search

ToastShaman / dropwizard-auth-jwt

A Dropwizard authentication filter using JSON Web Token (JWT)
Apache License 2.0
116 stars 50 forks source link

Confusion over Principal vs User in Example code #19

Closed peavers closed 8 years ago

peavers commented 8 years ago

Hopefully someone can clarify this a bit for me (I'm new to this so apologies if it's obvious)

In the ExampleAuthenticator class you return an object of type Principal

        @Override
        public Optional<Principal> authenticate(JsonWebToken token) {

            if ("good-guy".equals(token.claim().subject())) {
                final Principal principal = new Principal() {
                    @Override
                    public String getName() {
                        return "good-guy";
                    }
                };
                return Optional.of(principal);
            }

            return Optional.absent();
        }

Yet in SecuredResource example, the check-token is looking for an object of type User

    @GET
    @Path("/check-token")
    public Map<String, String> get(@Auth User user) {
        return singletonMap("username", user.getUsername());
    }

As it never receives this, it throws a null pointer when trying to access user.getUsername. This can easily be fixed by either changing the expected type to Principal

    public Map<String, String> get(@Auth Principal user) { }

Or changing the Authenticator to create a User object instead. What is the correct way here? Does it even matter, or have I completely missed something and got this all wrong?

Would love some advice/guidance

ToastShaman commented 8 years ago

Hi @peavers. You are absolutely right. This was an oversight on my part and using the Principal is the correct thing to do here. See my last commit 572d43494cd8809e2cdf5c82d472563cb5d979c9. Hopefully this makes things a bit clearer.

peavers commented 8 years ago

Really appreciate the examples, has made this a lot easier to understand.