OAuth Authentication with DropWizard
I have a collection of RESTful web services built on DropWizard. I am currently using BasicAuth to authenticate users to use the API.
This is due to the overhead of having another database with user / password information. I searched for token based authentication and found that DropWizard supports Oauth2 out of the box.
Can anyone help me with an example implementation of this Oauth2 based authentication? And what will be the architecture to implement?
Any help would be appreciated.
source to share
This question has been around for a while, but for future visitors, I am posting an article here that explains how to do this using custom annotations:
- Implement secure API authentication over HTTP with Dropwizard in Automation Rhapsody
Basically the idea is to implement our own annotations with our own logic (which in this case uses JWT), but the message also indicates what custom settings are required for the Dropwizard.
source to share
There is an example for OAuth2 authentication at the Dropwizard GitHub repo .
Below is an example of the latest version of Dropwizard (v0.7.1):
...
public OAuthFactory(final Authenticator<String, T> authenticator,
final String realm,
final Class<T> generatedClass) {
super(authenticator);
this.required = false;
this.realm = realm;
this.generatedClass = generatedClass;
}
private OAuthFactory(final boolean required,
final Authenticator<String, T> authenticator,
final String realm,
final Class<T> generatedClass) {
super(authenticator);
this.required = required;
this.realm = realm;
this.generatedClass = generatedClass;
}
@Override
public AuthFactory<String, T> clone(boolean required) {
return new OAuthFactory<>(required, authenticator(), this.realm, this.generatedClass);
}
public T provide() {
try {
final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (header != null) {
final int space = header.indexOf(' ');
if (space > 0) {
final String method = header.substring(0, space);
if (PREFIX.equalsIgnoreCase(method)) {
final String credentials = header.substring(space + 1);
final Optional<T> result = authenticator().authenticate(credentials);
if (result.isPresent()) {
return result.get();
}
}
}
}
} catch (AuthenticationException e) {
LOGGER.warn("Error authenticating credentials", e);
throw new InternalServerErrorException();
}
if (required) {
throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
.header(HttpHeaders.WWW_AUTHENTICATE, String.format(CHALLENGE_FORMAT, realm))
.type(MediaType.TEXT_PLAIN_TYPE)
.entity("Credentials are required to access this resource.")
.build());
}
return null;
}
@Override
public Class<T> getGeneratedClass() {
return generatedClass;
}
...
The complete code is here !
source to share
Even though this question is four years old, I haven't been able to find a fully working example application that hooks into the Oauth2 dropwizard library with your own validation mechanism.
So for the convenience of people who come across this post from google search in the future, here is a complete working example running on the latest version of DropWizard 1.3.8
Good luck!
source to share