How can I protect my Java Spring Boot API with my own Custom Token System?

Question

I am trying to protect my Java Spring API with a Token System. The aim is that I can say, if the token has privileges an which (Token xyz is Admin or just a User) In the Controller I'd like to say that only Admins are allowed to call the method.

I hope you understand my problem. Thanks!

the thing you are trying to do is call role based authorization.......try searching on google — Amimul Ehsan Rahi, Mar 05 '21 at 20:31
Can refer to this for a kick start: https://www.youtube.com/watch?v=X80nJ5T7YpE ...... — Amimul Ehsan Rahi, Mar 05 '21 at 20:32
There are many ways to do this. Simple is to maintain a table of generated tokens per user and check if the token sent in the request matches with one of the token in table. You can certainly look at JWT as well. — gtiwari333, Mar 05 '21 at 20:36
you should never implement custom security, it is bad practice thats why there are standards. — Toerktumlare, Mar 05 '21 at 23:57

score 1 · Accepted Answer · answered Mar 05 '21 at 20:38

1

You can implement Roles and Privileges with spring security. I hope this tutorial will help you regarding the same. https://www.baeldung.com/role-and-privilege-for-spring-security-registration

answered Mar 05 '21 at 20:38

Vivek Jain

317
3
12

How can I protect my Java Spring Boot API with my own Custom Token System?

1 Answers1