{"id":21131164,"url":"https://github.com/wnameless/spring-security-jjwt","last_synced_at":"2025-07-01T03:06:23.322Z","repository":{"id":50112540,"uuid":"179615756","full_name":"wnameless/spring-security-jjwt","owner":"wnameless","description":"Integrate the Java JSON Web Token(jjwt) library into Spring Security","archived":false,"fork":false,"pushed_at":"2021-06-04T01:52:54.000Z","size":31,"stargazers_count":5,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-04T14:51:10.345Z","etag":null,"topics":["java","jwt","spring-security"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wnameless.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-05T03:51:38.000Z","updated_at":"2024-03-05T02:15:44.000Z","dependencies_parsed_at":"2022-09-26T20:00:49.240Z","dependency_job_id":null,"html_url":"https://github.com/wnameless/spring-security-jjwt","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/wnameless/spring-security-jjwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnameless%2Fspring-security-jjwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnameless%2Fspring-security-jjwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnameless%2Fspring-security-jjwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnameless%2Fspring-security-jjwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wnameless","download_url":"https://codeload.github.com/wnameless/spring-security-jjwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnameless%2Fspring-security-jjwt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262887190,"owners_count":23379768,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jwt","spring-security"],"created_at":"2024-11-20T05:50:08.180Z","updated_at":"2025-07-01T03:06:23.263Z","avatar_url":"https://github.com/wnameless.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.wnameless.spring/spring-security-jjwt/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.wnameless.spring/spring-security-jjwt)\n\nspring-security-jjwt\n=============\nIntegrate the Java JSON Web Token(jjwt) library into Spring Security\n\n## Purpose\nMake web API protection by JWT in Spring Security like a breeze\n\n# Maven Repo\n```xml\n\u003cdependency\u003e\n\t\u003cgroupId\u003ecom.github.wnameless.spring\u003c/groupId\u003e\n\t\u003cartifactId\u003espring-security-jjwt\u003c/artifactId\u003e\n\t\u003cversion\u003e0.2.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n## Quick Start\n\nExtend AbstractJwtSecurityConfiguration to enable JWT security\u003cbr\u003e\nAbstractJwtSecurityConfiguration pre-configures all necessary settings including:\u003cbr\u003e\n1. CORS\n2. CSRF disabled\n3. JwtAuthenticationFilter\n4. JwtAuthorizationFilter\n5. Stateless session\n```java\n@EnableWebSecurity\npublic class JwtSecurityConfiguration extends AbstractJwtSecurityConfiguration {\n\n  @Override\n  protected void configure(HttpSecurity http) throws Exception {\n    super.configure(http); // IMPORTANT!!!\n\n    http.antMatcher(\"/api/**\") // Using JWT to protect the API endpoint\n        .authorizeRequests().anyRequest().authenticated();\n  }\n\n  @Override\n  public void configure(AuthenticationManagerBuilder auth) throws Exception {\n    auth.inMemoryAuthentication().withUser(\"user\")\n        .password(passwordEncoder().encode(\"password\"))\n        .authorities(\"ROLE_USER\");\n  }\n\n  @Bean\n  public PasswordEncoder passwordEncoder() {\n    return new BCryptPasswordEncoder();\n  }\n}\n```\nIMPORTANT: remember to execute super.configure(http) at the first line of #configure(HttpSecurity)\n\nRun test Application \u0026 Controller\n```java\n@SpringBootApplication\npublic class JwtApplication {\n\n  public static void main(String... args) {\n    SpringApplication.run(JwtApplication.class, args);\n  }\n\n  @RequestMapping(\"/api/data\")\n  @RestController\n  public static class DataController {\n\n    @GetMapping\n    public String getData() {\n      return \"Private data\";\n    }\n\n  }\n\n}\n```\n\nTest JWT with Axios\n```javascript\nvar token;\n\naxios.post('http://localhost:8080/api/auth?username=user\u0026password=password')\n  .then(res =\u003e {\n    token = res.data;\n  });\n\naxios.get('http://localhost:8080/api/data', { headers: { Authorization: `Bearer ${token}` } })\n  .then(res =\u003e { console.log(res.data) });\n```\n\n## Advanced Configuration\n\nBy application.properties\n```\n# default: /api/auth\njwt.auth-url=/api/login\n# 512 bytes at least\njwt.secret=QeThWmZq4t7w!z%C*F-JaNdRgUjXn2r5u8x/A?D(G+KbPeShVmYp3s6v9y$B\u0026E)H\n# default: 604800000(7 days)\njwt.expiration=432000000 \n```\n\nBy @Bean, JwtSecurityProperties bean overides settings in application.properties\n```java\n@Bean\npublic JwtSecurityProperties jwtSecurityProperties() {\n  return new JwtSecurityProperties(\n      \"/api/login\",\n      \"QeThWmZq4t7w!z%C*F-JaNdRgUjXn2r5u8x/A?D(G+KbPeShVmYp3s6v9y$B\u0026E)H\",\n      432000000);\n}\n```\n\n## Expiration Extending Service\n\nSince v0.2.0, JWT expiration extending service has been added\u003cbr\u003e\n\u003cbr\u003e\nThe Expiration Extending Service can be enable simply by providing a JwtExpirationExtendingPolicy bean\u003cbr\u003e\nJwtExpirationExtendingPolicy is called whenever a request JWT is expired\u003cbr\u003e\nFollowing example shows how to extend an expired JWT, only if the token was used in past 2 days\n```java\n@Bean\nJwtExpirationExtendingPolicy jwtExpirationExtendingPolicy() {\n  return (jwtClaims, lastLoginTime) -\u003e {\n    if (lastLoginTime.isPresent()) {\n      return new Date().getTime() - lastLoginTime.get()\n          .getTime() \u003c TimeUnit.MILLISECONDS.convert(2, TimeUnit.DAYS);\n    } else {\n      return false;\n    }\n  };\n}\n```\n\nBy default, the JwtExpirationExtendingService wipes out all last-login records which are outdated for 2 weeks\u003cbr\u003e\nHowever you can provide your JwtExpirationExtendingService to meet your need in JwtExpirationExtendingPolicy\n```java\n@Bean\nJwtExpirationExtendingService jwtExpirationExtendingService() {\n  return new MapDBJwtExpirationExtendingService(\n      TimeUnit.MICROSECONDS.convert(180, TimeUnit.DAYS));\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwnameless%2Fspring-security-jjwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwnameless%2Fspring-security-jjwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwnameless%2Fspring-security-jjwt/lists"}