Spring Security

Spring Security with JWT

Add below in dependencies (pom.xml)

<dependency>   
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
</dependency>

Add below in Repositories (pom.xml)

<repositories>
<repository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>spring-releases</id>
<name>Spring Releases</name>
<url>https://repo.spring.io/libs-release</url>
</pluginRepository>
</pluginRepositories>

Method 1: InMemory

@EnableWebSecuritypublic 
class ClinicSecurity extends WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER")
.and()
.withUser("admin")
.password("password")
.roles("ADMIN")
.and();
}
@Override protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin","static/css","static/js").permitAll()
.antMatchers("/user").hasAnyRole("USER","ADMIN")
.antMatchers("/").hasAnyRole() .and().formLogin();
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}

Method 2: jdbcAuthentication

@EnableWebSecuritypublic
public class ClinicSecurity extends WebSecurityConfigurerAdapter {
@Autowired DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("select username,password,enabled from users where username=?") .authoritiesByUsernameQuery("select username,authority from authorities where username=?");
@Override protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin","static/css","static/js").permitAll()
.antMatchers("/user").hasAnyRole("USER","ADMIN")
.antMatchers("/").hasAnyRole() .and().formLogin();
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}

To create JWT,

STEP 1: Generate JWT on /authenticate endpoint

STEP 2: Using jwt for validating pages

Follow this code snippet for STEP 1:

Follow this code snippet for STEP 2:

OAuth2

Import statement

import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;

Decorator

@EnableOAuth2Sso

Add below in application.yml file for facebook OAuth2 sevice

security:
oauth2:
client:
clientId: clientID
clientSecret: clientSecret
accessTokenUri: https://graph.facebook.com/oauth/access_token
user-authorization-uri: https://www.facebook.com/dialog/oauth
tokenName: oauth_token
authenticationScheme: query
clientAuthenticationScheme: form
resource:
userInfoUri: https://graph.facebook.com/me

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

CS371p Fall 2021: Shikhar Gupta

Arduino: 16x8 game of life

Creating a simple music player that can play a song.

Microservices for Startups: Should You Always Start with a Monolith?

Using Fastlane and TravisCI to automate our mobile releases

Ten Essential Steps to seamlessly Transform to Scaled Agile Framework

GM Frens! With the clock ticking for the token sale we would like to make sure everyone is up to…

Tools to profile networking performance

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amulya Reddy Konda

Amulya Reddy Konda

Consultant

More from Medium

Spring: Multiple Service Implementation

secure spring boot application with keycloak and spring security

Deploying Spring Boot Applications to Heroku

Spring Boot Rest API with MyBatis and PostgreSQL