OAuth authentication with DropWizard

Question

I have a set of RESTful web services built on DropWizard. Currently I am using BasicAuth to authenticate the users to use the API .

That involves an overhead of having another DB with user/password details. I was looking about token based authentication and found that DropWizard supports Oauth2 out of the box.

Can anyone help me with a sample implementation of this Oauth2 based authentication ? And what would be the architecture to implement so ?

Any help would be appreciated.

Answer 1

This question has been around for a while, but for future visitors I place an article here which explains how to do it with custom annotations very well:

• Implement secure API authentication over HTTP with Dropwizard on Automation Rhapsody

Basically the idea is to implement our own annotations with our own logic (which in this case is using JWT), but the post also points out what custom settings are reqired for Dropwizard.

Answer 2

Even though this question is four years old I wasn't able to find a fully working example of an application that plugs into dropwizard Oauth2 library with your own validation mechanism.

So for the benefit of people who stumble upon this post from google search in future, here is a full working example running on latest dropwizard version 1.3.8

Good luck!

Answer 3

There is an example of OAuth2 authentication in Dropwizard GitHub repo .

Below there is an example for latest version of Dropwizard (v0.7.1):

...

public OAuthFactory(final Authenticator<String, T> authenticator,
                    final String realm,
                    final Class<T> generatedClass) {
    super(authenticator);
    this.required = false;
    this.realm = realm;
    this.generatedClass = generatedClass;
}

private OAuthFactory(final boolean required,
                     final Authenticator<String, T> authenticator,
                     final String realm,
                     final Class<T> generatedClass) {
    super(authenticator);
    this.required = required;
    this.realm = realm;
    this.generatedClass = generatedClass;
}

@Override
public AuthFactory<String, T> clone(boolean required) {
    return new OAuthFactory<>(required, authenticator(), this.realm, this.generatedClass);
}

public T provide() {
    try {
        final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
        if (header != null) {
            final int space = header.indexOf(' ');
            if (space > 0) {
                final String method = header.substring(0, space);
                if (PREFIX.equalsIgnoreCase(method)) {
                    final String credentials = header.substring(space + 1);
                    final Optional<T> result = authenticator().authenticate(credentials);
                    if (result.isPresent()) {
                        return result.get();
                    }
                }
            }
        }
    } catch (AuthenticationException e) {
        LOGGER.warn("Error authenticating credentials", e);
        throw new InternalServerErrorException();
    }

    if (required) {
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED)
                .header(HttpHeaders.WWW_AUTHENTICATE, String.format(CHALLENGE_FORMAT, realm))
                .type(MediaType.TEXT_PLAIN_TYPE)
                .entity("Credentials are required to access this resource.")
                .build());
    }

    return null;
}

@Override
public Class<T> getGeneratedClass() {
    return generatedClass;
}
...

Complete code, here !