{getToc} $title={Table of Contents}
Introduction
In this project, I gonna use Jason Web Token (JWT) and how we developed a
secure spring boot application using JWT. I think you will be able to get a
basic understanding of JWT and how to use that in a real project.
What is JWT?
First, we consider what is JWT. Actually, JWT is an open standard (RFC 7519)
that is a good way to exchange information securely as JSON objects between
different parties. JWT is very popular in the microservice world and it is
widely used in the authorization process in web apps. JWT can send via URL,
POST request, HTTP header and it is very fast.
Let’s see what is authorization because you might have some doubts
difference between authentication and authorization. In authentication
process checks the identity of the user to provide them access to the
system, simply checks who are you (By checking username, passwords, or any
other methods). Usually, this process is done before authorization. In
authorization process verifies whether access is allowed through policies
and rules. Usually done after successful authentication.
We can use JWT to implement the authorization process in our application
because nowadays JWT is widely used for the authorization process. I have
implemented this process with JWT in this blog. Apart from authorization, we
can use JWT for information exchanges because we can exchange information
very securely using JWT.
Structure of JWT
If we consider a JWT, we can see three main parts separated by dots. These
three parts are:
· Header
· Payload
· Signature
In part 1, I have developed simple project to demonstrate how authorization process
work with JWT.
You already known how to initialize new spring boot project with adding
necessary dependencies.
In part 2, I have created a user class inside the entity package with several
attributes such as id, username, password and email.
You already known how to create user class, user authorize request and
repository to find user by username by using Jpa Repository.
And in part 3, I have created a class called UserDetailServiceImpl. In this class I have
used Spring security features, you can see implemented UserDetailsService
interface.
The UserDetailsService is a core interface in Spring Security framework,
which is used to retrieve the user’s authentication and authorization
information.
This interface has only one method named loadUserByUsername which we can
implement to feed the customer information to the Spring security API.
JWT Util Service
In this Part 4. I have created a class JWTUtil inside the Util Service
package. Actually this is very important class because all the JWT based
implementations are implemented here.
Before implement this you need to add JWT dependency in your pom file.
Token
createToken() method is used to generate a token on successful
authentication by the user. In here we can define expiration time of the
token, encode algorithm likewise.
validateToken() To validate the token means to verify the request is an
authenticated one and that the token is the one that was generated and
sent to the user. Here, we need to parse the token for the claims such as
username, password.
Application.properties
I have call value from application.properties
file: khmerside.app.jwtexpirationms=86400000
