spring-security-jwt

JWT authentication with spring security

License

License

Categories

Categories

Security
GroupId

GroupId

com.mercateo.spring
ArtifactId

ArtifactId

spring-security-jwt
Last Version

Last Version

2.1.1
Release Date

Release Date

Type

Type

jar
Description

Description

spring-security-jwt
JWT authentication with spring security
Project URL

Project URL

https://github.com/Mercateo/spring-security-jwt
Project Organization

Project Organization

Mercateo AG
Source Code Management

Source Code Management

https://github.com/Mercateo/spring-security-jwt

Download spring-security-jwt

How to add to project

<!-- https://jarcasting.com/artifacts/com.mercateo.spring/spring-security-jwt/ -->
<dependency>
    <groupId>com.mercateo.spring</groupId>
    <artifactId>spring-security-jwt</artifactId>
    <version>2.1.1</version>
</dependency>
// https://jarcasting.com/artifacts/com.mercateo.spring/spring-security-jwt/
implementation 'com.mercateo.spring:spring-security-jwt:2.1.1'
// https://jarcasting.com/artifacts/com.mercateo.spring/spring-security-jwt/
implementation ("com.mercateo.spring:spring-security-jwt:2.1.1")
'com.mercateo.spring:spring-security-jwt:jar:2.1.1'
<dependency org="com.mercateo.spring" name="spring-security-jwt" rev="2.1.1">
  <artifact name="spring-security-jwt" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.mercateo.spring', module='spring-security-jwt', version='2.1.1')
)
libraryDependencies += "com.mercateo.spring" % "spring-security-jwt" % "2.1.1"
[com.mercateo.spring/spring-security-jwt "2.1.1"]

Dependencies

compile (12)

Group / Artifact Type Version
org.immutables : value-annotations jar 2.7.5
org.immutables.vavr : vavr-encodings jar 0.6.0
com.mercateo : default-immutables jar 1.2.5
org.springframework.security : spring-security-web jar 5.1.5.RELEASE
org.springframework.security : spring-security-config jar 5.1.5.RELEASE
com.fasterxml.jackson.core : jackson-databind jar 2.10.0
com.fasterxml.jackson.core : jackson-annotations jar 2.10.0
com.auth0 : java-jwt jar 3.8.0
com.auth0 : jwks-rsa jar 0.8.1
org.slf4j : slf4j-api jar 1.7.25
com.google.guava : guava jar 27.1-jre
commons-codec : commons-codec jar 1.12

provided (3)

Group / Artifact Type Version
org.projectlombok : lombok jar 1.18.8
javax.servlet : javax.servlet-api jar 3.1.0
org.immutables : value jar 2.7.5

test (9)

Group / Artifact Type Version
junit : junit jar 4.12
org.assertj : assertj-core jar 3.12.2
org.mockito : mockito-core jar 2.27.0
org.bouncycastle : bcprov-jdk15on jar 1.61
org.springframework : spring-test jar 5.1.13.RELEASE
org.springframework.security : spring-security-test jar 5.1.5.RELEASE
org.springframework : spring-webmvc jar 5.1.13.RELEASE
ch.qos.logback : logback-classic jar 1.2.3
org.slf4j : jcl-over-slf4j jar 1.7.25

Project Modules

There are no modules declared in this project.

Build Status Coverage Status Codacy Badge MavenCentral

com.mercateo.spring.spring-security-jwt

Example usage

How to add JWT support to your project.

Simple Example

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaHR0cHM6Ly90ZXN0Lm9yZy9mb28iOiJiYXIiLCJpYXQiOjE1MTYyMzkwMjJ9.Ujx0Lo-2PjRMXd3xBh1kyf7XEOmGK2LttJJPDL1A4J4

contains payload

{
  "sub": "1234567890",
  "https://test.org/foo": "bar",
  "iat": 1516239022
}

see e.g. https://jwt.io/

Import the config and add a configuration bean

@Configuration
@Import(JWTSecurityConfiguration.class)
public class MyConfiguration {

    ...
    
    @Bean
    public JWTSecurityConfig securityConfig() {
        return JWTSecurityConfig.builder() //
                .addAnonymousPaths("/admin/app_health") //
                .addAnonymousMethods(HttpMethod.OPTIONS) //
                .addRequiredClaims("https://test.org/foo") //
                .addTokenAudiences("https://test.org/api") //
                .withTokenLeeway(300) //
                .build();
    }

    ...
}

Access the principal object to get claims from the token:

        final JWTPrincipal principal = JWTPrincipal.fromContext();

        log.info("principal foo {} with scopes '{}'",
              principal.getClaim("https://test.org/foo"),
              principal.getAuthorities());

Example with token verification

@Configuration
@Import(JWTSecurityConfiguration.class)
public class MyConfiguration {

    ...
    
    @Bean
    public JWTSecurityConfig securityConfig() {
        return JWTSecurityConfig
            .builder()
            .addAnonymousPaths("/admin/app_health")
            .addAnonymousMethods(HttpMethod.OPTIONS)
            .jwtKeyset(new Auth0JWTKeyset(auth0Domain))
            .addRequiredClaims("https://test.org/foo")
            .addRequiredClaims("https://test.org/bar")
            .addTokenAudiences("https://test.org/api")
            .withTokenLeeway(300)
            .build();
    }

    ...
}

Roles / scopes integration

The content of the scope claim is parsed into the list of granted authorities.

Usage

Add the dependency to your maven

    <dependency>
      <groupId>com.mercateo.spring</groupId>
      <artifactId>spring-security-jwt</artifactId>
      <version>2.1.0</version>
    </dependency>

Integrates in Spring Security.

Changelog:

2.1.1:

  • removed public reference about vavr

2.1.0:

  • refactored packaging
  • token handling improvements

2.0.1:

  • breaking change to the previous versions 1.x.y
  • updated dependencies
  • updated parent pom oss-parent-pom to version 1.0.9.
  • the public dependency on io.vavr is removed

What's next?

  • remove the dependency to io.vavr
  • add module-info for better compatibility with java 9 and later
com.mercateo.spring
the procurement platform for your business

Versions

Version
2.1.1
2.1.0
2.0.1
1.0.1
1.0.0
0.5.4
0.5.3
0.5.2
0.5.0
0.4.2
0.4.1
0.4.0
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.10
0.2.9
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
0.2.1
0.2.0
0.1.9
0.1.8
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1