This is a Spring Security application that demonstrates user authentication using JSON Web Tokens (JWT). The application provides an authentication endpoint to generate JWT tokens and secures other endpoints using Spring Security.
- IntelliJ IDEA 2023.1.3 (Community Edition) or compatible IDE
- Java version 1.8.0_361 or compatible JDK
- Jakarta Servlet API 5.0.0
- Java version 1.8.0_361
Sukumar Satyen © July 2023
The project includes the following dependencies:
- Jakarta Servlet API 5.0.0
- Spring Boot 2.7.13
- Spring Security 5.3.28
- Spring Web 5.3.28
- Spring Security JWT 1.1.0
- BCryptPasswordEncoder
-
To package the application as a WAR file and deploy it on Apache Tomcat:
- Update the
packaging
element in thepom.xml
file to<packaging>war</packaging>
. - Build the project using Maven:
mvn clean package
. - Copy the generated WAR file to the Tomcat webapps directory.
- Start the Tomcat server, and the application will be deployed automatically.
- Update the
-
To package the application as a JAR file and deploy it on AWS Elastic Beanstalk:
- Update the
packaging
element in thepom.xml
file to<packaging>jar</packaging>
. - Build the project using Maven:
mvn clean package
. - Create an AWS Elastic Beanstalk environment and upload the generated JAR file.
- Deploy the application on the Elastic Beanstalk environment.
- Update the
-
Clone the repository to your local machine.
-
Open the project in IntelliJ IDEA or compatible IDE.
-
Configure the project dependencies in the
pom.xml
file. Make sure you have the required dependencies and their correct versions. -
Build the project using Maven:
mvn clean install
. -
To run the application:
- On Linux or Windows command prompt:
java -jar target/application.jar
. - In IntelliJ IDEA, right-click on the
Application
class and select "Run".
- On Linux or Windows command prompt:
-
The application will start and listen on the specified port (usually 8080).
-
You can use a tool like Postman to test the application. Here's how you can test the endpoints:
-
Make a POST request to
http://localhost:8080/authenticate
with the following JSON payload:{ "username": "admin", "password": "admin@123" }
-
This will return a JWT token.
-
Include the JWT token in the request header as
Authorization: Bearer <token>
for the secured endpoints. -
Access Secured Endpoint:
- Method: GET
- Endpoint: Example secured endpoint:
http://localhost:8080/api/secure
- Headers:
Authorization
:Bearer <JWT Token>
- This request will access the secured endpoint using the JWT token for authentication.
- To validate the username and password in the provided code, follow these steps:
- Open Postman and create a new request.
- Set the request method to GET.
- Set the request URL to the secured endpoint:
http://localhost:8080/api/secure
. - Add the Authorization header:
- Key:
Authorization
- Value:
Bearer <JWT Token>
- Replace
<JWT Token>
with the actual JWT token obtained from the authentication request.
- Key:
- Send the request.
- The application will validate the provided JWT token and check if the user is authenticated and authorized to access the secured endpoint.
- If the username and password match, the user is authenticated and the response from the secured endpoint will be returned.
- If the username and password don't match or the user is not found, the authentication will fail, and an appropriate error response will be returned.
Note: For endpoints that require additional parameters or request bodies, provide them accordingly in the request.
Application
: The main class that starts the Spring Boot application.WebSecurityConfig
: Configuration class that extendsWebSecurityConfigurerAdapter
and sets up Spring Security configurations.JwtRequestFilter
: A filter that intercepts incoming requests and validates JWT tokens.MyUserDetailsService
: A custom implementation of Spring Security'sUserDetailsService
for retrieving user details.MyUserDetails
: A custom implementation of Spring Security'sUserDetails
representing user details.AuthenticationRequest
: A DTO class representing the authentication request payload.AuthenticationResponse
: A DTO class representing the authentication response payload.HelloRestController
: A REST controller that provides an authentication endpoint and generates JWT tokens.ApplicationTests
: Unit tests for the Spring Security application.
- When the application starts, the
Application
class is executed, which runs the Spring Boot application. - The
WebSecurityConfig
class sets up the Spring Security configurations, including the authentication manager, authentication endpoint, and JWT filter. - The
JwtRequestFilter
intercepts incoming requests and validates the JWT tokens by checking the authentication details. - The
MyUserDetailsService
class implements theUserDetailsService
to retrieve user details, such as username and password, for authentication. - The
AuthenticationRequest
class represents the payload for authentication requests, including the username and password. - The
AuthenticationResponse
class represents the payload for authentication responses, including the JWT token. - The
HelloRestController
class is a REST controller that provides the authentication endpoint to generate JWT tokens. - The
ApplicationTests
class contains unit tests to verify the application context and perform assertions on the Spring Security configurations.