Spring Boot JWT Starter Build Status License: MIT
This is a spring boot starter based on Stephan's Spring Boot JWT Demo. This starter is still in progress and not production ready.
- JDK 11 or higher
- Spring Boot 2.3.x
Coders pack spring boot jwt starter is available in maven central repository
Maven
<dependency> <groupId>de.coderspack</groupId> <artifactId>jwt-spring-boot-starter</artifactId> <version>0.0.3</version> </dependency>
Gradle
implementation 'de.coderspack:spring-boot-starter-jwt:0.0.3'
Code
import de.coderspack.spring.boot.jwt.library.security.JWTConfigurer; import de.coderspack.spring.boot.jwt.library.security.web.access.JwtAccessDeniedHandler; import de.coderspack.spring.boot.jwt.library.security.web.access.JwtAuthenticationEntryPoint; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private final JWTConfigurer jwtConfigurer; private final JwtAuthenticationEntryPoint authenticationErrorHandler; private final JwtAccessDeniedHandler jwtAccessDeniedHandler; public WebSecurityConfig(JWTConfigurer jwtConfigurer, JwtAuthenticationEntryPoint authenticationErrorHandler, JwtAccessDeniedHandler jwtAccessDeniedHandler) { this.jwtConfigurer = jwtConfigurer; this.authenticationErrorHandler = authenticationErrorHandler; this.jwtAccessDeniedHandler = jwtAccessDeniedHandler; } // PasswordEncoder is required. Choose any! @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity httpSecurity) throws Exception { // Apply matchers and all the stuff you need! httpSecurity .authenticationEntryPoint(authenticationErrorHandler) .accessDeniedHandler(jwtAccessDeniedHandler) .apply(jwtConfigurer); } }
Authenticate
import de.coderspack.spring.boot.jwt.autoconfigure.properties.JwtProperties; import de.coderspack.spring.boot.jwt.library.security.JwtAuthenticationManager; @RestController @RequestMapping("/api") public class AuthenticationRestController { private final JwtAuthenticationManager jwtAuthenticationManager; private final JwtProperties jwtProperties; public AuthenticationRestController(final JwtAuthenticationManager jwtAuthenticationManager, final JwtProperties jwtProperties) { this.jwtAuthenticationManager = jwtAuthenticationManager; this.jwtProperties = jwtProperties; } @PostMapping("/authenticate") public ResponseEntity<String> authorize(@Valid @RequestBody LoginDto loginDto) { final var jwt = jwtAuthenticationManager.authenticate(loginDto.getUsername(), loginDto.getPassword(), loginDto.isRememberMe()); final var httpHeaders = new HttpHeaders(); httpHeaders.add(jwtProperties.getHeader(), "Bearer " + jwt); return new ResponseEntity<>(jwt, httpHeaders, HttpStatus.OK); } }
Configure application.properties
# This token must be encoded using Base64 with mininum 88 Bits (you can type `echo 'secret-key'|base64` on your command line) jwt.base64-secret=<my-secret-in-base64>
Implement org.springframework.security.core.userdetails.UserDetailsService.java.
TODO Migrate TODO Notes from https://github.com/coderspack/spring-boot-starter-jwt-java-demo to this documentation.