Skip to content
/ springSecurity3 Public

Advanced security implementation for a Spring Boot REST API, using Spring Security and stateless authentication via JSON Web Tokens (JWT).

github.com/morning-dark
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

morning-dark/springSecurity3

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
idea
idea
 
 
mvn/wrapper
mvn/wrapper
 
 
src
src
 
 
target
target
 
 
HELP.md
HELP.md
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Advanced Security Implementation with Spring Security and JWT

Project Description

SpringSecurity3 is an advanced security implementation within a Spring Boot application, focusing on stateless authentication via JSON Web Tokens (JWT).

This project goes beyond simple form-based authentication to demonstrate how to secure a REST API using tokens. It includes specific components for creating, validating, and using JWTs.

Key Features and Concepts

  • JWT Authentication: Uses the com.auth0:java-jwt library for token generation and verification.
  • Custom Security Filters: Implements JwtAuthenticationFilter to intercept requests and validate tokens.
  • Advanced Security Configuration: Use WebSecurityConfig to configure the filter chain, disable CSRF protection (typical of REST APIs), and define public and private access points.
  • Primary User Model: Define UserPrincipal to store the authenticated user's information.
  • Authentication Controller: A dedicated controller (AuthController) to handle login requests and issue JWTs.

Technologies Used

Technology Role in the Project
Framework Spring Boot 3.2.x.
Language Java 17+.
Security Spring Security.
Authentication JWT (com.auth0:java-jwt).
API Spring Boot Starter Web.
Build Tool Maven.
Utilities Lombok.

Installation and Execution

Prerequisites

  • JDK (Java Development Kit) version 17 or higher.
  • Apache Maven

Steps

  1. Clone the Repository:
git clone https://github.com/morning-dark/springSecurity3.git
cd springSecurity3
  1. Build and Run: Use Maven to build and start the Spring Boot application.
mvn spring-boot:run
  1. Test the API:
  • Authentication: Send a POST request to the login endpoint (e.g., /auth/login) with the credentials to receive a JWT.
  • Protected Access: Use the JWT received in the Authorization: Bearer <your_jwt> header to access protected endpoints (e.g., /hello).

Project Structure

springSecurity3/
├── pom.xml
└── src/
    └── main/
        └── java/org/suptech/springsecurity3/
            ├── auth/                              # Authentication Controller and DTOs (LoginRequest/Response)
            ├── home/                              # Protected API Controllers (HelloController)
            ├── security/                          # Security Configuration (WebSecurityConfig, JwtAuthenticationFilter, JwtIssuer, JwtDecoder)
            └── SpringSecurity3Application.java    # Main Class

Important Note on Configuration

If If you have cloned this repository and the IDE or Maven configuration folders appear without a dot (.idea or .mvn), please rename them manually:

  • Rename the mvn folder to .mvn for the Maven Wrapper to function correctly.
  • The idea folder (if present) contains the IDE configuration and can be ignored or renamed to .idea if you are using IntelliJ IDEA.

About

Advanced security implementation for a Spring Boot REST API, using Spring Security and stateless authentication via JSON Web Tokens (JWT).

github.com/morning-dark

Topics

java jwt spring-boot maven rest-api spring-security stateless-authentication

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages