Spring Security
JWT and OAuth2
Spring Security with JWT
Add below in dependencies (pom.xml)
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency><dependency>
<groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency> <dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>
Add below in Repositories (pom.xml)
<repositories>
<repository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</pluginRepository>
</pluginRepositories>
Method 1: InMemory
@EnableWebSecuritypublic
class ClinicSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER")
.and()
.withUser("admin")
.password("password")
.roles("ADMIN")
.and();
} @Override protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin","static/css","static/js").permitAll()
.antMatchers("/user").hasAnyRole("USER","ADMIN")
.antMatchers("/").hasAnyRole() .and().formLogin();
} @Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
Method 2: jdbcAuthentication
@EnableWebSecuritypublic
public class ClinicSecurity extends WebSecurityConfigurerAdapter {
@Autowired DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select username,password,enabled from users where username=?") .authoritiesByUsernameQuery("select username,authority from authorities where username=?");@Override protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin","static/css","static/js").permitAll()
.antMatchers("/user").hasAnyRole("USER","ADMIN")
.antMatchers("/").hasAnyRole() .and().formLogin();
}@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
To create JWT,
STEP 1: Generate JWT on /authenticate endpoint
STEP 2: Using jwt for validating pages
Follow this code snippet for STEP 1:
Follow this code snippet for STEP 2:
OAuth2
Import statement
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
Decorator
@EnableOAuth2Sso
Add below in application.yml file for facebook OAuth2 sevice
security:
oauth2:
client:
clientId: clientID
clientSecret: clientSecret
accessTokenUri: https://graph.facebook.com/oauth/access_token
user-authorization-uri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me