GithubHelp home page GithubHelp logo

lijie2000 / apikey-authentication-spring-boot-starter Goto Github PK

View Code? Open in Web Editor NEW

This project forked from skobow/apikey-authentication-spring-boot-starter

0.0 0.0 0.0 31 KB

Spring boot starter to enable easy to use and configurable API key authentication for your Spring Boot project.

License: MIT License

Java 100.00%

apikey-authentication-spring-boot-starter's Introduction

API Key Authentication Spring Boot Starter

Maven Central

Description

This Spring Boot starter provides easy to use and though configurable API Key authentication for your Spring Boot project.

Installation

To install simple add the dependency to you project build system, e.g. Gradle or Maven.

Gradle

implementation 'net.skobow:apikey-authentication-spring-boot-starter:0.6.1'

Maven

<dependency>
  <groupId>net.skobow</groupId>
  <artifactId>apikey-authentication-spring-boot-starter</artifactId>
  <version>0.6.1</version>
</dependency>

Usage

Just add the @EnableApiKeyAuthentication annotation to you Spring Boot Application class and provide web.authentication.apikey property to enable static API key authentication. This will add an Spring HandlerInterceptor that will check the X-Api-Key request header for the configured static API key. If no or not the correct key is provided the request will fail and send 401 as return code.

If no value for an API key is provided a random key is generated and logged to command line. This configuration is only suitable for testing scenarios as it does not provide security as the API key may appear in logs and is therefore considered as insecure!

Customization

Adding custom includes or excludes

If you want to configure paths to be included or excluded you can provide lists with patterns in you Spring configuration.

@Bean("apiKeyAuthenticationIncludePatterns") 
public List<String> apiKeyAuthenticationIncludePatterns() {
    ...
}

or

@Bean("apiKeyAuthenticationExcludePatterns")
public List<String> apiKeyAuthenticationExcludePatterns) {
    ...
}

Normally you may want to exclude at least your /error endpoint otherwise no errors will be returned to the user.

Using custom HTTP header fields

If you want to use a different HTTP header field you can simply provide your own implementation of the RequestApiKeyExtractor interface as a Spring bean.

Customizing API key verification

By default static API key verification for all requests is used. If your needs demand for a different verification schema you can provide your own implementation of the ApiKeyVerificationHandler interface as a Spring bean. This instance will be called during the request and lets you do your specific API key verification.

apikey-authentication-spring-boot-starter's People

Contributors

juanjramirez avatar skobow avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.