loading...

re: Spring Security with JWT VIEW POST

FULL DISCUSSION
 

Hey just wanted to let you know this was sooooo helpful! Thank you for your time and talent at teaching!

If anyone else is struggling with the seemingly high complexity of the spring security framework, I have a few things to add that I've learned in my struggles:

  1. The reason there is so much is to simplify building enterprise-scale roles-based authentication/authorization logic.
  2. It aims to be an almost out of the box solution for a server rendered mvc style web app If you are just trying to secure the backend for your relatively simple SPA style web app then the framework certainly seems like overkill, but articles like this make it easy to find what you need!
 

also if it helps anyone:

if you want to put the username/id whatever you are storing as the subject in jwt onto the request (so that your secured endpoints know which user is accessing):

in AuthorizationFilter#doFilterInternal(): request.setAttribute("username", authentication.getPrincipal());

in ur controllers: public @RequestBody ReturnType yourMethod(@RequestAttribute("username") String username) { ... }

Code of Conduct Report abuse