Secure Spring Boot Application with JWT | Part 5

{getToc} $title={Table of Contents}



Introduction


In this project, I gonna use Jason Web Token (JWT) and how we developed a secure spring boot application using JWT. I think you will be able to get a basic understanding of JWT and how to use that in a real project.


Jwt Filter Service

In this part 5, 

I have created JwtFilter class under package com.springbootjwp.springbootjwt.jwtfilter
The main objective in method of doFilterInternal is to filter username and token separately.





What is JWT?

First, we consider what is JWT. Actually, JWT is an open standard (RFC 7519) that is a good way to exchange information securely as JSON objects between different parties. JWT is very popular in the microservice world, and it is widely used in the authorization process in web apps. JWT can send via URL, POST request, HTTP header and it is very fast.


Let’s see what authorization is because you might have some doubts difference between authentication and authorization. In authentication process checks the identity of the user to provide them access to the system, simply checks who are you (By checking username, passwords, or any other methods). Usually, this process is done before authorization. In authorization process verifies whether access is allowed through policies and rules. Usually done after successful authentication.



In part 1, I have developed simple project to demonstrate how authorization process work with JWT. 
You already known how to initialize new spring boot project with adding necessary dependencies. 


In part 2, I have created a user class inside the entity package with several attributes such as id, username, password and email.
You already known how to create user class, user authorize request and repository to find user by username by using Jpa Repository.


In part 3, I have created a class called UserDetailServiceImpl. In this class I have used Spring security features, you can see implemented UserDetailsService interface. 
The UserDetailsService is a core interface in Spring Security framework, which is used to retrieve the user’s authentication and authorization information. 
This interface has only one method named loadUserByUsername which we can implement to feed the customer information to the Spring security API.


And in part 4, I have created a class JWTUtil inside the Util Service package. Actually this is very important class because all the JWT based implementations are implemented here. 

Structure of JWT

If we consider a JWT, we can see three main parts separated by dots. These three parts are:

· Header

· Payload

· Signature


In case, I logged into the project with these authentications via postman: 



I got this token: 

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJraG1lcnNpZGUiLCJpYXQiOjE2NTg1NTc5NTEsImV4cCI6MTY1ODY0NDM1MX0.oz2HNx__8DW8X9XQ5Z-eRJ2yFCFTppcXQ3T9XQUdx-c


You can see a JWT, actually, a JWT token consists of an encoded version. If we decode this token we can get required information.




Git: https://github.com/Yuth-Set/Securing-Spring-Boot-with-JWT


Watch Full Part 5:




Previous Post Next Post