This library is a standalone implementation of JWT (Json Web Token) authentication into Spring Security.
Login:
To login, do a POST request to '/login'
{
"username": "user"
"password": "pwd"
}
Each response from the server, when successfully authenticated, contains the following header:
Authorization: Bearer eyJhbGciOiJIUz...
Refresh this token locally each response received to ensure you stay authenticated. Add this header to each request to the server.
Maven:
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>
<dependency>
<groupId>com.github.ESchouten</groupId>
<artifactId>Spring-Security-JWT-Plugin</artifactId>
<version>${jwt.version}</version>
</dependency>
Gradle:
repositories {
maven { url 'https://jitpack.io' }
}
dependencies {
implementation 'com.github.ESchouten:Spring-Security-JWT-Plugin:$jwt.version'
}
To use this library, you have to implement it into your Spring Security configuration.
Example:
/**
* The [JWTSecurityContextRepository] is responsible for
* storing and retrieving JWTs in and from HTTP headers.
*/
@Bean
public JWTSecurityContextRepository jwtSecurityContextRepository() {
return new JWTSecurityContextRepository(appUserUtil);
}
/**
* The [APIAuthenticationFilter] is responsible for validating
* username and password combinations when provided through the API.
* (It is essentially the API version of a login form.)
*/
@Bean
public APIAuthenticationFilter apiAuthenticationFilter() throws Exception {
APIAuthenticationFilter aaf = new APIAuthenticationFilter();
aaf.setAuthenticationManager(super.authenticationManager());
return aaf;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.securityContext().securityContextRepository(jwtSecurityContextRepository())
.and()
.csrf()
.disable()
.authorizeRequests()
.mvcMatchers(HttpMethod.POST, "/login").permitAll()
**Etc**
- Spring Security - https://spring.io/
- JJWT - https://www.jsonwebtoken.io/