{"id":18559024,"url":"https://github.com/linux-china/jwt-demo","last_synced_at":"2026-02-16T04:03:37.456Z","repository":{"id":28063630,"uuid":"116085284","full_name":"linux-china/jwt-demo","owner":"linux-china","description":"JWT with Spring Boot","archived":false,"fork":false,"pushed_at":"2026-02-06T08:50:22.000Z","size":204,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-08T23:47:56.619Z","etag":null,"topics":["jwt"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linux-china.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-01-03T03:12:06.000Z","updated_at":"2026-02-06T08:50:25.000Z","dependencies_parsed_at":"2024-06-13T12:54:38.361Z","dependency_job_id":"713e5271-3923-4df9-b900-db21428d5e0b","html_url":"https://github.com/linux-china/jwt-demo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/linux-china/jwt-demo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fjwt-demo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fjwt-demo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fjwt-demo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fjwt-demo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linux-china","download_url":"https://codeload.github.com/linux-china/jwt-demo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fjwt-demo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29499810,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T03:57:51.541Z","status":"ssl_error","status_checked_at":"2026-02-16T03:55:59.854Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwt"],"created_at":"2024-11-06T21:41:51.951Z","updated_at":"2026-02-16T04:03:37.451Z","avatar_url":"https://github.com/linux-china.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"Spring Security with JWT\n========================\n\nJWT(JSON Web Tokens) is very useful for API gateway to authorize the user\n\n# Vocabulary\n\n* Credentials: Prove the principal is correct. This is usually a password, token(key\u0026secret) etc\n* Authentication: identify an account, such as UsernamePasswordAuthenticationToken, RememberMeAuthenticationToken, JwtAuthentication.\n* XxxAuthenticationFilter: The filter to get Authentication an inject to SecurityContext by SecurityContextHolder.getContext().setAuthentication(authentication)\n* XxxAuthenticationProvider: Process a specific Authentication to validate authentication\n* Authority: granted authority, such as updateAccount, updateProfile. Please use \"ROLE_\" prefix to define roles.\n* UserDetails: store user information which is later encapsulated into Authentication objects, such as authorities from database\n\n# JWT\n\n* Issuer: issuer, such as domain name, company name or organization name etc.\n* Subject: subject, such as email, user id, user nick, mobile etc\n* http header:\n\n```\nAuthorization: Bearer xxx.yyy.zzz\n```\n\n### RSA key pair generation\n\nAlmost we use RSA private key to generate JWT token and use RSA public key to verify token.\n\n```\n# generate a 2048-bit RSA private key\n$ openssl genrsa -out private_key.pem 2048\n\n# convert private Key to PKCS#8 format (so Java can read it)\n$ openssl pkcs12 -topk8 -inform PEM -outform DER -in private_key.pem \\\n    -out private_key.der -nocrypt\n\n# output public key portion in DER format (so Java can read it)\n$ openssl rsa -in private_key.pem -pubout -outform DER -out public_key.der\n\n```\n\n```\n# generate a 2048-bit RSA private key\n$ openssl genrsa -out jwt_private_key.pem 2048\n\n# convert private Key to PKCS#8 format (so Java can read it)\n$ openssl pkcs8 -topk8 -inform PEM -outform DER -in jwt_private_key.pem -out jwt_rsa.key -nocrypt\n\n# output public key portion in DER format (so Java can read it)\n$ openssl rsa -in jwt_private_key.pem -pubout -outform DER -out jwt_rsa.pub\n\n```\n\n**Tips**: For most case, RS256(RSA 2048 + SHA 256) is better for security and performance.\n\n### ECDSA key pair generation\n\nPlease run EcdsaKeyServiceTest to generate ECDSA key pairs.\n\n`secp256r1 == NIST P-256`\n\nOr you can use [simple JSON Web Key generator](https://mkjwk.org/) to generate ECDSA key pairs.\n\n### Attention\n\n* anonymous for actuator and white urls list\n\n# References\n\n* JWT: https://jwt.io/\n* Refresh Tokens: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/\n* Spring security architecture: https://spring.io/guides/topicals/spring-security-architecture/\n* Java Cryptography: http://tutorials.jenkov.com/java-cryptography/index.html\n* Cryptographic Storage Cheat Sheet： https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet\n* JSON Web Tokens (JWT) Demystified: https://hackernoon.com/json-web-tokens-jwt-demystified-f7e202249640\n* Validate JWT tokens using JWKS in Java：https://medium.com/trabe/validate-jwt-tokens-using-jwks-in-java-214f7014b5cf\n* Nimbus JOSE + JWT：https://connect2id.com/products/nimbus-jose-jwt\n* JSON Web Token (JWT) with EdDSA / Ed25519 signature: https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-eddsa\n* JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA): https://openjdk.org/jeps/339\n* How to Read PEM File to Get Public and Private Keys: https://www.baeldung.com/java-read-pem-file-keys\n* Understanding JWKS: JSON Web Key Set Explained: https://stytch.com/blog/understanding-jwks\n* JWK Generator: https://jwkset.com/generate\n* mkjwk: simple JSON Web Key generator - https://mkjwk.org/\n* JWT (JSON Web Token) Analyzer: https://plugins.jetbrains.com/plugin/9831-jwt-json-web-token-analyzer\n* Spring Security without the WebSecurityConfigurerAdapter: https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinux-china%2Fjwt-demo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinux-china%2Fjwt-demo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinux-china%2Fjwt-demo/lists"}