First of all, let's import some dependencies
Before starting the real implementation, please, try to get these dependencies on your project:
compile group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
compile group: 'com.auth0', name: 'java-jwt', version: '3.10.3'
compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.5.RELEASE'
compile group: 'org.springframework.security', name: 'spring-security-web', version: '5.1.5.RELEASE'
compile group: 'org.springframework.security', name: 'spring-security-config', version: '5.1.5.RELEASE'
You might have the basic packages to build an API like Spring Starter Web, if you don't know how to build an API with java and Spring Boot, please, read the following article: Building a Simple API with Java and Spring Boot
And make sure you already have your UserRepository Implemented, but if you don't know how to implement a simple connection between java and any SQL database with H2, please, read the following article: Implementing a Simple Database with Java, JPA, Hibernate and SQL
Creating a Bean to our PasswordEncoder
If you don't know what is a Bean, please, read the following article: What is a Java @Bean?
Please, at your main class, paste the following code:
@Bean public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
It'll provide a BCryptPasswordEncoder instance to us.
Implemeneting our own UserDetailsService
So, assuming that we'll authenticate with a username and password, we have to implement the default class and method to search it in the database, right?
Follow bellow the code, please, stay alert to read the comments.
Let's implement the JWTAuthenticationFilter
First of all, our authentication will be a basic auth, where you provide a username and password and the system will verify if you are who you are supposed to be.
This class will rewrite some methods in a personal way to implement our UsernameAndPasswordAuthenticationFilter, which provides somethings like the answer to our auth.
Remember to be alert for the comments.
Follow below the code:
That is our AuthenticationFilter, responsible to verify the username and password data (we can say that it is the class that execute the "login")
Lets Implement the JWTAuthorizationFilter
If the Authentication Filter verifies and confirms the data, our Authorization Filter is responsible for the request, just like verify our token and show the authorities.
Remember to be alert for the comments.
Follow Below the file:
Finally, the WebSecurity Class
This is the class that interacts with the web layer, here we also have the cors configuration, allows, signup redirect, we define the login endpoint, etc etc etc.
Remember to be alert for the comments.
Follow below de the file:
We can just finish here, but, as a bonus, there is a test class to test your login functionality.
#Bonus - Test Impl
THANK YOU!!! ENJOY THE ARTICLE <3, LEAVE YOUR LIKE HERE SWEET!!
Top comments (0)