skip to Main Content

I’m trying to start a new simple project with SpringBoot using AWS Cognito for authentication/authorization

Following some guide on web i found some different configuration, for example:

In the Baeldung is used only the spring module spring-security-oauth2-jose while in the second guide use only spring-boot-starter-oauth2-resource-server and he configures the resource-server. Both the configuration allow the user to login and access to application.

I can’t figure out the difference between this 2 configuration and when I should use one instead of another.
In other guide i saw use both together.

Thanks to all

I’m trying to create a simple angular single page application.

2

Answers


  1. The Baeldung article looks like it is just using Spring and not Spring Boot. So they wouldn’t use spring-boot-starter modules.

    If you are using Spring Boot you should be able use the spring-boot-starter-oauth2-resource-server and follow the second guide.

    spring-security-oauth2-jose is actually a dependency of spring-boot-starter-oauth2-resource-server and is used by it under the hood.

    Related post about spring-boot-starter vs spring modules:
    What is the difference between spring-boot-starter-oauth2-client, spring-cloud-starter-oauth2 and spring-security-oauth2

    Login or Signup to reply.
  2. Just for fun, a 3rd solution: the 2nd of my tutorials has a profile for Cognito (see the properties file). It is shorter / simpler than what you referenced and enables Role Based Access Control (using Cognito roles, not just the default scope claim)

    <dependency>
        <groupId>com.c4-soft.springaddons</groupId>
        <artifactId>spring-addons-webmvc-jwt-resource-server</artifactId>
        <version>6.0.8</version>
    </dependency>
    
    @EnableMethodSecurity
    public static class SecurityConfig {
    }
    
    com.c4-soft.springaddons.security.issuers[0].location=https://cognito-idp.us-west-2.amazonaws.com/us-west-2_change-me
    com.c4-soft.springaddons.security.issuers[0].authorities.claims=cognito:groups,scp
    com.c4-soft.springaddons.security.cors[0].path=/your-api-path
    com.c4-soft.springaddons.security.permit-all=/what,/should/be,/accessible,/to,/anonymous
    

    Also, be sure to use a certified OpenID lib on client side. My favorite for Angular is angular-auth-oidc-client.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search