Skip to content

✨ feat(auth): add JWT authentication filter and utilities ( JWT authentication #12 ) #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

✨ feat(auth): add JWT authentication filter and utilities ( JWT authentication #12 ) #27

wants to merge 1 commit into from

Conversation

rlevidev
Copy link

@rlevidev rlevidev commented Oct 2, 2025
edited
Loading

JWT Authentication Implementation

Overview

This document describes the JWT (JSON Web Token) authentication system implemented for the Spring Boot blog application.

Features

  • ✅ Stateless authentication with JWT tokens
  • ✅ User roles and authorization
  • ✅ Automatic token validation
  • ✅ Spring Security integration

Configuration

application.properties

# JWT Configuration
jwt.secret=your-secret-key-here
jwt.expiration=86400000

Dependencies (pom.xml)

<!-- Spring Security -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

<!-- JWT (JJWT) -->
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-api</artifactId>
    <version>0.11.5</version>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-impl</artifactId>
    <version>0.11.5</version>
    <scope>runtime</scope>
</dependency>
<dependency>
    <groupId>io.jsonwebtoken</groupId>
    <artifactId>jjwt-jackson</artifactId>
    <version>0.11.5</version>
    <scope>runtime</scope>
</dependency>

API Endpoints

Public Endpoints

  • POST /login - User authentication
  • POST /users/register - User registration

Protected Endpoints

  • GET /users/{username} - Requires authentication
  • GET /users/all - Requires authentication
  • All other endpoints require valid JWT token

Security Components

JwtAuthenticationFilter

  • Validates JWT tokens on each request
  • Sets authentication context for Spring Security
  • Handles token expiration and invalidation

JwtUtils

  • Generates signed JWT tokens
  • Validates token signatures and expiration
  • Extracts user information from tokens

SecurityConfig

  • Configures Spring Security for stateless JWT auth
  • Defines public vs protected endpoints
  • Integrates JWT filter into security chain

UserPrincipal

  • Implements Spring Security's UserDetails
  • Contains user credentials and authorities
  • Created from Firestore User objects

Token Structure

{
  "sub": "username",
  "roles": ["ROLE_USER"],
  "iat": 1638360000,
  "exp": 1638446400
}

Error Handling

Invalid Token

{
  "status": 401,
  "message": "Invalid JWT token"
}

Expired Token

{
  "status": 401,
  "message": "JWT token is expired"
}

Missing Token

{
  "status": 403,
  "message": "Access denied"
}

Best Practices

  1. Token Storage: Store tokens securely (localStorage, secure cookies)
  2. Token Refresh: Implement refresh token logic for long sessions
  3. HTTPS Only: Always use HTTPS in production
  4. Token Expiration: Set reasonable expiration times
  5. Secret Key: Use strong, environment-specific secrets

Troubleshooting

Common Issues

  • 403 Forbidden: Check if token is valid and not expired
  • 401 Unauthorized: Verify token format and signature
  • Compilation Errors: Ensure all dependencies are included

@rlevidev
✨ feat(auth): add JWT authentication filter and utilities ( JWT based…
78060ca 
… authentication

Fixes HacktoberBlog#12 )

Implement JWT-based authentication for the blog application by adding JwtAuthenticationFilter to handle token validation and user authentication on each request, JwtUtils for token generation, parsing, and validation, and updating SecurityConfig to integrate the filter into the security chain. This enables stateless authentication using Bearer tokens, securing endpoints while allowing public access to login and registration routes.
@rlevidev rlevidev changed the title ✨ feat(auth): add JWT authentication filter and utilities ( JWT based authentication ✨ feat(auth): add JWT authentication filter and utilities ( JWT authentication #12 ) Oct 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rlevidev