ESchouten/Spring-Security-JWT-Plugin
Download
Step 1. Add the JitPack repository to your build file
Add it in your root settings.gradle at the end of repositories:
dependencyResolutionManagement {
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
repositories {
mavenCentral()
maven { url 'https://jitpack.io' }
}
}Add it in your settings.gradle.kts at the end of repositories:
dependencyResolutionManagement {
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
repositories {
mavenCentral()
maven { url = uri("https://jitpack.io") }
}
}Add to pom.xml
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>Add it in your build.sbt at the end of resolvers:
resolvers += "jitpack" at "https://jitpack.io"
Add it in your project.clj at the end of repositories:
:repositories [["jitpack" "https://jitpack.io"]]
Step 2. Add the dependency
dependencies {
implementation 'com.github.eschouten:springjwtauthenticator:0.1.26'
} dependencies {
implementation("com.github.eschouten:springjwtauthenticator:0.1.26")
} <dependency>
<groupId>com.github.eschouten</groupId>
<artifactId>springjwtauthenticator</artifactId>
<version>0.1.26</version>
</dependency>
libraryDependencies += "com.github.eschouten" % "springjwtauthenticator" % "0.1.26"
:dependencies [[com.github.eschouten/springjwtauthenticator "0.1.26"]]
Readme
Spring JWT Authenticator
This library is a standalone implementation of JWT (Json Web Token) authentication into Spring Security.
Usage
Login:
To login, do a POST request to '/login'
{
"username": "user"
"password": "pwd"
}
Each response from the server, when successfully authenticated, contains the following header:
Authorization: Bearer eyJhbGciOiJIUz...
Refresh this token locally each response received to ensure you stay authenticated. Add this header to each request to the server.
Dependency
Maven:
<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>
<dependency>
<groupId>com.github.ESchouten</groupId>
<artifactId>Spring-Security-JWT-Plugin</artifactId>
<version>${jwt.version}</version>
</dependency>
Gradle:
repositories {
maven { url 'https://jitpack.io' }
}
dependencies {
implementation 'com.github.ESchouten:Spring-Security-JWT-Plugin:$jwt.version'
}
Implementation
To use this library, you have to implement it into your Spring Security configuration.
Example:
/**
* The [JWTSecurityContextRepository] is responsible for
* storing and retrieving JWTs in and from HTTP headers.
*/
@Bean
public JWTSecurityContextRepository jwtSecurityContextRepository() {
return new JWTSecurityContextRepository(appUserUtil);
}
/**
* The [APIAuthenticationFilter] is responsible for validating
* username and password combinations when provided through the API.
* (It is essentially the API version of a login form.)
*/
@Bean
public APIAuthenticationFilter apiAuthenticationFilter() throws Exception {
APIAuthenticationFilter aaf = new APIAuthenticationFilter();
aaf.setAuthenticationManager(super.authenticationManager());
return aaf;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.securityContext().securityContextRepository(jwtSecurityContextRepository())
.and()
.csrf()
.disable()
.authorizeRequests()
.mvcMatchers(HttpMethod.POST, "/login").permitAll()
**Etc**
Built with
- Spring Security - https://spring.io/
- JJWT - https://www.jsonwebtoken.io/