Spring Security: Token based authentication and JSR 250

Asked Oct 18 '16 at 14:12

Active Oct 18 '16 at 14:12

Viewed 113 times

@RestController
public class ApplicationController {

    @PermitAll
    @RequestMapping(value = "/", method = RequestMethod.GET)
    public String index() {
        return "Greetings from ContextConfig Boot!";
    }

    @RolesAllowed({"ADMIN"})
    @RequestMapping(value = "/secured", method = RequestMethod.GET)
    public String secured() {
        return "Secured :)";
    }
}

Token is send in header "X-AUTH-TOKEN".

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    }
}

This actual spring security configuration. How to configure spring security when user send token in header and hase role "ADMIN" he will be allowed to access "secured"?

asked Oct 18 '16 at 14:12

rrader

Do you want implement Oauth authorization? – eg04lt3r Oct 18 '16 at 14:55
Hi, no, I want to implement custom token based authorization. – rrader Oct 19 '16 at 06:15
Did you try to use google for your purposes? First search in google returns suitable results. Please, check it: https://javattitude.com/2014/06/07/spring-security-custom-token-based-rest-authentication/ – eg04lt3r Oct 19 '16 at 18:50

Spring Security: Token based authentication and JSR 250

0 Answers0