{"id":29275034,"url":"https://github.com/chamikathereal/j2ee-security-jwt-with-db","last_synced_at":"2025-07-05T05:40:13.391Z","repository":{"id":301568104,"uuid":"1009621629","full_name":"chamikathereal/J2EE-Security-JWT-With-db","owner":"chamikathereal","description":"A practical Java EE project demonstrating secure JWT-based authentication and role-based authorization with a database-backed identity store, Hibernate, and Jakarta EE Security APIβ€”ideal for learning modern, stateless security in enterprise applications.","archived":false,"fork":false,"pushed_at":"2025-06-27T14:05:47.000Z","size":4252,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-27T15:26:34.364Z","etag":null,"topics":["api-rest","authentication","jakartaee","java","java-automation","javaee","jwt","jwt-authentication","jwt-token"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chamikathereal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-27T12:37:17.000Z","updated_at":"2025-06-27T14:05:50.000Z","dependencies_parsed_at":"2025-06-27T15:26:37.638Z","dependency_job_id":"e196460f-8e15-42ab-871d-aa9204d23ced","html_url":"https://github.com/chamikathereal/J2EE-Security-JWT-With-db","commit_stats":null,"previous_names":["chamikathereal/j2ee-security-jwt-with-db"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/chamikathereal/J2EE-Security-JWT-With-db","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chamikathereal%2FJ2EE-Security-JWT-With-db","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chamikathereal%2FJ2EE-Security-JWT-With-db/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chamikathereal%2FJ2EE-Security-JWT-With-db/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chamikathereal%2FJ2EE-Security-JWT-With-db/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chamikathereal","download_url":"https://codeload.github.com/chamikathereal/J2EE-Security-JWT-With-db/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chamikathereal%2FJ2EE-Security-JWT-With-db/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263692348,"owners_count":23496905,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-rest","authentication","jakartaee","java","java-automation","javaee","jwt","jwt-authentication","jwt-token"],"created_at":"2025-07-05T05:40:11.481Z","updated_at":"2025-07-05T05:40:13.386Z","avatar_url":"https://github.com/chamikathereal.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# πŸš€ J2EE-Security-JWT-With-db\n\n## πŸ“ Project Overview\n\n**J2EE-Security-JWT-With-db** is a practical Java EE project that demonstrates secure authentication and role-based authorization using JSON Web Tokens (JWT) and a database-backed identity store. The project leverages Jakarta EE Security API, JAX-RS for RESTful endpoints, Hibernate ORM for persistence, and MySQL for data storage. It is ideal for learning how to build modern, stateless, and scalable authentication systems in enterprise Java applications.\n\n---\n\n## πŸ“½οΈ Demo Video\n[![J2EE-Security-JWT-With-db Project Demo](https://github.com/chamikathereal/J2EE-Security-JWT-With-db/blob/main/J2EE-Security-JWT-With-db.png)](https://youtu.be/sSrRBxIvBqo)\n\n---\n\n## πŸ—‚οΈ Project Structure\n\n```\nJ2EE-Security-JWT-With-db/\nβ”œβ”€β”€ src/\nβ”‚ β”œβ”€β”€ main/\nβ”‚ β”‚ β”œβ”€β”€ java/\nβ”‚ β”‚ β”‚ └── lk.jlat.app.security/\nβ”‚ β”‚ β”‚ β”œβ”€β”€ config/\nβ”‚ β”‚ β”‚ β”‚ └── AppConfig\nβ”‚ β”‚ β”‚ β”œβ”€β”€ controller/\nβ”‚ β”‚ β”‚ β”‚ └── AuthController\nβ”‚ β”‚ β”‚ β”œβ”€β”€ model/\nβ”‚ β”‚ β”‚ β”‚ └── User\nβ”‚ β”‚ β”‚ β”œβ”€β”€ security/\nβ”‚ β”‚ β”‚ β”‚ β”œβ”€β”€ AppIdentityStore\nβ”‚ β”‚ β”‚ β”‚ β”œβ”€β”€ AuthMechanism\nβ”‚ β”‚ β”‚ β”‚ └── Credentials\nβ”‚ β”‚ β”‚ β”œβ”€β”€ service/\nβ”‚ β”‚ β”‚ β”‚ └── LoginService\nβ”‚ β”‚ β”‚ β”œβ”€β”€ servlet/\nβ”‚ β”‚ β”‚ β”‚ β”œβ”€β”€ Login\nβ”‚ β”‚ β”‚ β”‚ └── Profile\nβ”‚ β”‚ β”‚ └── util/\nβ”‚ β”‚ β”œβ”€β”€ resources/\nβ”‚ β”‚ β”‚ └── META-INF/\nβ”‚ β”‚ β”‚ └── persistence.xml\nβ”‚ β”‚ └── webapp/\nβ”‚ β”‚ β”œβ”€β”€ user/\nβ”‚ β”‚ β”‚ └── index.jsp\nβ”‚ β”‚ β”œβ”€β”€ WEB-INF/\nβ”‚ β”‚ β”‚ └── web.xml\nβ”‚ β”‚ β”œβ”€β”€ index.jsp\nβ”‚ β”‚ └── login.jsp\nβ”œβ”€β”€ pom.xml\n```\n[See full structure and code in the attached file][1]\n\n## πŸ“¦ Module Details\n\n#### 🟦 **config**\n- **AppConfig** \n Configures the JAX-RS application path (`/api`) for all REST endpoints.\n\n ##\n\n#### 🟦 **controller**\n- **AuthController** \n REST controller for authentication endpoints (`/auth/login`, `/auth/register`). Handles login requests, validates credentials, and issues JWT tokens.\n\n ##\n\n#### 🟦 **model**\n- **User** \n JPA entity representing a user with username, password, and a set of roles. Used for authentication and authorization.\n\n ##\n\n#### 🟦 **security**\n- **AppIdentityStore** \n Custom identity store that validates user credentials and retrieves roles from the database using the `LoginService`.\n \n- **AuthMechanism** \n Custom HTTP authentication mechanism that supports both JWT-based and form-based authentication, using the Jakarta EE Security API.\n \n- **Credentials** \n POJO representing username and password for authentication requests.\n\n ##\n\n#### 🟦 **service**\n- **LoginService** \n Handles user validation and role retrieval from the database using JPA and Hibernate.\n\n ##\n\n#### 🟦 **servlet**\n- **Login** \n Servlet for processing login requests and authenticating users.\n \n- **Profile** \n Servlet for displaying the user profile page, secured with role-based access control annotations.\n\n ##\n\n#### 🟦 **util**\n- **JWTUtil** \n Utility class for generating and validating JWT tokens, embedding username and roles as claims.\n\n ##\n\n#### 🟦 **resources/META-INF**\n- **persistence.xml** \n JPA configuration file for Hibernate and MySQL integration.\n\n ##\n\n#### 🟦 **webapp**\n- **user/index.jsp** \n User dashboard, accessible only to authenticated users with the appropriate role.\n \n- **WEB-INF/web.xml** \n Declarative security configuration for protected resources and role mappings.\n \n- **login.jsp** \n Custom login form for user authentication.\n \n- **index.jsp** \n Public landing page.\n\n## βš™οΈ Key Features\n\n- βœ… Secure JWT-based authentication for REST APIs\n- βœ… Database-backed user and role management with Hibernate (JPA)\n- βœ… Custom identity store and authentication mechanism (Jakarta EE Security API)\n- βœ… Stateless session management using JWTs\n- βœ… Role-based access control for servlets and endpoints\n- βœ… Clean, modular Maven project structure\n\n## πŸ’‘ How It Works\n\n- **User Authentication:** \n Users authenticate via REST (`/api/auth/login`) or form. Credentials are validated against the database. On success, a JWT is issued containing the username and roles.\n\n- **JWT Validation:** \n Protected endpoints require a valid JWT in the `Authorization` header (`Bearer `). The custom authentication mechanism parses and validates the token, extracting user identity and roles for access control.\n\n- **Role-Based Authorization:** \n Access to servlets and JSPs is protected using declarative (`web.xml`) and annotation-based security. Only users with appropriate roles can access secured resources.\n\n- **Session Management:** \n Stateless authentication is achieved using JWTs, eliminating the need for server-side session storage.\n\n- **Database Integration:** \n User credentials and roles are stored in MySQL and managed via Hibernate/JPA.\n\n## πŸ› οΈ Technologies Used\n\n- Java 11\n- Jakarta EE 10 (JAX-RS, Security API, Servlet, JPA)\n- Hibernate ORM\n- MySQL\n- JJWT (io.jsonwebtoken)\n- Maven\n\n## πŸ“š Learning Outcomes\n\n- βœ… Implement JWT-based authentication and authorization in Java EE\n- βœ… Integrate database-backed identity management with Hibernate\n- βœ… Secure RESTful APIs and web resources with modern best practices\n- βœ… Build scalable, stateless, and secure enterprise Java applications\n\n## πŸ§‘β€πŸ’» Author\n\nChamika Gayashan \nUndergraduate Software Engineer | Sri Lanka \nLinkedin: @chamikathereal \nCurrent date: Friday, June 27, 2025, 6:30 PM +0530\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchamikathereal%2Fj2ee-security-jwt-with-db","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchamikathereal%2Fj2ee-security-jwt-with-db","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchamikathereal%2Fj2ee-security-jwt-with-db/lists"}