Spring Security JWT Authentication + PostgreSQL – RestAPIs SpringBoot + Spring MVC + Spring JPA
JSON Web Token defines a compact and self-contained way for securely transmitting information as a JSON object. In the tutorial, we show how to build a SpringBoot Security RestAPIs with JSON Web Token (JWT).
Related posts:
- Spring Security – JDBC Authentication – SpringBoot + PostgreSQL + Bootstrap
- SQL Tutorial – MySQL Many-to-Many Relationship
- Spring JPA Hibernate Many to Many – SpringBoot + PostgreSQL
Spring Security – JWT Authentication Architecture | Spring Boot
Technologies
- Spring Boot
- jjwt - 0.9.0
- Spring Security
- Spring JPA
- PostgreSQL
JSON Web Token
JSON Web Token (JWT) defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
Scenarios where JSON Web Tokens are useful:
- Authorization: the most common scenario for using JWT. Single Sign On is a feature that widely uses JWT
- Information Exchange: Because JWTs can be signed, JSON Web Tokens are a good way of securely transmitting information between parties.
JSON Web Tokens consist of 3 parts:
- Header
- Payload
- Signature
-> JWT
looks like Header-Base64-String.Payload-Base64-String.Signature-Base64-String
Header consists of two parts:
- token type.
- hashing algorithm.
-> Example:
{
"alg": "HS256",
"typ": "JWT"
}
Payload contains the claims. Claims are statements about an entity and additional information.
There are 3 types of claims ->
-
Registered claims
-> These are a set of predefined claims:iss
(issuer),exp
(expiration time),sub
(subject) Public claims
Private claims
Example ->
{
"sub": "thomasgkz",
"iat": 1537603195,
"exp": 1537689595
}
Signature -> To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
Example ->
HMACSHA512(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
your-256-bit-secret
)
Combine all together, we get 3 Base64-URL strings separated by dots,
-> Example:
Spring Security JWT Authentication + PostgreSQL – RestAPIs SpringBoot + Spring MVC + Spring JPA
Top comments (0)