1
1
.
.
1
1
1
1
.
.
3
3
S
S
t
t
e
e
p
p
3
3
-
-
S
S
e
e
n
n
d
d
T
T
o
o
k
k
e
e
n
n
-
-
I
I
n
n
A
A
u
u
t
t
h
h
o
o
r
r
i
i
z
z
a
a
t
t
i
i
o
o
n
n
H
H
e
e
a
a
d
d
e
e
r
r
-
-
G
G
e
e
t
t
C
C
l
l
a
a
i
i
m
m
s
s
I
I
n
n
f
f
o
o
[
[
G
G
]
]
This tutorial shows how to use Postman to send JWT through Authorization Header.
For that purpose we will need to change decodeJWT() to get JWT from Authorization Header.
Application Schema [Results]
O
O
v
v
e
e
r
r
v
v
i
i
e
e
w
w
JWTController.java
@ResponseBody
@RequestMapping("/DecodeJWT")
public Claims decodeJWT(@RequestHeader("Authorization") String authorization) {
String jwt = jwtUtil.extractJWTFromAuthorizationHeader(authorization);
Claims claims = jwtUtil.decodeJWT(jwt);
return claims;
}
POST http://localhost:8080/CreateJWT (JWT in Authorization Header)
{
"username" : "admin",
"authorities" : "[book.create, book.delete]",
}
JWTUtil
http://localhost:8080/DecodeJWT
Tomcat
decodeJWT()
Browser
JWTController
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Edit Class: JWTController.java (edit decodeJWT() to get JWT from Authorization Header)
JWTController.java
package com.ivoronline.springboot_security_jwt.controllers;
import com.ivoronline.springboot_security_jwt.config.JWTUtil;
import io.jsonwebtoken.Claims;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class JWTController {
@ResponseBody
@RequestMapping("/CreateJWT")
public String createJWT() {
String jwt = JWTUtil.createJWT("admin", "[book.create, book.delete]");
return jwt;
}
@ResponseBody
@RequestMapping("/DecodeJWT")
public Claims decodeJWT(@RequestHeader("Authorization") String authorization) {
//GET AUTHORIZATION HEADER
if (authorization == null || !authorization.startsWith("Bearer ")) {
System.out.println("Authorization Header not found");
return null;
}
//GET JWT
String jwt = authorization.substring(7);
//GET CLAIMS
Claims claims = JWTUtil.decodeJWT(jwt);
//RETURN CLAIMS
return claims;
}
}
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/CreateJWT
Start Postman
– POST: http://localhost:8080/DecodeJWT
– Headers: (copy from below)
– Send
http://localhost:8080/CreateJWT
Headers (add Key-Value)
Authorization: Bearer
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJUZXN0SldUIiwicm9sZSI6IlJPTEVfVVNFUiIsImlzcyI6Iml2b3JvbmxpbmUiLCJqdGkiOiIxIiwi
dXNlcm5hbWUiOiJteXN1c2VyIn0.sEkZCMuot76lWjsuYfp5cU4IqB-ykzb5jaiobH84Bmg
Postman
