DEV Community

Cover image for Let’s Implement Basic JWT Based Authentication in Spring boot
Nil Madhab
Nil Madhab

Posted on • Updated on • Originally published at simplecoding.dev

Let’s Implement Basic JWT Based Authentication in Spring boot

#springboot #java #jwt

Step by step guild how to implement JWT Based Authentication, Part 1

Photo by [NeONBRAND](https://unsplash.com/@neonbrand?utm_source=medium&utm_medium=referral) on [Unsplash](https://unsplash.com?utm_source=medium&utm_medium=referral)

JWT based authentication is very useful when we have web and mobile clients and a backend server, which provides a good alternative to session-based authentication. I did not find a good tutorial on this topic, so I decided to make one.

Theory

Sherry Hsu

Session vs Token Based Authentication | by Sherry Hsu | Medium

Sherry Hsu ・
Medium Logo Medium

Video Tutorial

I found this awesome tutorial for implementing basic JWT based authentication for noobs like me.

In this tutorial, we will implement basic JWT based authentication, with the mock user and no database, to understand the concept. We will extend it later to integrate database and full signup, login functionalities.

If you just want to check out the code, checkout the Github branch.

Features we will develop

  1. JWT util file to create and validate JWT token

  2. A controller to generate JWT token

  3. User will be hardcoded

  4. No password encoder

Youtube Demo

I have created a short video of 7 min, to explain all the component, if you do not have time to watch the full 40 min Javabrains video, or you already know about JWT auth, but do not know how to implement it in spring.

Step 1

Create a Spring project with the following dependency in pom.xml

Step 2

Create a custom MyUserDetailsService service, which extend UserDetailsService of security.core package and override the loadUserByUsername by hardcoding an user, for the sake of simplicity.

We will store and retrieve user from the database in a later tutorial.

Step 3

Create a SecurityConfigurer file and enable EnableWebSecurity annotation

Things to note

  1. We did not use any password encoder in this tutorial. We will use BCrypt encoding in next tutorial

  2. Antmatcher means except the ‘/authenticate’ endpoint, all other apis will be authenticated

  3. We are using a stateless session creation policy, i.e every api will be authenticated.

  4. we are providing our implementation of Userdetail service to Spring AuthenticationManagerBuilder

    Step 4

Create the JWT util file to validate and create tokens. Check out the video (forward to 10:00) above to know more about each function.

Step 5

Create a filter chain to extract the JWT token from Authorization header, validate the token, and set the authentication in a security context.

Step 6

Create the controller to test the authentication


Authenticate

Access an API with JWT token

In the next tutorial, we will hook this with real users in the MySQL database and implement signup/login functionality.

Thanks for reading :)

Top comments (1)

Collapse
 
soshihomma profile image
SoshiHomma

As a note: you need AuthenticationRequest and AuthenticationResponse as a payload.
Check it out from his github: github.com/webtutsplus/spring-auth...

Read next

wittedtech-by-harshit profile image

Mastering DSA with Pen and Paper: Unplug and Think Like a Problem-Solver

Harshit Singh -

olnov profile image

Storing images for your UGC app using Spring Boot and iDrive E2 S3

olnov -

kunal_chouhan_787 profile image

Evolving Changes in JavaScript: A Look at the Language's Growth

Kunal Chouhan -

saurabhkurve profile image

Microservices with SpringBoot 🔥

Saurabh Kurve -