spring-security-token-filter-spring-boot-starter

Spring boot starter for token authentication for Spring Security applications.

License	License The MIT License (MIT)
Categories	Categories Spring Boot Container Microservices Security
GroupId	GroupId org.visola.spring.security
ArtifactId	ArtifactId spring-security-token-filter-spring-boot-starter
Last Version	Last Version 2.0
Release Date	Release Date Aug 14, 2018
Type	Type jar
Description	Description spring-security-token-filter-spring-boot-starter Spring boot starter for token authentication for Spring Security applications.
Project URL	Project URL https://github.com/visola/spring-security-token-filter
Source Code Management	Source Code Management https://github.com/visola/spring-security-token-filter.git

Download spring-security-token-filter-spring-boot-starter

Filename	Size
spring-security-token-filter-spring-boot-starter-2.0.pom
spring-security-token-filter-spring-boot-starter-2.0.jar	3 KB
spring-security-token-filter-spring-boot-starter-2.0-sources.jar	2 KB
spring-security-token-filter-spring-boot-starter-2.0-javadoc.jar	20 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/org.visola.spring.security/spring-security-token-filter-spring-boot-starter/ -->
<dependency>
    <groupId>org.visola.spring.security</groupId>
    <artifactId>spring-security-token-filter-spring-boot-starter</artifactId>
    <version>2.0</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/org.visola.spring.security/spring-security-token-filter-spring-boot-starter/
implementation 'org.visola.spring.security:spring-security-token-filter-spring-boot-starter:2.0'

Gradle Kotlin

// https://jarcasting.com/artifacts/org.visola.spring.security/spring-security-token-filter-spring-boot-starter/
implementation ("org.visola.spring.security:spring-security-token-filter-spring-boot-starter:2.0")

Apache Buildr

'org.visola.spring.security:spring-security-token-filter-spring-boot-starter:jar:2.0'

Apache Ivy

<dependency org="org.visola.spring.security" name="spring-security-token-filter-spring-boot-starter" rev="2.0">
  <artifact name="spring-security-token-filter-spring-boot-starter" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='org.visola.spring.security', module='spring-security-token-filter-spring-boot-starter', version='2.0')
)

Scala SBT

libraryDependencies += "org.visola.spring.security" % "spring-security-token-filter-spring-boot-starter" % "2.0"

Leiningen

[org.visola.spring.security/spring-security-token-filter-spring-boot-starter "2.0"]

Dependencies

compile (1)

Group / Artifact	Type	Version
org.visola.spring.security : spring-security-token-filter	jar	2.0

runtime (4)

Group / Artifact	Type	Version
com.nimbusds : nimbus-jose-jwt	jar	5.8
org.springframework.boot : spring-boot-autoconfigure	jar
org.springframework.security : spring-security-config	jar
org.springframework.security : spring-security-web	jar

Project Modules

There are no modules declared in this project.

spring-security-token-filter

Token authentication for Spring Security applications.

Usage

Add the Spring Boot starter project to your classpath:

repositories {
  mavenCentral()
}

dependencies {
  compile 'org.visola.spring.security:spring-security-token-filter-spring-boot-starter:1.1'
}

Add TokenAuthenticationFilter filter to your filter chain, like the following:

// Imports omitted

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

  /**
    * The starter bundle will provide a TokenAuthenticationFilter for you.
    */
  @Autowired
  private TokenAuthenticationFilter tokenAuthenticationFilter;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // This will make your app completely stateless
    http.csrf().disable()
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    // Add the TokenAuthenticationFilter to your filter chain
    http.addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class);

    // More HttpSecurity configuration here
  }

}

Not using Spring Boot?

Add the starter project as a dependency, then you just need to load the JWTFilterConfiguration configuration.

JWT

If you don't know what JWT is, you should read about it first at http://jwt.io/.

If you're using Spring Boot and have the starter in your classpath, this will be taken care for you automatically.

To make your life easier, this library has a TokenService implementation that works out of the box with the JWT specification using the Nimbus JOSE + JWT implementation. To use it you just need to register the JwtTokenService which uses an interface (AuthenticationJwtClaimsSetTransformer) to map between JWT claims set to Spring Security Authentication. The following sample code is using the default (out-of-the-box) implementation:

@Bean
public TokenService tokenService() throws JOSEException {
  return new JwtTokenService(claimsSetTransformer(), secret);
}

@Bean
public AuthenticationJwtClaimsSetTransformer claimsSetTransformer() {
  // How long will your token last and the prefix for roles
  return new UsernamePasswordAuthenticationTokenJwtClaimsSetTransformer(TimeUnit.HOURS.toMillis(8), Optional.of("ROLE_"));
}

So what happens when a user logs in?

You need to create a token and give it back to the user somehow.

You can see examples in the sample apps, here and here.

Versions

Version
2.0 Aug 14, 2018
1.1 Jan 19, 2016
1.0 Dec 31, 2015

spring-security-token-filter-spring-boot-starter

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management