CODEWITHSUNDEEP
javaspring-bootspring-securityjwt
Danish
Danish

Reputation: 150

JWT Authentication with Spring boot Withot using userDetail

I am implementing rest APIs for mobile App and want to use JWT token in that. I Have achieved this by implmenting it with userDetials object. Now my problem is I don't have a Users table in the database I just have a phone number and UUID. We can achieve this by changing the signature to use the phone number as a signature . But my question is how I will authenticate each request? And How I can validate the token using my own object which does not contains username and password. AS per my implementation I will have to se spring security and when I will use spring security. Spring Security will require UserDetail Service which will give me back spring User object. Any help will be appreciated.

Upvotes: 0

Views: 1467

Answers (2)

nkengbeza
nkengbeza

Reputation: 365

Based on my comment, you should create a custom user details service. The loadUserByUsername() method of your SimpleUserDetailsService class should return your custom user details.

Entity

public class Pojo {
    private String phoneNumber;
    private String uuid;

    // Getters Setters Constructors
}

Custom User Details

public class CustomUserDetails implements UserDetails {
    private String username;
    private String password;
    private List<GrantedAuthority> authorities;

    public CustomUserDetails(Pojo pojo) {
        this.username = pojo.getPhoneNumber();
        this.password = pojo.getUuid();

        authorities = new ArrayList<>();
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorityList;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
      return true;
    }

}

User details service impl

Upvotes: 1

Karim
Karim

Reputation: 1098

You can override this by implementing user details here is an example for authentication by username and domain

public class SimpleUserDetailsService implements UserDetailsService {

    // ...

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        String usernameAndDomain = StringUtils.split(
          username, String.valueOf(Character.LINE_SEPARATOR));//split as much as you want
        if (usernameAndDomain == null || usernameAndDomain.length != 2) {
            throw new UsernameNotFoundException("Username and domain must be provided");
        }
        User user = userRepository.findUser(usernameAndDomain[0], usernameAndDomain[1]);
        if (user == null) {
            throw new UsernameNotFoundException(
              String.format("Username not found for domain, username=%s, domain=%s", 
                usernameAndDomain[0], usernameAndDomain[1]));
        }
        return user;
    }
}

Upvotes: 2

Related Questions