This repository demonstrates how to create and manage JSON Web Tokens (JWT) for secure authentication in a Spring-based application. JWTs are widely used for stateless authentication, allowing users to authenticate without relying on server-side sessions.
-
JWT Token Creation:
- We'll cover how to generate JWTs upon successful user login.
- The token will contain user-specific claims (such as username, roles, and expiration time).
-
Token Validation and Authentication:
- Learn how to validate incoming JWTs.
- Implement security filters to authenticate requests based on valid tokens.
-
Prerequisites:
- Install Java and Maven.
- Set up a Spring Boot project.
-
Clone this Repository:
git clone https://github.com/Jeet-Codes/SpringJwt.git -
Configuration:
- Configure your Spring Security settings in
application.propertiesorapplication.yml. - Define your secret key for JWT signing.
- Configure your Spring Security settings in
-
User Authentication:
- Implement user authentication (e.g., via username/password or OAuth2).
- Upon successful authentication, issue a JWT.
-
Token Validation:
- Create a filter to validate incoming JWTs.
- Extract user details from the token.
-
API Endpoints:
- Define protected endpoints that require valid JWTs.
- Handle unauthorized access.
-
Register/Login:
- Register a user or log in using your preferred authentication method.
- Receive a JWT upon successful login.
-
Access Protected Endpoints:
- Include the JWT in the
Authorizationheader of your requests. - Access protected resources (e.g., user profile, restricted APIs).
- Include the JWT in the
// Example of JWT creation
String token = Jwts.builder()
.setSubject(username)
.claim("roles", roles)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, secretKey)
.compact();Feel free to contribute by opening issues or submitting pull requests. Let's make this repository better together!