1
1
.
.
1
1
1
1
.
.
1
1
S
S
t
t
e
e
p
p
1
1
-
-
G
G
e
e
t
t
T
T
o
o
k
k
e
e
n
n
I
I
n
n
f
f
o
o
[
[
G
G
]
]
This tutorial shows how to make Endpoint that returns JWT.
Username and Role that will go into JWT will be hard coded and no Authentication will be performed
(HTTP Request will not contain Credentials that could be compared to stored Credentials).
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables: @Controller, @RequestMapping, Tomcat Server
O
O
v
v
e
e
r
r
v
v
i
i
e
e
w
w
JWTController.java
@ResponseBody
@RequestMapping("/CreateJWT")
public String createJWT() {
return JWTUtil.createJWT("admin", "[book.create, book.delete]");
}
JWT
{
"username" : "myuser",
"authorities" : "[book.create, book.delete]"
}
http://localhost:8080/CreateJWT
eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxIiwiaXNzIjoiaXZvcm9ubGluZSIsInN1YiI6IlRlc3RKV1QifQ.GZkuBtau-7uEJb7V1-
1mGu8q3YmjPzYCok_qfHHhP9Y
JWTUtil
http://localhost:8080/CreateJWT
Tomcat
createJWT()
Browser
JWTController
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springboot_security_jwt (add Spring Boot Starters from the table)
Edit FIle: pom.xml (manually add JJWT dependency)
Create Package: config (inside main package)
– Create Class: JWTUtil.java (inside package controllers)
Create Package: controllers (inside main package)
– Create Class: JWTController.java (inside package controllers)
pom.xml
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.0</version>
</dependency>
JWTController.java
package com.ivoronline.springboot_security_jwt.controllers;
import com.ivoronline.springboot_security_jwt.config.JWTUtil;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class JWTController {
@ResponseBody
@RequestMapping("/CreateJWT")
public String createJWT() {
String jwt = JWTUtil.createJWT("admin", "[book.create, book.delete]");
return jwt;
}
}
JWTUtil.java
package com.ivoronline.springboot_security_jwt.config;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.security.Key;
import java.util.HashMap;
import java.util.Map;
public class JWTUtil {
//USED TO CREATE & DECODE JWT
public final static String SECRET_KEY = "mysecretkey";
//========================================================================
// CREATE JWT
//========================================================================
public static String createJWT(String username, String authorities) {
//HEADER (SPECIFY ALGORITHM)
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
//PAYLOAD (SPECIFY CLAIMS)
Map<String, Object> customClaims = new HashMap<>();
customClaims.put("username" , username);
customClaims.put("authorities", authorities);
JwtBuilder builder = Jwts.builder()
.setClaims (customClaims) //Place them first not to override subsequent Claims
.setId ("1")
.setSubject("TestJWT")
.setIssuer ("ivoronline");
//SIGNATURE (SPECIFY SECRET KEY)
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(SECRET_KEY);
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
//GENERATE JWT
String jwt = builder.signWith(signatureAlgorithm, signingKey).compact();
return jwt;
}
}
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/CreateJWT
Encoded JWT
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJUZXN0SldUIiwiaXNzIjoiaXZvcm9ubGluZSIsImF1dGhvcml0aWVzIjoiW2Jvb2suY3JlYXRlLCBi
b29rLmRlbGV0ZV0iLCJqdGkiOiIxIiwidXNlcm5hbWUiOiJhZG1pbiJ9.jQhRDTMA_nsHhH70sShoGiWp6rmeFWqkcIG14LaFPOo
Decoded JWT
{
"sub" : "TestJWT",
"iss" : "ivoronline",
"authorities" : "[book.create, book.delete]",
"jti" : "1",
"username" : "admin"
}
https://jwt.io
