Breaking News: Grepper is joining You.com. Read the official announcement!

A Closer Look at Authentication as a Microservice

Add Answer

Pragya Keshap answered on February 7, 2023 Popularity 1/10 Helpfulness 1/10

answer A Closer Look at Authentication as a Microservice

A Closer Look at Authentication as a Microservice

Comment

4 Best Practices for Microservices Authorization

Decouple Authorization Logic and Policy from the Underlying Microservice. ...

Use Sidecar Enforcement for Security, Performance and Availability. ...

Enforce JSON Web Token (JWT) Validation. ...

Use RBAC and ABAC to Control End-User Actions. ...

Getting Up and Running with Authorization.

@Slf4j
@RequiredArgsConstructor
public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    private final AuthenticationManager authenticationManager;
    private ObjectMapper mapper=new ObjectMapper();

    private final TokensRedisService tokensRedisService;

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        try {
            JwtAuthenticationModel authModel = mapper.readValue(request.getInputStream(), JwtAuthenticationModel.class);
            Authentication authentication = new UsernamePasswordAuthenticationToken(authModel.getUsername(), authModel.getPassword());
            return authenticationManager.authenticate(authentication);

        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
        String token = Jwts.builder()
                .setSubject(authResult.getName())
                .claim("authorities", authResult.getAuthorities())
                .claim("principal", authResult.getPrincipal())
                .setIssuedAt(new Date())
                .setIssuer(SecurityConstants.ISSUER)
                .setExpiration(Date.from(LocalDateTime.now().plusMinutes(30).toInstant(ZoneOffset.UTC)))
                .signWith(SignatureAlgorithm.HS256, SecurityConstants.KEY)
                .compact();

        log.info(token);
        TokensEntity tokensEntity = TokensEntity.builder().id(Utilities.generateUuid()).authenticationToken(token)
                        .username(authResult.getName())
                        .createdBy("SYSTEM").createdOn(LocalDateTime.now())
                        .modifiedBy("SYSTEM").modifiedOn(LocalDateTime.now())
                        .build();
        tokensEntity = tokensRedisService.save(tokensEntity);
        response.addHeader(SecurityConstants.HEADER, String.format("Bearer %s", tokensEntity.getId()));
//        response.addHeader("Expiration", String.valueOf(30*60));

        ConnValidationResponse respModel = ConnValidationResponse.builder().isAuthenticated(true).build();
        response.addHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
        response.getOutputStream().write(mapper.writeValueAsBytes(respModel));
    }
}

https://dev.to/behalf/authentication-authorization-in-microservices-architecture-part-i-2cn0

Popularity 1/10 Helpfulness 1/10 Language java

Source: Grepper

Tags: authentication java

Link to this answer
Share Copy Link

Contributed on Feb 07 2023

Pragya Keshap

0 Answers Avg Quality 2/10

A Closer Look at Authentication as a Microservice

Contents

More Related Answers

A Closer Look at Authentication as a Microservice

Grepper

Documentation

Social

Legal

Contact

Oops, You will need to install Grepper and log-in to perform this action.