Skip to content

A demo project showcasing JWT (Json Web Token) authentication with multiple login, timeout / refresh / logout using Spring Security & MySQL JPA.

License

Notifications You must be signed in to change notification settings

Spring-Boot-Framework/Jwt-Spring-Security-JPA

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Jwt-Spring-Security-JPA

Travis (.org) GitHub

A demo project explaining the backend authentication using JWT (Json Web Token) authentication using Spring Security & MySQL JPA.

There's support for the following features:

  • Conventional email/username based registration with admin support
  • Conventional Login using Spring Security and generation of JWT token
  • Multiple device login and logout support
  • In memory store for blacklisting logged out tokens
  • Support for expiration bases email verification. Mail is sent upon registration.
  • Resend the email confirmation email if old one expires
  • Support for password updation once logged in
  • Support for forgot-password functionality with password reset token sent to mail.
  • Supports admin protected urls leveraging Spring security
  • API to refresh JWT tokens once the temporary JWT expires.
  • API to check availability of username/email during registration.


Swagger Docs

The project has been configured with a basic Swagger docket that exposes the commonly used API's along with the expected params. image


JWT

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Exception Handling

The app throws custom exceptions wherever necessary which are captured through a controller advice. It then returns the appropriate error response to the caller

  • AppException
  • BadRequestException
  • ResourceAlreadyInUseException
  • ResourceNotFoundException
  • UserLoginException
  • UserRegistrationException
  • MethodArgumentNotValidException
  • UserLogoutException
  • TokenRefreshException
  • UpdatePasswordException
  • PasswordResetException
  • PasswordResetLinkException

Moreover, entities are validated using JSR-303 Validation constraints.


Steps to Setup the Spring Boot Back end app

  1. Clone the application

    git clone https://github.com/isopropylcyanide/Jwt-Spring-Security-JPA.git
    cd AuthApp
  2. Create a MySQL database

    create database login_db
  3. Change MySQL username and password as per your MySQL installation

    • open src/main/resources/application.properties file.

    • change spring.datasource.username and spring.datasource.password properties as per your mysql installation

    • open src/main/resources/mail.properties file.

    • change spring.mail.username and spring.mail.password properties as per your mail installation

  4. Run the app

    You can run the spring boot app by typing the following operating system specific command -

    For UNIX/Linux based operating systems,

    ./mvnw spring-boot:run

    For Windows based operating systems,

    mvnw.cmd spring-boot:run

    The server will start on port 9004. Token default expiration is 600000ms i.e 10 minutes.

  5. Add the default Roles

    The spring boot app uses role based authorization powered by spring security. Please execute the following sql queries in the database to insert the USER and ADMIN roles.

    INSERT INTO ROLE (ROLE_NAME) VALUES ('ROLE_USER');
    INSERT INTO ROLE (ROLE_NAME) VALUES ('ROLE_ADMIN');

    Any new user who signs up to the app is assigned the ROLE_USER by default.


Contribution

  • Please fork the project and adapt it to your use case.
  • Submit a pull request.

Demo Screens

  1. Registering a user

image

  1. Logging in a valid user

image

  1. Logging in an invalid user

image

  1. Using the token in request header & accessing resource

image

  1. Accessing admin resource with invalid permissions/token

image

  1. Logging out the user device

image

  1. Resetting the password

image

  1. Refreshing the authentication token

image

  1. Confirming the user email verification token

image

About

A demo project showcasing JWT (Json Web Token) authentication with multiple login, timeout / refresh / logout using Spring Security & MySQL JPA.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 90.4%
  • FreeMarker 9.6%