DEV Community

Discussion on: Spring Security with JWT

chriswjarvis profile image
Christopher Jarvis • Edited on

Hey just wanted to let you know this was sooooo helpful! Thank you for your time and talent at teaching!

If anyone else is struggling with the seemingly high complexity of the spring security framework, I have a few things to add that I've learned in my struggles:

  1. The reason there is so much is to simplify building enterprise-scale roles-based authentication/authorization logic.
  2. It aims to be an almost out of the box solution for a server rendered mvc style web app If you are just trying to secure the backend for your relatively simple SPA style web app then the framework certainly seems like overkill, but articles like this make it easy to find what you need!
chriswjarvis profile image
Christopher Jarvis

also if it helps anyone:

if you want to put the username/id whatever you are storing as the subject in jwt onto the request (so that your secured endpoints know which user is accessing):

in AuthorizationFilter#doFilterInternal(): request.setAttribute("username", authentication.getPrincipal());

in ur controllers: public @RequestBody ReturnType yourMethod(@RequestAttribute("username") String username) { ... }