Springboot authentication is used to implement custom auth in springboot. This library is suitable for a scenario like this. Imagine you implement auth that has roles. and every role could have permission to multi modules, then in every module, the role has specific actions like maybe only read, or create and update, or maybe delete.
Roles
- Admin
- Module 1
- Read
- Create
- Update
- Delete
- Module 2
- Read
- Update
- User
- Module 2
- Read
Add this repository to your pom.xml
<repositories>
<repository>
<id>repo-contoh-gratis</id>
<name>repo-contoh-gratis</name>
<url><http://repo.contoh.gratis:81/repository/maven-public/></url>
</repository>
</repositories>
Add this dependency to your pom.xml
Springboot WebMVC
<dependency>
<groupId>gratis.contoh</groupId>
<artifactId>auth</artifactId>
<version>1.0.1</version>
</dependency>
Springboot Webflux
<dependency>
<groupId>gratis.contoh</groupId>
<artifactId>auth-reactive</artifactId>
<version>1.0.1</version>
</dependency>
Run mvn clean install
Create a configuration file as a catcher
@Configuration
@ComponentScan("gratis.contoh.auth.catcher")
@EnableAspectJAutoProxy
public class AuthCatcherConfiguration {
}
Create a configuration file that implements AuthorizeValidator
Springboot WebMVC
@Configuration
public class AuthValidatorConfiguration implements AuthorizeValidator {
@Override
public Boolean isAuthenticate(String headerValue) {
// put your logic here. just return true when passed and false when failed
}
@Override
public Boolean isAuthorize(String headerValue, String[] roles, String module, String[] accessType) {
// put your logic here. just return true when passed and false when failed
}
}
Springboot Webflux
@Configuration
public class AuthValidatorConfiguration implements AuthorizeValidator {
@Override
public Mono<Boolean> isAuthenticate(String headerValue) {
// put your logic here. just return Mono.just(true) when passed and Mono.just(false) when failed
}
@Override
public Mono<Boolean> isAuthorize(String headerValue, String[] roles, String module, String[] accessType) {
// put your logic here. just return Mono.just(true) when passed and Mono.just(false) when failed
}
}
headerValue contains token or something that you passed from FE that need to be authorize.roles contains list of role or []module contains moduleaccessType contains list of access type or []Use the @Authorize annotation in your java controller class.
Springboot WebMVC
@RestController
@RequestMapping("/api")
public class ApiController {
@GetMapping("/1")
@Authorize
public ResponseEntity<String> apiSample(HttpServletRequest request) {
return ResponseEntity.ok("Hello world!");
}
@PostMapping("/2")
@Authorize(
roles = {"SUPER ADMIN", "ADMIN"},
module = "API",
accessTypes = {"CREATE", "UPDATE"})
public ResponseEntity<String> apiSample(HttpServletRequest request, ModelRequest item) {
return ResponseEntity.ok("Hello world!");
}
}
it's mandatory to always put HttpServletRequest as a first parameter. roles, module, and accessTypes are optional. but, if you want to set the accessType, you highly recommended to set module or it means you have access to all actions.
Springboot Webflux
@RestController
@RequestMapping("/api")
public class ApiController {
@GetMapping("/1")
@Authorize
public Mono<ResponseEntity<String>> apiSample(ServerHttpRequest request) {
return Mono.just(ResponseEntity.ok("Hello world!"));
}
@PostMapping("/2")
@Authorize(
roles = {"SUPER ADMIN", "ADMIN"},
module = "API",
accessTypes = {"CREATE", "UPDATE"})
public Mono<ResponseEntity<String>> apiSample(ServerHttpRequest request, ModelRequest item) {
return Mono.just(ResponseEntity.ok("Hello world!"));
}
}
it's mandatory to always put ServerHttpRequest as a first parameter. roles, module, and accessTypes are optional. but, if you want to set the accessType, you highly recommended to set module or it means you have access to all actions.
@Authorize Parametersheader → default AuthorizationauthType → default Bearerroles → default []module → default “”accessTypes → default []