Implement Windows AD Authentication, Local DB Authorization with JWT Response Token using Spring Security

In the previous article here, i have implemented custom authentication such that

  • Check if the user exist in local database user table and if the user exist, then authenticate it to external windows AD server.
  • Upon successful call to login API, a session was created on server and session id was returned in response header.
  • Subsequent call to other APIs were done with session id token.

One of the issue faced in above implementation was that frontend ajax tools like axios, fetch and super agent were not able to extract session id token from response header. Refer this.

So, instead of session based authentication , I have tried to implement stateless authentication using jwt token.

Steps are as follows:

  1. Add following dependencies to pom.xml file.

2. Edit application.properties file. Add jwt seceret key and database connectivity details

3. Create User’s entity class , repo interface and service class

4. Create following jwt related files

a. Create class for Authentication Request and Authentication Response

b. Create jwt util class

c. Create jwt filter class

d. Create JwtAuthenticationEntryPoint class

5. Create following config classes

a. CustomAuthenticationProvider class that checks for existence of user in local db, if present, check for authentication.

b. Web security Configuration class

c. Create cors configuration class

6. Controller class for following REST APIs

  • login api that performs authentication and responds with jwt token if successful.
  • API thats check returns “hello world” if the associated jwt token in payload is valid.

Thats it on server side.

On React JS fronted side,

  • Make authentication call as follows
  • Make endpoint api call with bearer id as follows

Resources:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store