Spring Boot Authorization Tutorial: Secure an API (Java)

dan-auth0 · January 20, 2021, 9:03pm

Learn how to use Spring Boot, Java, and Auth0 to secure a feature-complete API. Learn how to use Auth0 to implement authorization in Spring Boot.
Read more…

Brought for you by Tadej Slamic

robertino.calcaterra · January 21, 2021, 12:37pm

What are you thoughts guys? Share it in the comments!

stephanie.chamblee · February 18, 2021, 7:38am

This topic was automatically closed 27 days after the last reply. New replies are no longer allowed.

reynier.pupo · July 21, 2021, 5:39pm

I’m having an issue specifically in converter.setAuthorityPrefix("");, looking into the setAuthorityPrefix method there’s this line Assert.hasText(authorityPrefix, "authorityPrefix cannot be empty");, so the current code fails. Tried to omit the prefix setting call but didn’t works neither. Trying to enforce the write:courses permission for certain endpoint. I have logged the access token coming in the request and indeed it comes with the permissions=["write:courses", "read:courses"] value.

dan-auth0 · July 21, 2021, 11:09pm

Howdy, Reynier.

Where is that method in the blog post?
The only one I can find that has that assertion is the AudienceValidator

  AudienceValidator(String audience) {
    Assert.hasText(audience, "audience is null or empty");
    this.audience = audience;
  }

reynier.pupo · July 22, 2021, 2:47pm

Hi Dan, it is in the SecurityConfig::jwtAuthenticationConverter() method, 3rd line. It fails trying to execute converter.setAuthorityPrefix(""); because authorityPrefix can’t be empty.

soman.chaitanya · November 1, 2021, 6:22am

Hi,
I am getting a read timeout getting remote JWK set at the “Sign In” step (https://auth0.com/blog/spring-boot-authorization-tutorial-secure-an-api-java/#Sign-In)

The only two deviations from the instructions are - 1) I am using Maven instead of gradle and 2) I am using Eclipse I.D.E

I have attached

The stack trace output.
A screen shot of Maven dependencies.

Any help appreciated

Regards,
Chaitanya Soman

MavenDependencies
StackTrace.txt (23.7 KB)

ac1 · October 25, 2022, 7:43am

After adding the AudienceValidator before registering a client, I run my project and I get the following error:

Error creating bean with name ‘springSecurityFilterChain’ defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method ‘springSecurityFilterChain’ threw exception; nested exception is java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of…

Anyone with the same problem?

dan-auth0 · December 17, 2022, 1:45am

Hello! Welcome to the Auth0 Community.

Could y’all please try the code from this code sample and see if you experience the same errors?