0

I am working on securing a REST API, here is the basic set up (Happy Path) I am working with:

1) UI will request to authenticate with another service, this service will return a JWT to the UI.

2) Once a user of the UI is done with their work, they will make a request to the REST API that I am tasked with securing using a JWT that is passed to me.

3) I will then ensure the JWT is legit, get the users roles and then determine if the user is authorized to access that endpoint (perform the requested function).

I am sure this is possible, but my past experience with Spring Security wasn't dealing with JWT or Authorization only.

Would it be a correct approach to implement Authentication and Authorization, get that working and then back out the Authentication part?

Thank you for your kind help!

Bill May
  • 1
  • 2

1 Answers1

0

I suggest that you take a look at the Spring Security OAuth2 project. It makes this kind of thing fairly easy.

In particular, have a look at this section about using JWT

secondbreakfast
  • 4,194
  • 5
  • 47
  • 101
  • 1
    Thank you! After looking the link you supplied, a light came on that made it seem that this projects Authentication and Authorization approach is very similar to using a Facebook, Google or Github login. – Bill May Feb 03 '18 at 18:13