daniel-cottone / cerberus Goto Github PK
View Code? Open in Web Editor NEWA demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security.
License: MIT License
A demonstration of a completely stateless and RESTful token-based authorization system using JSON Web Tokens (JWT) and Spring Security.
License: MIT License
Thanks for the great project. Its really helpful. I have one last question. How do I access the token clains (e.g. username) in the protected controller?
I extended the dummy method a bit and got the username, but I wonder if there is a best practice to get the username in any controller method. Here is what I did:
public ResponseEntity<?> getDaHoney(HttpServletRequest request ) {
String token = request.getHeader(this.tokenHeader);
String username = this.tokenUtils.getUsernameFromToken(token);
return ResponseEntity.ok(":O + " + username );
}
Hi, i've been trying to run Cerberus with CORS activated. But seemingly there is nothing i can do to enable the Cross Domain. All the requests are being blocked.
Any Clue? =\
Whitelabel Error Page when using this http://localhost:8080/api/auth
The below message is occurs.............
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Sat Jun 04 12:59:14 PDT 2016
There was an unexpected error (type=Method Not Allowed, status=405).
Request method 'GET' not supported
Sir, how can i solve this error???
CREATE TABLE users
(
id integer NOT NULL,
username character varying(50) NOT NULL,
password character varying(100) NOT NULL,
last_password_reset timestamp without time zone NOT NULL,
authorities character varying(100) NOT NULL,
CONSTRAINT user_pkey PRIMARY KEY (id)
);
how to handle change password case? user want use old token with new password
Changing the secret key will revoke all user generated tokens
I dont want force user to log in again
the only idea is to generate a new token, but can I avoid it?
I import brahalla/Cerberus into sts IDE and getting the following error in com.ahancer.rr.security.TokenUtils, in which Claims object is not resolved.
src/test/java/com/brahalla/Cerberus/integration/controller/rest/AuthenticationControllerTest.java:[109,28] non-static method getUsernameFromToken(java.lang.String) cannot be referenced from a static context
On com.brahalla.Cerberus.configuration.WebSecurityConfiguration
there's the configureAuthentication
method and it links it's Autowired userDetailsService
attribute to Spring Boot's default AuthenticationManager builder.
This specific part is what is relative to each and every user of this project. Which means this is probably the part that needs changing every time this project is forked. It is unclear as to how to proceed with these motifications, taking in consideration Hibernate, JPA, DataSources, JDBC and so on.
I have a table of users on my database. I just want to check if the username and encoded password match a row in that database table to authenticate. How hard is that exactly can I do that?
Thanks
I used:
https://www.bcrypt-generator.com/
and
new BCryptPasswordEncoder().encode("admin");
but password is incorrect
how to generate password?
Expiration and creation should have the same format
"created": 1480505207432,
"exp": 1481110007
hi,
I have checked out the code from master branch. set up project in eclipse and then started it.
i am using postman to test, when i try to hit "http://localhost:8080/api/auth"
i get access denied error though I should receive jwt token as mentioned in your README.MD.
Please help if possible. I have also attached screen shot for same.
Failed to execute goal pl.project13.maven:git-commit-id-plugin:2.1.11:revision (default) on project Cerberus: .git directory could not be found! Please specify a valid [dotGitDirectory] in your pom.xml
how can I do this? I'm new to mvn...
Ok problem solved I had to get the sources using git. Now it's working
Is there a way to log-out the user and invalidate the token?
where tokens are stored?
I think token expiration is a key feature that this project is lack of, here are some good discussions on Hacker News, https://news.ycombinator.com/item?id=8283006
Results :
Failed tests:
AuthenticationControllerTest.requestingProtectedWithValidCredentialsReturnsExpected:112
Expected: is "user"
but: was null
Tests run: 6, Failures: 1, Errors: 0, Skipped: 0
sir,
i have installed postman tool in my chrome browser to interact with the url http://localhost:8080/api/.but the below error occurs.please give me a solution....
{
"timestamp": 1465412426695,
"status": 401,
"error": "Unauthorized",
"message": "Access Denied",
"path": "/api/"
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.