hantsy / spring-webmvc-jwt-sample Goto Github PK

View Code? Open in Web Editor NEW

488.0 22.0 222.0 271 KB

Secures REST APIs with Spring Security and JWT Token based Authentication

Home Page: https://medium.com/zero-equals-false/protect-rest-apis-with-spring-security-and-jwt-5fbc90305cc5

License: GNU General Public License v3.0

Java 100.00%

spring-boot spring-security jwt spring-data-jpa spring-data-rest spring

spring-webmvc-jwt-sample's Introduction

spring-webmvc-jwt-sample

What is this?

This is a sample project demos how to use JWT token based authentication to protect the RESTful APIs in a Spring WebMVC application.

If you are interested in the new variant built with the Spring WebFlux stack, check spring-reactive-jwt-sample for more details.

Guide

Check the step-by-step GUIDE to get the detailed explanation of the example codes.

The original codes were written in Spring Boot 2.0, there are some slightly difference in the main/master branch due to the changes brought in the latest Spring Boot 3.0.

Prerequisites

Make sure you have installed the following software.

Java 17
Apache Maven 3.6.x
Docker

Build

Clone the source codes from Github.

git clone https://github.com/hantsy/spring-webmvc-jwt-sample

Open a terminal, and switch to the root folder of the project, and run the following command to build the whole project.

docker-compose up postgres // start up a postgres
mvn clean install // build the project

Run the application.

mvn spring-boot:run
// or from command line after building
java -jar target/xxx.jar

Contribution

Any suggestions are welcome, filing an issue or submitting a PR is also highly recommended.

spring-webmvc-jwt-sample's People

Contributors

Stargazers

Watchers

Forkers

filipehcds trial-zero zyxdeveloper pablinchapin costinbadea-93 otoukebri code-newbie garychengld c-ruttkies hsetpaing rnjava86 anilbojja dani811 kswr ak-song dhananjayshaw jenswegar worktodrink wahid-nwr ayoubrf robo-tec teamgeek ramanurs srinivasalu83 mahesh-kurade rahulgoti1 ghostguiggs cmmadnat appleman1 abdulkerimatik stjook madjarevicn leenawat hashimati abhay-rastogi ikane hansonkim larafranklin bpena viniciusnrgarcia vladcraita snowakdev aung-than-soe fish-spring onjsdnjs matyasf afforks deepaks829 beizero ieatdriod kamit-transient detectortroyano yeohoonyun ahnsv harishbn abhaymeshram bijay-shrestha salme1541 smreeti dalalsunil1986 diaminho dagistankaradeniz agliznetsov awsp vodanh1369 fabianwz fcaptuayo emircem sanxyy ugbandula mckilem manfredgit askmr03 raychen05 ricardomarcel12 madhitamil armandk prabhat9028 lio180385 gongyangyu henrydays qkzcdoo greticani mukhlishkusuma keeplearningandtrying fabioandrec laoan2011 paradise02 m-assila kanthgithub yongk vitsatishjs chethansiddhu48 seco bardo1 p87585 bk11001 robertasvi primespace vj201292

spring-webmvc-jwt-sample's Issues

Logout part

Thank you for sharing this piece of code. It helps me a lot.
Do you have implementation for logout part?

Issue with handling InvalidJwtAuthenticationException

Hi,

First of all thank you for your project. It is helpful.

Second, for some reason, RestExceptionHandler handles VehicleNotFoundException without any issues, but is not handling InvalidJwtAuthenticationException. Do you have any idea why?

Can it be because InvalidJwtAuthenticationException exception is thrown from JwtTokenProvider which is not a controller?

Is this code still modern?

It's already 3 years passed since this code was written.

I wonder if there is any new official way to achieve this via Spring Security SDK.

Thank you.

i get this error when i run testSaveWithMock in ApplicationTests class

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.ClassCastException: org.springframework.security.core.userdetails.User cannot be cast to com.example.demo.domain.User

How to pass JWT token in header from JSP on submit of form, Ajax and Hyperlinks?

How to pass JWT token in header from JSP, Ajax and Hyperlink. Can we handle at global level because we have multiple forms present in our project.

Cannot start app.

Hello, I'm trying to run the app but it doesn't boot up, here is the message that comes up:

APPLICATION FAILED TO START

Description:

Field jwtProperties in com.example.demo.security.jwt.JwtTokenProvider required a bean of type 'com.example.demo.security.jwt.JwtProperties' that could not be found.

The injection point has the following annotations:
- @org.springframework.beans.factory.annotation.Autowired(required=true)

Action:

Consider defining a bean of type 'com.example.demo.security.jwt.JwtProperties' in your configuration.

Is it ok get an Authentication object from JWT Claims instead of a Database?

From the JwtTokenAuthenticationFilter class, it checks every request's token and validates if it's correct.

And then it retrieves an Authentication object from Database and sets it to SecurityContextHolder like the below code.

Authentication auth = jwtTokenProvider.getAuthentication(token);
if (auth != null) {
    SecurityContextHolder.getContext().setAuthentication(auth);
}

However, my project's system uses another service API to login instead of directly getting user data from the Database.

It takes over seconds to log in or communicate to the API, so to create Authentication object for every request, I can't use the API to get user data.

My question is how do you think if I put user data into JWT Claims, and parse them to create Authentication object and set it to SecurityContextHolder?

My problem is user data is not in the database, it's at a different layer like 3rd party service API.

Thanks for providing great source codes.

RestExceptionHandler is not handling InvalidJwtAuthenticationException

When validate token throws this error, we are getting HTML response instead of Error ResponseEntity by RestExceptionHandler

<!doctype html><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style>
HTTP Status 500 – Internal Server Error

Where is UserRepository implemented?

UserRepository is used several places, but I cannot find where the bean is actually declared or is implemented.

I assume that AuthenticationManager picks up the UserRepository bean as well and uses it for authentication? Is it possible to not extend JpaRepository to create custom repos that are used by the AuthenticationManager?

Error .builder()

How can I refresh token smoothly?

With OAuth 2.0 spec, there's a 'refresh token'.
Since there's no OAuth resource server, there's no refresh token neither.
Currently, I'm just showing a popup window that your token is expired, please log in again.
But this means users need to log in every time when the token is expired. (like every 30 minutes)
I use jwt-decode library to decode token from the client-side to check if the token is already expired and show a popup window.
Is there any way I can do it from the client-side like when the token is expired sending some request to update token before sending a real request which is about the action what the user actually tried?
Or if the last request time was in 30 minutes, extend the token expiration time 30 minutes more...
I literally can find out the solution, can you give me some tips?
Thanks for many helps.