How to integrate Twitter Login using JWT?
I have some application that works with Spring Boot. This is just login/registration page nothing more.
My JWT Filter
public class JWTFilter extends GenericFilterBean {
private static final String AUTHORIZATION_HEADER = "X-CustomToken";
private static final String AUTHORITIES_KEY = "roles";
/**
* doFilter method for creating correct token(Bearer has taken from front-end part)
*
* @param req
* @param res
* @param filterChain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
String authHeader = request.getHeader(AUTHORIZATION_HEADER);
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid Authorization header.");
} else {
try {
String token = authHeader.substring(7);
Claims claims = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
SecurityContextHolder.getContext().setAuthentication(getAuthentication(claims));
filterChain.doFilter(req, res);
} catch (SignatureException e) {
((HttpServletResponse) res).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid token");
}
}
}
/**
* Method for creating Authentication for Spring Security Context Holder
* from JWT claims
*/
private Authentication getAuthentication(Claims claims) {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
List<String> roles = (List<String>) claims.get(AUTHORITIES_KEY);
for (String role : roles) {
authorities.add(new SimpleGrantedAuthority(role));
}
User principal = new User(claims.getSubject(), "", authorities);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
principal, "", authorities);
return usernamePasswordAuthenticationToken;
}
}
My WebSecurityConfig class
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* This method is for overriding some configuration of the WebSecurity
* If you want to ignore some request or request patterns then you can
* specify that inside this method
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
// ignoring the "/index.html", "/app/**", "/registration",
// "/favicon.ico"
.antMatchers("/", "/index.html", "/app/**", "/registration", "/login", "/favicon.ico ", "/confirmRegistration/**")
.and();
}
/**
* This method is used for override HttpSecurity of the web Application.
* We can specify our authorization criteria inside this method.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated().and()
.addFilterBefore(new JWTFilter(), UsernamePasswordAuthenticationFilter.class)
.httpBasic().and()
.csrf().disable();
}
}
So I have 1 admin hardcoded in data.sql and every user that registers in my app will get User role and save into MySQL. I'd like to add Social Apps Login (such as Twitter, Facebook and Google). The question is how to do that, if I use JWT? As far as I know, Oauth2 is preferable to use social apps, but can I do it in my way?
If I want to start with Twitter, how to do it best?
- Get consumer and secret keys from twitter API
- Put it into application.properties
- Set spring-social dependecies
- Create SocialConfig class
- Change my html login page file
So, do I need to change my login controller class?
Solution
I'm not sure about other social networks, but, if your code is Java and you are planning to work with the Twitter API, the way to go is using the Twitter4J library. It's a de-facto standard in the Java world, and is well documented.
Sure, you need a Twitter Dev Account.You can get more info on the Twitter Dev Portal
- How do I use org.scribe.oauth to connect to the tumblr API?
- java stream to set the values to a list from another list
- Delete directories recursively in Java
- How can I call scikit-learn classifiers from Java?
- Java method declared to throw IOException not propagating the exception up the call stack
- How to get integer and fraction portions of a BigDecimal in Java
- How to auto add imports in IntelliJ?
- remove double quotes from csv while using open csv
- Java custom annotation for a behaviour like trim
- Cors Error when calling microservice from Vue frontend application
- Why isn't my class unloaded when I erase any link to them and to ClassLoader?
- Java UTF-8 filenames with IBM JVM (AIX)
- What would be a good use-case scenario for the Spliterator in Java 8?
- Caused by: java.lang.NoClassDefFoundError: io/jsonwebtoken/Jwts
- Are supertypes of a type just the ones that are directly extended or implemented?
- ModelAttribute returns null values to controller in Spring MVC
- Jaybird 3 and Firebird transaction information
- IntelliJ - Invalid source release: 17
- How to use JScrollPane with JTextArea in Swing?
- Java FFM - Obtaining a var handle to an array field of a structure
- Is there auto type inferring in Java?
- Springboot Keycloak Admin add role or reset password error
- Setting up IntelliJ IDEA with Java 1.8/1.7 and resolve "java: System Java Compiler was not found in classpath"
- How to add a simple horizontal line at Y value of JFreeChart TimeSeries
- java.sql.SQLException: Column Index out of range, 2 > 1
- Task app:compileDebugJavaWithJavac failed
- Column name as a parameter to Spring Data JPA Query
- Pervasive SQL Java database name
- XML to be validated against multiple xsd schemas
- How many sessions can be managed by an Java Application in Struts 2?