2

I saw this code for apikey in spring boot, but how to apply this secure when an application tries use my api service? What is the next step for use this security and disable the basic autentication user password of spring?

package com.microservice.reportGenerator.validation;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

@Configuration
@EnableWebSecurity
@Order(1)
public class APISecurityConfig extends WebSecurityConfigurerAdapter {

    // "${yourapp.http.auth-token-header-name}"

     @Value("${ReportService.http.auth-token-header-name}")
    private String principalRequestHeader;

     @Value("${ReportService.http.auth-token}")
    private String principalRequestValue;

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        APIKeyAuthFilter filter = new APIKeyAuthFilter(principalRequestHeader);
        System.out.println(principalRequestHeader + " Y" + principalRequestValue);
        filter.setAuthenticationManager(new AuthenticationManager() {
            
            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                String principal = (String) authentication.getPrincipal();
                if (!principalRequestValue.equals(principal)) {
                    throw new BadCredentialsException("The API key was not found or not the expected value.");
                }
                authentication.setAuthenticated(true);
                return authentication;
            }
        });
        httpSecurity.antMatcher("/**").csrf().disable().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilter(filter).authorizeRequests()
                .anyRequest().authenticated();
    }

}

package com.microservice.reportGenerator.validation; import javax.servlet.http.HttpServletRequest; import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

public class APIKeyAuthFilter extends AbstractPreAuthenticatedProcessingFilter {

private String principalRequestHeader;

public APIKeyAuthFilter(String principalRequestHeader) {
    this.principalRequestHeader = principalRequestHeader;
}

@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
    System.out.println(request.getHeader(principalRequestHeader));
    return request.getHeader(principalRequestHeader);
}

@Override
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
    return "N/A";
}

}

JESUS l.
  • 29
  • 1
  • 3

0 Answers0