Skip to content

Nasruddin/spring-boot-3-jwt-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

images

images

 
 

src/main

src/main

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

spring-boot-3-jwt-auth

🔑 Sample Spring boot 3 application for Authentication and Authorization

Features

  • Customizable header(X-Auth-Token) to pass Auth token.
  • JWT for token creation and validation.
  • Role based authorization.
  • Device based auth.
  • Custom Validators
  • Spring doc.

Running the sample app

mvn spring-boot:run

Registering a User

curl -X POST "http://localhost:9000/api/auth/register" -H  "accept: */*" -H  "Content-Type: application/json" -d "{\"username\":\"nasruddin\",\"password\":\"p@ssw00d\",\"device\":\"web\",\"email\":\"nasruddin@gmail.com\"}"

{
    "id":2,
    "username":"nasruddin",
    "password":"$2a$10$U3CR4T1Gowd50Q.0yK/UuOh.XWVx0BYIe7BiAmymXZ.MYPUtU5F.e",
    "email":"nasruddin@gmail.com",
    "lastPasswordReset":"2023-09-14T08:41:10.080+00:00",
    "authorities":"ADMIN"
}

H2-console can be accessed at http://localhost:9000/api/h2-console JWT Decoded

Login a User / Fetch Token

curl -X POST "http://localhost:9000/api/auth" -H  "accept: */*" -H  "Content-Type: application/json" -d "{\"username\":\"nasruddin\",\"password\":\"p@ssw00d\",\"device\":\"web\"}"

{"token":"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJuYXNydWRkaW4iLCJhdWRpZW5jZSI6IndlYiIsImNyZWF0ZWQiOjE2OTQ2ODE2ODE3MDUsImV4cCI6MTY5NTI4NjQ4MX0.MydwIWzN3SgCvB8cYozKcR2tHMCM5nrIPXUBtx4o82ot1taL_NQM5TRHZ4yOc9uUcZFrz1XQAL_fDNXAIwmZxw"}

JWT Decoded

Accessing User/Protected API

Without setting X-AUTH-TOKEN

curl -X GET "http://localhost:9000/api/user/nasruddin" -H  "accept: */*"

{
    "timestamp":"2023-09-14T08:57:08.403+00:00",
    "status":401,
    "error":"Unauthorized",
    "path":"/api/user/nasruddin"
}

With setting X-AUTH-TOKEN

curl -X GET "http://localhost:9000/api/users/nasruddin" -H  "accept: */*" -H  "X-Auth-Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJuYXNydWRkaW4iLCJhdWRpZW5jZSI6IndlYiIsImNyZWF0ZWQiOjE2OTQ2ODE2ODE3MDUsImV4cCI6MTY5NTI4NjQ4MX0.MydwIWzN3SgCvB8cYozKcR2tHMCM5nrIPXUBtx4o82ot1taL_NQM5TRHZ4yOc9uUcZFrz1XQAL_fDNXAIwmZxw"

{
    "id":1,
    "username":"nasruddin",
    "password":"$2a$10$dq6uFlehtetsfI6glLkA.OaeoIEu5PPqIVNZHDMCCiEej8b/0vhWa","email":"nasruddin@gmail.com",
    "lastPasswordReset":"2023-09-14T08:42:37.758+00:00",
    "authorities":"ADMIN"
}

Admin API

curl -X GET "http://localhost:9000/api/admin" -H  "accept: */*" -H  "X-Auth-Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJuYXNydWRkaW4iLCJhdWRpZW5jZSI6IndlYiIsImNyZWF0ZWQiOjE2OTQ2ODE2ODE3MDUsImV4cCI6MTY5NTI4NjQ4MX0.MydwIWzN3SgCvB8cYozKcR2tHMCM5nrIPXUBtx4o82ot1taL_NQM5TRHZ4yOc9uUcZFrz1XQAL_fDNXAIwmZxw"

:O

OpenAPI Swagger

  1. Swagger can be accessed at http://localhost:9000/api/swagger-ui/index.html

Swagger

  1. API Docs can be accessed at http://localhost:9000/api/api-docs API Docs

About

🔑 Sample Spring boot application secured using JWT auth in custom header(X-Auth-Token).

Topics

jwt spring-boot authentication authorization spring-security jwt-tokens swagger-ui swagger-documentation openapi3 spring-security-jwt custom-jwt spring-boot-3 custom-jwt-auth

Resources

Readme

License

MIT license
Activity

Stars

109 stars

Watchers

7 watching

Forks

30 forks
Report repository

Releases 1

first_release Latest
Sep 25, 2023

Packages

No packages published

Languages