Name		Name	Last commit message	Last commit date
parent directory ..
client		client
issuer		issuer
server		server
README.md		README.md
pom.xml		pom.xml

README.md

Holon platform examples: JAX-RS Authentication and Authorization using JWT

This is one of the Holon Platform example projects.

This example shows how to setup:

A JAX-RS server to issue JWT (JSON Web Token) tokens relying on a account store.
A JAX-RS RESTful server to provide a protected API relying on JWT Bearer authentication schema.

Topics

This example addresses the following topics:

Use the holon-auth-jwt module to configure and manage JWT tokens
Configure JAX-RS resources authentication using the @Authenticate annotation and a Realm with a JWT authenticator
Configure JAX-RS resources authorization using javax.annotation.security.* annotations.
Setup a JAX-RS client using a RestClient and perform invocations with the HTTP Bearer Authorization header.

Example structure

This example is composed by 3 artifacts:

The JWT token issuer and account manager
The JAX-RS API resource server
A JAX-RS client which invokes the issuer server to obtain a JWT token and use it to access the API server operations

JWT issuer server

This artifact relies on the Holon platform JAX-RS module Spring Boot support to setup a web server (using HTTPS) to provide JWT tokens through the JwtIssuerEndpoint to an authenticated client account.

Client authentication is performed using the Holon Platform Realm API, with a HTTP Basic scheme message resolver and an Account authenticator.

The accounts and roles data is stored in a H2 in-memory database, initialized with the schema.sql and data.sql scripts, accessed through a JDBC Datastore by the AccountService.

A client can obtain a JWT token using the https://localhost:8443/jwt/issue URL, providing its authentication credentials (account id and secret) with a HTTP Basic scheme authorization header.

JAX-RS API server

A JAX-RS server, configured using the Holon platform JAX-RS module Spring Boot support, makes available a ProtectedEndpoint resource, using JWT for authentication and javax.annotation.security.* annotations for operations authorization control.

Authentication is performed using the Holon Platform Realm API, with a HTTP Bearer scheme message resolver and a JWT based authenticator.

The JWT configuration used by both issuer and server modules is automatically setted up using the application.yml holon.jwt.* configuration properties. In the specific case, the issuer and server modules shares the signing key used to build and to verify the JWT token.

Client

The Client class uses a RestClient to perform the following operations:

Obtain a JWT Token invoking the https://localhost:8443/jwt/issue URL, providing its authentication credentials (act1 as account id and act1secret as password) with a HTTP Basic scheme authorization header.
Uses the obtained JWT Token as HTTP Bearer authorization header value to invoke the server API at the http://localhost:8080/api URL.

The Client main method output will be:

JWT token: eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0OTk3ODgzMzIsImp0aSI6ImJjYTZmYmU1L...[OMITTED]
Roles: ROLE1,ROLE3
Role1: role1
Role2: 403 - Forbidden

Documentation

The complete Holon Platform reference guide is available here.

For the specific documentation about the modules and the components used in this example see:

System requirements

The Holon Platform is built using Java 8, so you need a JRE/JDK version 8 or above to build and run this example projects.

License

All the Holon Platform modules and examples are Open Source software released under the Apache 2.0 license.