Developer Documentation
  • Documentation Overview
  • Development Introduction
  • Getting Started
  • Fundamentals
    • Deploy an App via Pre-defined Sidecar
      • Sidecar Tutorial: Server-side
      • Sidecar Tutorial: Client-side
      • Sidecar Tutorial: Docker & Deploy
    • Deploy an App with Eureka
    • Design Guidance
  • Authentication
    • Accessing data exposed by the platform
    • Single Sign-On
      • Angular
      • Vue
      • Java Spring: Accepting JWT
      • Python Django: Accepting JWT
    • User and Role Identification
  • APIs | Data Integration
    • Submodel Index
    • Masterdata
    • Transactional data
  • Docker Information
    • Ruby Stack
    • Golang Stack
    • Node JS Stack
    • Java Spring Stack
    • Python Stack
  • Connect to the Platform
    • Integrate using Eureka Rest APIs
    • Use our Pre-built sidecar
    • Production deployment
  • Add-on Features
    • IApps-Navigation
  • Testing
  • FAQs | Troubleshooting
  • Registration
    • Application pre-requisites
      • Basic Requirements
    • Register Developer Account
    • Submit basic application info
    • Onboard Application
      • Submit Appstore details
        • App basic information
      • Configure Application
        • App Permission
        • App Data
        • AAS Instance
        • Licensing
        • Access Rights
        • Account Info
        • Terms Of Use
        • Pricing
      • Publish and test
        • Deploy
        • Register into Service Discovery
    • Publish to Marketplace
  • User Experience
  • The business model - How do I get paid?
  • References
    • IndustryApps - Intro
    • What is an Asset Administration Shell?
    • What is ECLASS?
      • How is ECLASS and Concept dictionary are used
    • Industry 4.0 standards
    • Customer Terms of Use
      • Subscription Order
    • Solution provider Terms of Use
      • Contract regions
      • Submission Form ( Solution provider)
Powered by GitBook
On this page
  • Accepting JWT Tokens from IndustryApps
  • Configuring your Third-Party Application to accept JWT tokens acquired from IndustryApps
  • Handling multiple JWT issuers with Spring Security 5
  1. Authentication
  2. Single Sign-On

Java Spring: Accepting JWT

PreviousVueNextPython Django: Accepting JWT

Last updated 2 years ago

Accepting JWT Tokens from IndustryApps

Configuring your Third-Party Application to accept JWT tokens acquired from IndustryApps

JWT tokens would either be acquired from your Third-Party App’s existing Authentication system or from IndustryApp’s Keycloak authentication configuration.

Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.

Handling multiple JWT issuers with Spring Security 5

The following example illustrates how to provision multiple JWT issuers with the resource server in Spring Security 5 with WebSecurityConfigurerAdapter.

Additional information about WebSecurityConfigurerAdapter in Spring 5 

_@Override 
    protected void configure(HttpSecurity http) throws Exception {
      JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( 
                "https://iapp-keycloak/auth/realms/iapp-realm", 
                "http://thirdparty-app-existing-auth2/openid" 
        ); 
    http.cors() 
                .and() 
                .authorizeRequests() 
                .anyRequest() 
                .authenticated() 
                .and() 
                .oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver)) 
                .csrf() 
                .disable(); 
    }

Controller

Inside the controller implement the following:

@GetMapping(value = "/user/profile", produces = MediaType.APPLICATION_JSON_VALUE) 
    public User getUserProfile(@AuthenticationPrincipal Jwt principal, HttpServletRequest request) { 
        return new User("1", principal.getClaimAsString("preferred_username")); 
    }

This controller configuration will allow requests routed either via an IndustryApps JWT token or with your Third-Party Applications' JWT token.

Existing User Role Mapping with the IndustryApp JWT Token

For checking user roles we have to map your Third-Party App’s roles into Springs' UserDetailsService function using the JwtTokenFilter function feature to allow recognition of the roles.

can be found here.