DEV Community

Cover image for How to implement JWT authentication in Java with Spring Framework
EddieSCJ
EddieSCJ

Posted on • Edited on

How to implement JWT authentication in Java with Spring Framework

First of all, let's import some dependencies

Before starting the real implementation, please, try to get these dependencies on your project:

    compile group: 'com.google.code.gson', name: 'gson', version: '2.8.6'
    compile group: 'com.auth0', name: 'java-jwt', version: '3.10.3'
    compile group: 'org.springframework.security', name: 'spring-security-core', version: '5.1.5.RELEASE'
    compile group: 'org.springframework.security', name: 'spring-security-web', version: '5.1.5.RELEASE'
    compile group: 'org.springframework.security', name: 'spring-security-config', version: '5.1.5.RELEASE'
Enter fullscreen mode Exit fullscreen mode

You might have the basic packages to build an API like Spring Starter Web, if you don't know how to build an API with java and Spring Boot, please, read the following article: Building a Simple API with Java and Spring Boot

And make sure you already have your UserRepository Implemented, but if you don't know how to implement a simple connection between java and any SQL database with H2, please, read the following article: Implementing a Simple Database with Java, JPA, Hibernate and SQL

Creating a Bean to our PasswordEncoder

If you don't know what is a Bean, please, read the following article: What is a Java @Bean?

Please, at your main class, paste the following code:

@Bean public BCryptPasswordEncoder bCryptPasswordEncoder() {
    return new BCryptPasswordEncoder(); 
}
Enter fullscreen mode Exit fullscreen mode

It'll provide a BCryptPasswordEncoder instance to us.

Implemeneting our own UserDetailsService

So, assuming that we'll authenticate with a username and password, we have to implement the default class and method to search it in the database, right?

Follow bellow the code, please, stay alert to read the comments.

Let's implement the JWTAuthenticationFilter

First of all, our authentication will be a basic auth, where you provide a username and password and the system will verify if you are who you are supposed to be.

This class will rewrite some methods in a personal way to implement our UsernameAndPasswordAuthenticationFilter, which provides somethings like the answer to our auth.

Remember to be alert for the comments.
Follow below the code:

That is our AuthenticationFilter, responsible to verify the username and password data (we can say that it is the class that execute the "login")

Lets Implement the JWTAuthorizationFilter

If the Authentication Filter verifies and confirms the data, our Authorization Filter is responsible for the request, just like verify our token and show the authorities.

Remember to be alert for the comments.
Follow Below the file:

Finally, the WebSecurity Class

This is the class that interacts with the web layer, here we also have the cors configuration, allows, signup redirect, we define the login endpoint, etc etc etc.

Remember to be alert for the comments.
Follow below de the file:

We can just finish here, but, as a bonus, there is a test class to test your login functionality.

#Bonus - Test Impl

THANK YOU!!! ENJOY THE ARTICLE <3, LEAVE YOUR LIKE HERE SWEET!!

Top comments (0)