A demo to test Spring Security and JWT for a RESTful application
To login, add the following code to the body of a GET request at '/login':
{"username":"user","password":"password"}
To access the protected resource '/quotes', add to the Authentication header of the request the token obtained by logging in:
Authentication: Bearer XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Spring Security is configured in com.thomasvitale.config
package:
WebSecurityConfig
defines the policy to access resources, filters for login and authentication, a fake user in memory.
Authentication, Login and JWT are handled in com.thomasvitale.security
package:
JWTAuthenticationEntryPoint
returns a 401 status code if token authentication fails (whatever the reason)JWTLoginFilter
is used to log in users and generate a token.JWTAuthenticationFilter
is used to authenticate (token verification) users when trying to access protected resources.TokenAuthenticationService
provides methods to generate tokens, to verify their validity.TokenHandler
is a utility class implementing methods to build and parse tokens.
This demo has been inspired by the following guides and tutorials:
- Spring Security Architecture
- Securing Spring Boot with JWTs
- Stateless Authentication with Spring Security and JWT
- Securing REST APIs With Spring Boot
- [SpringSecurity : Authenticate User with Custom UserDetailsService] (http://www.ekiras.com/2016/04/authenticate-user-with-custom-user-details-service-in-spring-security.html)
- REST Security with JWT using Java and Spring Security