/spring-security-jwt

JWT support for spring-security

Primary LanguageJavaApache License 2.0Apache-2.0

Build Status Coverage Status

com.mercateo.spring.spring-security-jwt

Example usage

How to add JWT support to your project.

Import the config and add a configuration bean

@Configuration
@Import(JWTSecurityConfiguration.class)
public class MyConfiguration {

    @Bean
    public JWTSecurityConfig securityConfig() {
        return JWTSecurityConfig
            .builder()
            .addAnonymousPaths("/admin/app_health")
            .jwtKeyset(mock(JWTKeyset.class))
            .addNamespaces("https://test.org/")
            .addRequiredClaims("scope", "foo")
            .build();
    }
}

Access the principal object to get claims from the token:

        final JWTPrincipal principal = JWTPrincipal.fromContext();

        log.info("principal foo {} with scopes '{}'",
              principal.getClaim("foo"),
              principal.getClaim("scope"));

Roles / scopes integration

The content of the scope claim is parsed into the list of granted authorities.