Comments (9)
from graphql-spring-boot.
I wouldn't configure Spring Security on servlets like that, but annotate the actual service methods that are being called by the GraphQL resolvers. That way you can authorize differently per query or mutation level, and filter response objects based on the principal.
from graphql-spring-boot.
Thanks oliemansm! Indeed, it would be great to be able to do it that way, but I'm struggling with the configurations. I asked for help here:
https://stackoverflow.com/questions/45959234/authentication-in-spring-boot-using-graphql
Could you help me out answering my question on stackoverflow?
from graphql-spring-boot.
Can you give me please a spring/spring-boot solution to have some graphql operation that can be anonymously accessed, while others are secured?
If I secure the "/graphgl" endpoint with .antMatchers("/graphql").authenticated(), I can use @PreAuthorize annotations on service methods to restrict existing roles, but anonymous users are not allowed access at all.
from graphql-spring-boot.
Thank you very much for your suggestions! I'm going to try to implement them right away. I'll let you know about my progress.
from graphql-spring-boot.
I'm happy to let you know that we solved the issue. The filter was not even needed. Spring is able to restore the session from redis if it is persisted as Spring expects. I answered my question on stackoverflow. Thanks a lot for your suggestions!
Is it a best practice to have the login/logout operations as mutations?
from graphql-spring-boot.
from graphql-spring-boot.
@rolandkozma @oliemansm Hi guys interesting thread, any possibility to show an example using JWT and some service? I saw the answer in the Stackoverflow question but would appreciate some more details, if you could share some code, it would be awesome.
KR/ Smas
from graphql-spring-boot.
Hi @smastika. I don't have anything with JWT and now I'm working on a different project.
But I still have the code of that project and if you want I can look into it and give you more details.
We can have a short chat on skype: roland.kozma or on email: [email protected]
Regards,
Roland
from graphql-spring-boot.
Related Issues (20)
- Customize SimpleDataFetcherExceptionHandler to avoid logException for certain errors HOT 1
- Spring Boot Graphql Remove duplicates from the Response
- SpringDoc bean name conflict error HOT 1
- Latest 15.0.0 version is not compatible with Spring boot 3.0.2 and spring security 6.0.1 HOT 3
- Possibility to add authorization headers to the GraphQLTestSubscription HOT 14
- How to set the bearer token dynamically in graphql-spring-boot playground
- different data response for nullable and non-nullable responses
- @connection not working after Spring Boot and graphql upgrade HOT 1
- CVE-2023-28867 affects all recent versions (including v15)
- `ErrorHandlerSupplier` not always initialized when we first need it
- Query returning the result of previously timed out query
- Support check origin for websocket to secure against cross-site attacks
- Support CSRF on websockets to secure against cross-site attacks
- When upgrading to Spring Boot 3.1.0 we get in the response the tracing information under extensions HOT 2
- MetricsInstrumentation does not implement updated API of TracingInstrumentation provided by graphql-java
- Maven seems to confuse graphql-java version HOT 4
- Request scoped beans aren't accessible in mutation and query resolvers
- Virtual threads support
- Cannot disable tracing response with graphql-spring-boot-starter version 15 HOT 4
- No qualifying bean of type 'com.graphql.spring.boot.test.GraphQLTestTemplate' available : graphql-spring-boot-starter-test:jar:15.0.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql-spring-boot.