/lagom-pac4j-scala-demo

Lagom Pac4j Demo Scala

Primary LanguageScala

Lagom Pac4j Demo: How authenticate/authorize by JWT

This recipe demonstrates, how you can use JWT for protection your service endpoints. It uses the PAC4J library and its lagom-pac4j module for Lagom integration.

About service

Service has two methods. Both returns a simple string with the profile id.

  • /authenticate. It's a public method accessed for all users.
  • /authorize. It's a protected method accessed only users with role 'manager'.

Testing the recipe

Note: All JWT from tests you can to analyze on the site https://jwt.io/. JWKs and JWTs for tests generated by JWTTestDataGenerator.

unit tests

You can test this recipe using the provided tests:

sbt test

manual tests

You can also test this recipe manually using 2 separate terminals.

On one terminal start the service:

sbt runAll

On a separate terminal, use curl to send:

  • anonymous request
$ curl http://localhost:9000/authenticate
anonymous
  • request from Alice
$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBbGljZSIsInJvbGVzIjpbIm1hbmFnZXIiXSwiaXNzIjoiaHR0cHM6XC9cL3BhYzRqLm9yZyIsImlhdCI6MTU0NzIzODgwOCwianRpIjoiMmI1ZmUyYWYtNDI5Yy00M2MyLWEwY2MtMjRmYzk5N2M3YjM5In0.EQYEYCN1L8IKLerZ4zhHMbdzI4LkVjo3NPyBxZko_pmtraPXhvRFE1VAYaRLiqEttNPCXXyNKmWDBkpRCE8tPacCGT3XT_s9pLmLBy0EZ4nb0T_TRy4Q1gtJZfcQN-1kbKczs_T_kh2punfiNJGe9CXImcw4HwcCp1GcrRySVng9FmIvE2NAUXex7pGxcYJUVhGOU4Pnboa7lcP0Gz2u4kPIBghE6-vpSEgoeCNeg357_0CUpznYQP9thi5oby-C8-2WFlAx4tashjPojT4SOAMEvbBAWSHSnXwrs1Pf4lJmcVq78QON1TzROmD3CTRA99ANFsqVXFHXpHYZorAdSw" http://localhost:9000/authenticate
Alice
  • request from Alice to protected path (Alice has role manager)
$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBbGljZSIsInJvbGVzIjpbIm1hbmFnZXIiXSwiaXNzIjoiaHR0cHM6XC9cL3BhYzRqLm9yZyIsImlhdCI6MTU0NzIzODgwOCwianRpIjoiMmI1ZmUyYWYtNDI5Yy00M2MyLWEwY2MtMjRmYzk5N2M3YjM5In0.EQYEYCN1L8IKLerZ4zhHMbdzI4LkVjo3NPyBxZko_pmtraPXhvRFE1VAYaRLiqEttNPCXXyNKmWDBkpRCE8tPacCGT3XT_s9pLmLBy0EZ4nb0T_TRy4Q1gtJZfcQN-1kbKczs_T_kh2punfiNJGe9CXImcw4HwcCp1GcrRySVng9FmIvE2NAUXex7pGxcYJUVhGOU4Pnboa7lcP0Gz2u4kPIBghE6-vpSEgoeCNeg357_0CUpznYQP9thi5oby-C8-2WFlAx4tashjPojT4SOAMEvbBAWSHSnXwrs1Pf4lJmcVq78QON1TzROmD3CTRA99ANFsqVXFHXpHYZorAdSw" http://localhost:9000/authorize
Alice
  • request from Bob to protected path (Bob has role developer)
$ curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJCb2IiLCJyb2xlcyI6WyJkZXZlbG9wZXIiXSwiaXNzIjoiaHR0cHM6XC9cL3BhYzRqLm9yZyIsImlhdCI6MTU0NzIzODgwOCwianRpIjoiM2RkNTU2ZDAtNGFhMC00MWE1LWIxNDctNDZjNDY3NDIwNWZhIn0.KEn3R0Cal7kgzdh5opi7xagAIHLH1lNtypUyjo_25NhfaDXZXYv9kaIqJYZnd3jMUonpPkl72QMP9yRCv88kzBAvSTBMd0SMVlKL0ou1jhRTZyk0AQ8JQhk2ypEyjF385zN9iCrcPab9RFZrLVYqo0SFmkqf1yVp934dfZxcDhPCOOYsWrwsZXd5KK88G19IdSBXCp8zsXl09np92Zz2UWXflrTBNdn4Aedlm5SHLU4zbIKkxeEJVcd_HBQ6NA11VMbxmE9t89505fcJn8ovRhPj5QyORHwDDUFJJZjh1fTVV7-y_aYchJ8YA3GOHdrYgcx0Lr72-Xu5xHnmuHSOYQ" http://localhost:9000/authorize
{"name":"Forbidden","detail":"Authorization failed"}