java - How to add additional spring security field for login

Question

I want to implement user login/signup using username, password and project (additional field). It is working with username and password but unable to implement to add additional field (project) since I am new to spring security.

1. I am able to signup with email, username, password and project.
2. I have added Project in UserPrincipal as shown in below code.

I need to implement custom authentication to add project during login but I am unable to figure out how to proceed further. Can anybody help please? i have already checked other solutions but did not figure out to implement.

question from:https://stackoverflow.com/questions/65617344/how-to-add-additional-spring-security-field-for-login

Answer 1

If I understood correctly, you want to just add this project info to a User, during login/sign-up.

As @HarshVerma pointed out, in Spring it's only the login and the password you need to autheticate.

You could implement user's project as a JWT claim:

Jwts.builder()
     .setSubject(Long.toString(userPrincipal.getId()))
     .claim("project", myProject)
     .setIssuedAt(new Date())
     .setExpiration(expiryDate)
     .signWith(SignatureAlgorithm.HS512, jwtSecret)
     .compact();

and then retreive it to authorize accordingly:

Claims claims = new DefaultClaims();
    try{
        claims = Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(jwt).getBody();
    } catch (SignatureException e){
        // signature exception
    }