How to integrate Twitter Login using JWT?
I have some application that works with Spring Boot. This is just login/registration page nothing more.
My JWT Filter
public class JWTFilter extends GenericFilterBean {
private static final String AUTHORIZATION_HEADER = "X-CustomToken";
private static final String AUTHORITIES_KEY = "roles";
/**
* doFilter method for creating correct token(Bearer has taken from front-end part)
*
* @param req
* @param res
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
String authHeader = request.getHeader(AUTHORIZATION_HEADER);
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid Authorization header.");
} else {
try {
String token = authHeader.substring(7);
Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
SecurityContextHolder.getContext().setAuthentication(getAuthentication(claims));
filterChain.doFilter(req, res);
} catch (SignatureException e) {
((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid token");
}
}
}
/**
* Method for creating Authentication for Spring Security Context Holder
* from JWT claims
*/
private Authentication getAuthentication(Claims claims) {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
List<String> roles = (List<String>) claims.get(AUTHORITIES_KEY);
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
User principal = new User(claims.getSubject(), "", authorities);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
principal, "", authorities);
return usernamePasswordAuthenticationToken;
}
}
My WebSecurityConfig class
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* This method is for overriding some configuration of the WebSecurity
* If you want to ignore some request or request patterns then you can
* specify that inside this method
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
// ignoring the "/index.html", "/app/**", "/registration",
// "/favicon.ico"
.antMatchers("/", "/index.html", "/app/**", "/registration", "/login", "/favicon.ico ", "/confirmRegistration/**")
.and();
}
/**
* This method is used for override HttpSecurity of the web Application.
* We can specify our authorization criteria inside this method.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated().and()
.addFilterBefore(new JWTFilter(), UsernamePasswordAuthenticationFilter.class)
.httpBasic().and()
.csrf().disable();
}
}
So I have 1 admin hardcoded in data.sql and every user that registers in my app will get User role and save into MySQL. I'd like to add Social Apps Login (such as Twitter, Facebook and Google). The question is how to do that, if I use JWT? As far as I know, Oauth2 is preferable to use social apps, but can I do it in my way?
If I want to start with Twitter, how to do it best?
- Get consumer and secret keys from twitter API
- Put it into application.properties
- Set spring-social dependecies
- Create SocialConfig class
- Change my html login page file
So, do I need to change my login controller class?
Solution
I'm not sure about other social networks, but, if your code is Java and you are planning to work with the Twitter API, the way to go is using the Twitter4J library. It's a de-facto standard in the Java world, and is well documented.
Sure, you need a Twitter Dev Account.You can get more info on the Twitter Dev Portal
- Postgres / hibernate operator does not exist: text = bytea
- Spring boot not loading log4j2.xml
- How to verify 'Open xdg-open popup' in Chrome via Selenium Webdriver?
- Junit is throwing error with the com.fasterxml.jackson.databind.exc.InvalidDefinitionException
- @Repository not necessary when implementing JpaRepository?
- Implementing custom methods of Spring Data repository and exposing them through REST
- How to add custom method to Spring Data JPA
- How to use the Netbeans Profiler programmatically?
- Unknown entity: com.sun.proxy.$Proxy87
- What is an object graph in the Java garbage collector?
- Why does the paging library stop loading data after several calls?
- What is the fastest way to create a 2GB file containing random bytes in Java?
- SAXParseException; src-resolve: Cannot resolve the name '...' to a(n) 'type definition' component
- Is it good idea to use the DAO design pattern with spring Boot, instead of using repository design pattern provided by spring data jpa?
- Can i sum two String values without using Wrapper Class in java if yes than how ?
- How to debug the below flux code when expected log is missing?
- Implementing a simple turn-based game in Java using the wait-notify approach
- Why is Spring initialising my Aspect twice?
- AndroidManifest.xml - specified for property 'manifest' does not exist
- java.lang.RuntimeException: Duplicate class org.intellij.lang.annotations.Flow found in modules annotations-16.0.1.jar and annotations-java5-15.0.jar
- JFrame doesn't appear with ActionListener
- Escaping special character when generating an XML in Java
- Is it possible to override package path of Maven dependency?
- IntelliJ gradle add module dependency
- Paging Compile Issue : Not sure how to convert a Cursor to this method's return type
- Weird behaviour of Java MethodHandle.invokeExact
- How do I use a custom Serializer with Jackson?
- loadInitial method not getting called in PositionalDataSource<Item>
- How to use "=toString" in modify-overwrite-beta operation in input with objects?
- Ignore unused local variable warnings in VS Code