Auth: JWT authentication.

TODO: JWT Auth.

Use JJWT along with Spring security. We keep all the currently implemented security code and logic structure, but implement a new custom `AuthenticationManager` that handles JSON Web Tokens. 

This is quite straight forward when using JJWT. The required implementation is:

- [x] A `TokenConfig` that can handle parsing config fields from `application.config`
- [x] A `Filter` for the `HttpSecurity` builder in `SecurityConfig`. This extends `UsernamePasswordAuthenticationFilter` from Spring and replaces the default authentication manager that Spring autowires.
  - [x] In the example from Amigoscode, a class for `AuthenticationRequest`s is used along with this, to create an `AuthenticationToken` `Authentication` object that is sent to the `AuthenticationManager` during the validation process. 
- [x] A `OncePerRequestFilter` to handle token verification logic (`TokenVerifier`). The bulk of this class will be using API from JJWT, and will be used in the `HttpSecurity` config to handle verification of the tokens attached to incoming requests.


Reading: 
[jwt.io: JWT Introduction](https://jwt.io/introduction)
[jjwt@github](https://github.com/jwtk/jjwt)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Auth: JWT authentication. #44

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Auth: JWT authentication. #44

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions