1.0.0-rc.3 (2017-06-13)
Changed
- Use java-jwt version 3.2.0 #34 (lbalmaceda)
- Use java-jwt version 3.1.0 #30 (pacey)
1.0.0-rc.2 (2016-12-21)
Changed
1.0.0-rc.1 (2016-12-19)
Auth0 integration with Spring Security to add authorization to your API using JWTs
Get Auth0 Spring Security API using Maven:
<dependency>
<groupId>com.github.auth0</groupId>
<artifactId>auth0-spring-security-api</artifactId>
<version>1.0.0-rc.1</version>
</dependency>or Gradle:
compile 'com.auth0.github:auth0-spring-security-api:1.0.0-rc.1'Inside a WebSecurityConfigurerAdapter you can configure your api to only accept RS256 signed JWTs
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
JwtWebSecurityConfigurer
.forRS256("YOUR_API_AUDIENCE", "YOUR_API_ISSUER")
.configure(http);
}
}or for HS256 signed JWTs
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
JwtWebSecurityConfigurer
.forHS256WithBase64Secret("YOUR_API_AUDIENCE", "YOUR_API_ISSUER", "YOUR_BASE_64_ENCODED_SECRET")
.configure(http);
}
}Then using Spring Security HttpSecurity you can specify which paths requires authentication
http.authorizeRequests()
.antMatchers("/api/**").fullyAuthenticated();and you can even specify that the JWT should have a single or several scopes
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/users/**").hasAuthority("read:users");