Hey just wanted to let you know this was sooooo helpful! Thank you for your time and talent at teaching!
If anyone else is struggling with the seemingly high complexity of the spring security framework, I have a few things to add that I've learned in my struggles:
The reason there is so much is to simplify building enterprise-scale roles-based authentication/authorization logic.
It aims to be an almost out of the box solution for a server rendered mvc style web app
If you are just trying to secure the backend for your relatively simple SPA style web app then the framework certainly seems like overkill, but articles like this make it easy to find what you need!
if you want to put the username/id whatever you are storing as the subject in jwt onto the request (so that your secured endpoints know which user is accessing):
in AuthorizationFilter#doFilterInternal(): request.setAttribute("username", authentication.getPrincipal());
in ur controllers: public @RequestBody ReturnType yourMethod(@RequestAttribute("username") String username) { ... }
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey just wanted to let you know this was sooooo helpful! Thank you for your time and talent at teaching!
If anyone else is struggling with the seemingly high complexity of the spring security framework, I have a few things to add that I've learned in my struggles:
also if it helps anyone:
if you want to put the username/id whatever you are storing as the subject in jwt onto the request (so that your secured endpoints know which user is accessing):
in AuthorizationFilter#doFilterInternal(): request.setAttribute("username", authentication.getPrincipal());
in ur controllers: public @RequestBody ReturnType yourMethod(@RequestAttribute("username") String username) { ... }