A study on Spring Security with Spring Boot.
The authentication is done by consulting an external postgres db, that contains all the necessary fields to provide the UserDetails
.
The authorization is done with jwt, that is generated with a POST to the endpoint /authenticate
.
The token is intercepted by the custom filter defined in JwtRequestFilter.
Almost everything in here is based on an excellent tutorial from JavaBrains. I just added the following:
-
Changed from the deprecated
WebSecurityConfigurerAdapter
to a component-based configuration, basically by exposing anAuthenticationManager
bean and using aSecurityFilterChain
. More information on how to do this in this post from the Spring Blog. -
Added database access to retrieve the user details for authentication.