Comments on: Spring Boot 3 (Spring Security 6) with Kotlin & JWT

By: mick

mick — Fri, 07 Feb 2025 14:33:10 +0000

Good tutorial, great to know the nuts and bolts of it.
I can’t get the application (from git) to run. Could be a library issues, but I barely understand the code, so debugging is a little beyond me. Getting this error:

Error creating bean with name ‘jwtAuthenticationFilter’ defined in file [\jwt_auth\build\classes\kotlin\main\com\codersee\jwtauth\config\JwtAuthenticationFilter.class]:
Unsatisfied dependency expressed through constructor parameter 1:
Error creating bean with name ‘tokenService’ defined in file
[\jwt_auth\build\classes\kotlin\main\com\codersee\jwtauth\service\TokenService.class]:
Failed to instantiate [com.codersee.jwtauth.service.TokenService]: Constructor threw exception
at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray
(ConstructorResolver.java:801)

Any idea why this might be happening?

thanks
Mick

By: HENDI SANTIKA

HENDI SANTIKA — Wed, 27 Nov 2024 01:19:26 +0000

How do I create user as ADMIN ROLE?

If I create user I didn’t see any role that We can define.

There are some routes that need ADMIN ROLE to access it.

Thanks

By: Piotr

Piotr — Mon, 22 Apr 2024 17:26:09 +0000

In reply to Laura.

Hey Laura! 🙂

There are multiple ways we can achieve that, for example:

1. 1st can be simple- we can add @Profile annotation to our security beans and specify environments for which we can them to be instantiated. Or, alternatively add some boolean flag and combine with @Conditional (and set this flag in application.properties)
2. @AutoConfigureMockMvc(addFilters = false) (may depend on how you’re testing)

Let me know if this helped 🙂

By: Laura

Laura — Wed, 17 Apr 2024 10:19:08 +0000

How can I disable the security to implement the controller tests?

By: leewa

leewa — Wed, 27 Mar 2024 18:59:38 +0000

Your document is very easy to read and understand. It saved my life. Thank you for sharing.
Could you share how to log out?

By: duy_tran

duy_tran — Mon, 12 Feb 2024 04:22:32 +0000

Very details, thanks a lot.

By: Piotr

Piotr — Thu, 26 Oct 2023 16:14:34 +0000

In reply to Thomas J. Holmes Jr..

Hey Thomas!

I totally agree with your point, “rule 1 of auth is don’t write your own auth”. And all the points and examples you specified are really fair points.

I’ve seen a few debates on this topic and usually it all comes to how much control you would like to have over the process. On one side we have those who always prefer to delegate this to external tools/services, which takes a lot of responsibility of your shoulders, but also costs $$. On the other side, we have those who choose for some reason to have more control over the process, which also costs $$, but in their time.

I wouldn’t say there’s always a clear winner here, but oftentimes relying on Okta/OAuth0 may be a good choice.

Also, I’d add Keycloak to the list, which may be a cheaper alternative to Okta.

By: Thomas J. Holmes Jr.

Thomas J. Holmes Jr. — Thu, 26 Oct 2023 15:24:06 +0000

First, I would recommend for any application, use Auth0 as a User Repository. This is usually free for developers playing around with an outside Authentication service. Second, I would have the UI use the Auth0/Okta or some other API do the Authentication. This way you are passing the username/password credentials to another source, and they are responsible for making the app secure. You’re app therefore has no exposure to those credentials. The UI will get back a token response (JWT) and yes, that can be sent back to the back-end API’s for Authorization.
Both Users/Roles can be stored in an Authentication Service, and that way you don’t have to worry about saving usernames or passwords in your application database.