Spring Boot Authorization Tutorial: Secure an API (Java)

Learn how to use Spring Boot, Java, and Auth0 to secure a feature-complete API. Learn how to use Auth0 to implement authorization in Spring Boot.
Read more…

Brought for you by Tadej Slamic

4 Likes

What are you thoughts guys? Share it in the comments!

2 Likes

This topic was automatically closed 27 days after the last reply. New replies are no longer allowed.

I’m having an issue specifically in converter.setAuthorityPrefix("");, looking into the setAuthorityPrefix method there’s this line Assert.hasText(authorityPrefix, "authorityPrefix cannot be empty");, so the current code fails. Tried to omit the prefix setting call but didn’t works neither. Trying to enforce the write:courses permission for certain endpoint. I have logged the access token coming in the request and indeed it comes with the permissions=["write:courses", "read:courses"] value.

2 Likes

Howdy, Reynier.

:thinking: Where is that method in the blog post?
The only one I can find that has that assertion is the AudienceValidator

  AudienceValidator(String audience) {
    Assert.hasText(audience, "audience is null or empty");
    this.audience = audience;
  }
2 Likes

Hi Dan, it is in the SecurityConfig::jwtAuthenticationConverter() method, 3rd line. It fails trying to execute converter.setAuthorityPrefix(""); because authorityPrefix can’t be empty.

1 Like

Hi,
I am getting a read timeout getting remote JWK set at the “Sign In” step (https://auth0.com/blog/spring-boot-authorization-tutorial-secure-an-api-java/#Sign-In)

The only two deviations from the instructions are - 1) I am using Maven instead of gradle and 2) I am using Eclipse I.D.E

I have attached

  1. The stack trace output.
  2. A screen shot of Maven dependencies.

Any help appreciated :slight_smile:

Regards,
Chaitanya Soman

MavenDependencies
StackTrace.txt (23.7 KB)

1 Like

After adding the AudienceValidator before registering a client, I run my project and I get the following error:

Error creating bean with name ‘springSecurityFilterChain’ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of…

Anyone with the same problem?

2 Likes

Hello! Welcome to the Auth0 Community.

Could y’all please try the code from this code sample and see if you experience the same errors?

2 Likes