Spring Security

Authentication Service

The objective of this exercise is to implement an authentication microservice that issues JSON web tokens for authenticated users.

Token Issuing

• Implement a Spring Boot web application and add the spring-boot-starter-security and spring-security-oauth2-jose dependencies to the Maven configuration.
• Use the ↘JwtTokenGenerator helper class to implement a REST controller AuthController with the endpoint GET /token that returns JSON web tokens for authenticated users.
• Make the issuer, signature key and validity period of the generated tokens configurable.

Security Configuration

Implement a configuration class SecurityConfig that provides the following bean methods:

• securityFilterChain configures the HttpSecurity such that
  • basic authentication is used for authentication
  • the access to the REST endpoint is restricted to authenticated users
  • no sessions are used
  and returns the corresponding SecurityFilterChain
• userDetailsService returns an InMemoryUserDetailsManager that knows one user with the EMPLOYEE role and two users with the CUSTOMER role
• passwordEncoder returns a PasswordEncoder

Testing

• Use the Postman utility to test the authentication of the microservice.
• Verify the returned JSON web tokens using the online JWT debugger.