dhatim / dropwizard-jwt-cookie-authentication Goto Github PK
View Code? Open in Web Editor NEWDropwizard bundle managing authentication through JWT cookies
License: Other
Dropwizard bundle managing authentication through JWT cookies
License: Other
@rultor release, tag is 3.3.0
I am trying to use your library to generate a JWT for a mobile app.
The API endpoint is called /login
which uses Basic Authentication (username / password) to then generate a token
@GET
@Path("/login")
@Produces(MediaType.APPLICATION_JSON)
public DefaultJwtCookiePrincipal setPrincipal(@Context ContainerRequestContext requestContext, @Auth final
ShepherdUser user){
DefaultJwtCookiePrincipal principal = new DefaultJwtCookiePrincipal(user.getName());
principal.addInContext(requestContext);
return principal;
}
When calling the endpoint I get a HTTP 401 with the message
Credentials are required to access this resource.
If I remove this line from the application bootstrap, the basic authentication works
bootstrap.addBundle(JwtCookieAuthBundle.getDefault());
However I get back an unencrypted DefaultJwtCookiePrincipal response
{"name":"admin","persistent":false,"roles":[],"claims":{"sub":"admin","pst":false,"rls":[]}}
This is in my basic authentication in the application run
// app authentication
environment.jersey().register(new AuthDynamicFeature(new BasicCredentialAuthFilter.Builder<ShepherdUser>()
.setAuthenticator(new ShepherdAuthenticator())
.setAuthorizer(new ShepherdAuthoriser())
.setRealm(configuration.getName())
.buildAuthFilter()));
environment.jersey().register(RolesAllowedDynamicFeature.class);
environment.jersey().register(new AuthValueFactoryProvider.Binder<>(ShepherdUser.class));
Finally my Principle
public class ShepherdUser implements Principal {
private String name;
private Set<String> roles;
public ShepherdUser(String name, Set<String> roles) {
this.name = checkNotNull(name, "User name is required");
this.roles = checkNotNull(roles, "Roles are required");
}
public String getName() {
return this.name;
}
public Set<String> getRoles() {
return roles;
}
}
It seems that Dropwizard is not using the correct authentication for my /login
endpoint, how can I make this work.
I couldn't find any documentation on this.
I also posted on Stackoverflow for the benefit of anyone else
Thanks
With a custom configuration, following the tutorial here on GitHub, if I add this line:
bootstrap.addBundle(JwtCookieAuthBundle.getDefault().withConfigurationSupplier(MyAppConfiguration::getJwtCookieAuth));
It says:
non-static method cannot be referenced from a static context
What is the correct way to apply custom configuration?
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Location: renovate.json
Error type: The renovate configuration file contains some invalid settings
Message: packageRules[0]: Each packageRule must contain at least one match* or exclude* selector. Rule: {"automerge":true}
@rultor release, tag is 3.4.0
It would nice if we could change the default cookie name from the config. From what I can see, the cookie name "sessionToken" is currently hardcoded:
private static final String DEFAULT_COOKIE_NAME = "sessionToken";
I've set 1 minute time for volatile session in yml file, but its not working.
jwtCookieAuth:
secretSeed: null
httpsOnlyCookie: false
sessionExpiryVolatile: PT1m
sessionExpiryPersistent: P2d
Please suggest me a way to achieve it or share some example.
@rultor release, tag is 3.3.0
I'd like to override the UnauthorizedHandler so I can redirect my browser to the login page if a request fails to authenticate.
I've created a branch[1] in my fork you can review and if you like I could submit a PR. Also open to any feedback or alternatives.
1: master...adamhoward:dropwizard-jwt-cookie-authentication:unauthorized_handler
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/build.yml
actions/checkout v4
actions/setup-java v4
.github/workflows/codeql-analysis.yml
actions/checkout v4
github/codeql-action v3
github/codeql-action v3
github/codeql-action v3
pom.xml
io.dropwizard:dropwizard-bom 4.0.8
jakarta.annotation:jakarta.annotation-api 2.1.1
io.jsonwebtoken:jjwt-api 0.12.6
io.jsonwebtoken:jjwt-impl 0.12.6
io.jsonwebtoken:jjwt-jackson 0.12.6
org.jacoco:jacoco-maven-plugin 0.8.12
org.apache.maven.plugins:maven-surefire-plugin 3.5.0
org.eluder.coveralls:coveralls-maven-plugin 4.3.0
javax.xml.bind:jaxb-api 2.3.1
org.apache.maven.plugins:maven-source-plugin 3.3.1
org.apache.maven.plugins:maven-javadoc-plugin 3.10.0
@rultor release, tag is 2.1.0
@rultor release, tag is 2.0.2
@rultor release, tag is 3.3.0
@rultor release, tag is 2.0.0
I've set 1 minute time for volatile session in yml file, and its working.
jwtCookieAuth:
secretSeed: null
httpsOnlyCookie: false
sessionExpiryVolatile: PT1m
sessionExpiryPersistent: P2d
Is there a way for me to not set expiry to token.. i have a use case for file upload API which should consist md5 and user identifier in token without expiry.. so i can receive (only md5 matching file) file in future.
@rultor release, tag is 3.2.0
@rultor release, tag is 2.0.1
@rultor release, tag is 4.0.0
@rultor release, tag is 3.1.0
It'd be good to have another field picked up from the config file to set the SameSite Attribute.
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#samesite-cookie-attribute
@rultor release, tag is 2.1.1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.