Danilo Andrade Danilo Andrade - 1 month ago 20
reST (reStructuredText) Question

SpringBoot Rest API custom authentication

I build a Rest Api using SpringBoot and the authentication I implemented using Firebase.

My problem right now is that I want to have control of the client applications that will access my application. The problem of using SpringSecurity is that as far as I know I have to do the authentication for it and I just want to "allow the client application."

Does anyone have any idea how to do?

Answer

Provide a unique key to your client. Which your microservice recognises and authenticates any request based on that key. This can be also given as a request parameter.

let say you add your key into a parameter called my-key, now before working on your logic inside you spring-boot app validate your key. like this -

your Rest Controller would look like this-

@RestController
class MyRest{

    private static final String KEY = "someValue";

    @RequestMapping("/some-mapping")
    public @ResponseBody myMethod(@RequestParam(value="my-key", required=true) String key){
        if(!validateRequest(key)){
            //return error as response
        }
        System.out.println("Key Validation Successful!");
        //here goes your logic
    }

    private boolean validateRequest(String key){
        return key.equals(KEY);
    }
}

in order to access this rest use - http://your-host:port/some-mapping?my-key=someValue