sentry-java icon indicating copy to clipboard operation
sentry-java copied to clipboard

Published 20 hours ago verified publisher icon getsentry

Add spring jwt user provider

Open felixklauke opened this issue 3 years ago • 1 comments

:scroll: Description

Spring is a common platform for api development. Especially with SPA and Web Development there are Json Web Tokens as a popular way of handling user authentication. Sentry Java already supports enriching the sentry user object using the HttpServlets and optional by Spring Security. I crated a further approach of enriching the user object with data that can be provided if the server uses Jwt Tokens.

:bulb: Motivation and Context

The default details provided by the Http Servlet Provider or the Spring Security Provider are... little? In my case only subject, id and ip address were provided which is already helpful but can still be improved if we have in fact more information. This could only be achieved with an opinionated implementation focussing on a specific authentication type.

Bildschirm­foto 2022-07-10 um 08 01 01

With my changes, the user information can look like this:

Bildschirm­foto 2022-07-10 um 08 07 09

Yes, I omitted the IP Adress for now. The IP Adress is more or less in the scope of the client request. It even can be the IP of an actual client or a third party tool and doesn't really say something about the actual user and is already provided by the other user providers. I can put it back in if required.

I love those details and especially the email can be really helpful (Also uses the avatar in sentry :)).

:green_heart: How did you test it?

I've setup Keycloak as an issuer server and used the spring resource server package to generate JWT Tokens. Together with a self hosted sentry I also took the given screenshots. I furthermore added corresponding unit tests.

:pencil: Checklist

  • [x] I reviewed the submitted code
  • [x] I added tests to verify the changes
  • [ ] I updated the docs if needed
  • [x] No breaking changes

:crystal_ball: Next steps

  • [x] Depend on the JWT Dependency instead of the whole resource server
  • [x] Add further tests on the provider itself

felixklauke avatar Jul 10 '22 06:07 felixklauke

Thank you @felixklauke for doing this 🙏 . I'm planning to take a look at this PR later this week.

adinauer avatar Jul 13 '22 11:07 adinauer

Closing this now. In case you'd still like to see this feel free to reopen and address comments above.

adinauer avatar Jul 17 '23 07:07 adinauer