Today I built a complete JWT Authentication System in Spring Boot completely from scratch.
Here's what I implemented:
- Integrated a PasswordEncoder with BCrypt to hash user credentials before persistence.
- Login API that generates a real JWT token.
- JwtAuthFilter that validates token on every request.
- Used Spring Security configuration to enforce authentication on protected endpoints while exposing selected APIs publicly.
- Secured endpoint that returns logged in user's name.
- Added validation for user input fields and Handled Exception using Global Handler.
Bugs I faced:
- Field name mismatch between DTO and entity.
- Got 403 Forbidden even with correct token, realized I was using parseClaimsJwt() instead of parseClaimsJws() — one letter difference that broke everything.
The journey is slow but every debug made me sharper.
User Registration:
User Login:
Getting Logged in User Name:
Global Exception Handling:
Top comments (3)
That parseClaimsJwt vs parseClaimsJws bug is painful
JWT setups always look simple until Spring Security starts blocking everything with 403.
Nice progress, getting auth + filters + exception handling working from scratch is not trivial.
What part took you the longest to get right?
Yeah seriously, that parseClaimsJwt vs parseClaimsJws confused me for a while.
For me, the hardest part was getting the filter chain + SecurityContext flow right without breaking everything with 403.
Yeah that part is brutal.
Getting the filter chain and SecurityContext right without triggering random 403s is where things usually break.
I ran into the same issues a few times, ended up extracting that flow into a small reusable setup (AuthKit Lite) so I don’t have to debug it again and again.
Did you end up customizing the filter chain a lot or mostly stick with Spring defaults?