Today I built a complete JWT Authentication System in Spring Boot completely from scratch.
Here's what I implemented:
- Integrated a PasswordEncoder with BCrypt to hash user credentials before persistence.
- Login API that generates a real JWT token.
- JwtAuthFilter that validates token on every request.
- Used Spring Security configuration to enforce authentication on protected endpoints while exposing selected APIs publicly.
- Secured endpoint that returns logged in user's name.
- Added validation for user input fields and Handled Exception using Global Handler.
Bugs I faced:
- Field name mismatch between DTO and entity.
- Got 403 Forbidden even with correct token, realized I was using parseClaimsJwt() instead of parseClaimsJws() — one letter difference that broke everything.
The journey is slow but every debug made me sharper.
User Registration:
User Login:
Getting Logged in User Name:
Global Exception Handling:
Top comments (0)