My first Spring Boot project. A simple authentication server.
some autocompletion by Github Copilot but not much. i mostly just used some Medium.com blogs about authentication in spring boot: one about security filters and another about jwts. the README was ai generated with some tweaks
added a initialization endpoint so that an admin can be created when the service first starts. had to make this bc only admins have permissions to create users but when the service first starts and there are no admins, its otherwise impossible to create an admin, which results in a weird permission paradox. the initialization endpoint only works when there’s no admins already in the db. i also added a README, finally.
Log in to leave a comment
took me like 30 minutes to switch from h2 to postgres. it was so stupid bc i put a colon instead of a slash in the database url. i was just running a postgres docker container on my rpi instead of the laptop im using. eventually i should make a docker-compose.yml to include the db. it was surprisingly easy to switch databases, all you need to do is change the url name and add the postgres driver as a dependency.
Log in to leave a comment
added jwt auth filter. basically it just extracts stuff like roles from the jwt and passes it on as SecurityContext and in my SecurityConfig i can use methods like .hasRole() on specific URIs. i also included claims in the jwt so that it contains id, username, roles, etc. and it also has specific extract methods but i might combine those into one that returns a User.
Log in to leave a comment
its now hashing passwords with Bcrypt. here’s a picture of me using the h2 console to check what the passwords stored as
Log in to leave a comment
renamed the project to auth-service. i also implemented the login and verify endpoints using jwts. i also started using postman for the first time to test my api, since im on windows and used to ssh into my rpi just to use curl. im still not hashing passwords yet lol. heres a picture of my postman flow that i used to test
Log in to leave a comment
started by watching Mosh’s spring boot tutorial. dont really know how im supposed to use some of that stuff though. got started with creating a database with spring jpa. just using h2 for now, i’ll switch to postgres later or something. all i did was get the repository and basic crud working and user methods working. ran into a small issue with spring security automatically asking for authentication at every endpoint. next i need to create jwt auth, and use the security filter stuff provided by spring security to block certain endpoints. then i’ll create roles and make the verify endpoint
Log in to leave a comment