2

I've been attempting to secure my GraphQL API with Spring Security and JWT tokens, I've followed along with this post but have had no sort of luck. I got a working version of authentication using contexts with GraphQLContext but for every mutation/query I need to add the same verbose auth check, where spring security annotations are far nicer.

I'm unable to even really test what I've done since GraphQL doesn't seem to like when i add @PreAuthorize("hasRole(\"USER\")") on a query resolver, so I'm unsure if GraphQL is compatible with spring security at this point.

I've attached the source code to a gist since there is a fair few classes, I'm just unsure if the approach I'm taking is the right one, but using annotations on authorised routes is far nicer.

Soruce Code: https://gist.github.com/PHILLIPS71/9388afb2495152f875b48ae06b241348

Stacktrace:

Caused by: com.coxautodev.graphql.tools.ResolverError: No method found with any of the following signatures (in priority order):
   com.sun.proxy.$Proxy73.users( [, graphql.schema.DataFetchingEnvironment])
   com.sun.proxy.$Proxy73.getUsers( [, graphql.schema.DataFetchingEnvironment])
Jordan
  • 157
  • 5
  • 17
  • Might I suggest a regular Resource server acting as a proxy where all your security is being handled. The graphQL server can be in any language. Commonly nodeJS. That doesn't include Spring Security. The suggested methods of authentication for NodeJS graphql is a simple token rather than a JWT role based method. A proxy might help in de-coupling your system at the same time achieving role based security – SamwellTarly Nov 09 '18 at 03:53

0 Answers0