# Java Spring: Accepting JWT

## Accepting JWT Tokens from IndustryApps

### Configuring your Third-Party Application to accept JWT tokens acquired from IndustryApps

JWT tokens would either be acquired from your Third-Party App’s existing Authentication system or from IndustryApp’s Keycloak authentication configuration.&#x20;

{% hint style="info" %}
Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.
{% endhint %}

### Handling multiple JWT issuers with Spring Security 5

The following example illustrates how to provision multiple JWT issuers with the resource server in **Spring Security 5** with `WebSecurityConfigurerAdapter`.&#x20;

{% hint style="info" %}
Additional information about `WebSecurityConfigurerAdapter` in Spring 5 [can be found here.](https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html)
{% endhint %}

```java
_@Override 
    protected void configure(HttpSecurity http) throws Exception {
      JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( 
                "https://iapp-keycloak/auth/realms/iapp-realm", 
                "http://thirdparty-app-existing-auth2/openid" 
        ); 
    http.cors() 
                .and() 
                .authorizeRequests() 
                .anyRequest() 
                .authenticated() 
                .and() 
                .oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver)) 
                .csrf() 
                .disable(); 
    } 
```

#### Controller

Inside the controller implement the following:

```java
@GetMapping(value = "/user/profile", produces = MediaType.APPLICATION_JSON_VALUE) 
    public User getUserProfile(@AuthenticationPrincipal Jwt principal, HttpServletRequest request) { 
        return new User("1", principal.getClaimAsString("preferred_username")); 
    } 
```

This controller configuration will allow requests routed either via an IndustryApps JWT token or with your Third-Party Applications' JWT token.

#### Existing User Role Mapping with the IndustryApp JWT Token

For checking user roles we have to map your Third-Party App’s roles into Springs' UserDetailsService function using the JwtTokenFilter function feature to allow recognition of the roles.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.industryapps.net/authentication/single-sign-on/java-spring-accepting-jwt.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.