11 Hands-on: A separation of responsibilities

 

This chapter covers

  • Implementing and using tokens.
  • Working with JSON Web Tokens (JWTs).
  • Separating authentication and authorization responsibilities in multiple apps.
  • Implementing a multi-factor authentication (MFA) scenario.
  • Using multiple custom filters and multiple AuthenticationProvider objects.
  • Choosing from various possible implementations for a scenario.

We’ve come a long way, and you’re now in front of the second hands-on chapter of the book. It’s time again to put in action all you’ve learned in an exercise which will show you the big picture. Fasten your seat belts, open your IDEs, and get ready for a juicy activity! We’ll design a system of three actors: the client, the authentication server, and the business logic server. Out of these three actors, we’ll implement the backend part represented by the authentication server and the business logic server. As you observe, advancing with the book, our examples become more complex – this is the sign we get closer and closer to the real-world scenarios.

11.1  The scenario and requirements of the example

11.2  Implementing and using tokens

11.2.1    What is a token?

11.2.2    What is a JSON Web Token (JWT)?

11.3  Implementing the Authentication Server

11.4  Implementing the Business Logic Server

11.4.1    Implementing the Authentication objects

11.4.2    Implementing the proxy to the Authentication Server

11.4.3    Implementing the AuthenticationProvider objects

11.4.4    Implementing the filters

11.4.5    Writing the security configurations

11.4.6    Testing the whole system

11.5  Summary

sitemap