Now we have 2 cases:– Login/SignUp: RestAPI with non-protected APIs - authenticate Login Request with AuthenticationManager, if error occurs, handle AuthenticationException with AuthenticationEntryPoint.– With protected Resources:+ jwt token is null/invalid - if Authenticated Error occurs, handle AuthenticationException with AuthenticationEntryPoint.+ jwt token is valid - from token, get User information, then create AuthenticationToken. Create AuthenticationToken from TokenJwtAuthTokenFilter extracts username/password from the received token using JwtProvider, then based on the extracted data, JwtAuthTokenFilter:– creates a AuthenticationToken (that implements Authentication)– uses the AuthenticationToken as Authentication object and stores it in the SecurityContext for future filter uses (e.g: Authorization filters).In this tutorial, we use UsernamePasswordAuthenticationToken. A GrantedAuthority is an authority that is granted to the principal. Such authorities are usually ‘roles’, such as ROLEADMIN, ROLEPM, ROLEUSER Protect Resources with HTTPSecurity & Method Security Expressions Configure HTTPSecurityTo help Spring Security know when we want to require all users to be authenticated, which Exception Handler to be chosen, which filter and when we want it to work. We implement WebSecurityConfigurerAdapter and provide a configuration in the configure(HttpSecurity http) method.
This tutorial shows you how to Secure Spring Rest API Using Spring Security Oauth2 Example. OAuth2 is an authentication framework that allows third-party applications to grant limited access to a HTTP service, either on behalf of a resource owner or by allowing the third-party application to obtain access on its own behalf.