spring-security-token-filter

Token authentication for Spring Security applications.

License

License

Categories

Categories

Security
GroupId

GroupId

org.visola.spring.security
ArtifactId

ArtifactId

spring-security-token-filter
Last Version

Last Version

2.0
Release Date

Release Date

Type

Type

jar
Description

Description

spring-security-token-filter
Token authentication for Spring Security applications.
Project URL

Project URL

https://github.com/visola/spring-security-token-filter
Source Code Management

Source Code Management

https://github.com/visola/spring-security-token-filter.git

Download spring-security-token-filter

How to add to project

<!-- https://jarcasting.com/artifacts/org.visola.spring.security/spring-security-token-filter/ -->
<dependency>
    <groupId>org.visola.spring.security</groupId>
    <artifactId>spring-security-token-filter</artifactId>
    <version>2.0</version>
</dependency>
// https://jarcasting.com/artifacts/org.visola.spring.security/spring-security-token-filter/
implementation 'org.visola.spring.security:spring-security-token-filter:2.0'
// https://jarcasting.com/artifacts/org.visola.spring.security/spring-security-token-filter/
implementation ("org.visola.spring.security:spring-security-token-filter:2.0")
'org.visola.spring.security:spring-security-token-filter:jar:2.0'
<dependency org="org.visola.spring.security" name="spring-security-token-filter" rev="2.0">
  <artifact name="spring-security-token-filter" type="jar" />
</dependency>
@Grapes(
@Grab(group='org.visola.spring.security', module='spring-security-token-filter', version='2.0')
)
libraryDependencies += "org.visola.spring.security" % "spring-security-token-filter" % "2.0"
[org.visola.spring.security/spring-security-token-filter "2.0"]

Dependencies

runtime (7)

Group / Artifact Type Version
com.fasterxml.jackson.core : jackson-databind jar
com.nimbusds : nimbus-jose-jwt jar 5.8
javax.inject : javax.inject jar 1
javax.servlet : javax.servlet-api jar
org.springframework.security : spring-security-core jar
org.springframework : spring-beans jar
org.springframework : spring-web jar

test (3)

Group / Artifact Type Version
junit : junit jar
org.assertj : assertj-core jar
org.mockito : mockito-core jar

Project Modules

There are no modules declared in this project.

spring-security-token-filter Build Status

Token authentication for Spring Security applications.

Usage

Add the Spring Boot starter project to your classpath:

repositories {
  mavenCentral()
}

dependencies {
  compile 'org.visola.spring.security:spring-security-token-filter-spring-boot-starter:1.1'
}

Add TokenAuthenticationFilter filter to your filter chain, like the following:

// Imports omitted

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

  /**
    * The starter bundle will provide a TokenAuthenticationFilter for you.
    */
  @Autowired
  private TokenAuthenticationFilter tokenAuthenticationFilter;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // This will make your app completely stateless
    http.csrf().disable()
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    // Add the TokenAuthenticationFilter to your filter chain
    http.addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class);

    // More HttpSecurity configuration here
  }

}

Not using Spring Boot?

Add the starter project as a dependency, then you just need to load the JWTFilterConfiguration configuration.

JWT

If you don't know what JWT is, you should read about it first at http://jwt.io/.

If you're using Spring Boot and have the starter in your classpath, this will be taken care for you automatically.

To make your life easier, this library has a TokenService implementation that works out of the box with the JWT specification using the Nimbus JOSE + JWT implementation. To use it you just need to register the JwtTokenService which uses an interface (AuthenticationJwtClaimsSetTransformer) to map between JWT claims set to Spring Security Authentication. The following sample code is using the default (out-of-the-box) implementation:

@Bean
public TokenService tokenService() throws JOSEException {
  return new JwtTokenService(claimsSetTransformer(), secret);
}

@Bean
public AuthenticationJwtClaimsSetTransformer claimsSetTransformer() {
  // How long will your token last and the prefix for roles
  return new UsernamePasswordAuthenticationTokenJwtClaimsSetTransformer(TimeUnit.HOURS.toMillis(8), Optional.of("ROLE_"));
}

So what happens when a user logs in?

You need to create a token and give it back to the user somehow.

You can see examples in the sample apps, here and here.

Versions

Version
2.0
1.0