Spring Security Java API Getting Started
This quickstart will guide you through the various tasks related to using Auth0-issued JSON Web Tokens to secure your Java Spring Security API.
The final project is also available in the sample repository.
When you signed up for Auth0, you were invited to create a new client.
There are some details about this client that your application needs to know about to properly communicate with Auth0. These include your Client ID, Domain, and Client Secret. You can retrieve these values from the settings area for your client in the Auth0 dashboard.
Please note that if you download the samples available for this tutorial, these keys will be pre-populated for you. If you have created more than one client in your account, the sample will come with the values for your Default App.
Create an API
Create a new API by accessing the APIs section of the dashboard.
Type a name and an identifier, which will represent the
auth0.apiAudience value that you have to set in the configuration file. Next, choose the signing algorithm. Click the Create button and you'll be redirected to the API you've just created. In the Settings tab you can change the token expiration and allow refreshing a token for that API.
The example API in this tutorial will be centered around a Photos resource. Create some custom scopes to limit the access to the
PhotosController which will be created in the next section. In the API screen, click the Scopes tab and add the following scopes:
Install the Dependencies
If you are using Maven, add the dependency to your
<dependency> <groupId>com.auth0</groupId> <artifactId>auth0-spring-security-api</artifactId> <version>1.0.0-rc.2</version> </dependency>
If you are using Gradle, add it to the dependencies block:
Configure your Spring Security API
Your Spring Security API needs some information in order to authenticate against your Auth0 account. The downloadable sample comes with a configration file already in place but you may need to update some of the entries with the valid values for your API. The file is
/src/main/resources/auth0.properties and it contains the following:
||The issuer of the JWT Token. This is typically your auth0 domain with a
||The unique identifier for your API. You can find the correct value on the APIs section of the Dashboard. *|
NOTE: If you download the seed project using our Download Sample button then the
issuer attribute will be populated for you, unless you are not logged in or you do not have at least one registered client. Do not forget to manually set the