facebook.com/oauth/access_token
user-authorization-uri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me

Consultant