{"id":20307376,"url":"https://github.com/oktadev/okta-java-ee-rest-api-example","last_synced_at":"2026-03-13T14:32:28.308Z","repository":{"id":103824251,"uuid":"146508025","full_name":"oktadev/okta-java-ee-rest-api-example","owner":"oktadev","description":"Java EE REST API + Security with JWT and OIDC","archived":false,"fork":false,"pushed_at":"2018-09-24T21:23:57.000Z","size":69,"stargazers_count":13,"open_issues_count":0,"forks_count":10,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-11T15:14:47.280Z","etag":null,"topics":["javaee","jwt","jwt-verifier","oidc","pac4j","rest-api","spring-security"],"latest_commit_sha":null,"homepage":"https://developer.okta.com/blog/2018/09/12/secure-java-ee-rest-api","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oktadev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-08-28T21:19:06.000Z","updated_at":"2025-03-26T07:24:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"28f4723b-2fd4-45e4-8a90-489b5f54c60c","html_url":"https://github.com/oktadev/okta-java-ee-rest-api-example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/oktadev/okta-java-ee-rest-api-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fokta-java-ee-rest-api-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fokta-java-ee-rest-api-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fokta-java-ee-rest-api-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fokta-java-ee-rest-api-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oktadev","download_url":"https://codeload.github.com/oktadev/okta-java-ee-rest-api-example/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oktadev%2Fokta-java-ee-rest-api-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30468306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-13T11:00:43.441Z","status":"ssl_error","status_checked_at":"2026-03-13T11:00:23.173Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javaee","jwt","jwt-verifier","oidc","pac4j","rest-api","spring-security"],"created_at":"2024-11-14T17:17:29.513Z","updated_at":"2026-03-13T14:32:28.293Z","avatar_url":"https://github.com/oktadev.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Java EE REST API + Security\n \nThis example app shows how to build a Java EE REST API and secure it with JWT and OIDC.\n\nPlease read [Build a Java REST API with Java EE and OIDC](https://developer.okta.com/blog/2018/09/12/secure-java-ee-rest-api) to see how this app was created.\n\n**Prerequisites:** [Java 8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html), [Maven](https://maven.apache.org), and an [Okta Developer Account](https://developer.okta.com).\n\n\u003e [Okta](https://developer.okta.com/) has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage, and secure users and roles in any application.\n\n* [Getting Started](#getting-started)\n* [Links](#links)\n* [Help](#help)\n* [License](#license)\n\n## Getting Started\n\nYou will need to create an OIDC Application in Okta to get your settings to perform authentication. \n\n1. Log in to your developer account on [developer.okta.com](https://developer.okta.com).\n2. Navigate to **Applications** and click on **Add Application**.\n3. Select **Web** and click **Next**. \n4. Give the application a name (e.g., `Java EE Secure API`) and add the following as Login redirect URIs:\n    * `http://localhost:3000/implicit/callback`\n    * `http://localhost:8080/login/oauth2/code/okta`\n    * `http://localhost:8080/callback?client_name=OidcClient`\n4. Click **Done**, then edit the project and enable \"Implicit (Hybrid)\" as a grant type (allow ID and access tokens) and click **Save**.\n\n### JWT Verifier for Java\n\nTo see how the JWT Verifier for Java works, clone this project and check out the `jwt-verifier` branch.\n\n```bash\ngit clone -b jwt-verifier https://github.com/oktadeveloper/okta-java-ee-rest-api-example.git\n```\n\nThen modify `src/main/java/com/okta/developer/JwtFilter.java` and replace the issuer and client ID with the values from the app you created.\n\n```java\npublic void init(FilterConfig filterConfig) {\n    try {\n        jwtVerifier = new JwtHelper()\n                .setIssuerUrl(\"https://{yourOktaDomain}/oauth2/default\")\n                .setClientId(\"{yourClientId}\")\n                .build();\n    } catch (IOException | ParseException e) {\n        System.err.print(\"Configuring JWT Verifier failed!\");\n        e.printStackTrace();\n    }\n}\n```\n\nStart the app using `mvn clean package tomee:run`. \n\nTo prove it works with a valid JWT, you can clone our Bootiful React project, and run its UI:\n\n```bash\ngit clone -b okta https://github.com/oktadeveloper/spring-boot-react-example.git bootiful-react\ncd bootiful-react/client\nnpm install\n```\n\nEdit this project's `src/App.tsx` file and change the `issuer` and `clientId` to match your application. \n\n```ts\nconst config = {\n  issuer: 'https://{yourOktaDomain}/oauth2/default',\n  redirectUri: window.location.origin + '/implicit/callback',\n  clientId: '{yourClientId}'\n};\n```\n\nThen start it:\n\n```\nnpm start\n```\n\nYou should then be able to login at `http://localhost:3000` with the credentials you created your account with.\n\n### Spring Security\n\nThe Spring Security implementation in this project will prompt you to login when you try to access the API, and it will setup a resource server that can serve data to a JavaScript client.\n\nTo see Spring Security with Java EE in action, clone this project and check out the `spring-security` branch.\n\n```bash\ngit clone -b spring-security https://github.com/oktadeveloper/okta-java-ee-rest-api-example.git\n```\n\nUpdate `src/main/resources/application.properties` and fill it with your Okta OIDC app settings.\n\n```properties\nokta.client-id={clientId}\nokta.client-secret={clientSecret}\nokta.issuer-uri=https://{yourOktaDomain}/oauth2/default\n```\n\nThen start the app using `mvn clean package tomee:run`.\n\nIf you try to access `http://localhost:8080`, you'll be redirected to Okta to log in. If you use the aforementioned React client to talk to your API, everything should just work.\n\n## Pac4J\n\nThe Pac4J implementation in this project is very similar to Spring Security. It'll prompt you to log in when you hit the API directly, or look for an `Authorization` header if you talk to it from a JavaScript client.\n\nTo see Pac4J with Java EE in action, clone this project and check out the `pac4j` branch.\n\n```bash\ngit clone -b pac4j https://github.com/oktadeveloper/okta-java-ee-rest-api-example.git\n```\n\nUpdate `src/main/java/com/okta/developer/SecurityConfigFactory.java` and change the issuer, client ID, and client secret to match your Okta app.\n\n```java\npublic class SecurityConfigFactory implements ConfigFactory {\n    private final JwtAuthenticator jwtAuthenticator = new JwtAuthenticator();\n    private final ObjectMapper mapper = new ObjectMapper();\n\n    @Override\n    public Config build(final Object... parameters) {\n        System.out.print(\"Building Security configuration...\\n\");\n\n        final OidcConfiguration oidcConfiguration = new OidcConfiguration();\n        oidcConfiguration.setClientId(\"{yourClientId}\");\n        oidcConfiguration.setSecret(\"{yourClientSecret}\");\n        oidcConfiguration.setDiscoveryURI(\"https://{yourOktaDomain}/oauth2/default/.well-known/openid-configuration\");\n        oidcConfiguration.setUseNonce(true);\n        final OidcClient\u003cOidcProfile, OidcConfiguration\u003e oidcClient = new OidcClient\u003c\u003e(oidcConfiguration);\n        oidcClient.setAuthorizationGenerator((ctx, profile) -\u003e {\n            profile.addRole(\"ROLE_USER\");\n            return profile;\n        });\n\n        HeaderClient headerClient = new HeaderClient(\"Authorization\", \"Bearer \", (credentials, ctx) -\u003e {\n            String token = ((TokenCredentials) credentials).getToken();\n            if (token != null) {\n                try {\n                    // Get JWK\n                    URL keysUrl = new URL(\"https://{yourOktaDomain}/oauth2/default/v1/keys\");\n                    Map map = mapper.readValue(keysUrl, Map.class);\n                    List keys = (ArrayList) map.get(\"keys\");\n                    String json = mapper.writeValueAsString(keys.get(0));\n\n                    // Build key pair and validate token\n                    KeyPair rsaKeyPair = JWKHelper.buildRSAKeyPairFromJwk(json);\n                    jwtAuthenticator.addSignatureConfiguration(new RSASignatureConfiguration(rsaKeyPair));\n                    CommonProfile profile = jwtAuthenticator.validateToken(token);\n                    credentials.setUserProfile(profile);\n                    System.out.println(\"Hello, \" + profile.getId());\n                } catch (IOException e) {\n                    System.err.println(\"Failed to validate Bearer token: \" + e.getMessage());\n                    e.printStackTrace();\n                }\n            }\n        });\n\n        final Clients clients = new Clients(\"http://localhost:8080/callback\",\n                oidcClient, headerClient, new AnonymousClient());\n        return new Config(clients);\n    }\n}\n```\n\nStart the app using `mvn clean package tomee:run`.\n\nIf you try to access `http://localhost:8080`, you'll be redirected to Okta to log in. If you use the aforementioned React client to talk to your API, everything should just work.\n\n## Links\n\nThis example uses the following open source libraries:\n\n* [Apache TomEE](http://tomee.apache.org/)\n* [JWT Verifier for Java](https://github.com/okta/okta-jwt-verifier-java)\n* [Spring Security](https://spring.io/projects/spring-security)\n* [Pac4j for J2E](https://github.com/pac4j/j2e-pac4j)\n\n## Help\n\nPlease post any questions as comments on the [blog post](https://developer.okta.com/blog/2018/09/12/secure-java-ee-rest-api), or visit our [Okta Developer Forums](https://devforum.okta.com/). You can also email developers@okta.com if you'd like to create a support ticket.\n\n## License\n\nApache 2.0, see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foktadev%2Fokta-java-ee-rest-api-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foktadev%2Fokta-java-ee-rest-api-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foktadev%2Fokta-java-ee-rest-api-example/lists"}