Giter VIP home page Giter VIP logo

springboot-jwt-starter's Introduction

                _             _                 _       _          _         _             _
 ___ _ __  _ __(_)_ __   __ _| |__   ___   ___ | |_    (_)_      _| |_   ___| |_ __ _ _ __| |_ ___ _ __
/ __| '_ \| '__| | '_ \ / _` | '_ \ / _ \ / _ \| __|   | \ \ /\ / / __| / __| __/ _` | '__| __/ _ \ '__|
\__ \ |_) | |  | | | | | (_| | |_) | (_) | (_) | |_    | |\ V  V /| |_  \__ \ || (_| | |  | ||  __/ |
|___/ .__/|_|  |_|_| |_|\__, |_.__/ \___/ \___/ \__|  _/ | \_/\_/  \__| |___/\__\__,_|_|   \__\___|_|
    |_|                 |___/                        |__/

Build Status License MIT

A Springboot token-based security starter kit featuring AngularJS and Springboot (JSON Web Token)

Live Demo

Springboot JWT Starter

Token authentication is a more modern approach and is designed solve problems session IDs stored server-side can’t. Using tokens in place of session IDs can lower your server load, streamline permission management, and provide better tools for supporting a distributed or cloud-based infrastructure.

-- Stormpath

Quick start

Make sure you have Maven and Java 1.7 or greater

# clone our repo
# --depth 1 removes all but one .git commit history
git clone --depth 1 https://github.com/bfwg/springboot-jwt-starter.git

# change directory to our repo
cd springboot-jwt-starter

# install the repo with mvn
mvn install

# start the server
mvn spring-boot:run

# the app will be running on port 8080
# there are two built-in user accounts to demonstrate the differing levels of access to the endpoints:
# - User - user:123
# - Admin - admin:123

File Structure

springboot-jwt-starter/
 ├──src/                                                        * our source files
 |   ├──main
 │   │   ├──java.com.bfwg
 |   │   │   ├──config
 |   │   │   │   └──WebSecurityConfig.java                      * config file for filter, custom userSerivce etc.
 |   │   │   ├──model
 |   │   │   │   ├──Authority.java
 |   │   │   │   ├──CustomUserDetail.java                       * custom UserDetail implemtation
 |   │   │   │   └──User.java                                   * our main user model.
 |   │   │   ├──repository                                      * repositories folder for accessing database
 |   │   │   │   └──UserRepository.java
 |   │   │   ├──rest                                            * rest endpoint folder
 |   │   │   │   └──UserController.java                         * REST controller to handle User related requests
 |   │   │   ├──security                                        * Security related folder(JWT, filters)
 |   │   │   │   ├──auth
 |   │   │   │   │   ├──AuthenticationFailureHandler.java       * login fail handler, configrued in WebSecurityConfig
 |   │   │   │   │   ├──AuthenticationSuccessHandler.java       * login success handler, configrued in WebSecurityConfig
 |   │   │   │   │   ├──JwtLogoutHandler.java                   * logout handler, configrued in WebSecurityConfig
 |   │   │   │   │   ├──RestAuthenticationEntryPoint.java       * handle auth exceptions, like invalid token etc.
 |   │   │   │   │   ├──TokenAuthenticationFilter.java          * the JWT token filter, configured in WebSecurityConfig
 |   │   │   │   │   └──TokenBasedAuthentication.java           * this is our custom Authentication class and it extends AbstractAuthenticationToken.
 |   │   │   │   └──TokenUtils.java                             * token helper class
 |   │   │   ├──service
 |   │   │   │   ├──impl
 |   │   │   │   │   ├──CustomUserDetailsService.java           * custom UserDatilsService implementataion, tells formLogin() where to check username/password
 |   │   │   │   │   └──UserServiceImpl.java
 |   │   │   │   └──UserService.java
 |   │   │   └──Application.java                                * Application main enterance
 |   │   └──recources
 |   │       ├──static                                          * static assets are served here(Angular and html templates)
 |   │       ├──application.yml                                 * application variables are configured here
 |   │       └──import.sql                                      * h2 database query(table creation)
 |   └──test                                                    * Junit test folder
 └──pom.xml                                                     * what maven uses to manage it's dependencies

Table of Contents

Configuration

  • WebSecurityConfig.java: The server-side authentication configurations.
  • application.yml: Application level properties i.e the token expire time, token secret etc. You can find a reference of all application properties here.
  • JWT token TTL: JWT Tokens are configured to expire after 10 minutes, you can get a new token by signing in again.
  • Using a different database: This Starter kit is using an embedded H2 database that is automatically configured by Spring Boot. If you want to connect to another database you have to specify the connection in the application.yml in the resource directory. Here is an example for a MySQL DB:
spring:
  jpa:
    hibernate:
      # possible values: validate | update | create | create-drop
      ddl-auto: create-drop
  datasource:
    url: jdbc:mysql://localhost/myDatabase
    username: myUser
    password: myPassword
    driver-class-name: com.mysql.jdbc.Driver

Hint: For other databases like MySQL sequences don't work for ID generation. So you have to change the GenerationType in the entity beans to 'AUTO' or 'IDENTITY'.

JSON Web Token

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. for more info, checkout https://jwt.io/

This project is inspried by

License

MIT

springboot-jwt-starter's People

Contributors

bfwg avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.