Approach is to use Spring Security, HttpBasic authentication for now (to be integrated with AD) and token generation endpoint only for already authenticated users.
refactored the project structure a bit, to remove an extra folder and rename GatewayService to Application as the Service suffix is confusing
added Spring Security and JJWT dependencies
created User model
implemented SecurityConfig
implemented dummy authentication with HttpBasic and hardcoded username and password
implemented JWT generation service with asymmetric signature (currently RSA, to be discussed)
added controller for /token endpoints (JWT generation and getting public key for JWT validation)
added base trait for controllers integration tests
Approach is to use Spring Security, HttpBasic authentication for now (to be integrated with AD) and token generation endpoint only for already authenticated users.
GatewayService
toApplication
as the Service suffix is confusingUser
model/token
endpoints (JWT generation and getting public key for JWT validation)Closes #7