Skip to content

Releases: auth0/auth0-spring-security-api

1.0.0-rc.1

23 May 19:56
@lbalmaceda lbalmaceda
1.0.0-rc.1
258f6bc
This commit was signed with the committer’s verified signature.
hzalaz Hernan Zalazar
GPG key ID: BFC76D93107B086C
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.0-rc.1

1.0.0-rc.1 (2016-12-19)

Auth0 integration with Spring Security to add authorization to your API using JWTs

Download

Get Auth0 Spring Security API using Maven:

<dependency>
    <groupId>com.github.auth0</groupId>
    <artifactId>auth0-spring-security-api</artifactId>
    <version>1.0.0-rc.1</version>
</dependency>

or Gradle:

compile 'com.auth0.github:auth0-spring-security-api:1.0.0-rc.1'

Usage

Inside a WebSecurityConfigurerAdapter you can configure your api to only accept RS256 signed JWTs

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        JwtWebSecurityConfigurer
                .forRS256("YOUR_API_AUDIENCE", "YOUR_API_ISSUER")
                .configure(http);
    }
}

or for HS256 signed JWTs

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        JwtWebSecurityConfigurer
                .forHS256WithBase64Secret("YOUR_API_AUDIENCE", "YOUR_API_ISSUER", "YOUR_BASE_64_ENCODED_SECRET")
                .configure(http);
    }
}

Then using Spring Security HttpSecurity you can specify which paths requires authentication

    http.authorizeRequests()
        .antMatchers("/api/**").fullyAuthenticated();

and you can even specify that the JWT should have a single or several scopes

    http.authorizeRequests()
        .antMatchers(HttpMethod.GET, "/api/users/**").hasAuthority("read:users");
Assets 2
Loading