DEV Community

loading...
Cover image for Let’s Implement JWT Based Authentication in Spring boot

Let’s Implement JWT Based Authentication in Spring boot

Nil Madhab
Traveller, Adventurer, Geek, Passionate about Algorithm, founder of webtutsplus.com, Entrepreneur, and explorer, connect me https://twitter.com/Nilmadhabmondal
Originally published at api.simplecoding.dev Updated on ・2 min read

Part 2: Integrate database and implement Signup, Login features

Photo by [Markus Winkler](https://unsplash.com/@markuswinkler?utm_source=medium&utm_medium=referral) on [Unsplash](https://unsplash.com?utm_source=medium&utm_medium=referral)

In part 1, we implemented the basic JWT auth without real database, by hardcoding user

In this tutorial, we will extend the JWT auth by integrating with real users in the MySQL database and implementing signup, login functionality using BCryptPasswordEncoder for hashing password.

You can find the github code here

Step 1 : Create the User Model

create Jwtuser model and reimplement the UserDetailsService interface of spring security.


Step 2: Reimplement the UserDetailsService Interface of Spring Security

Reimplement the UserDetailsService and override the loadUserByUsername method which we previously hardcoded.

Step 3: Update the SecurityConfigurer

We change the passwordencoder method in SecurityConfigurer file to encrypt the password

@Bean
**public **PasswordEncoder passwordEncoder(){
    **return new **BCryptPasswordEncoder();
}
Enter fullscreen mode Exit fullscreen mode

We also need to update the anteaters to not use authentication when using Signup, signIn methods

Step 4 Implement the Signup Api

The code is self explanatory, we find if email is not present already, hash the password by passwordencoder, and save the user in DB.


signup

Step 6 Implement the signIn

  1. we authenticate the user, by the spring security authenticate method

  2. set the authentication in context

  3. get the user from DB

  4. Create JWT and send it in response

Step 7 : Test an API with an Authorization header consist of JWT token

If the token is expired, we will get this error

JWT expired error

If the token is valid, we will get the user from the JWT token and we can create various rules for authorization


Next steps

  1. create various roles like ADMIN, USER, MODERATOR

  2. We will integrate it in our e-commerce tutorial

  3. We will use social login using GitHub and create a frontend using Vue.js

Discussion (0)

Forem Open with the Forem app