How to get login and pass from rest request in spring boot?
I'm writing REST app with spring boot and spring security with JWT.
I created registration end point which just creates an account.
I wanted to implement authentication througn basic auth with login and password which would returns a jwt token. Other requests would authenticate by token.
But I can't implement security by login and password and JWT both, so I tried to perform basic auth manually and leave spring security by token.
How can I get login and password from rest request in controller to check if the account exists in the database manyally?
The example of basic auth:
JWT token is an string joined by points. It has three pieces and these are encoded in base64. The second piece has the information of the user. You can pass this information to the security context and get wherever you want.
Decode the token, set the information in UserDetails (you can extend this class) and pass it to the UsernamePasswordAuthenticationToken. Pass this object to the security context and get the information in your controllers using SecurityContextHolder.getContext().getAuthentication();
More info here: https://www.toptal.com/spring/spring-security-tutorial
// Get user identity and set it on the spring security context
UserDetails userDetails = userRepo
.findByUsername(jwtTokenUtil.getUsername(token))
.orElse(null);
UsernamePasswordAuthenticationToken
authentication = new UsernamePasswordAuthenticationToken(
userDetails, null,
userDetails == null ?
List.of() : userDetails.getAuthorities()
);
authentication.setDetails(
new WebAuthenticationDetailsSource().buildDetails(request)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
- Tests in Spring Boot with database H2
- Spring Boot: Why do i get Content-Type 'application/octet-stream' is not supported , when i'm sending multipart/form-data?
- The use of Spring Security Meta Annotation
- Broadcast SseEmitter to multiple clients
- What is the reason to disable csrf in spring boot web application?
- Reason to disable CSRF in spring boot
- Unable to resolve name [org.hibernate.spatial.dialect.postgis.PostgisDialect] as strategy [org.hibernate.dialect.Dialect]
- MapStruct mapper returns empty mapped object
- Spring Boot 2.5.0 generates plain.jar file. Can I remove it?
- how to store PostgreSQL jsonb using SpringBoot + JPA?
- How to connect to Oracle 8i using Java
- How to configure port for a Spring Boot application
- @WebMvcTest fails with java.lang.IllegalStateException: Failed to load ApplicationContext
- Spring boot: Unable to start embedded Tomcat servlet container
- Keycloak authorization on behalf of another user
- After Spring boot 3.2.x upgrade , ZoneddateTime is getting persisted in DB always with UTC format
- How spring boot scan and configures bean
- Map single property from class to every object in list of other class
- How to generate jooq classes with r2dbc driver in the pom file
- Spring Boot DataJpaTest (for Repositories) fail with java.lang.IllegalStateException: Failed to load ApplicationContext
- SpringBoot fails to deploy after adding .ebextensions for ngingx SSL -[An error occurred during execution of command [app-deploy]]
- Spring @RestController and @PathVariable queuing bug?
- Not annotated parameter overrides @NonNullApi parameter
- Oh no! IO! Concurrency issues with virtual threads, HikariCP, and Spring Boot JDBC (Postgres)
- Spring boot validation doesn't work
- Intellij, target JRE vesion doesn't match project jdk version
- Why is sse widely used even though there is a limit to the number of connections?
- Spring boot localization from database
- What are Spring Security default credentials for Spring Boot?
- Hikari Pool is not shutdown after spring boot test execution with test container