I have got a trouble with a test I am having.
I want to make an authentication JWT with spring.
But I am not a java developper.
I grab some stuff on the internet
the result is coded here : https://github.come/etouraille/boat
Previously I had a rest API that was working, but when I haded the jwt things not working anymore
When I curl Localhost I have got no return from the api
curl -v localhost:8080/boats/99
Please some one help me managing my rest authenticated API
Kind Regards
Related
I am looking for a Spring OAuth2 Client example that uses grant_type=password. I know how it works in Postman and I have Authorization Server and Resource server setup working with Postman. I can't find any samples for Spring OAuth2 Client using the password grant. Can anyone point me to the right direction?
I was able to find an example of authorization_code flow so closing this question
Here is tutorialspoint link
I am developing an application and I am using Spring Security. My question is - is there a way to call the exact logic that is run when I send a post request to /login (default), but from within the programme?
Normally, I post my LoginUserDto object to /login endpoint to login. However, I am implementing facebook login now, so I am constructing my LoginUserDto on the server side from whatever data I get from facebook based on user's access token. Now I just need to call the same logic that I would normally call with the rest call to /login, but from within the code in order to return tokens.
Does anyone know how this can be done?
Thanks
You should look at Spring Security 5's inbuilt support for OAuth2, as this will be the easiest way to incorporate Facebook as an external Authorization Server. There is some good documentation which walks through what is necessary via OAuth2 Login. Additionally, I found working with the oauth2login sample code from the Spring Security Repository extremely helpful to understand how the application should be configured, and it has a section for integrating with Facebook.
I have an approuter written in node.js which sends a jwt token to the java application after user authentication.
I need to verify this token and scope in spring application before executing the REST API, but is there a way to do the same thing without using any spring feature?
One option is to use the /check_token endpoint of UAA. The nice thing about this approach is that it's pretty easy to do this without the help of external libraries since it's just a matter of sending an HTTP request. There's also no crypto (other than TLS) required, UAA handles all that for you. However, it does require client credentials so that you can identify the application checking the token with UAA and it has the overhead of sending an HTTP request.
Ex:
curl 'http://uaa.example.com/check_token' -i -u 'app:appclientsecret' -X POST \
-d 'token=53dbe3e05dcf4ff38d350bc74a7fc97bscopes=password.write%2Cscim.userids'
Where app and appclientsecret are your app's client credentials & the scopes attribute is optional, but if you do include it, UAA will also validate that the scopes you indicate are present on the token.
More at the following links:
https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#oauth2-token-validation-service-post-check-token
https://docs.cloudfoundry.org/api/uaa/version/4.6.0/index.html#check-token
The other option would be to validate the token yourself. This requires a signed token and it requires you to have a shared secret between your server and in the case of Cloud Foundry, UAA.
I don't have instructions to walk you through this without Spring, but Spring Security is open source so you can take a look at their code and see how it's done.
It looks like the decodeAndVerify method of JwtHelper is a good place to start. There's also an example of how JwtHelper is used here.
Hope that helps!
I have scoured the internet and cannot find a good example to get started with a simple SPA that authenticates via an ajax POST to my dropwizard rest api. The doc on the site around authorisation is quite limited so I have no idea how to get started. Ideally I would like to authenticate, and receive a token in my client that I can then use to access other functions in my api. Can anyone help with this?
I found this example useful when implementing OAuth2 with Dropwizard: https://github.com/remmelt/dropwizard-oauth2-provider
For posting data with JQuery to the backend service you can refer to the documentation: http://api.jquery.com/jquery.post/
Working on a jhipster project and love it. Its fantastic.
I am wondering if its possible to have both session based and x-auth-token or oauth together ?
We want our users to be able to access the the web interface but also call the API from server code.
Thanks
If there any reason not to have web and API access via existing OAuth2 - see an example here: jhipster oauth : How can i get the access_token via CURL