1
1
.
.
1
1
1
1
.
.
2
2
S
S
t
t
e
e
p
p
2
2
-
-
S
S
e
e
n
n
d
d
T
T
o
o
k
k
e
e
n
n
-
-
A
A
s
s
R
R
e
e
q
q
u
u
e
e
s
s
t
t
P
P
a
a
r
r
a
a
m
m
e
e
t
t
e
e
r
r
-
-
G
G
e
e
t
t
C
C
l
l
a
a
i
i
m
m
s
s
I
I
n
n
f
f
o
o
[
[
G
G
]
]
This tutorial shows how to send JWT as HTTP Request Parameter.
decodeJWT() Endpoint will then decode JWT and return extracted Claims.
Application Schema [Results]
O
O
v
v
e
e
r
r
v
v
i
i
e
e
w
w
JWTController.java
@ResponseBody
@RequestMapping("/DecodeJWT")
public Claims decodeJWT(@RequestParam String jwt) {
Claims claims = jwtUtil.decodeJWT(jwt);
return claims;
}
http://localhost:8080/DecodeJWT?jwt=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxIiwiaXNzIjoiaXZvcm9ubGluZSIsInN1YiI6IlRlc3RKV
1QifQ.GZkuBtau-7uEJb7V1-1mGu8q3YmjPzYCok_qfHHhP9Y
{
"username" : "admin",
"authorities" : "[book.create, book.delete]",
}
JWTUtil
http://localhost:8080/DecodeJWT
Tomcat
decodeJWT()
Browser
JWTController
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Edit Class: JWTUtil.java (Add decodeJWT())
Edit Class: JWTController.java (Add /DecodeJWT)
JWTController.java
package com.ivoronline.springboot_security_jwt.controllers;
import com.ivoronline.springboot_security_jwt.config.JWTUtil;
import io.jsonwebtoken.Claims;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class JWTController {
@ResponseBody
@RequestMapping("/CreateJWT")
public String createJWT() {
String jwt = JWTUtil.createJWT("admin", "[book.create, book.delete]");
return jwt;
}
@ResponseBody
@RequestMapping("/DecodeJWT")
public Claims decodeJWT(@RequestParam String jwt) {
//GET CLAIMS
Claims claims = JWTUtil.decodeJWT(jwt);
//RETURN CLAIMS
return claims;
}
}
JWTUtil.java
package com.ivoronline.springboot_security_jwt.config;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.security.Key;
import java.util.HashMap;
import java.util.Map;
public class JWTUtil {
//USED TO CREATE & DECODE JWT
public final static String SECRET_KEY = "mysecretkey";
//========================================================================
// CREATE JWT
//========================================================================
public static String createJWT(String username, String authorities) {
//HEADER (SPECIFY ALGORITHM)
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
//PAYLOAD (SPECIFY CLAIMS)
Map<String, Object> customClaims = new HashMap<>();
customClaims.put("username" , username);
customClaims.put("authorities", authorities);
JwtBuilder builder = Jwts.builder()
.setClaims (customClaims) //Place them first not to override subsequent Claims
.setId ("1")
.setSubject("TestJWT")
.setIssuer ("ivoronline");
//SIGNATURE (SPECIFY SECRET KEY)
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary(SECRET_KEY);
Key signingKey = new SecretKeySpec(apiKeySecretBytes, signatureAlgorithm.getJcaName());
//GENERATE JWT
String jwt = builder.signWith(signatureAlgorithm, signingKey).compact();
return jwt;
}
//========================================================================
// DECODE JWT
//========================================================================
public static Claims decodeJWT(String jwt) {
//GET CLAIMS
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(SECRET_KEY))
.parseClaimsJws(jwt).getBody();
//RETURN CLAIMS
return claims;
}
}
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/DecodeJWT?jwt=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiIxIiwiaXNzIjoiaXZvcm9ubGluZSIsInN1YiI6IlRlc3RKV
1QifQ.GZkuBtau-7uEJb7V1-1mGu8q3YmjPzYCok_qfHHhP9Y
Extracted Claims
{
"sub" : "TestJWT",
"iss" : "ivoronline",
"authorities" : "[book.create, book.delete]",
"jti" : "1",
"username" : "admin"
}
