spring-security-jwt-rest-demo
spring-security-jwt-rest-demo copied to clipboard
A demo to test Spring Security and JWT for a RESTful application
Spring Boot REST Application + Spring Security with JWT
A demo to test Spring Security and JWT for a RESTful application
Usage
To login, add the following code to the body of a GET request at '/login':
{"username":"user","password":"password"}
To access the protected resource '/quotes', add to the Authentication header of the request the token obtained by logging in:
Authentication: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Implementation
Spring Security is configured in com.thomasvitale.config
package:
-
WebSecurityConfig
defines the policy to access resources, filters for login and authentication, a fake user in memory.
Authentication, Login and JWT are handled in com.thomasvitale.security
package:
-
JWTAuthenticationEntryPoint
returns a 401 status code if token authentication fails (whatever the reason) -
JWTLoginFilter
is used to log in users and generate a token. -
JWTAuthenticationFilter
is used to authenticate (token verification) users when trying to access protected resources. -
TokenAuthenticationService
provides methods to generate tokens, to verify their validity. -
TokenHandler
is a utility class implementing methods to build and parse tokens.
Resources
This demo has been inspired by the following guides and tutorials:
- Spring Security Architecture
- Securing Spring Boot with JWTs
- Stateless Authentication with Spring Security and JWT
- Securing REST APIs With Spring Boot
- [SpringSecurity : Authenticate User with Custom UserDetailsService] (http://www.ekiras.com/2016/04/authenticate-user-with-custom-user-details-service-in-spring-security.html)
- REST Security with JWT using Java and Spring Security