Spring Boot Security JWT[java web token] Explained Step by Step-handson скачать в хорошем качестве

Spring Boot Security JWT[java web token] Explained Step by Step-handson

Hi All, Welcome to Global Tamil Mirror. This is a fully hands-on tutorial for those who already have some knowledge in Java Spring Boot. Today, we are going to see how to set up JWT in a Spring Boot application. This is a simple attempt to present the hands-on without video, so please prepare your prerequisites. Prerequisites STS or any other IDE (STS is used here) JDK 21 Maven Please be ready with these requirements, then start the hands-on. Step 1: Create Spring Boot Application using STS File → New → Spring Starter Project Enter Name: JWTDemo Select Maven Java Version: 21 Keep other options as it is Group: com.jwt.demo (anything you wish) Add dependency: Spring Web We will add remaining later Finish this. Right-click pom.xml → Run As → Maven Install Once it is successful Right-click application → Run As → Spring Boot App JWT: Java Web Token for REST API Step 2: Create Simple REST API Right-click com.jwt.demo main application Create package named com.jwt.demo.controller Create class named BankController Add annotation @RestController Add annotation @RequestMapping("/bank") Create method getData() Annotate with @GetMapping("/getData") Save, re-run, and check using Postman REST API is working fine. Step 3: Start JWT Setup Add annotation @EnableWebSecurity in main class If not detected, add dependency spring-boot-starter-security You can remove version from pom.xml because it is auto compatible Import required packages Re-run application and test using Postman. It shows 401 Unauthorized. This happens because web security is enabled and configuration is not completed. You will see generated security password in console, for example: 508a5b51-0b09-4330-8610-dff83e6a2225 Use: Username: user (default Spring Security username) Password: generated password Authorization Type: Basic Auth Now you can access the REST API. Spring Security and JWT This is the default security implementation by Spring Security. There are many types of authentication, and one of them is JWT. Authorization type will be Bearer Token / JWT Bearer. JWT Basic Flow First Request /auth/login API should be allowed without JWT JWT is generated after login Flow: auth/login → Spring Security → permitAll SecurityContextPersistenceFilter loads empty security context UsernamePasswordAuthenticationFilter intercepts login Reads username and password Creates authentication token Passes it to AuthenticationManager AuthenticationManager: Loads username and password from DB If password matches → authentication success Else → 401 Unauthorized Spring Security configuration handles JWT API requests and stateless session management. JWT is stateless, so server does not store JWT. Second and Further Requests Example: http://localhost:8081/bank/getData Authorization: Bearer JWT token Request goes to JwtAuthFilter and returns response only if token is valid. Step 4: Create Security Configuration Create package com.jwt.demo.security Create class SecurityConfig Annotate with @Configuration and @EnableWebSecurity Step 5: Create JwtAuthFilter Create class JwtAuthFilter Extend OncePerRequestFilter Implement doFilterInternal() This filter is invoked after JWT is generated. Step 6: Create JwtUtil Helper Class Create class JwtUtil.java Annotate with @Component Add secret key JwtAuthFilter is now completed. Step 7: Create AuthRequest DTO Create class AuthRequest for JSON input Use Lombok and add dependency Step 8: Create AuthController Create class AuthController It checks username and password internally, extracts roles, and generates JWT if authentication is successful. Step 9: Additional Configurations Add AuthenticationManager bean in SecurityConfig Create UserConfig class Add UserDetailsService method Step 10: Test JWT Login API POST http://localhost:8081/auth/login Request body: { "username": "prabha", "password": "123456" } JWT token is generated successfully. Step 11: Test Protected API GET http://localhost:8081/bank/getData Authorization: Bearer JWT token Response: Login Success Token Expiry If token expires, API returns 403 Forbidden. Generate token again and API works. JWT setup is working fine. Final Notes Please go through the setup class by class and very slowly. You should have some basic Spring Boot knowledge. This tutorial has no audio, but the steps are detailed enough. Steps are uploaded in description, and GitHub repo URL is also shared. Happy Learning 😊 Bye 👋 Please Subscribe, Like, and Learn more from here.