I would like to add API Keys to my current REST API using Spring Boot V3 (and kotlin).Right now I'm using either Basic Auth (for development and testing) or Oauth2 (for prod).I want to add access via an API Key, so the REST API can be used by 3rd party systems and/orvia scripting (curl, wget, other clients).
How would I do that?
I googled a bit and found something, but I could not get it working for me.
Here is how I configure Basic Auth and Oauth2:
Basic Auth:
@Bean fun configureHttpSecurity(http: HttpSecurity): SecurityFilterChain { return http .csrf { it.disable() } .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) } .authorizeHttpRequests { it.requestMatchers("/health", "/api/app/health").permitAll() it.requestMatchers("/api/**").authenticated() } .httpBasic(Customizer.withDefaults()) .authenticationManager(RLSAuthenticationManager) .build() }Oauth2:
@Bean fun configureHttpSecurity(http: HttpSecurity): SecurityFilterChain { return http .csrf { it.disable() } .sessionManagement { it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) } .authorizeHttpRequests { it.requestMatchers("/health", "/api/app/health").permitAll() it.requestMatchers("/api/**").authenticated() } .oauth2ResourceServer { oauth -> oauth .bearerTokenResolver(HeaderBearerTokenResolver("x-amzn-oidc-accesstoken")) .jwt { it.jwtAuthenticationConverter(grantedAuthoritiesExtractor()) } } .build() }It would really be great if you could help me here, or point me to some good tutorial how to do that for Spring Boot V3.
Thanks.