Java Spring: Accepting JWT

Accepting JWT Tokens from IndustryApps

Configuring your Third-Party Application to accept JWT tokens acquired from IndustryApps

JWT tokens would either be acquired from your Third-Party App’s existing Authentication system or from IndustryApp’s Keycloak authentication configuration.

Keycloak is an open source software product to allow single sign-on with Identity and Access Management aimed at modern applications and services.

Handling multiple JWT issuers with Spring Security 5

The following example illustrates how to provision multiple JWT issuers with the resource server in Spring Security 5 with WebSecurityConfigurerAdapter.

Additional information about WebSecurityConfigurerAdapter in Spring 5 can be found here.

_@Override 
    protected void configure(HttpSecurity http) throws Exception {
      JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerAuthenticationManagerResolver( 
                "https://iapp-keycloak/auth/realms/iapp-realm", 
                "http://thirdparty-app-existing-auth2/openid" 
        ); 
    http.cors() 
                .and() 
                .authorizeRequests() 
                .anyRequest() 
                .authenticated() 
                .and() 
                .oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(authenticationManagerResolver)) 
                .csrf() 
                .disable(); 
    }

Controller

Inside the controller implement the following:

@GetMapping(value = "/user/profile", produces = MediaType.APPLICATION_JSON_VALUE) 
    public User getUserProfile(@AuthenticationPrincipal Jwt principal, HttpServletRequest request) { 
        return new User("1", principal.getClaimAsString("preferred_username")); 
    }

This controller configuration will allow requests routed either via an IndustryApps JWT token or with your Third-Party Applications' JWT token.

Existing User Role Mapping with the IndustryApp JWT Token

For checking user roles we have to map your Third-Party App’s roles into Springs' UserDetailsService function using the JwtTokenFilter function feature to allow recognition of the roles.

PreviousVueNextPython Django: Accepting JWT

Last updated