{getToc} $title={Table of Contents}
Introduction
In this project, I gonna use Jason Web Token (JWT) and how we developed a
secure spring boot application using JWT. I think you will be able to get a
basic understanding of JWT and how to use that in a real project.
Jwt Filter Service
In this part 5,
I have created JwtFilter class under package
com.springbootjwp.springbootjwt.jwtfilter.
The main objective in method of doFilterInternal is to filter username and
token separately.
What is JWT?
First, we consider what is JWT. Actually, JWT is an open standard (RFC
7519) that is a good way to exchange information securely as JSON objects
between different parties. JWT is very popular in the microservice world,
and it is widely used in the authorization process in web apps. JWT can
send via URL, POST request, HTTP header and it is very fast.
Let’s see what authorization is because you might have some doubts
difference between authentication and authorization. In authentication
process checks the identity of the user to provide them access to the
system, simply checks who are you (By checking username, passwords, or any
other methods). Usually, this process is done before authorization. In
authorization process verifies whether access is allowed through policies
and rules. Usually done after successful authentication.
In part 1, I have developed simple project to demonstrate how authorization process
work with JWT.
You already known how to initialize new spring boot project with adding
necessary dependencies.
In part 2, I have created a user class inside the entity package with several
attributes such as id, username, password and email.
You already known how to create user class, user authorize request and
repository to find user by username by using Jpa Repository.
In part 3, I have created a class called UserDetailServiceImpl. In this class I have
used Spring security features, you can see implemented UserDetailsService
interface.
The UserDetailsService is a core interface in Spring Security framework,
which is used to retrieve the user’s authentication and authorization
information.
This interface has only one method named loadUserByUsername which we can
implement to feed the customer information to the Spring security API.
And in part 4, I have created a class JWTUtil inside the Util Service package. Actually
this is very important class because all the JWT based implementations are
implemented here.
Structure of JWT
If we consider a JWT, we can see three main parts separated by dots. These
three parts are:
· Header
· Payload
· Signature
In case, I logged into the project with these authentications via
postman:
I got this token:
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJraG1lcnNpZGUiLCJpYXQiOjE2NTg1NTc5NTEsImV4cCI6MTY1ODY0NDM1MX0.oz2HNx__8DW8X9XQ5Z-eRJ2yFCFTppcXQ3T9XQUdx-c
You can see a JWT, actually, a JWT token consists of an encoded version. If
we decode this token we can get required information.
Git: https://github.com/Yuth-Set/Securing-Spring-Boot-with-JWT