Skip to content

Spring Lemon Commons Guide

Jump to bottom
Sanjay Patel edited this page Nov 17, 2018 · 21 revisions

Under construction ..

spring-lemon-commons is second in the Spring Lemon module hierarchy. It includes spring-lemon-exceptions and adds some common features that are useful in other modules, which are discussed below.

LemonJwsService and LemonJweService classes

Spring Lemon comes with LemonJwsService and LemonJweService, which are used for creating and parsing JWS and JWE tokens respectively. They use Nimbus JOSE + JWT under the hood.

BlueTokenService and GreenTokenService interfaces

LemonJwsService and LemonJweService aren't used directly in Spring Lemon. Instead, BlueTokenService and GreenTokenService, two interfaces implemented by LemonJwsService and LemonJweService respectively, are used.

Spring Lemon uses BlueTokenService for creating/parsing authorization tokens, and GreenTokenService for creating/parsing other tokens (like forgot-password token). They are defined as beans in LemonCommonsAutoConfiguration, as below:

@Bean
@ConditionalOnMissingBean(BlueTokenService.class)
public BlueTokenService blueTokenService(LemonProperties properties) throws JOSEException {
	
    return new LemonJwsService(properties.getJwt().getSecret());
}

@Bean
@ConditionalOnMissingBean(GreenTokenService.class)
public GreenTokenService greenTokenService(LemonProperties properties) throws KeyLengthException {
	
    return new LemonJweService(properties.getJwt().getSecret());
}

Noticed the @ConditionalOnMissingBean annotations above? So, if you want to replace the implementations, just define your beans.

LemonPermissionEvaluator

Do you know that Spring Security provides a hasPermission expression, which can be used as below:

@PreAuthorize("hasPermission(#fooParam, 'xyz')")
public void doSomething(Foo fooParam) {

The above would ensure that the current user has xyz permission for the fooParam object – otherwise an AccessDeniedException would be thrown.

But for this to work, you'll need to provide an implementation of the PermissionEvaluator interface.

LemonPermissionEvaluator is such an implementation that Spring Lemon comes with, which delegates the task to a hasPermission method of the object under check. So, the object under check (Foo in the above case) should have implemented PermissionEvaluatorEntity, thus having a hasPermission method.

For more details, look at the source code of LemonPermissionEvaluator, as well as AbstractUser.hasPermission method.

Clone this wiki locally