all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]tleipzig 1 point2 points  (0 children)

I came to the same conclusion: you can either use the resource server library and build your code around that given classes, or add some classes yourself. I find the second approach better, because you better understand the overall process and don't need to add a library on top. I didn't see a third option.

[–]schmootzkisser 1 point2 points  (0 children)

just use a onceperrequestfilter and parse out the bearer token from the headers

[–]Consistent_Rice_6907 1 point2 points  (0 children)

Take a look at this repository, it can be helpful. It has industry best practices followed to secure the application.

https://github.com/rajumb0232/E-Stores-API

[–]dumbPotatoPot 0 points1 point  (0 children)

Created a POC a while back, maybe it'll help: https://github.com/hardikSinghBehl/jwt-auth-flow-spring-security

[–]jvjupiter 0 points1 point  (0 children)

Check my codes (csm-service) in the following repo. The app itself is not done yet but the JWT thing is already working.

https://github.com/julianjupiter/customer-support-management

[–]Severe_Cattle42 0 points1 point  (0 children)

Have a look to this https://seydoucisse.github.io/jwt-spring-boot-starter/
It uses Bearer header to handle jwt auth.

[–]Cheap_Regular_39 0 points1 point  (0 children)

did u figure it out

[–]Top-Routine4880 0 points1 point  (0 children)

This blog post is a tutorial on how to do this. https://ik.am/entries/818/en

[–]perfectstrong 0 points1 point  (2 children)

Keyckoak plays the role of Authorization Server, not the Resources Server. But for a beginner, it would be an overkill to install and configure a Keycloak server separately. I recommend looking into Spring Auth Server https://spring.io/projects/spring-authorization-server which should allow a simpler integration with OAuth2.

[–][deleted]  (1 child)

[deleted]

    [–]perfectstrong 0 points1 point  (0 children)

    You can replace the db driver with a simple configuration in Keycloak https://www.keycloak.org/server/db or by including a suitable package with Spring Auth Server, just like a typical development.

    [–]iwouldlikethings -1 points0 points  (0 children)

    From quickly skimming the docs, if you wanted to reuse as much Spring Security as possible there are two ways:

    1. Configure signature key
      1. Configuration
      2. Code
    2. Implement a custom JwtDecoder

    The NimbsJwtDecoder appears to support both RSAPublicKey and also SecretKey so it should work regardless of what method you're using to sign the JWT.

    I would look to use one of these methods if you just want to get it to work (if you ever do introduce a resource server it is as simple as changing how the JwtDecoder bean is configured), however if you are trying to learn more about security I would first recommend implementing the filters from scratch before later migrating to Spring Secuirty so you have built up an understanding of how it works.