Authenticate and Authorise A Spring Boot Application Using Another Application
Posted By : Gursahib Singh | 29-Apr-2018
In this blog, we will see how we can use a jwt token or auth token generated by using a spring-boot application to authenticate and authorize all the subsequent protected requests of another spring-boot application.
To do so, we first need to configure the spring-boot application so that it will generate jwt token at the time of login. For doing so please refer to the following blog:
To use the auth token generated from our first application in the second application, we are using the concept of interceptors. By the use of interceptors, we can redirect the requested APIs to the specific APIs so that before executing our requested API that specific API is executed.
To do so, first, we need to add a WebConfig.java file in our application, where we will specify the APIs before which we will use another specific API. The code for the same is:
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter
{
class Config{
@Bean
public RestTemplate resttemplate(){
return new RestTemplate();
}
}
@Bean
public LoginInterceptor authinterceptor() {
return new LoginInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authinterceptor()).addPathPatterns("/**");
}
}
Now, auth token is needed to passed in all the APIs added in the "addPathPatterns()" method used in the "addInterceptors(InterceptorRegistry registry)" method.
The next step is to get the requested auth token or jwt token from the headers and pass it into the headers of the API called by the interceptors. To do so, I made a LoginInterceptors.java file in the application with the following code:
public class LoginInterceptor extends HandlerInterceptorAdapter {
@Autowired
RestTemplate restTemplate;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
response.setHeader("Access-Control-Allow-Headers", "*");
String token = request.getHeader("auth");
System.out.println("token--------------------"+token);
HttpHeaders headers = new HttpHeaders();
headers.set("auth", token);
headers.set("Content-Type","application/json");
HttpEntity entity = new HttpEntity<>("parameters", headers);
String url="http://localhost:8085/Verify";
try
{
ResponseEntity tokenresponse =restTemplate.exchange(url, HttpMethod.GET, entity, String.class);
}
catch(Exception e)
{
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
return false;
}
return super.preHandle(request, response, handler);
}
}
Here "http://localhost:8085/Verify" is the API of our first application which is secured and therefore will first verify the auth token and then accordingly will proceed with the subsequent request.
Request for Proposal
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Gursahib Singh
Gursahib is a software developer having key skills in J2SE and J2EE. His hobbies are playing chess, reading and learning new softwares.