This is a simple demo for spring boot with JWT integration, which supports user signup/login and blog creation/reading.
Note: this example project is inspired by Implementing JWT Authentication on Spring Boot APIs . Thanks for that nice blog post.
Note: This is a standard spring boot project with Maven, so you can use maven command to run it.
- Run
docker-compose upto start mariadb (add-dif you want to start it as “detached” mode). - Start spring boot project, either inside IDE, or with command line.
- Play with this sample service with fun!
POST:/signup
It needs request payload as below, and it will return 200 OK http status if succeeded.
{
"username": "nice-user-name",
"password": "a-strong-password"
}POST:/login
It needs the same request payload format as "signup", and it will return both access token and refresh token if succeeded.
{
"username": "your-nice-user-name",
"password": "your-strong-password"
}POST:/refresh_token
It needs request payload as below, and it will return an access token if succeeded.
{
"refresh_token": "a-long-refresh-token-string"
}DELETE:/refresh_tokens
With valid access token in the http header, you can purge all your stored refresh tokens in the database, in case you leak your refresh token. So after access token expires, the attacker cannot access your content anymore. (This is the reason why we should have a small TTL for access token.)
POST:/blog
It needs request payload as below, and it will return 200 OK http status if succeeded.
{
"title": "nice-blog-title",
"content": "wonderful-blog-content"
}GET:/blog/{id}
Fetch a single blog by its id.
GET:/blogs
Fetch all blogs belong to the request user.