by In this tutorial, you will learn how to implement JWT(JSON Web Token) authorization with Spring Boot. It would be a step by step tutorial for beginners as well as intermediates.
Step 1 – Create and new spring application adding the following dependencies:
- Spring-Web
- Spring Security
- Lombok
Step 2 – Create class that extends the WebSecurityConfigurerAdapter and override the configure method (configure(AuthenticationManagerBuilder auth)). Annotate this class with @Configuration and @EnableWebSecurity
Step 3 – Create a class named MyUserDetailsService that implements UserDetailsService. You can put this in the services package. In this class, implement the loadUserByUsername() method. This method should return a hardcoded user. This class should be annotated with the @Service annotation. The MyUserDetailsService class is given below:
@Service public class MyUserDetailsService implements UserDetailsService { @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { return new User("admin", "password", new ArrayList<>()); } }
Step 4 – Autowire the MyUserDetailsService into the SecurityConfigurer class. Then override the configure method and change the parameter to AuthenticationManagerBuilder. Next, in the configure method, set the userDetailsService of the AuthenticationManagerBuilder to the MyUserDetailsService you autowired. See the code below:
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(myUserDetailsService); }
Step 5 – Create a password encoder bean in the SecurityConfigurer class like so:
@Bean public PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); }
Step 6: Add the jjwt and jaxb dependencies to your pom.xml
Step 7: Create a utility class inside a util package. This class should be a component and should implement Serializable interface. I call it JwtUtility.java. This class contains code for jwt processing. The content of quite verbose. So simply copy it from this link.
Now we need to create an authenticate api. This would take a username and password and return a JWT.
Step 8 – First create two classes: JwtRequest and JwtResponse inside a model package. The Request class would have a username and password fields while the Response class would have jwt field.
Step 9 (there’ll be error!) – In the HomeResource class, create the authentication endpoint with PostMapping of /authenticate. To do that, you need to first autowire the AuthenticationManager, JwtUtility and the MyUserDetailsService into the class.
The authenticate method is given below:
@PostMapping("/authenticate") public JwtResponse authenticate(@RequestBody JwtRequest jwtRequest) throws Exception { try{ authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( jwtRequest.getUsername(), jwtRequest.getPassword() ) ); } catch (BadCredentialsException e) { throw new Exception("Invalid Credentials", e); } final UserDetails userDetails = myUserDetailsService.loadUserByUsername(jwtRequest.getUsername()); final String token = jwtUtility.generateToken(userDetails); return new JwtResponse(token); }
Step 10 – To clear the error from Step 9, you need to create the AuthenticationManager bean in the WebConfigurer class. This is given below:
@Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); }
Step 11 – Create the configuration to allow the /authenticate endpoint without authentication. To do this, you need to override the configure(HttpSecurity) method in the SecurityConfigurer class.
This is shown below:
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/authenticate").permitAll() .anyRequest().authenticated(); }
Step 12 – Test the Application. Lauch the application, visit http://localhost:8080/authenticate and send a post request with username and password in the body of the request. You’ll see that you will recieve the authentication token as a response.
At this point, you have completed the first part. In Part 2, we would see how to use the token on subsequent requests using a Filter. Remember to watch the video on my YouTube Channel.
[…] Part 1, we were able to setup a Spring Boot application to use JWT. We also wrote to code to generate the […]
Hello, nice tutorial. I written a new springboot app with your code but on postman I have always access denied.