Giter VIP home page Giter VIP logo

spring-security-token-filter's Introduction

spring-security-token-filter Build Status

Token authentication for Spring Security applications.

Usage

Add the Spring Boot starter project to your classpath:

repositories {
  mavenCentral()
}

dependencies {
  compile 'org.visola.spring.security:spring-security-token-filter-spring-boot-starter:1.1'
}

Add TokenAuthenticationFilter filter to your filter chain, like the following:

// Imports omitted

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

  /**
    * The starter bundle will provide a TokenAuthenticationFilter for you.
    */
  @Autowired
  private TokenAuthenticationFilter tokenAuthenticationFilter;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // This will make your app completely stateless
    http.csrf().disable()
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    // Add the TokenAuthenticationFilter to your filter chain
    http.addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class);

    // More HttpSecurity configuration here
  }

}

Not using Spring Boot?

Add the starter project as a dependency, then you just need to load the JWTFilterConfiguration configuration.

JWT

If you don't know what JWT is, you should read about it first at http://jwt.io/.

If you're using Spring Boot and have the starter in your classpath, this will be taken care for you automatically.

To make your life easier, this library has a TokenService implementation that works out of the box with the JWT specification using the Nimbus JOSE + JWT implementation. To use it you just need to register the JwtTokenService which uses an interface (AuthenticationJwtClaimsSetTransformer) to map between JWT claims set to Spring Security Authentication. The following sample code is using the default (out-of-the-box) implementation:

@Bean
public TokenService tokenService() throws JOSEException {
  return new JwtTokenService(claimsSetTransformer(), secret);
}

@Bean
public AuthenticationJwtClaimsSetTransformer claimsSetTransformer() {
  // How long will your token last and the prefix for roles
  return new UsernamePasswordAuthenticationTokenJwtClaimsSetTransformer(TimeUnit.HOURS.toMillis(8), Optional.of("ROLE_"));
}

So what happens when a user logs in?

You need to create a token and give it back to the user somehow.

You can see examples in the sample apps, here and here.

spring-security-token-filter's People

Contributors

visola avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.