szerhusenBC/jwt-spring-security-demo

Use Basic Authentication

Closed this issue · 2 comments

Bash-Ali commented

Hi Stephan, and thank you for the effort in this project.
How and what do I need to do to use Basic Authentication instead of the raw JSON username and password to request a token? I am unable to find any spring boot project/example that uses both Basic authentication and JWT to maximize security.
Thank you

bfwg commented

Hey, @Bash-Ali

I would prefer to use formLogin over basic auth, since sending username&password in every request's header is not something we want to do in real world.
Here is a good guide on how to use formLogin: https://spring.io/guides/gs/securing-web/ in your app.
I wrote a small demo app (springboot-jwt-starter) that uses formLogin with JWT to help me understand springboot and JWT more, the front-end of the app is written in AngularJS.

Angular login post request:

    $http({
      url: 'login',
      method: 'POST',
      data: $httpParamSerializerJQLike(self.credentials),
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      }
     })
    .then(function(res) {
      // do something with the response object
    });

https://github.com/bfwg/springboot-jwt-starter/blob/master/src/main/resources/static/js/app.js#L70

Springboot config file:

        http
             ...
            .formLogin()
                .successHandler(authenticationSuccessHandler)
                .failureHandler(authenticationFailureHandler).and()
             ...
             // logout stuff

https://github.com/bfwg/springboot-jwt-starter/blob/master/src/main/java/com/bfwg/config/WebSecurityConfig.java#L68

Full source code can be found in springboot-jwt-starter, this project is heavily inspired by jwt-spring-security-demo and Cerberus.

Let me know if you have more questions. By the way, big thanks to szerhusenBC, I learned a lot from his project.

szerhusenBC commented

@bfwg Your're welcome! And thank you for your help!